A newer version is available. For the latest information, see the
current release documentation.
Beats version 7.17.8
editBeats version 7.17.8
editBugfixes
editAffecting all Beats
- Re-enable build optimizations to reduce binary size and improve performance. 33620
Filebeat
- Fix Google workspace pagination and document ID generation. 33666
Metricbeat
- Add tags to events based on parsed identifier. 33472
Packetbeat
Added
editAffecting all Beats
- Beats will now attempt to recover if a lockfile has not been removed 33169
Auditbeat
Filebeat
-
Add
text/csv
decoder tohttpjson
input 28564 -
Update
aws-s3
input to connect to non AWS S3 buckets 28222 28234 - Add support for parsers on journald input 29070
- Add support in httpjson input for oAuth2ProviderDefault of password grant_type. 29087
- threatintel module: Add new Recorded Future integration. 30030
- Support SASL/SCRAM authentication in the Kafka input. 31167
-
checkpoint module: Add
network.transport
derived from IANA number. 31076 - Add URL Encode template function for httpjson input. 30962
-
Add
application/zip
decoder to thehttpsjon
input. 31282 31304 -
Default value of
filebeat.registry.flush
increased from 0s to 1s. CPU and disk I/O usage are reduced because the registry is not written to disk for each ingested log line. 30279 - Cisco ASA/FTD: Add support for messages 434001 and 434003. 31533
- Change threatintel module from beta to GA. 31693
- Add template helper function for hashing strings. 31613 31630
- Add extended okta.debug_context.debug_data handling. 31676
-
Add
auth.oauth2.google.jwt_json
option tohttpjson
input. 31750 - Add authentication fields to RabbitMQ module documents. 31159 31680
- Add template helper function for decoding hexadecimal strings. 31886
-
Add new
parser
calledinclude_message
to filter based on message contents. 31794 32094 - Allow iptables module to parse ulogd v2 TOS field in logs. 32126
-
httpjson input: Add
toJSON
helper function to template context. 32472 - Checkpoint module: add authentication operation outcome enrichment. 32230 32431
- add documentation for decode_xml_wineventlog processor field mappings. 32456
- httpjson input: Add request tracing logger. 32402 32412
- Add cloudflare R2 to provider list in AWS S3 input. 32620
- Add support for single string containing multiple relation-types in getRFC5988Link. 32811
- Cloud Foundry input uses server-side filtering when retrieving logs. 33456
Metricbeat