Logstash 7.17.0 Release Notes
editLogstash 7.17.0 Release Notes
editNew features and enhancements
edit-
Docker images for
full
andoss
distributions are now is based on Ubuntu 20.04 (ubi8
image remains unchanged) #13529
Performance improvements and notable issues fixed
edit- Reduced the scope of a memory leak that can be caused by processing events with UUID or other high-cardinality field names. #13655
-
Fixed an error in the
logstash-plugin install
command that prevented the installation of non-default plugins #13405 -
Fixed an issue where invoking the Logstash Keystore Utility (
bin/logstash-keystore
) incorrectly set up a logging directory to the literal${sys:ls.logs}
and produced noise to the console about routing logs. This utility now correctly configures its logger using the provided settings file. #13221 -
Fixed
events.out
metric count when there the events are dropped in filter-output section of the pipeline. Events that were dropped are no longer included. #13593 -
Fixed a regression introduced in
7.12
, in which theLS_JAVA_OPTS
environment variable is ignored when a readablejvm.options
file cannot be found. #13525 -
Fixed a crash of Logstash in initialization when using the
logstash-input-azure_eventhub
plugin. #13603 - Fixed an issue where environment variables in pipeline condition statements were not substituted #13608
- Reduced Deprecation noise in the Elastic Upgrade Assistant. Elasticsearch requests made by the Monitoring or Central Management features that are not directly user-configurable will include a special product origin header so that Upgrade Assistant can avoid calling out deprecations that are not user-actionable. #13563
Progress toward Elastic Common Schema (ECS)
editIn this release, we continued our efforts towards Elastic Common Schema (ECS).
-
We added (or updated) a BETA preview of the upcoming ECS v8 in these plugins:
-
elasticsearch input has updated ECS templates for
v1
and BETA support for upcoimign ECSv8
-
clone filter and syslog input added support for ECS
v8
as an alias to the existingv1
implementation
-
elasticsearch input has updated ECS templates for
-
We added ECS support including BETA support of ECS
v8
in these plugins: -
We made ECS-specific improvements in these plugins:
-
geoip filter has improved support for ECS’s
geo.region_iso_code
field -
grok filter has a fixed capture of the
BIN9_QUERYLOG
pattern
-
geoip filter has improved support for ECS’s
Check out our progress toward ECS compatibility in github issue #11635.
Plugins
editClone Filter - 4.2.0
- Added support for ECS v8 as alias for ECS v1 #27
Geoip Filter - 7.2.11
-
Improved compatibility with the Elastic Common Schema #206
-
Added support for ECS’s composite
region_iso_code
(US-WA
), which replaces the non-ECSregion_code
(WA
) as a default field with City databases. To get the stand-aloneregion_code
in ECS mode, you must include it in thefields
directive - [DOC] Improve ECS-related documentation
-
Added support for ECS’s composite
- [DOC] Air-gapped environment requires both ASN and City databases #204
Http Filter - 1.2.1
Ruby Filter - 3.1.8
- [DOC] Added doc to describe the option `tag_with_exception_message`https://github.com/logstash-plugins/logstash-filter-ruby/pull/62[#62]
- Fix SyntaxError handling so other pipelines can shut down gracefully #64
Useragent Filter - 3.3.3
- Docs: mention added fields in 3.3 with a note #78
Exec Input - 3.4.0
- Feat: adjust fields for ECS compatibility #28
-
Plugin will no longer override fields if they exist in the decoded payload (It no longer sets the
host
field if decoded from the command’s output)
Gelf Input - 3.3.1
-
Fix: safely coerce the value of
_@timestamp
to avoid crashing the plugin #67
Generator Input - 3.1.0
- Feat: adjusted fields for ECS compatibility #22
- Fix: do not override the host field if it’s present in the generator line (after decoding)
- Fix: codec flushing when closing input
Imap Input - 3.2.0
- Feat: ECS compatibility #55
-
added (optional)
headers_target
configuration option -
added (optional)
attachments_target
configuration option -
Fix: plugin should not close
$stdin
, while being stopped
Jms Input - 3.2.1
- Fix: improve compatibility with MessageConsumer implementations #51, such as IBM MQ.
-
Test: Fix test failures due to ECS compatibility default changes in
8.x
of logstash #53 - Feat: event_factory support + targets to aid ECS #49
- Fix: when configured to add JMS headers to the event, headers whose value is not set no longer result in nil entries on the event
-
Fix: when adding the
jms_reply_to
header to an event, a string representation is set instead of an opaque object.
Pipe Input - 3.1.0
- Feat: adjust fields for ECS compatibility #19
S3 Input - 3.8.3
Snmp Input - 1.3.1
Snmptrap Input - 3.1.0
- Feat: ecs_compatiblity support + (optional) target #37
Syslog Input - 3.6.0
- Add support for ECS v8 as alias to v1 implementation #68
Twitter Input - 4.1.0
- Feat: optional target + ecs_compatibility #72
Unix Input - 3.1.1
Jdbc Integration - 5.2.2
- Feat: name scheduler threads + redirect error logging #102
- Refactor: isolate paginated normal statement algorithm in a separate handler #101
-
Added
jdbc_paging_mode
option to choose if useexplicit
pagination in statements and avoid the initial count query or useauto
to delegate to the underlying library #95 -
Several improvements to Java driver loading
-
Refactor: to explicit Java (driver) class name loading #96. The change is expected to provide a more robust fix for the driver loading issue #83.
NOTE: A fatal driver error will no longer keep reloading the pipeline and now leads to a system exit.
- Fix: regression due returning the Java driver class #98
-
Kafka Integration - 10.9.0
-
Refactor: leverage codec when using schema registry
Previously using
schema_registry_url
parsed the payload as JSON even ifcodec => 'plain'
was explicitly set, this is no longer the case. #106
Cloudwatch Output - 3.0.10
- Fix: an old undefined method error which would surface with load (as queue fills up)
- Deps: unpin rufus scheduler #20
Elasticsearch Output - 11.4.1
-
Feat: upgrade manticore (http-client) library #1063
- the underlying changes include latest HttpClient (4.5.13)
-
resolves an old issue with
ssl_certificate_verification => false
still doing some verification logic
-
Updates ECS templates #1062
- Updates v1 templates to 1.12.1 for use with Elasticsearch 7.x and 8.x
- Updates BETA preview of ECS v8 templates for Elasticsearch 7.x and 8.x
- Feat: add support for traces data stream type #1057
- Refactor: review manticore error handling/logging, logging originating cause in case of connection related error when debug level is enabled. Java causes on connection related exceptions will now be extra logged when plugin is logging at debug level #1029
-
ECS-related fixes #1046
- Data Streams requirement on ECS is properly enforced when running on Logstash 8, and warned about when running on Logstash 7.
- ECS Compatibility v8 can now be selected
Core Patterns - 4.3.2
-
Fix: typo in
BIN9_QUERYLOG
pattern (in ECS mode) #307