Skip to content

Latest commit

 

History

History
199 lines (126 loc) · 8.37 KB

CHANGELOG.next.asciidoc

File metadata and controls

199 lines (126 loc) · 8.37 KB

Beats version HEAD

Breaking changes

Affecting all Beats

  • Remove the deprecated xpack.monitoring. settings. Going forward only monitoring. settings may be used. 9424 18608

  • Remove deprecated/undocumented IncludeCreatorMetadata setting from kubernetes metadata config options 28006

  • Remove deprecated fields from kubernetes module 28046

  • Remove deprecated config option aws_partition. 28120

  • Improve stats API 27963

  • Libbeat: logp package forces ECS compliant logs. Logs are JSON formatted. Options to enable ECS/JSON have been removed. 15544 28573

  • Update docker client. 28716

  • Remove auto from the available options of setup.ilm.enabled and set the default value to true. 28671

  • add_process_metadata processor: Replace usage of deprecated process.ppid field with process.parent.pid. 28620

  • add_docker_metadata processor: Replace usage of deprecated process.ppid field with process.parent.pid. 28620

  • Use data streams instead of indices for storing events from Beats. 28450

  • Remove option setup.template.type and always load composable template with data streams. 28450

  • Remove several ILM options (rollover_alias and pattern) as data streams does not require index aliases. 28450

  • Index template’s default_fields setting is only populated with ECS fields. 28596 28215

  • Remove deprecated --template and --ilm-policy flags. Use --index-management instead. 28870

  • Remove options logging.files.suffix and default to datetime endings. 28927

Auditbeat

  • File integrity dataset (macOS): Replace unnecessary file.origin.raw (type keyword) with file.origin.text (type text). 12423 15630

  • Change event.kind=error to event.kind=event to comply with ECS. 18870 20685

Filebeat

  • Fix parsing of Elasticsearch node name by elasticsearch/slowlog fileset. 14547

  • With the default configuration the cloud modules (aws, azure, googlecloud, o365, okta)

  • With the default configuration the cef and panw modules will no longer send the host

  • Add while_pattern type to multiline reader. 19662

Heartbeat - Only add monitor.status to browser events when summary. 29460

Metricbeat

  • Remove deprecated fields in Docker module. 11835 27933

  • Remove deprecated fields in Kafka module. 27938

  • Remove deprecated config option default_region from aws module. 28120

  • Remove network and diskio metrics from ec2 metricset. 28316

  • Rename read/write_io.ops_per_sec to read/write.iops in rds metricset. 28350

  • Remove linux-only metrics from diskio, memory 28292

  • Remove deprecated config option perfmon.counters from windows/perfmon metricset. 28282

  • Remove deprecated fields in Redis module. 11835 28246

  • system/process metricset: Replace usage of deprecated process.ppid field with process.parent.pid. 28620

Packetbeat

  • Redis: fix incorrectly handle with two-words redis command. 14872 14873

  • event.category no longer contains the value network_traffic because this is not a valid ECS event category value. 20556

  • Remove deprecated TLS fields in favor of tls.server.x509 and tls.client.x509 ECS fields. 28487

  • HTTP: The field http.request.method will maintain its original case. 28620

  • Unify gopacket dependencies. 29167

Winlogbeat

  • Add support to Sysmon file delete events (event ID 23). 18094

  • Improve ECS field mappings in Sysmon module. related.hash, related.ip, and related.user are now populated. 18364

  • Improve ECS field mappings in Sysmon module. Hashes are now also populated to the corresponding process.hash, process.pe.imphash, file.hash, or file.pe.imphash. 18364

  • Improve ECS field mappings in Sysmon module. file.name, file.directory, and file.extension are now populated. 18364

  • Improve ECS field mappings in Sysmon module. rule.name is populated for all events when present. 18364

  • Remove top level hash property from sysmon events 20653

Functionbeat

Bugfixes

Affecting all Beats

  • Fields of type match_only_text (i.e. message) and wildcard were missing from the template’s default_field list. 29633 29634

Auditbeat

Filebeat

  • aws-s3: Stop trying to increase SQS message visibility after ReceiptHandleIsInvalid errors. 29480

  • Fix handling of IPv6 addresses in netflow flow events. 19210 29383

  • Undo deletion of endpoint config from cloudtrail fileset in 29415. 29450

Heartbeat

  • Fix broken monitors with newer versions of image relying on dup3. pull

Metricbeat

  • Use xpack.enabled on SM modules to write into .monitoring indices when using Metricbeat standalone 28365

  • Fix in rename processor to ingest metrics for write.iops to proper field instead of write_iops in rds metricset. 28960

  • Enhance filter check in kubernetes event metricset. 29470

  • Fix gcp metrics metricset apply aligner to all metric_types 29513

  • Extract correct index property in kibana.stats metricset 29622

Packetbeat

  • Prevent incorrect use of AMQP protocol parsing from causing silent failure. 29017

  • Fix error handling in MongoDB protocol parsing. 29017

Winlogbeat

Functionbeat

Elastic Logging Plugin

Added

Affecting all Beats

  • Add config option rotate_on_startup to file output 19150 19347

  • Name all k8s workqueue. 28085

  • Update to ECS 8.0 fields. 28620

  • Support custom analyzers in fields.yml. 28540 28926

  • Discover changes in Kubernetes nodes metadata as soon as they happen. 23139

  • Support self signed certificates on outputs 29229

  • Update k8s library 29394

  • Add FIPS configuration option for all AWS API calls. 28899

  • Add default_region config to AWS common module. 29415

  • Add support for latest k8s versions v1.23 and v1.22 29575

Auditbeat

Filebeat

  • Add text/csv decoder to httpjson input 28564

  • Update aws-s3 input to connect to non AWS S3 buckets 28222 28234

  • Add support for '/var/log/pods/' path for add_kubernetes_metadata processor with resource_type: pod. 28868

  • Add documentation for add_kubernetes_metadata processors log_path matcher. 28868

  • Add support for parsers on journald input 29070

  • Add support in httpjson input for oAuth2ProviderDefault of password grant_type. 29087

  • Add new userAgent and beatInfo template functions for httpjson input 29528

Heartbeat

Metricbeat

  • Preliminary AIX support 27954

  • Add option to skip older k8s events 29396

  • Add add_resource_metadata configuration to Kubernetes module. 29133

  • Add container.id and container.runtime ECS fields in container metricset. 29560

  • Add memory.workingset.limit.pct field in Kubernetes container/pod metricset. 29547

  • Add elasticsearch.cluster.id field to Beat and Kibana modules. 29577

  • Add elasticsearch.cluster.id field to Logstash module. 29625

Packetbeat

Functionbeat

Winlogbeat

  • Add support for custom XML queries 1054 29330

Elastic Log Driver

  • Fixed docs for hosts 23644

Deprecated

Affecting all Beats

Filebeat

Heartbeat

Metricbeat

Packetbeat

Winlogbeat

Functionbeat

Known Issue

Journalbeat