Beats version 8.0.0
editBeats version 8.0.0
editBreaking changes
editAffecting all Beats
-
Remove the deprecated
xpack.monitoring.*
settings. Going forward onlymonitoring.*
settings may be used. 9424 18608 -
Remove deprecated/undocumented
IncludeCreatorMetadata
setting from kubernetes metadata config options. 28006 - Remove deprecated fields from kubernetes module. 28046
-
Remove deprecated config option
aws_partition
. 28120 - Improve stats API by adding host metadata. 27963
- Libbeat: logp package forces ECS compliant logs. Logs are JSON formatted. Options to enable ECS/JSON have been removed. 15544 28573
-
Remove
auto
from the available options ofsetup.ilm.enabled
and set the default value totrue
. 28671 -
add_process_metadata processor: Replace usage of deprecated
process.ppid
field withprocess.parent.pid
. 28620 -
add_docker_metadata processor: Replace usage of deprecated
process.ppid
field withprocess.parent.pid
. 28620 - Use data streams instead of indices for storing events from Beats. 28450
-
Remove option
setup.template.type
and always load composable template with data streams. 28450 -
Remove several ILM options (
rollover_alias
andpattern
) as data streams do not require index aliases. 28450 -
Populate index template’s
default_fields
setting with ECS fields only. 28596 28215 -
Remove deprecated
--template
and--ilm-policy
flags. Use--index-management
instead. 28870 -
Remove
logging.files.suffix
option, and default to datetime endings in log file names. The format of the new name is{beatname}-{date}(-n)?.ndjson
. Example log file names from oldest to newest:filebeat-20200101.ndjson
,filebeat-20200101-1.ndjson
,filebeat-20200101-2.ndjson
. 28927 - Align kubernetes configuration settings. 29908
-
Change log file extension for Beats and Elastic Agent to
.ndjson
. If you are collecting the logs, you must change the path configuration to/path/to/logs/{beatname}*.ndjson
to avoid any issues. 28927 - Remove legacy support for SSLv3. 30071
Filebeat
-
Add
while_pattern
type to multiline reader. 19662 -
auditd dataset: Use
process.args
to store program arguments instead ofauditd.log.aNNN
fields. 29601 -
Remove deprecated old
awscloudwatch
input name. 29844 -
Remove
docker
input. Please usefilestream
input withcontainer
parser orcontainer
input. 28817
Metricbeat
Packetbeat
Winlogbeat
Bugfixes
editAuditbeat
Filebeat
-
Fix using
log_group_name_prefix
inaws-cloudwatch
input. 29695
Heartbeat
- Add fonts to support more types of characters for multiple languages. 29861
Metricbeat
Packetbeat
Added
editAffecting all Beats
-
Add config option
rotate_on_startup
to file output. 19150 19347 - Update to ECS 8.0 fields. 28620
-
Support custom analyzers in
fields.yml
. 28540 28926 - Support self-signed certificates on outputs. 29229
- Add FIPS configuration option for all AWS API calls. 28899
- Warn users when connecting to older versions of Elasticsearch instances. 29723
-
add_fields
processor is now able to set metadata in events. 30092
Auditbeat
Metricbeat
Winlogbeat
Elastic Log Driver
- Fixed docs for hosts. 23644