Beats version 8.6.0

edit

View commits

Bugfixes

edit

Affecting all Beats

  • Fix Windows service install/uninstall when Win32_Service returns error, add logic to wait until the Windows Service is stopped before proceeding. 33322
  • Support for multiline zookeeper logs. 2496
  • Allow clock_nanosleep in the default seccomp profiles for amd64 and 386. Newer versions of glibc (e.g. 2.31) require it. 33792
  • Disable lockfile when running under elastic-agent. 33988

Filebeat

  • [httpsjon] Improved error handling during pagination with chaining & split processor. 34127
  • [Azure blob storage] Added support for more mime types & introduced offset tracking via cursor state. 33981
  • Fix handling of error in states in direct aws-s3 listing input. 33513 33722
  • Fix PANW handling of messages with event.original already set. 33829 33830
  • Rename identity as identity_name when the value is a string in Azure Platform Logs. 33654
  • Fix requires pointer error while getting cursor metadata. 33956
  • Fix input cancellation handling when HTTP client does not support contexts. 33962 33968
  • Update mito CEL extension library to v0.0.0-20221207004749-2f0f2875e464. 33974
  • Fix CEL result deserialisation when evaluation fails. 33992 33996
  • Fix handling of non-200/non-429 status codes. 33999 34002
  • [azure-eventhub input] Switch the run EPH run mode to non-blocking. 34075

Heartbeat - Fix browser monitor summary reporting as up when monitor is down. 33374 33819

Packetbeat

  • Fix panic on memcache transaction with no request or response. 33852 33853
  • Fix termination logic. 33979

Added

edit

Affecting all Beats

  • Add http.pprof config options for enabling block and mutex profiling. 33572 33576
  • Add add_formatted_index processor that allows the resulting index for an event to be changed based on content from the event. 33800
  • deps: Updated to github.com/elastic/go-sysinfo v1.9.0. 33864
  • Fix panic due to close of already closed channel during shutdown. 33971

Auditbeat

  • Add file parser processor to file_integrity module. 28802
  • Improve documentation for symlink handling behaviour in file integrity module. 33430
  • Ensure file integrity module watch paths are absolute. 33430

Filebeat

  • Add text/csv decoder to httpjson input. 28564
  • Update aws-s3 input to connect to non AWS S3 buckets. 28222 28234
  • Add support for /var/log/pods/ path for add_kubernetes_metadata processor with resource_type: pod. 28868
  • Add documentation for add_kubernetes_metadata processors log_path matcher. 28868
  • Add support for parsers on journald input. 29070
  • Add support in httpjson input for oAuth2ProviderDefault of password grant_type. 29087
  • threatintel module: Add new Recorded Future integration. 30030
  • Allow iptables module to parse ulogd v2 TOS field in logs. 32126
  • Fix handling of invalid UserIP and LocalIP values. 32896
  • Allow http_endpoint instances to share ports. 32578 33377
  • Improve httpjson documentation for split processor. 33473
  • Added separation of transform context object inside httpjson. Introduced new clause .parent_last_response.*. 33499
  • Cloud Foundry input uses server-side filtering when retrieving logs. 33456
  • Add parse_aws_vpc_flow_log processor. 33656
  • Update aws.vpcflow dataset in AWS module have a configurable log format and to produce ECS 8.x fields. 33699
  • Modified aws-s3 input to reduce mutex contention when multiple SQS message are being processed concurrently. 33658
  • Disable "event normalization" processing for the aws-s3 input to reduce allocations. 33673
  • Add Common Expression Language input. 31233
  • Add support for http+unix and http+npipe schemes in httpjson input. 33571 33610
  • Add support for http+unix and http+npipe schemes in cel input. 33571 33712
  • Add decode_duration, move_fields processors. 31301
  • Add metrics for UDP packet processing. 33870
  • Convert UDP input to v2 input. 33930
  • Improve collection of risk information from Okta debug data. 33677 34030
  • Adding filename details from zip to response for httpjson. 33952 34044

Heartbeat

  • Upgrade node to 18.12.0.

Metricbeat

  • Add Data Granularity option to AWS module to allow for for fewer API calls of longer periods and keep small intervals. 33133 33166
  • Update README file on how to run Metricbeat on Kubernetes. 33308
  • Add per-thread metrics to system_summary. 33614
  • Add GCP CloudSQL metadata. 33066
  • Add support for multiple regions in GCP. 32964
  • Add namespace metadata to all namespaced kubernetes resources. 33763

Packetbeat

  • Add fragmented IPv4 packet reassembly. 33012 33296