Beats version 8.15.1

edit

View commits

Known issues

edit

Affecting all Beats

  • Beats stop publishing data after a network error unless restarted. Avoid upgrading to 8.15.1. Affected Beats log Get \"https://${ELASTICSEARCH_HOST}:443\": context canceled repeatedly. https://github.com/elastic/beats/issues/40705{40705}
  • Memory usage is not correctly limited by the number of events actively in the memory queue, but rather the maximum size of the memory queue regardless of usage. 41355

Metricbeat

  • Metrics can be lost when using Metricbeat due to the total fields limit of the Metricbeat index template. We recommend increasing the index.mapping.total_fields.limit setting of the Metricbeat index template to 12500 and perform a rollover of the Metricbeat data stream. If you’ve customized the name of the index associated to Metricbeat, apply the same change accordingly.

Bugfixes

edit

Affecting all Beats

  • Aborts all active connections for Elasticsearch output. 40572
  • Closes beat Publisher on beat stop and by the Agent manager. 40572
  • Fix handling of escaped brackets in syslog structured data. 40445 40446

Auditbeat

  • Fix segfaults that may happen if user runs multiple instances of the package metricset 40525
  • Fix incorrect definition of struct utmp for arm64 40541

Filebeat

  • Relax requirements in Okta entity analytics provider user and device profile data shape. 40359
  • Fix bug in Okta entity analytics rate limit logic. 40106 40267
  • Fix order of configuration for EntraID entity analytics provider. 40487
  • Ensure Entra ID request bodies are not truncated and trace logs are rotated before 100MB. 40494
  • The Elasticsearch output now correctly logs the event fields to the event log file 40509 40512
  • Fix the "No such input type exist: azure-eventhub" error on the Windows platform 40608 40609
  • awss3 input: Fix handling of SQS notifications that don’t contain a region. 40628
  • Fix credential handling when workload identity is being used in GCS input. 39977 40663
  • Fix high IO and handling of a corrupted registry log file. 35893
  • Fix filestream’s registry GC: registry entries will never be removed if clean_inactive is set to "-1". 40258

Metricbeat

  • Fix first HTTP 401 error when fetching metrics from the Kubelet API caused by a token update 40636
  • Fix needlessly verbose logging in cgroups setup 40620

Added

edit

Filebeat

  • Enable file ingestion to report detailed status to Elastic Agent 40075
  • Added ignore_empty_values flag in decode_cef Filebeat processor. 40268

Metricbeat

  • Added back elasticsearch.node.stats.jvm.mem.pools.* to the node_stats metricset 40571