This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Release notes Beats version 8.16.1 »
Elastic Docs Beats Platform Reference [master] Release notes

Beats version 8.17.0

edit

Beats version 8.17.0

edit

View commits

Known issue

edit
  • Standalone Beats docker image will not start if -e option is not added 42038.

Breaking changes

edit

Affecting all Beats

  • Drop support for Debian 10 and upgrade statically linked glibc from 2.28 to 2.31. 41402

Bugfixes

edit

Affecting all Beats

  • Ensure Elasticsearch output can always recover from network errors. 40794
  • Add translate_ldap_attribute processor. 41472
  • Remove unnecessary debug logs during idle connection teardown. 40824
  • Remove unnecessary reload for Elastic Agent managed beats when APM tracing config changes from nil to nil. 41794

Auditbeat

  • auditd: Use ECS event.type: end instead of stop for SERVICE_STOP, DAEMON_ABORT, and DAEMON_END messages. 41558
  • auditd: Update syscall names for Linux 6.11. 41558
  • hasher: Geneneral improvements and fixes. 41863

Filebeat

  • Fix double encoding of client_secret in the Entity Analytics input’s Azure Active Directory provider. 41393
  • Add support for Access Points in the aws-s3 input. 41495
  • Fix the "No such input type exist: salesforce" error on the Windows/AIX platform. 41664
  • Fix handling of http_endpoint request exceeding memory limits. 41764 41765
  • Fixes filestream logging the error "filestream input with ID ID already exists, this will lead to data duplication[…​]" on Kubernetes when using autodiscover. 41585

Metricbeat

  • Log Cisco Meraki getDevicePerformanceScores errors without stopping metrics collection. 41622
  • Fix incorrect handling of types in SQL module. 40090 41607

Winlogbeat

  • Fix message handling in the experimental API. 19338 41730

Added

edit

Affecting all Beats

Auditbeat

  • Split module/system/process into common and provider bits. 41868

Filebeat

  • Improved Azure Blob Storage input documentation. 41252
  • Make ETW input GA. 41389
  • Added input metrics to GCS input. 36640 41505
  • Add support for Okta entity analytics provider to collect role and factor data for users. 41460
  • Add support for Journald in the System module. 41555
  • Improve S3 polling mode states registry when using list prefix option. 41869
  • AWS S3 input registry cleanup for untracked s3 objects. 41694
  • The environment variable BEATS_AZURE_EVENTHUB_INPUT_TRACING_ENABLED: true enables internal logs tracer for the azure-eventhub input. 41931 41932

Libbeat

  • Enrich events with EC2 tags in add_cloud_metadata processor. 41477

Metricbeat

  • Add id field to all the vSphere metricsets. 41097
  • Bump aerospike-client-go to version v7.7.1 and add support for basic auth in Aerospike module. 41233
  • Add support for region/zone for Vertex AI service in GCP module. 41551
  • Add support for location label as an optional configuration parameter in GCP metrics metricset. 41550 41626

Winlogbeat

  • Add handling for missing `EvtVarType`s in experimental API. 19337 41418
  • Implement exclusion range support for event_id. 38623 41639
« Release notes Beats version 8.16.1 »