A newer version is available. For the latest information, see the
current release documentation.
Beats version 7.17.2
editBeats version 7.17.2
editBugfixes
editAffecting all Beats
- Log errors when parsing and applying config blocks and if the input is disabled. 30534
- Ensure that the Reloadable part of beats are initialized before the Manager is started. 30533
- Fixes Beats crashing when glibc >= 2.35 is used 30576
- Fix dissect trim panics from DELETE (127)(\u007f) character 30657 30658
Auditbeat
Filebeat
- auditd: Prevent mapping explosion when truncated EXECVE records are ingested. 30382
- elasticsearch: fix duplicate ingest when using a common appender configuration 30428 30440
- Fix ECS version string in threatintel to be consistent with other modules and add event.timezone. 30499 30570
- Add default paths value to MySQL Enterprise module to prevent issues with pipeline installations 30598
-
Report the starting offset of the line in
log.offset
when usingfilestream
instead of the end to be ECS compliant. 30445 -
Update documentation for accessing
last_response.url.params
in httpjson input. 30739 -
Fix add_kubernetes_metadata matcher: support rotated logs when
resource_type: pod
30720 - Allow fixing data duplication on restart when filestream inputs did not have an ID set. Setting an ID for filestream
Metricbeat
- Enhance metricbeat on openshift documentation 30054
- Fix Docker module: rename fields on dashboards. 30500
- Add back missing metrics to system/linux. 30774
- GCP metrics query instances with aggregatedList API to improve efficiency. #30153
- Fix delay in perfmon counters collection 30686 #30861
-
Fix overflow in
iostat
metrics 30679