Beats version 8.1.0

edit

View commits

Breaking changes

edit

Filebeat

  • Remove Recorded Future fileset integration from threatintel module. 30564

Bugfixes

edit

Auditbeat

  • auditd: Add error.message to events when processing fails. 30009
  • Fix handling of execve call events which have no argument. 30585 30586

Filebeat

  • Fix ECS version string in threatintel to be consistent with other modules and add event.timezone. 30499 30570
  • Add default paths value to MySQL Enterprise module to prevent issues with pipeline installations 30598

Winlogbeat

  • Add provider names to Security pipeline conditional check in routing pipeline. 27288 29781

Functionbeat

  • Pass AWS region configuration correctly. 28520 30238

Added

edit

Affecting all Beats

  • Name all k8s workqueue. 28085
  • Discover changes in Kubernetes nodes metadata as soon as they happen. 23139
  • Update k8s library 29394
  • Add support for latest k8s versions v1.23 and v1.22 29575
  • Add script processor to all beats 29269 29752
  • Only connect to Elasticsearch instances with the same version or newer. 29683
  • Move umask from code to service files. 29708
  • Add metadata change support for some processors 30183

Auditbeat

  • system/socket: Add process.entity_id capture for socket events. 30230 30231

Filebeat

  • Add support for filtering in journald input with unit, kernel, identifiers and include_matches. 29294
  • Add new userAgent and beatInfo template functions for httpjson input 29528
  • Add pipeline in FB’s supported hints. 30212

Metricbeat

  • Add add_resource_metadata configuration to Kubernetes module. 29133
  • Add containerd module with cpu, memory, blkio metricsets. 29247
  • Add container.id and container.runtime ECS fields in container metricset. 29560
  • Add memory.workingset.limit.pct field in Kubernetes container/pod metricset. 29547
  • Add k8s metadata in state_cronjob metricset. 29572
  • Add xpack.enabled support for Enterprise Search module. 29871
  • Add gcp firestore metricset. 29918
  • Remove strict parsing on RabbitMQ module 30090

Packetbeat

  • Add automated OEM Npcap installation handling. 29112 30438 30493
  • Add support for capturing TLS random number and OCSP status request details. 29962 30102