Beats version 7.15.0

edit

View commits

Breaking changes

edit

Affecting all Beats

  • Loading Kibana assets (dashboards, index templates) rely on Saved Object API. So to provide a reliable service, Beats can only import and export dashboards using at least Kibana 7.15. 20672 27220

Filebeat

  • Remove all alias fields pointing to ECS fields from modules. This affects the Suricata and Traefik modules. 10535 26627
  • Fix Crowdstrike ingest pipeline that was creating flattened process fields. 27622 27623
  • Rename log.path to log.file.path in filestream to be consistent with log input and ECS. 27761

Heartbeat - Remove long deprecated watch_poll functionality. 27166 - Fix inconsistency in event.dataset values between heartbeat and fleet by always setting this value to the monitor type / fleet dataset. 27535

Metricbeat

  • Fix Elasticsearch jvm.gc.collectors.old being exposed as young 19636 26616

Bugfixes

edit

Affecting all Beats

  • Improve perfmon metricset performance. 26886
  • Preserve annotations in a kubernetes namespace metadata 27045
  • Fix build constraint that caused issues with doc builds. 27381
  • Do not try to load ILM policy if check_exists is false. 27508 26322
  • Fix bug with cgroups hierarchy override path in cgroups 27620
  • Beat setup kibana command may use the elasticsearch API key defined in output.elasticsearch.api_key. 24015 27540
  • Fix decode_xml handling of array merging when using to_lower: true. 27922
  • Separate namespaces for V1 and V2 controller paths 27676
  • Do not try to load ILM policy if check_exists is false. 27508 26322
  • Kubernetes autodiscover fails in node scope if node name cannot be discovered 26947

Auditbeat

  • File Integrity Module: Honor include_files when doing initial scan. 27273 27722

Filebeat

  • Update Filebeat compatibility function to remove processor description field on ES < 7.9.0 27774
  • Make filestream events ECS compliant. 27776

Metricbeat

  • Allow metric prefix override per service in gcp module. 26960
  • Update metrics configuration and dashboards after changes in the Azure Monitor 27520

Winlogbeat

  • Fix an issue with message template caching in the wineventlog-experimental API implementation. 26826

Added

edit

Affecting all Beats

  • Add proxy support for AWS functions. 26832
  • Added policies to the Elasticsearch output for non indexible events 26952
  • Add logging.metrics.namespaces config option to control what metric groups are reported in logs. 25727
  • Add sha256 digests to RPM packages. 23670
  • Add new offline docker image for Elastic Agent. 27052
  • Add cgroups V2 support 27242
  • Update ECS field definitions to ECS 1.11.0. 27107
  • The disk queue is now GA. 27515
  • Add daemonset.name in pods controlled by DaemonSets 26808, 25816

Filebeat

  • Add new template functions and value_type parameter to httpjson transforms. 26847
  • Add support to merge registry updates in the filestream input across multiple ACKed batches in case of backpressure in the registry or disk. 25976
  • Add support to decode_cef for MAC addresses that do not contain separator characters. 27050 27109
  • Add new hmac template function for httpjson input 27168
  • Update tags and threatintel.indicator.provider fields in threatintel.anomali ingest pipeline 24746 27141
  • Move AWS module and filesets to GA. 27428
  • Update ecs.version to ECS 1.11.0. 27107
  • Add option for S3 input to work without SQS notification 18205 27332

Metricbeat

  • Move openmetrics module to oss. 26561
  • Fix release state of kubernetes metricsets. 26864
  • Add gke metricset collection to gcp module 26824
  • Added statsd.mappings configuration for Statsd module 26220
  • Added Airflow lightweight module 26220
  • Add state_job metricset to Kubernetes modulehttps://github.com/elastic/beats/pull/26479[26479]
  • Bump AWS SDK version to v0.24.0 for WebIdentity authentication flow 19393 27126