« Beats version 8.2.1 Beats version 8.1.3 »

› ›

Beats version 8.2.0

Beats version 8.2.0

Breaking changes

Affecting all Beats

Fix mapping of parent process information provided by add_process_metadata. 29874 30727

Bugfixes

Filebeat

m365_defender: Fix processing when alerts.entities is an empty list. 31223 31227
Prevent filestream from rereading whole files if they are rotated using rename. 31268

Heartbeat

Heartbeat now successfully runs synthetic monitors on ARM processors. 31114

Metricbeat

Add back missing metrics to system/linux. 30774
GCP metrics query instances with aggregatedList API to improve efficiency. #30153
Fix Jolokia module to print URI for one of the debug logs. #30943
Handle docker reporting different capitalization for disk usage metrics. #30978

Winlogbeat

Fix routing for PowerShell events. 31287 31291
Fix missing annotation of event.module. 31330 31331

Added

Affecting all Beats

Add support for port mapping in docker hints. 31243
Relax timestamp syntax for RFC3164 syslog to allow leading zero on day. 16824 31254

Filebeat

Add extraction of related.hosts to Microsoft 365 Defender ingest pipeline 29859 29863
Improve recovery from corrupted registries. 25135 30994
Add support in httpjson input for chain calls. 29816

Auditbeat

Include config file (auditbeat.elastic-agent.yml) in tar.gz and zip packages for use with Elastic Agent.

Metricbeat

Add kubernetes.container.status.last.reason metric 30306
Fix overflow in iostat metrics 30679
Add commandstats field to Redis module 29662
Add kubernetes.volume.fs.inodes.pct field. 30785
Improve Kubernetes dashboard. 30913
Populate new container ECS fields in Docker module. 30399
Populate new container ECS fields in Kubernetes module. 30181
Populate ecs container fields in Containerd module. 31025
Add new metricset shovel to RabbitMQ module 31534

Winlogbeat

Improve the error message when the registry file content is invalid. 30543

« Beats version 8.2.1 Beats version 8.1.3 »