Beats version 7.17.0

edit

View commits

Breaking changes

edit

Affecting all Beats

  • Change Docker base image from CentOS 7 to Ubuntu 20.04 29681

Bugfixes

edit

Affecting all Beats

  • Enrich kubernetes metadata with node annotations. 29605

Auditbeat

  • system/socket: Fix startup errors on newer 5.x kernels due to missing _do_fork function. 29607 29744
  • system/package: Fix parsing of Installed-Size field of DEB packages. 16661 17188
  • system module: Fix panic during initialisation when /proc/stat can’t be read. 17569
  • system/package: Fix an error that can occur while trying to persist package metadata. 18536 18887
  • system/socket: Fix bugs leading to wrong process being attributed to flows. 29166 17165
  • system/socket: Fix process name and arg truncation for long names, paths and args lists. 24667 29410

Filebeat

  • aws-s3: Stop trying to increase SQS message visibility after ReceiptHandleIsInvalid errors. 29480
  • Fix handling of IPv6 addresses in netflow flow events. 19210 29383
  • Fix sophos KV splitting and syslog header handling 24237 29331
  • Undo deletion of endpoint config from cloudtrail fileset in 29415. 29450
  • Make Cisco ASA and FTD modules conform to the ECS definition for event.outcome and event.type. 29581 29698
  • ibmmq: Fixed @timestamp not being populated with correct values. 29773
  • aws-s3: Improve gzip detection to avoid false negatives. 29968
  • decode_cef: Fix panic when recovering from invalid CEF extensions that contain escape characters. 30010

Heartbeat

  • Fix race condition in http monitors using mode:all that can cause crashes. pull
  • Fix broken ICMP availability check that prevented heartbeat from starting in rare cases. pull
  • Fix broken macOS ICMP python e2e test. 29900
  • Only add monitor.status to browser events when summary. 29460
  • Also add summary to journeys for which the synthetics runner crashes. 29606
  • Update size of ICMP packets to adhere to standard min size. 29948

Metricbeat

  • Use xpack.enabled on SM modules to write into .monitoring indices when using Metricbeat standalone 28365
  • Fix in rename processor to ingest metrics for write.iops to proper field instead of write_iops in rds metricset. 28960
  • Enhance filter check in kubernetes event metricset. 29470
  • Fix gcp metrics metricset apply aligner to all metric_types 29513
  • Fixed GCP GKE Overview dashboard 29913
  • Remove overriding of index pattern on the Kubernetes overview dashboard. 29676

Added

edit

Affecting all Beats

  • SASL/SCRAM in the Kafka output is no longer beta. 29126
  • Add job.name in pods controlled by Jobs 28954

Heartbeat

  • More errors are now visible in ES with new logic failing monitors later to ease debugging. pull

Winlogbeat

  • Add support for custom XML queries 1054 29330

Deprecated

edit

Known Issue

edit