Beats version 8.15.0
editBeats version 8.15.0
editKnown issues
editFilebeat
- The Azure EventHub input in Filebeat is not found when running on Windows. Please refrain from upgrading to 8.15. See 40608 for details.
- Memory usage is not correctly limited by the number of events actively in the memory queue, but rather the maximum size of the memory queue regardless of usage. 41355
Breaking changes
editFilebeat
Metricbeat
-
Remove fallback to the node limit for the
kubernetes.pod.cpu.usage.limit.pctandkubernetes.pod.memory.usage.limit.pctmetrics calculation. - Add support for Kibana status metricset in v8 format. 40275
Osquerybeat
- Add action responses data stream, allowing Osquerybeat to post action results directly to Elasticsearch. 39143
Bugfixes
editAffecting all Beats
Filebeat
- Fix for Google Workspace duplicate events issue by adding canonical sorting over fingerprint keys array to maintain key order. 40055 39859
-
Prevent panic in CEL and salesforce inputs when
github.com/hashicorp/go-retryablehttpexceeds maximum retries. 40144 - Update CEL mito extensions to v1.13.1. 40307
- Fix bug in CEL input rate limit logic. 40106 40270
Metricbeat
- Set GCP metrics config period to the default (60s) when the value is below the minimum allowed period. 30434 40020
- Fix statistic methods for metrics collected for SQS. 40207
- Update beat module with apm-server monitoring metrics fields. 40127
- Fix Azure Monitor metric timespan to restore Storage Account PT1H metrics. 40376 40367
Added
editAffecting all Beats
- Update Go version to 1.22.5. 40082
- Introduce log message for not supported annotations for Hints based autodiscover. 38213
- Add persistent volume claim name to volume if available. 38839
- Raw events are now logged to a different file, this prevents potentially sensitive information from leaking into log files. 38767
- Websocket input: Added runtime URL modification support based on state and cursor values. 39858 39997
Auditbeat
Filebeat
- Ensure all responses sent by HTTP Endpoint are HTML-escaped. 39329
- Improve logging of request and response with request trace logging in error conditions. 39455
- Implement Elastic Agent status and health reporting for CEL Filebeat input. 39209
- Add HTTP metrics to CEL input. 39501 39503
- Add default user-agent to CEL HTTP requests. 39502 39587
- Improve reindexing support in security module pipelines. 38224 39588
- Make HTTP Endpoint input GA. 38979 39410
- Add support for base64-encoded HMAC headers to HTTP Endpoint. 39655
- Add user group membership support to Okta entity analytics provider. 39814 39815
- Add request trace support for Okta and EntraID entity analytics providers. 39821
- Allow elision of set and append failure logging. 34544 39929
- Add ability to remove request trace logs from CEL input. 39969
- Add ability to remove request trace logs from HTTPJSON input. 40003
- Update CEL mito extensions version to v1.13.0 40035
- Add Jamf entity analytics provider. 39996
-
Add ability to remove request trace logs from
http_endpointinput. 40005 -
Add ability to remove request trace logs from
entityanalyticsinput. 40004 - Relax constraint on Base DN in entity analytics Active Directory provider. 40054
- Enhance input state reporting for CEL evaluations that return a single error object in events. 40083
- Allow absent credentials when using GCS with Application Default Credentials. 39977 40072
- Allow cross-region bucket configuration in S3 input. 22161 40309
Metricbeat
-
Support
schema_namefor MySQL performance metricset. 38363 -
Add
last_terminated_timestampmetric in Kubernetes module. 39200 3802 -
Add
pod.status.ready_timeandpod.status.reasonmetrics in Kubernetes module. 39316 - Add "Buffer cache hit ratio base" to calculate "Buffer cache hit ratio" for performance metrics. 40022
- Add support of Graphite series 1.1.0+ tagging extension for statsd module. 39619