Beats version 8.8.0

edit

View commits

Bugfixes

edit

Affecting all Beats - Fix race condition when stopping runners 32433 - Fix concurrent map writes when system/process code called from reporter code 32491 - The Elasticsearch output now splits large requests instead of dropping them when it receives a StatusRequestEntityTooLarge error. 34911 - In cases where the matcher detects a non-string type in a match statement, report the error as a debug statement, and not a warning statement. 35119 - add_cloud_metadata processor: Add cloud.region field for GCE cloud provider. - add_cloud_metadata processor: Update Azure metadata API version to get missing cloud.account.id field.

Filebeat - [GCS Input] Added missing locks for safe concurrency. 34914 - Fix the ignore_inactive option being ignored in Filebeat’s filestream input. 34770 - Add input instance ID to request trace filename for httpjson and cel inputs. 35024 - Sanitize filenames for request tracer in httpjson input. 35143 - Sanitize filenames for request tracer in cel input. 35154 - Fix the grok expression outputs of log files. 35221 - Move repeated Windows event channel not found errors in winlog input to debug level. 35314 35317 - Fix crash when processing forwarded logs missing a message. 34705 34865 - Fix crash when loading azurewebstorage cursor with no partially processed data. 35433

Heartbeat

  • Fix panics when parsing when HTTP URL is not parseable. 34702
  • Fix broken state ID location naming. 35336
  • Fix project monitor temp directories permission to include group access. 35398
  • Fix output pipeline exit on run_once. 35376
  • Fix formatting issue with socket trace timeout. 35434

Metricbeat

  • Make generic SQL GA. 34637
  • Collect missing remote_cluster in Elasticsearch CCR metricset. 34957
  • Add context with timeout in AWS API calls. 35425

Osquerybeat

  • Adds the elastic_file_analysis table to the Osquery extension for macOS builds. 35056

Packetbeat

  • Fix BPF filter setting not being applied to sniffers. 35363 35484

Winlogbeat

  • Move repeated channel not found errors to debug level. 35314 35317
  • Fix panic due to misrepresented buffer use. 35437
  • Allow program termination when attempting to open an absent channel. 35474

Added

edit

Filebeat

  • Add metric sqs_messages_waiting_gauge for aws-s3 input. 34488
  • Add support for Okta debug attributes, risk_reasons, risk_behaviors and factor. 33677 34508
  • Add nginx.ingress_controller.upstream.ip to related.ip 34645 34672
  • Include NAT and firewall IPs in related.ip in Fortinet Firewall module. 34640 34673
  • Add UNIX socket log parsing for NGINX ingress_controller. 34732
  • Add metric sqs_worker_utilization for aws-s3 input. 34793
  • Register MIME handlers for CSV types in CEL input. 34934
  • Add MySQL authentication message parsing and related.ip and related.user fields. 34810
  • Mention mito CEL tool in CEL input docs. 34959
  • Add nginx ingress_controller parsing if one of upstreams fails to return response. 34787
  • Allow neflow v9 and ipfix templates to be shared between source addresses. 35036
  • Add support for collecting IPv6 metrics. 35123
  • Add Oracle authentication messages parsing 35127

Heartbeat - Add status to monitor run log report. - Remov Beta label for browser monitors. 35424.

Metricbeat

  • Add GCP Carbon Footprint metricbeat data. 34820
  • Add event loop utilization metric to Kibana module. 35020

Winlogbeat

  • Add event.category and event.type to Sysmon module for EventIDs 8, 9, 19, 20, 27, 28, 255. 35193