Breaking changes in 7.11

edit

Field changes

edit

The following field changes are potentially breaking for anything that relies on these fields:

  • In Filebeat, the suricata.eve.timestamp alias field has been removed from the Suricata module.
  • In Auditbeat, the file integrity dataset no longer includes a leading dot in file.extension values. For example, it will report png instead of .png to comply with Elastic Common Schema (ECS).

See the release notes for a complete list of changes, including changes to beta or experimental functionality.