Beats version 8.8.0

Bugfixes

Affecting all Beats - Fix race condition when stopping runners 32433 - Fix concurrent map writes when system/process code called from reporter code 32491 - The Elasticsearch output now splits large requests instead of dropping them when it receives a StatusRequestEntityTooLarge error. 34911 - In cases where the matcher detects a non-string type in a match statement, report the error as a debug statement, and not a warning statement. 35119 - add_cloud_metadata processor: Add cloud.region field for GCE cloud provider. - add_cloud_metadata processor: Update Azure metadata API version to get missing cloud.account.id field.

Filebeat - [GCS Input] Added missing locks for safe concurrency. 34914 - Fix the ignore_inactive option being ignored in Filebeat’s filestream input. 34770 - Add input instance ID to request trace filename for httpjson and cel inputs. 35024 - Sanitize filenames for request tracer in httpjson input. 35143 - Sanitize filenames for request tracer in cel input. 35154 - Fix the grok expression outputs of log files. 35221 - Move repeated Windows event channel not found errors in winlog input to debug level. 35314 35317 - Fix crash when processing forwarded logs missing a message. 34705 34865 - Fix crash when loading azurewebstorage cursor with no partially processed data. 35433

Heartbeat

Fix panics when parsing when HTTP URL is not parseable. 34702
Fix broken state ID location naming. 35336
Fix project monitor temp directories permission to include group access. 35398
Fix output pipeline exit on run_once. 35376
Fix formatting issue with socket trace timeout. 35434

Metricbeat

Make generic SQL GA. 34637
Collect missing remote_cluster in Elasticsearch CCR metricset. 34957
Add context with timeout in AWS API calls. 35425

Osquerybeat

Adds the elastic_file_analysis table to the Osquery extension for macOS builds. 35056

Packetbeat

Fix BPF filter setting not being applied to sniffers. 35363 35484

Winlogbeat

Move repeated channel not found errors to debug level. 35314 35317
Fix panic due to misrepresented buffer use. 35437
Allow program termination when attempting to open an absent channel. 35474

Added

edit

Filebeat

Add metric sqs_messages_waiting_gauge for aws-s3 input. 34488
Add support for Okta debug attributes, risk_reasons, risk_behaviors and factor. 33677 34508
Add nginx.ingress_controller.upstream.ip to related.ip 34645 34672
Include NAT and firewall IPs in related.ip in Fortinet Firewall module. 34640 34673
Add UNIX socket log parsing for NGINX ingress_controller. 34732
Add metric sqs_worker_utilization for aws-s3 input. 34793
Register MIME handlers for CSV types in CEL input. 34934
Add MySQL authentication message parsing and related.ip and related.user fields. 34810
Mention mito CEL tool in CEL input docs. 34959
Add nginx ingress_controller parsing if one of upstreams fails to return response. 34787
Allow neflow v9 and ipfix templates to be shared between source addresses. 35036
Add support for collecting IPv6 metrics. 35123
Add Oracle authentication messages parsing 35127

Heartbeat - Add status to monitor run log report. - Remov Beta label for browser monitors. 35424.

Metricbeat

Add GCP Carbon Footprint metricbeat data. 34820
Add event loop utilization metric to Kibana module. 35020

Winlogbeat

Add event.category and event.type to Sysmon module for EventIDs 8, 9, 19, 20, 27, 28, 255. 35193

« Beats version 8.8.1 Beats version 8.7.1 »