IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Beats version 8.11.0
editBeats version 8.11.0
editBreaking changes
editAffecting all Beats
- The Elasticsearch output now enables compression by default. This decreases network data usage by an average of 70-80%, in exchange for 20-25% increased CPU use and ~10% increased ingestion time. The previous default can be restored by setting the flag compression_level: 0
under output.elasticsearch
. 36681
- The elastic-agent-autodiscover
library is updated to version 0.6.4, disabling metadata for deployment and cronjob. Pods that will be created from deployments or cronjobs will not have the extra metadata field for kubernetes.deployment
or kubernetes.cronjob
, respectively. 36879
Filebeat
-
Switch types of
log.file.device
,log.file.inode
,log.file.idxhi
,log.file.idxlo
andlog.file.vol
fields to strings to better align with ECS and integrations. 36697
Metricbeat
- The System module now collects the number of threads per process. The elastic-agent-system-metrics was updated to v0.7.0 as this version collects the number of threads.
Bugfixes
editAffecting all Beats
-
Upgrade
elastic-agent-libs
to v0.6.0, allowing a Beat running as a Windows service to receive more than one change request. 36896
Filebeat
Heartbeat
Metricbeat
- Fix Azure Monitor empty metricnamespace. 36295
- Fix GCP compute metadata. 36338
- Add missing TransactionType dimension for Azure Storage Account. 36413
- Add log error when statsd server fails to start. 36477
- Fix CassandraConnectionClosures metric configuration. 34742
- Fix event mapping implementation for statsd module. 36925
Winlogbeat
Added
editAffecting all Beats
- Upgrade to Go 1.20.10. 36846
-
Add support for forward lookups (
A
,AAAA
, andTXT
) in DNS processor. 11416 36394 -
Mark
syslog
processor as GA, improve docs about how processor handles syslog messages. 36416 36417 - Add support for AWS external IDs. 36321 36322
-
Disable
netinfo.enabled
option ofadd-host-metadata processor`to enhance `host.ip
andhost.mac
. 36506 - Beats will now connect to older Elasticsearch instances by default. 36884
- Upgrade golang/x/net to v0.17.0. Updates the publicsuffix table used by the registered_domain processor. 36969
Filebeat
- Reduce HTTPJSON metrics allocations. 36282
- Add support for a simplified input configuraton when running under Elastic Agent. 36390
- Make HTTPJSON response body decoding errors more informative. 36481
- Allow fine-grained control of entity analytics API requests for Okta provider. 36440 36492
-
Add support for expanding
journald.process.capabilities
into the human-readable effective capabilities in the ECSprocess.thread.capabilities.effective
field. 36454 36470 - Allow fine-grained control of entity analytics API requests for AzureAD provider. 36440 36441
-
For request tracer logging in CEL and httpjson the request and response body are no longer included in
event.original
. The body is still present inhttp.{request,response}.body.content
. 36531 - Add support for Okta OAuth2 provider in the CEL input. 36336 36521
- Improve error logging in HTTPJSON input. 36529
- Disable warning message about ingest pipeline loading when running under Elastic Agent. 36659
- Add input metrics to http_endpoint input. 36402 36427
- Remove Event Normalization from GCP PubSub Input. 36716
- Add support for new features & removed partial save mechanism in the Azure Blob Storage input. 35126 36690
- Improve template evaluation logging for HTTPJSON input. 36668
- Add CEL partial value debug function. 36652
- Add support for new features and remove partial save mechanism in the GCS input. 35847 36713
- Add cache processor. 36786
Packetbeat