Beats version 8.11.0

edit

View commits

Breaking changes

edit

Affecting all Beats - The Elasticsearch output now enables compression by default. This decreases network data usage by an average of 70-80%, in exchange for 20-25% increased CPU use and ~10% increased ingestion time. The previous default can be restored by setting the flag compression_level: 0 under output.elasticsearch. 36681 - The elastic-agent-autodiscover library is updated to version 0.6.4, disabling metadata for deployment and cronjob. Pods that will be created from deployments or cronjobs will not have the extra metadata field for kubernetes.deployment or kubernetes.cronjob, respectively. 36879

Filebeat

  • Switch types of log.file.device, log.file.inode, log.file.idxhi, log.file.idxlo and log.file.vol fields to strings to better align with ECS and integrations. 36697

Metricbeat

  • The System module now collects the number of threads per process. The elastic-agent-system-metrics was updated to v0.7.0 as this version collects the number of threads.

Bugfixes

edit

Affecting all Beats

  • Upgrade elastic-agent-libs to v0.6.0, allowing a Beat running as a Windows service to receive more than one change request. 36896

Filebeat

  • Added a fix for the Crowdstrike pipeline handling of process arrays. 36496
  • Fix handling of response errors in HTTPJSON and CEL request trace logging. 36956

Heartbeat

  • Fix retries to trigger on a down monitor with no previous state. 36842
  • Bump NodeJS minor version to 18.18.2. 36961
  • Fix monitor duration calculation with retries. 36900

Metricbeat

  • Fix Azure Monitor empty metricnamespace. 36295
  • Fix GCP compute metadata. 36338
  • Add missing TransactionType dimension for Azure Storage Account. 36413
  • Add log error when statsd server fails to start. 36477
  • Fix CassandraConnectionClosures metric configuration. 34742
  • Fix event mapping implementation for statsd module. 36925

Winlogbeat

  • Fix User Account Control Attributes Table values for Security module. 36999 37009

Added

edit

Affecting all Beats

  • Upgrade to Go 1.20.10. 36846
  • Add support for forward lookups (A, AAAA, and TXT) in DNS processor. 11416 36394
  • Mark syslog processor as GA, improve docs about how processor handles syslog messages. 36416 36417
  • Add support for AWS external IDs. 36321 36322
  • Disable netinfo.enabled option of add-host-metadata processor`to enhance `host.ip and host.mac. 36506
  • Beats will now connect to older Elasticsearch instances by default. 36884
  • Upgrade golang/x/net to v0.17.0. Updates the publicsuffix table used by the registered_domain processor. 36969

Filebeat

  • Reduce HTTPJSON metrics allocations. 36282
  • Add support for a simplified input configuraton when running under Elastic Agent. 36390
  • Make HTTPJSON response body decoding errors more informative. 36481
  • Allow fine-grained control of entity analytics API requests for Okta provider. 36440 36492
  • Add support for expanding journald.process.capabilities into the human-readable effective capabilities in the ECS process.thread.capabilities.effective field. 36454 36470
  • Allow fine-grained control of entity analytics API requests for AzureAD provider. 36440 36441
  • For request tracer logging in CEL and httpjson the request and response body are no longer included in event.original. The body is still present in http.{request,response}.body.content. 36531
  • Add support for Okta OAuth2 provider in the CEL input. 36336 36521
  • Improve error logging in HTTPJSON input. 36529
  • Disable warning message about ingest pipeline loading when running under Elastic Agent. 36659
  • Add input metrics to http_endpoint input. 36402 36427
  • Remove Event Normalization from GCP PubSub Input. 36716
  • Add support for new features & removed partial save mechanism in the Azure Blob Storage input. 35126 36690
  • Improve template evaluation logging for HTTPJSON input. 36668
  • Add CEL partial value debug function. 36652
  • Add support for new features and remove partial save mechanism in the GCS input. 35847 36713
  • Add cache processor. 36786

Packetbeat

  • Bump Windows Npcap version to v1.76. 36539 36549