IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Beats version 8.15.1
editBeats version 8.15.1
editKnown issues
editAffecting all Beats
-
Beats stop publishing data after a network error unless restarted. Avoid upgrading to 8.15.1. Affected Beats log
Get \"https://${ELASTICSEARCH_HOST}:443\": context canceledrepeatedly. https://github.com/elastic/beats/issues/40705{40705} - Memory usage is not correctly limited by the number of events actively in the memory queue, but rather the maximum size of the memory queue regardless of usage. 41355
Metricbeat
-
Metrics can be lost when using Metricbeat due to the total fields limit of the Metricbeat index template. We recommend increasing the
index.mapping.total_fields.limitsetting of the Metricbeat index template to 12500 and perform a rollover of the Metricbeat data stream. If you’ve customized the name of the index associated to Metricbeat, apply the same change accordingly.
Bugfixes
editAffecting all Beats
Auditbeat
Filebeat
- Relax requirements in Okta entity analytics provider user and device profile data shape. 40359
- Fix bug in Okta entity analytics rate limit logic. 40106 40267
- Fix order of configuration for EntraID entity analytics provider. 40487
- Ensure Entra ID request bodies are not truncated and trace logs are rotated before 100MB. 40494
- The Elasticsearch output now correctly logs the event fields to the event log file 40509 40512
- Fix the "No such input type exist: azure-eventhub" error on the Windows platform 40608 40609
- awss3 input: Fix handling of SQS notifications that don’t contain a region. 40628
- Fix credential handling when workload identity is being used in GCS input. 39977 40663
- Fix high IO and handling of a corrupted registry log file. 35893
- Fix filestream’s registry GC: registry entries will never be removed if clean_inactive is set to "-1". 40258
Metricbeat