Beats version 8.8.0
editBeats version 8.8.0
editBugfixes
editAffecting all Beats
- Fix race condition when stopping runners 32433
- Fix concurrent map writes when system/process code called from reporter code 32491
- The Elasticsearch output now splits large requests instead of dropping them when it receives a StatusRequestEntityTooLarge error. 34911
- In cases where the matcher detects a non-string type in a match statement, report the error as a debug statement, and not a warning statement. 35119
- add_cloud_metadata
processor: Add cloud.region
field for GCE cloud provider.
- add_cloud_metadata
processor: Update Azure metadata API version to get missing cloud.account.id
field.
Filebeat
- [GCS Input] Added missing locks for safe concurrency. 34914
- Fix the ignore_inactive
option being ignored in Filebeat’s filestream input. 34770
- Add input instance ID to request trace filename for httpjson and cel inputs. 35024
- Sanitize filenames for request tracer in httpjson input. 35143
- Sanitize filenames for request tracer in cel input. 35154
- Fix the grok expression outputs of log files. 35221
- Move repeated Windows event channel not found errors in winlog input to debug level. 35314 35317
- Fix crash when processing forwarded logs missing a message. 34705 34865
- Fix crash when loading azurewebstorage cursor with no partially processed data. 35433
Heartbeat
Metricbeat
Osquerybeat
-
Adds the
elastic_file_analysis
table to the Osquery extension for macOS builds. 35056
Packetbeat
Winlogbeat
Added
editFilebeat
-
Add metric
sqs_messages_waiting_gauge
for aws-s3 input. 34488 -
Add support for Okta debug attributes,
risk_reasons
,risk_behaviors
andfactor
. 33677 34508 -
Add
nginx.ingress_controller.upstream.ip
torelated.ip
34645 34672 -
Include NAT and firewall IPs in
related.ip
in Fortinet Firewall module. 34640 34673 -
Add UNIX socket log parsing for NGINX
ingress_controller
. 34732 -
Add metric
sqs_worker_utilization
for aws-s3 input. 34793 - Register MIME handlers for CSV types in CEL input. 34934
-
Add MySQL authentication message parsing and
related.ip
andrelated.user
fields. 34810 -
Mention
mito
CEL tool in CEL input docs. 34959 - Add nginx ingress_controller parsing if one of upstreams fails to return response. 34787
- Allow neflow v9 and ipfix templates to be shared between source addresses. 35036
- Add support for collecting IPv6 metrics. 35123
- Add Oracle authentication messages parsing 35127
Heartbeat - Add status to monitor run log report. - Remov Beta label for browser monitors. 35424.
Metricbeat
Winlogbeat
-
Add
event.category
andevent.type
to Sysmon module for EventIDs 8, 9, 19, 20, 27, 28, 255. 35193