Beats version 8.13.0

edit

View commits

Breaking changes

edit

Affecting all Beats

  • Upgrade Go version to 1.21.8. Removes support for Windows 8.1. See https://tip.golang.org/doc/go1.21#windows. 38209
  • The behavior of queue.mem.flush.min_events has been simplified. It now serves as a simple maximum on the size of all event batches. There are no longer performance implications in its relationship to bulk_max_size. 37795

Auditbeat

  • Add opt-in KProbes backend for file_integrity module. 37796

Filebeat

  • Convert netflow input to API v2 and disable event normalisation. 37901

Winlogbeat

  • Add "keystore.path" configuration settings to $workdir\data\{{.BeatName}}.keystore. 12315 37237

Bugfixes

edit

Affecting all Beats - Support Elastic Agent control protocol chunking support. 37343 - Upgrade elastic-agent-libs to v0.7.5. Removes obsolete "Treating the CommonName field on X.509 certificates as a host name…​" deprecation warning for 8.0. 37755 - Fix the paths in the .cmd script added to the path by the Windows MSI to point to the new C:\Program Files installation location. https://github.com/elastic/elastic-stack-installers/pull/238 - Upgrade elastic-agent-system-metrics to v0.9.2. Skips permissions errors when reading /proc/pid/io. 38234.

Filebeat

  • Fix a race condition that could crash Filebeat with a "negative WaitGroup counter" error. 38094
  • Fix "failed processing S3 event for object key" error on aws-s3 input when key contains the "+" character. 38012 38125
  • Fix duplicated addition of regexp extension in CEL input. 38181
  • Fix HTTPJSON handling of empty object bodies in POST requests. 33961 38290
  • Fix PEM key validation for CEL and HTTPJSON inputs. 38405

Heartbeat

  • Adjust State loader to only retry when response code status is 5xx. 37981

Metricbeat

  • Fix Azure Monitor 429 error by causing Metricbeat to retry the request again. 38294
  • Fix fields not being parsed correctly in postgresql/database. 25301 37720

Added

edit

Affecting all Beats

  • Ignore Kubernetes node and namespace update events that do not change pod metadata. 37338 37431
  • Enhance add_cloud_metadata processor with orchestrator.cluster.name, orchestrator.cluster.id and azure.resourcegroup.name when running inside an AKS cluster. 33081 37685
  • Upgrade go-sysinfo from 1.12.0 to 1.13.1. 37996
  • Make range condition work with numeric values as strings. 38080
  • Allow users to configure number of output workers (for outputs that support workers) with either worker or workers. 38257
  • Kafka output now validates the topics and topic configuration values. 38058

Auditbeat

  • Add Linux capabilities to processes in the system/process. 37453
  • Add opt-in eBPF backend for file_integrity module. 37223

Filebeat

  • Update SQL input documentation regarding Oracle DSNs 37590
  • Add support for complete URL replacement in HTTPJSON chain steps. 37486
  • Add support for user-defined query selection in EntraID entity analytics provider. 37653
  • Update CEL extensions library to v1.8.0 to provide runtime error location reporting. 37304 37718
  • Add request trace logging for chained API requests. 36551 37682
  • Add support for PEM-based Okta auth in HTTPJSON. 37772
  • Prevent complete loss of long request trace data. 37826 37836
  • Added experimental version of the Websocket Input. 37774
  • Add support for PEM-based Okta auth in CEL. 37813
  • Add ETW input. 36915
  • Update CEL mito extensions to v1.9.0 to add keys/values helper. 37971
  • Add parseDateInTZ value template for the HTTPJSON input. 37738
  • Improve rate limit handling by HTTPJSON. 36207 38161 38237

Libbeat - Add watcher that can be used to monitor Linux kernel events. 37833 - Added support for ETW reader. 36914

Heartbeat - Upgrade github.com/elastic/go-elasticsearch/v8 to v8.12.0. 37673

Metricbeat

  • Fix containerd metrics grouping for TSDB. 37537

Packetbeat

  • Bump Windows Npcap version to v1.79. 37733
  • Add support for pipeline loading. 37291