IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Beats version 8.15.0
editBeats version 8.15.0
editKnown issues
editFilebeat
- The Azure EventHub input in Filebeat is not found when running on Windows. Please refrain from upgrading to 8.15. See 40608 for details.
- Memory usage is not correctly limited by the number of events actively in the memory queue, but rather the maximum size of the memory queue regardless of usage. 41355 Filebeat
-
The AWS S3 input polling mode is not working when the S3 bucket is not in the
us-east-1
default region. This also impacts all AWS integrations and any custom AWS log integration which uses theaws-s3
input polling mode. When using Filebeat, please add adefault_region
configuration with the region of the S3 bucket. For example:filebeat.inputs: - type: aws-s3 enabled: true credential_profile_name: elastic-observability default_region: us-east-2 number_of_workers: 5 bucket_arn: 'arn:aws:s3:::test1'
Metricbeat
-
Metrics can be lost when using Metricbeat due to the total fields limit of the Metricbeat index template. We recommend increasing the
index.mapping.total_fields.limit
setting of the Metricbeat index template to 12500 and perform a rollover of the Metricbeat data stream. If you’ve customized the name of the index associated to Metricbeat, apply the same change accordingly.
Breaking changes
editFilebeat
Metricbeat
-
Remove fallback to the node limit for the
kubernetes.pod.cpu.usage.limit.pct
andkubernetes.pod.memory.usage.limit.pct
metrics calculation. - Add support for Kibana status metricset in v8 format. 40275
Osquerybeat
- Add action responses data stream, allowing Osquerybeat to post action results directly to Elasticsearch. 39143
Bugfixes
editAffecting all Beats
Filebeat
- Fix for Google Workspace duplicate events issue by adding canonical sorting over fingerprint keys array to maintain key order. 40055 39859
-
Prevent panic in CEL and salesforce inputs when
github.com/hashicorp/go-retryablehttp
exceeds maximum retries. 40144 - Update CEL mito extensions to v1.13.1. 40307
- Fix bug in CEL input rate limit logic. 40106 40270
Metricbeat
- Set GCP metrics config period to the default (60s) when the value is below the minimum allowed period. 30434 40020
- Fix statistic methods for metrics collected for SQS. 40207
- Update beat module with apm-server monitoring metrics fields. 40127
- Fix Azure Monitor metric timespan to restore Storage Account PT1H metrics. 40376 40367
Added
editAffecting all Beats
- Update Go version to 1.22.5. 40082
- Introduce log message for not supported annotations for Hints based autodiscover. 38213
- Add persistent volume claim name to volume if available. 38839
- Raw events are now logged to a different file, this prevents potentially sensitive information from leaking into log files. 38767
- Websocket input: Added runtime URL modification support based on state and cursor values. 39858 39997
Auditbeat
Filebeat
- Ensure all responses sent by HTTP Endpoint are HTML-escaped. 39329
- Improve logging of request and response with request trace logging in error conditions. 39455
- Implement Elastic Agent status and health reporting for CEL Filebeat input. 39209
- Add HTTP metrics to CEL input. 39501 39503
- Add default user-agent to CEL HTTP requests. 39502 39587
- Improve reindexing support in security module pipelines. 38224 39588
- Make HTTP Endpoint input GA. 38979 39410
- Add support for base64-encoded HMAC headers to HTTP Endpoint. 39655
- Add user group membership support to Okta entity analytics provider. 39814 39815
- Add request trace support for Okta and EntraID entity analytics providers. 39821
- Allow elision of set and append failure logging. 34544 39929
- Add ability to remove request trace logs from CEL input. 39969
- Add ability to remove request trace logs from HTTPJSON input. 40003
- Update CEL mito extensions version to v1.13.0 40035
- Add Jamf entity analytics provider. 39996
-
Add ability to remove request trace logs from
http_endpoint
input. 40005 -
Add ability to remove request trace logs from
entityanalytics
input. 40004 - Relax constraint on Base DN in entity analytics Active Directory provider. 40054
- Enhance input state reporting for CEL evaluations that return a single error object in events. 40083
- Allow absent credentials when using GCS with Application Default Credentials. 39977 40072
- Allow cross-region bucket configuration in S3 input. 22161 40309
Metricbeat
-
Support
schema_name
for MySQL performance metricset. 38363 -
Add
last_terminated_timestamp
metric in Kubernetes module. 39200 3802 -
Add
pod.status.ready_time
andpod.status.reason
metrics in Kubernetes module. 39316 - Add "Buffer cache hit ratio base" to calculate "Buffer cache hit ratio" for performance metrics. 40022
- Add support of Graphite series 1.1.0+ tagging extension for statsd module. 39619