Add text/csv decoder to httpjson input 28564
Update aws-s3 input to connect to non AWS S3 buckets 28222 28234
Add support for parsers on journald input 29070
Add support in httpjson input for oAuth2ProviderDefault of password grant_type. 29087
threatintel module: Add new Recorded Future integration. 30030
Support SASL/SCRAM authentication in the Kafka input. 31167
checkpoint module: Add network.transport derived from IANA number. 31076
Add URL Encode template function for httpjson input. 30962
Add application/zip decoder to the httpsjon input. 31282 31304
Default value of filebeat.registry.flush increased from 0s to 1s. CPU and disk I/O usage are reduced because the registry is not written to disk for each ingested log line. 30279
Cisco ASA/FTD: Add support for messages 434001 and 434003. 31533
Change threatintel module from beta to GA. 31693
Add template helper function for hashing strings. 31613 31630
Add extended okta.debug_context.debug_data handling. 31676
Add auth.oauth2.google.jwt_json option to httpjson input. 31750
Add authentication fields to RabbitMQ module documents. 31159 31680
Add template helper function for decoding hexadecimal strings. 31886
Add new parser called include_message to filter based on message contents. 31794 32094
Allow iptables module to parse ulogd v2 TOS field in logs. 32126
httpjson input: Add toJSON helper function to template context. 32472
Checkpoint module: add authentication operation outcome enrichment. 32230 32431
add documentation for decode_xml_wineventlog processor field mappings. 32456
httpjson input: Add request tracing logger. 32402 32412
Add cloudflare R2 to provider list in AWS S3 input. 32620
Add support for single string containing multiple relation-types in getRFC5988Link. 32811
Cloud Foundry input uses server-side filtering when retrieving logs. 33456

Metricbeat

Azure Billing: upgrade Usage Details API to version 2019-10-01 31970
Azure Billing: switch to Cost Management API for forecast data 32589

« Beats version 7.17.9 Beats version 7.17.7 »