IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Beats version 8.6.0
editBeats version 8.6.0
editBugfixes
editAffecting all Beats
- Fix Windows service install/uninstall when Win32_Service returns error, add logic to wait until the Windows Service is stopped before proceeding. 33322
- Support for multiline zookeeper logs. 2496
-
Allow
clock_nanosleep
in the default seccomp profiles for amd64 and 386. Newer versions of glibc (e.g. 2.31) require it. 33792 - Disable lockfile when running under elastic-agent. 33988
Filebeat
- [httpsjon] Improved error handling during pagination with chaining & split processor. 34127
- [Azure blob storage] Added support for more mime types & introduced offset tracking via cursor state. 33981
- Fix handling of error in states in direct aws-s3 listing input. 33513 33722
- Fix PANW handling of messages with event.original already set. 33829 33830
- Rename identity as identity_name when the value is a string in Azure Platform Logs. 33654
- Fix requires pointer error while getting cursor metadata. 33956
- Fix input cancellation handling when HTTP client does not support contexts. 33962 33968
- Update mito CEL extension library to v0.0.0-20221207004749-2f0f2875e464. 33974
- Fix CEL result deserialisation when evaluation fails. 33992 33996
- Fix handling of non-200/non-429 status codes. 33999 34002
- [azure-eventhub input] Switch the run EPH run mode to non-blocking. 34075
Heartbeat - Fix browser monitor summary reporting as up when monitor is down. 33374 33819
Packetbeat
Added
editAffecting all Beats
-
Add
http.pprof
config options for enabling block and mutex profiling. 33572 33576 -
Add
add_formatted_index
processor that allows the resulting index for an event to be changed based on content from the event. 33800 - deps: Updated to github.com/elastic/go-sysinfo v1.9.0. 33864
- Fix panic due to close of already closed channel during shutdown. 33971
Auditbeat
Filebeat
-
Add
text/csv
decoder tohttpjson
input. 28564 -
Update
aws-s3
input to connect to non AWS S3 buckets. 28222 28234 -
Add support for /var/log/pods/ path for add_kubernetes_metadata processor with
resource_type: pod
. 28868 -
Add documentation for add_kubernetes_metadata processors
log_path
matcher. 28868 - Add support for parsers on journald input. 29070
- Add support in httpjson input for oAuth2ProviderDefault of password grant_type. 29087
- threatintel module: Add new Recorded Future integration. 30030
- Allow iptables module to parse ulogd v2 TOS field in logs. 32126
- Fix handling of invalid UserIP and LocalIP values. 32896
- Allow http_endpoint instances to share ports. 32578 33377
- Improve httpjson documentation for split processor. 33473
-
Added separation of transform context object inside httpjson. Introduced new clause
.parent_last_response.*
. 33499 - Cloud Foundry input uses server-side filtering when retrieving logs. 33456
-
Add
parse_aws_vpc_flow_log
processor. 33656 -
Update
aws.vpcflow
dataset in AWS module have a configurable logformat
and to produce ECS 8.x fields. 33699 -
Modified
aws-s3
input to reduce mutex contention when multiple SQS message are being processed concurrently. 33658 - Disable "event normalization" processing for the aws-s3 input to reduce allocations. 33673
- Add Common Expression Language input. 31233
- Add support for http+unix and http+npipe schemes in httpjson input. 33571 33610
- Add support for http+unix and http+npipe schemes in cel input. 33571 33712
-
Add
decode_duration
,move_fields
processors. 31301 - Add metrics for UDP packet processing. 33870
- Convert UDP input to v2 input. 33930
- Improve collection of risk information from Okta debug data. 33677 34030
- Adding filename details from zip to response for httpjson. 33952 34044
Heartbeat
- Upgrade node to 18.12.0.
Metricbeat
- Add Data Granularity option to AWS module to allow for for fewer API calls of longer periods and keep small intervals. 33133 33166
- Update README file on how to run Metricbeat on Kubernetes. 33308
- Add per-thread metrics to system_summary. 33614
- Add GCP CloudSQL metadata. 33066
- Add support for multiple regions in GCP. 32964
- Add namespace metadata to all namespaced kubernetes resources. 33763
Packetbeat