- Beats Platform Reference: other versions:
- What are Beats?
- Community Beats
- Get started with Beats
- Config file format
- Upgrade
- Release notes
- Beats version 8.17.2
- Beats version 8.17.1
- Beats version 8.17.0
- Beats version 8.16.1
- Beats version 8.16.0
- Beats version 8.15.5
- Beats version 8.15.4
- Beats version 8.15.3
- Beats version 8.15.2
- Beats version 8.15.1
- Beats version 8.15.0
- Beats version 8.14.3
- Beats version 8.14.2
- Beats version 8.14.1
- Beats version 8.14.0
- Beats version 8.13.4
- Beats version 8.13.3
- Beats version 8.13.2
- Beats version 8.13.1
- Beats version 8.13.0
- Beats version 8.12.2
- Beats version 8.12.1
- Beats version 8.12.0
- Beats version 8.11.4
- Beats version 8.11.3
- Beats version 8.11.2
- Beats version 8.11.1
- Beats version 8.11.0
- Beats version 8.10.4
- Beats version 8.10.3
- Beats version 8.10.2
- Beats version 8.10.1
- Beats version 8.10.0
- Beats version 8.9.2
- Beats version 8.9.1
- Beats version 8.9.0
- Beats version 8.8.2
- Beats version 8.8.1
- Beats version 8.8.0
- Beats version 8.7.1
- Beats version 8.7.0
- Beats version 8.6.2
- Beats version 8.6.1
- Beats version 8.6.0
- Beats version 8.5.3
- Beats version 8.5.2
- Beats version 8.5.1
- Beats version 8.5.0
- Beats version 8.4.3
- Beats version 8.4.2
- Beats version 8.4.1
- Beats version 8.4.0
- Beats version 8.3.3
- Beats version 8.3.2
- Beats version 8.3.1
- Beats version 8.3.0
- Beats version 8.2.3
- Beats version 8.2.2
- Beats version 8.2.1
- Beats version 8.2.0
- Beats version 8.1.3
- Beats version 8.1.2
- Beats version 8.1.1
- Beats version 8.1.0
- Beats version 8.0.1
- Beats version 8.0.0
- Beats version 7.17.0
- Beats version 7.16.3
- Beats version 7.16.2
- Beats version 7.16.1
- Beats version 7.16.0
- Beats version 7.15.2
- Beats version 7.15.1
- Beats version 7.15.0
- Beats version 7.14.2
- Beats version 7.14.1
- Beats version 7.14.0
- Beats version 7.13.4
- Beats version 7.13.3
- Beats version 7.13.2
- Beats version 7.13.1
- Beats version 7.13.0
- Beats version 7.12.1
- Beats version 7.12.0
- Beats version 7.11.2
- Beats version 7.11.1
- Beats version 7.11.0
- Beats version 7.10.2
- Beats version 7.10.1
- Beats version 7.10.0
- Beats version 7.9.3
- Beats version 7.9.2
- Beats version 7.9.1
- Beats version 7.9.0
- Beats version 7.8.1
- Beats version 7.8.0
- Beats version 7.7.1
- Beats version 7.7.0
- Beats version 7.6.2
- Beats version 7.6.1
- Beats version 7.6.0
- Beats version 7.5.2
- Beats version 7.5.1
- Beats version 7.5.0
- Beats version 7.4.2
- Beats version 7.4.1
- Beats version 7.4.0
- Beats version 7.3.2
- Beats version 7.3.1
- Beats version 7.3.0
- Beats version 7.2.1
- Beats version 7.2.0
- Beats version 7.1.1
- Beats version 7.1.0
- Beats version 7.0.1
- Beats version 7.0.0
- Beats version 7.0.0-GA
- Beats version 7.0.0-rc2
- Beats version 7.0.0-rc1
- Beats version 7.0.0-beta1
- Beats version 7.0.0-alpha2
- Beats version 7.0.0-alpha1
- Beats version 6.8.13
- Beats version 6.8.12
- Beats version 6.8.11
- Beats version 6.8.10
- Beats version 6.8.9
- Beats version 6.8.8
- Beats version 6.8.7
- Beats version 6.8.6
- Beats version 6.8.5
- Beats version 6.8.4
- Beats version 6.8.3
- Beats version 6.8.2
- Beats version 6.8.1
- Beats version 6.8.0
- Beats version 6.7.2
- Beats version 6.7.1
- Beats version 6.7.0
- Beats version 6.6.2
- Beats version 6.6.1
- Beats version 6.6.0
- Beats version 6.5.4
- Beats version 6.5.3
- Beats version 6.5.2
- Beats version 6.5.1
- Beats version 6.5.0
- Beats version 6.4.3
- Beats version 6.4.2
- Beats version 6.4.1
- Beats version 6.4.0
- Beats version 6.3.1
- Beats version 6.3.0
- Beats version 6.2.3
- Beats version 6.2.2
- Beats version 6.2.1
- Beats version 6.2.0
- Beats version 6.1.3
- Beats version 6.1.2
- Beats version 6.1.1
- Beats version 6.1.0
- Beats version 6.0.1
- Beats version 6.0.0
- Beats version 6.0.0-GA
- Beats version 6.0.0-rc2
- Beats version 6.0.0-rc1
- Beats version 6.0.0-beta2
- Beats version 6.0.0-beta1
- Beats version 6.0.0-alpha2
- Beats version 6.0.0-alpha1
- Beats version 5.6.14
- Beats version 5.6.13
- Beats version 5.6.12
- Beats version 5.6.11
- Beats version 5.6.10
- Beats version 5.6.9
- Beats version 5.6.8
- Beats version 5.6.7
- Beats version 5.6.6
- Beats version 5.6.5
- Beats version 5.6.4
- Beats version 5.6.3
- Beats version 5.6.2
- Beats version 5.6.1
- Beats version 5.6.0
- Beats version 5.5.3
- Beats version 5.5.2
- Beats version 5.5.1
- Beats version 5.5.0
- Beats version 5.4.2
- Beats version 5.4.1
- Beats version 5.4.0
- Beats version 5.3.2
- Beats version 5.3.1
- Beats version 5.3.0
- Beats version 5.2.2
- Beats version 5.2.1
- Beats version 5.2.0
- Beats version 5.1.2
- Beats version 5.1.1
- Beats version 5.1.0 (skipped)
- Beats version 5.0.2
- Beats version 5.0.1
- Beats version 5.0.0
- Beats version 5.0.0-GA
- Beats version 5.0.0-rc1
- Beats version 5.0.0-beta1
- Beats version 5.0.0-alpha5
- Beats version 5.0.0-alpha4
- Beats version 5.0.0-alpha3
- Beats version 5.0.0-alpha2
- Beats version 5.0.0-alpha1
- Beats version 1.3.1
- Beats version 1.3.0
- Beats version 1.2.3
- Beats version 1.2.2
- Beats version 1.2.1
- Beats version 1.2.0
- Beats version 1.1.2
- Beats version 1.1.1
- Beats version 1.1.0
- Beats version 1.0.1
- Beats version 1.0.0
- Beats version 1.0.0-rc2
- Beats version 1.0.0-rc1
- Beats version 1.0.0-beta4
- Breaking changes
- Contribute to Beats
Beats version 7.8.0
editBeats version 7.8.0
editBreaking changes
editAffecting all Beats
-
Introduce APM instrumentation, which is active when running the beat with
ELASTIC_APM_ACTIVE=true
. 17938
Filebeat
-
Improve ECS field mappings in panw module.
event.outcome
now only contains success or failure, as recommended by the ECS specification. 16025 17910 -
Improve ECS categorization field mappings for nginx module.
http.request.referrer
is now lowercase, and it is only populated when nginx sets a value. 16174 17844 -
Improve ECS field mappings in santa module.
hash.sha256
is moved toprocess.hash.sha256
, and certificate fields are now undersanta.certificate
. 16180 17982
Bugfixes
editAffecting all Beats
Heartbeat
- Fix TCP TLS checks to properly validate hostnames. In previous 7.x versions, this only worked for IP SANs. 17549
Metricbeat
Added
editAffecting all Beats
-
Update supported versions of
redis
output. 17198 -
Add
replace
processor for replacing string values of fields. 17342 -
Add
urldecode
processor for decoding URL-encoded fields. 17505 -
Add support for AWS IAM
role_arn
in credentials config. 17658 12464 - Add Kerberos support to Elasticsearch output. 17927
-
Set
agent.name
to the hostname by default. 16377 18000 - Add keystore support for autodiscover static configurations. 16306
- Add support for basic ECS logging. 17974
-
Add config example of how to skip the
add_host_metadata
processor when forwarding logs. 13920 18153 - Add backoff configuration options for the Kafka output. 16777 17808
- Add keystore support for autodiscover static configurations. 16306
- Add Kerberos support to Elasticsearch output. 17927
-
Add support for fixed length extraction in
dissect
processor. 17191
Auditbeat
- Add system module process dataset ECS categorization fields. 18032
- Add system module user dataset ECS categorization fields. 18035
- Add system module login dataset ECS categorization fields. 18034
- Add system module package dataset ECS categorization fields. 18033
- Add ECS categories for system module host dataset. 18031
- Add system module socket dataset ECS categorization fields. 18036
- Add file integrity module ECS categorization fields. 18012
-
Add
file.mime_type
,file.extension
, andfile.drive_letter
for file integrity module. 18012
Filebeat
- Add source field in k8s events. 17209
-
Add new
crowdstrike
module for ingesting Crowdstrike Falcon streaming API endpoint event data. 16988 - Improve ECS categorization field mappings in mongodb module. 16170 17371
- Improve ECS categorization field mappings for mssql module. 16171 17376
- Improve ECS categorization field mappings for mysql module. 16172 17491
- Add new Checkpoint Syslog filebeat module. 17682
- Add config option to select a different azure cloud env in the azure-eventhub input and azure module. 17649 17659
-
Enhance
elasticsearch/server
fileset to handle ECS-compatible logs emitted by Elasticsearch. 17715 17714 - Add Unix stream socket support as an input source and a syslog input source. 17492
- Improve ECS categorization field mappings in misp module. 16026 17344
-
Enhance
elasticsearch/deprecation
fileset to handle ECS-compatible logs emitted by Elasticsearch. 17715 17728 -
Make
decode_cef
processor GA. 17944 - Add new Fortigate Syslog filebeat module. 17890
- Improve ECS categorization field mappings in redis module. 16179 17918
- Improve ECS categorization field mappings in rabbitmq module. 16178 17916
- Improve ECS categorization field mappings in postgresql module. 16177 17914
- Improve ECS categorization field mappings for nginx module. 16174 17844
- Add support for Google Application Default Credentials to the Google Pub/Sub input and Google Cloud modules. 15668
- Improve ECS categorization field mappings for zeek module. 16029 17738
- Improve ECS categorization field mappings for netflow module. 16135 18108
-
Add an input option
publisher_pipeline.disable_host
to disablehost.name
from being added to events by default. 18159 - Improve ECS categorization field mappings in system module. 16031 18065
- Improve ECS categorization field mappings in osquery module. 16176 17881
- Add support for v10, v11 and v12 logs on Postgres 13810 17732
- Add dashboard for Google Cloud Audit and AWS CloudTrail. 17379
Heartbeat
- Add additional ECS compatible fields for TLS information. 17687
Metricbeat
- Refactor windows/perfmon metricset configuration options and event output. 17596
- Add more detailed error messages, system tests and small refactoring to the service metricset in windows. 17725
-
Stack Monitoring modules now auto-configure required metricsets when
xpack.enabled: true
is set. 16471 17609 - Add Metricbeat IIS module dashboards. 17966
- Add dashboard for the azure database account metricset. 17901
- Allow partial region and zone name in googlecloud module config. 17913
- Add aggregation aligner as a config parameter for googlecloud stackdriver metricset. 17141 17719
- Move the perfmon metricset to GA. 16608 17879
-
Stack Monitoring modules now auto-configure required metricsets when
xpack.enabled: true
is set. 16471 17609 - Add static mapping for metricsets under aws module. 17614 17650
- Add dashboard for googlecloud storage metricset. 18172
-
Collect new
bulk
indexing metrics from Elasticsearch whenxpack.enabled:true
is set. 17977 17992 - Remove requirement to connect as sysdba in Oracle module. 15846 18182
- Update MSSQL module to fix some SSPI authentication and add brackets to USE statements. 17862
Winlogbeat
-
Set
process.command_line
andprocess.parent.command_line
from Sysmon Event ID 1. 17327 - Add support for event IDs 4673,4674,4697,4698,4699,4700,4701,4702,4768,4769,4770,4771,4776,4778,4779,4964 to the Security module. 17517
- Add registry and code signature information and ECS categorization fields for sysmon module. 18058
On this page
Was this helpful?
Thank you for your feedback.