Beats version 8.7.0
editBeats version 8.7.0
editBugfixes
editAffecting all Beats
Filebeat
- [Auditbeat System Package] Added support for Apple Silicon chips. 34433
with the ecs field name container
. 34403
automatic splitting at root level, if root level element is an array. 34155
- Prevent Elasticsearch from spewing log warnings about redundant wildcard when setting up ingest pipelines. 34249 34550
- Gracefully handle Windows event channel not found errors in winlog input. 30201 34605
- Fix the issue of cometd
input worker getting closed in case of a network connection issue and an EOF error. 34326 34327
- Fix for httpjson first_response object throwing false positive errors by making it a flag based object 34747 34748
- Fix errors and panics due to re-used processors 34761
- Add missing Basic Authentication support to CEL input 34609 34689
Heartbeat
- Fix integration hashing to prevent reloading all when updated. 34697
-
Fix release of job limit semaphore when context is cancelled. 34697
with the ecs field name
container
. 34403 automatic splitting at root level, if root level element is an array. 34155 - Fix broken mapping for state.ends field. 34891
Filebeat
-
Allow the
misp
fileset in the Filebeatthreatintel
module to ignore CIDR ranges for an IP field. 29949 34195 - Remove incorrect reference to CEL ext extensions package. 34610 34620
-
Fix handling of RFC5988 links' relation parameters by
getRFC5988Link
in HTTPJSON. 34603 34622 - Drop empty API response events for Microsoft module. 34786 34893
Metricbeat
- Fix kafka dashboard field names 33555
Winlogbeat
Functionbeat
- Fix Kinesis events timestamp to use timestamp of the event record instead of when the record was processed 33593
Added
editFilebeat
-
Add backup to bucket and delete functionality for the
aws-s3
input. 30696 33559 - Add support for polling system UDP stats for UDP input metrics. 34070
- Add support for recognizing the log level in Elasticsearch JVM logs 34159
- Add new Entity Analytics input with Azure Active Directory support. 34305
-
Added metric
sqs_lag_time
for aws-s3 input. 34306 - Add metrics for TCP packet processing. 34333
- Add metrics for unix socket packet processing. 34335
-
Add beta
take over
mode forfilestream
for simple migration fromlog
inputs 34292 - Add pagination support for Salesforce module. 34057 34065
- Allow users to redact sensitive data from CEL input debug logs. 34302
- Add support for new Rabbitmq timestamp format for logs 34211
- Allow user configuration of timezone offset in Cisco ASA and FTD modules. 34436
- Allow user configuration of timezone offset in Checkpoint module. 34472
- Fill okta.request.ip_chain.* as a flattened object in Okta module. 34621
- Fixed GCS log format issues. 34659
- Add Basic Authentication support on constructed requests to CEL input 34609 34689
- Add string manipulation extensions to CEL input 34610 34689
- Improve CEL input documentation 34831
- Add metrics documentation for CEL and AWS CloudWatch inputs. 34887 34889
-
Metrics hosted by the HTTP monitoring endpoint for the
aws-cloudwatch
,aws-s3
,cel
, andlumberjack
inputs are now available under/inputs/
instead of/dataset
.
Heartbeat
Metricbeat
- Remove GCP Compute metadata cache 33655
- Add GCP Redis regions support 33728
- Changed cloudwatch module to call ListMetrics API only once per region, instead of per AWS namespace 34055
- Add beta ingest_pipeline metricset to Elasticsearch module for ingest pipeline monitoring 34012
- Handle duplicated TYPE line for prometheus metrics 18813 33865
Packetbeat
Winlogbeat
- Add metrics for log event processing. 33922
- Add metrics documentation for event processing. 34887 34889
- Added processing for Windows Event ID’s 4797, 5379, 5380, 5381, and 5382 for the Security Ingest Pipeline 34293 34294
- Added processing for Windows Event ID’s 5140 and 5145 for the Security Ingest Pipeline 34352