A newer version is available. For the latest information, see the current release documentation.

« Logstash 7.17.1 Release Notes Logstash 7.16.3 Release Notes »

› ›

Logstash 7.17.0 Release Notes

edit

Logstash 7.17.0 Release Notes

edit

New features and enhancements

edit

Docker images for full and oss distributions are now is based on Ubuntu 20.04 (ubi8 image remains unchanged) #13529

Performance improvements and notable issues fixed

edit

Reduced the scope of a memory leak that can be caused by processing events with UUID or other high-cardinality field names. #13655
Fixed an error in the logstash-plugin install command that prevented the installation of non-default plugins #13405
Fixed an issue where invoking the Logstash Keystore Utility (bin/logstash-keystore) incorrectly set up a logging directory to the literal ${sys:ls.logs} and produced noise to the console about routing logs. This utility now correctly configures its logger using the provided settings file. #13221
Fixed events.out metric count when there the events are dropped in filter-output section of the pipeline. Events that were dropped are no longer included. #13593
Fixed a regression introduced in 7.12, in which the LS_JAVA_OPTS environment variable is ignored when a readable jvm.options file cannot be found. #13525
Fixed a crash of Logstash in initialization when using the logstash-input-azure_eventhub plugin. #13603
Fixed an issue where environment variables in pipeline condition statements were not substituted #13608
Reduced Deprecation noise in the Elastic Upgrade Assistant. Elasticsearch requests made by the Monitoring or Central Management features that are not directly user-configurable will include a special product origin header so that Upgrade Assistant can avoid calling out deprecations that are not user-actionable. #13563

Progress toward Elastic Common Schema (ECS)

edit

In this release, we continued our efforts towards Elastic Common Schema (ECS).

We added (or updated) a BETA preview of the upcoming ECS v8 in these plugins:
- elasticsearch input has updated ECS templates for v1 and BETA support for upcoimign ECS v8
- clone filter and syslog input added support for ECS v8 as an alias to the existing v1 implementation
We added ECS support including BETA support of ECS v8 in these plugins:
We made ECS-specific improvements in these plugins:
- geoip filter has improved support for ECS’s geo.region_iso_code field
- grok filter has a fixed capture of the BIN9_QUERYLOG pattern

Check out our progress toward ECS compatibility in github issue #11635.

Plugins

edit

Clone Filter - 4.2.0

Added support for ECS v8 as alias for ECS v1 #27

Geoip Filter - 7.2.11

Improved compatibility with the Elastic Common Schema #206
- Added support for ECS’s composite region_iso_code (US-WA), which replaces the non-ECS region_code (WA) as a default field with City databases. To get the stand-alone region_code in ECS mode, you must include it in the fields directive
- [DOC] Improve ECS-related documentation
[DOC] Air-gapped environment requires both ASN and City databases #204

Http Filter - 1.2.1

Fix: do not set content-type if provided by user #36
Feat: improve ECS compatibility #35
Add support for PUT requests #34

Ruby Filter - 3.1.8

[DOC] Added doc to describe the option `tag_with_exception_message`https://github.com/logstash-plugins/logstash-filter-ruby/pull/62[#62]
Fix SyntaxError handling so other pipelines can shut down gracefully #64

Useragent Filter - 3.3.3

Docs: mention added fields in 3.3 with a note #78

Exec Input - 3.4.0

Feat: adjust fields for ECS compatibility #28
Plugin will no longer override fields if they exist in the decoded payload (It no longer sets the host field if decoded from the command’s output)

Gelf Input - 3.3.1

Fix: safely coerce the value of _@timestamp to avoid crashing the plugin #67

Generator Input - 3.1.0

Feat: adjusted fields for ECS compatibility #22
Fix: do not override the host field if it’s present in the generator line (after decoding)
Fix: codec flushing when closing input

Imap Input - 3.2.0

Feat: ECS compatibility #55
added (optional) headers_target configuration option
added (optional) attachments_target configuration option
Fix: plugin should not close $stdin, while being stopped

Jms Input - 3.2.1

Fix: improve compatibility with MessageConsumer implementations #51, such as IBM MQ.
Test: Fix test failures due to ECS compatibility default changes in 8.x of logstash #53
Feat: event_factory support + targets to aid ECS #49
Fix: when configured to add JMS headers to the event, headers whose value is not set no longer result in nil entries on the event
Fix: when adding the jms_reply_to header to an event, a string representation is set instead of an opaque object.

Pipe Input - 3.1.0

Feat: adjust fields for ECS compatibility #19

S3 Input - 3.8.3

Fix missing metadata and type of the last event #223
Refactor: read sincedb time once per bucket listing #233

Snmp Input - 1.3.1

Refactor: handle no response(s) wout error logging #105
Feat: ECS compliance + optional target #99
Internal: update to Gradle 7 #102

Snmptrap Input - 3.1.0

Feat: ecs_compatiblity support + (optional) target #37

Syslog Input - 3.6.0

Add support for ECS v8 as alias to v1 implementation #68

Twitter Input - 4.1.0

Feat: optional target + ecs_compatibility #72

Unix Input - 3.1.1

Fix: unable to stop plugin (on LS 6.x) #29
Refactor: plugin internals got reviewed for data_timeout => ... to work reliably
Feat: adjust fields for ECS compatibility #28

Jdbc Integration - 5.2.2

Feat: name scheduler threads + redirect error logging #102
Refactor: isolate paginated normal statement algorithm in a separate handler #101
Added jdbc_paging_mode option to choose if use explicit pagination in statements and avoid the initial count query or use auto to delegate to the underlying library #95
Several improvements to Java driver loading
- Refactor: to explicit Java (driver) class name loading #96. The change is expected to provide a more robust fix for the driver loading issue #83.
```
NOTE: A fatal driver error will no longer keep reloading the pipeline and now leads to a system exit.
```
- Fix: regression due returning the Java driver class #98

Kafka Integration - 10.9.0

Refactor: leverage codec when using schema registry Previously using schema_registry_url parsed the payload as JSON even if codec => 'plain' was explicitly set, this is no longer the case. #106

Cloudwatch Output - 3.0.10

Fix: an old undefined method error which would surface with load (as queue fills up)
Deps: unpin rufus scheduler #20

Elasticsearch Output - 11.4.1

Feat: upgrade manticore (http-client) library #1063
- the underlying changes include latest HttpClient (4.5.13)
- resolves an old issue with ssl_certificate_verification => false still doing some verification logic
Updates ECS templates #1062
- Updates v1 templates to 1.12.1 for use with Elasticsearch 7.x and 8.x
- Updates BETA preview of ECS v8 templates for Elasticsearch 7.x and 8.x
Feat: add support for traces data stream type #1057
Refactor: review manticore error handling/logging, logging originating cause in case of connection related error when debug level is enabled. Java causes on connection related exceptions will now be extra logged when plugin is logging at debug level #1029
ECS-related fixes #1046
- Data Streams requirement on ECS is properly enforced when running on Logstash 8, and warned about when running on Logstash 7.
- ECS Compatibility v8 can now be selected

Core Patterns - 4.3.2

Fix: typo in BIN9_QUERYLOG pattern (in ECS mode) #307

« Logstash 7.17.1 Release Notes Logstash 7.16.3 Release Notes »