Beats version 7.12.1

edit

View commits

Breaking changes

edit

Filebeat

  • Possible values for Netflow’s locality fields (source.locality, destination.locality and flow.locality) are now internal and external, instead of private and public. 24272 24295

Bugfixes

edit

Affecting all Beats

  • Fix templates being overwritten if there was an error when check for the template existance. 24332
  • Fix Kubernetes autodiscovery provider to correctly handle pod states and avoid missing event data 17223
  • Fix inode removal tracking code when files are replaced by files with the same name 25002
  • Fix mage GenerateCustomBeat instructions for a new beat 17679
  • Fix bug with annotations dedot config on k8s not used 25111
  • Fix negative Kafka partition bug 25048

Filebeat

  • Properly update offset in case of unparasable line. 22685
  • Fix Cisco ASA parser for message 722051. 24410
  • Fix google_workspace pagination. 24668
  • Fix netflow module ignoring detect_sequence_reset flag. 24268 24270
  • Fix Cisco ASA parser for message 302022. 24405 24697
  • Fix Cisco AMP @metadata._id calculation 24717 24718
  • Fix date parsing in GSuite/login and Google Workspace/login filesets. 24694
  • Fix gcp/vpcflow module error where input type was defaulting to file. 24719
  • Improve PanOS parsing and ingest pipeline. 22413 22748 24799
  • Fix S3 input validation for non amazonaws.com domains. 24420 24861
  • Fix google_workspace and okta modules pagination when next page template is empty. 24967
  • Fix gcp module field names to use gcp instead of googlecloud. 25038

Heartbeat

  • Fix panic when initialization of ICMP monitors fail twice. 25073

Metricbeat

  • Ignore unsupported derive types for filesystem metricset. 22501 24502

Added

edit

Filebeat

  • Updating field mappings for Cisco AMP module, fixing certain fields. 24661
  • Add support for upper case field names in Sophos XG module 24693
  • Add fail_on_template_error option for httpjson input. 24784