Beats version 7.17.8

edit

View commits

Bugfixes

edit

Affecting all Beats

  • Re-enable build optimizations to reduce binary size and improve performance. 33620

Filebeat

  • Fix Google workspace pagination and document ID generation. 33666

Metricbeat

  • Add tags to events based on parsed identifier. 33472

Packetbeat

  • Fix panic on memcache transaction with no request or response. 33852 33853

Added

edit

Affecting all Beats

  • Beats will now attempt to recover if a lockfile has not been removed 33169

Auditbeat

  • Improve documentation for symlink handling behaviour in file integrity module. 33430
  • Ensure file integrity module watch paths are absolute. 33430

Filebeat

  • Add text/csv decoder to httpjson input 28564
  • Update aws-s3 input to connect to non AWS S3 buckets 28222 28234
  • Add support for parsers on journald input 29070
  • Add support in httpjson input for oAuth2ProviderDefault of password grant_type. 29087
  • threatintel module: Add new Recorded Future integration. 30030
  • Support SASL/SCRAM authentication in the Kafka input. 31167
  • checkpoint module: Add network.transport derived from IANA number. 31076
  • Add URL Encode template function for httpjson input. 30962
  • Add application/zip decoder to the httpsjon input. 31282 31304
  • Default value of filebeat.registry.flush increased from 0s to 1s. CPU and disk I/O usage are reduced because the registry is not written to disk for each ingested log line. 30279
  • Cisco ASA/FTD: Add support for messages 434001 and 434003. 31533
  • Change threatintel module from beta to GA. 31693
  • Add template helper function for hashing strings. 31613 31630
  • Add extended okta.debug_context.debug_data handling. 31676
  • Add auth.oauth2.google.jwt_json option to httpjson input. 31750
  • Add authentication fields to RabbitMQ module documents. 31159 31680
  • Add template helper function for decoding hexadecimal strings. 31886
  • Add new parser called include_message to filter based on message contents. 31794 32094
  • Allow iptables module to parse ulogd v2 TOS field in logs. 32126
  • httpjson input: Add toJSON helper function to template context. 32472
  • Checkpoint module: add authentication operation outcome enrichment. 32230 32431
  • add documentation for decode_xml_wineventlog processor field mappings. 32456
  • httpjson input: Add request tracing logger. 32402 32412
  • Add cloudflare R2 to provider list in AWS S3 input. 32620
  • Add support for single string containing multiple relation-types in getRFC5988Link. 32811
  • Cloud Foundry input uses server-side filtering when retrieving logs. 33456

Metricbeat

  • Azure Billing: upgrade Usage Details API to version 2019-10-01 31970
  • Azure Billing: switch to Cost Management API for forecast data 32589