Beats version 7.17.2

edit

View commits

Bugfixes

edit

Affecting all Beats

  • Log errors when parsing and applying config blocks and if the input is disabled. 30534
  • Ensure that the Reloadable part of beats are initialized before the Manager is started. 30533
  • Fixes Beats crashing when glibc >= 2.35 is used 30576
  • Fix dissect trim panics from DELETE (127)(\u007f) character 30657 30658

Auditbeat

  • Fix handling of execve call events which have no argument. 30585 30586

Filebeat

  • auditd: Prevent mapping explosion when truncated EXECVE records are ingested. 30382
  • elasticsearch: fix duplicate ingest when using a common appender configuration 30428 30440
  • Fix ECS version string in threatintel to be consistent with other modules and add event.timezone. 30499 30570
  • Add default paths value to MySQL Enterprise module to prevent issues with pipeline installations 30598
  • Report the starting offset of the line in log.offset when using filestream instead of the end to be ECS compliant. 30445
  • Update documentation for accessing last_response.url.params in httpjson input. 30739
  • Fix add_kubernetes_metadata matcher: support rotated logs when resource_type: pod 30720
  • Allow fixing data duplication on restart when filestream inputs did not have an ID set. Setting an ID for filestream

Metricbeat

  • Enhance metricbeat on openshift documentation 30054
  • Fix Docker module: rename fields on dashboards. 30500
  • Add back missing metrics to system/linux. 30774
  • GCP metrics query instances with aggregatedList API to improve efficiency. #30153
  • Fix delay in perfmon counters collection 30686 #30861
  • Fix overflow in iostat metrics 30679

Added

edit

Heartbeat

  • Generate summary documents for journeys which exit successfully, but do not emit journey/end events 30825

Metricbeat

  • Add kubernetes.container.status.last.reason metric 30306