Affecting all Beats
Auditbeat
Filebeat
Heartbeat
Metricbeat
Packetbeat
Winlogbeat
Functionbeat
Affecting all Beats
-
Fix field names with
add_network_direction
processor. 29747 29751 -
Fix a logging bug when
ssl.verification_mode
was set tofull
orcertificate
, the commandtest output
incorrectly logged that TLS was disabled. -
Fix the ability for subcommands to be ran properly from the beats containers. 30452
-
Update docker/distribution dependency library to fix a security issues concerning OCI Manifest Type Confusion Issue. 30462
-
Fixes Beats crashing when glibc >= 2.35 is used 30576
-
Log errors when parsing and applying config blocks and if the input is disabled. 30534
-
Wildcard fields no longer have a default ignore_above setting of 1024. 30096 30668
-
Ignore bugfix version when running version compatibility check against Elasticsearch. 30746
Auditbeat
Filebeat
-
Report the starting offset of the line in
log.offset
when usingfilestream
instead of the end to be ECS compliant. 30445 -
auditd: Prevent mapping explosion when truncated EXECVE records are ingested. 30382
-
elasticsearch: fix duplicate ingest when using a common appender configuration 30428 30440
-
Fix compatibility with ECS by renaming
source
log key tosource_file
30667 -
Fix add_kubernetes_metadata matcher: support rotated logs when
resource_type: pod
30720
Filebeat
Heartbeat
Metricbeat
Packetbeat
Winlogbeat
Functionbeat
Elastic Logging Plugin
Affecting all Beats
Auditbeat
Filebeat
-
Add
text/csv
decoder tohttpjson
input 28564 -
Update
aws-s3
input to connect to non AWS S3 buckets 28222 28234 -
Add support for '/var/log/pods/' path for add_kubernetes_metadata processor with
resource_type: pod
. 28868 -
Add documentation for add_kubernetes_metadata processors
log_path
matcher. 28868 -
Add support for parsers on journald input 29070
-
Add support in httpjson input for oAuth2ProviderDefault of password grant_type. 29087
-
Add support for filtering in journald input with
unit
,kernel
,identifiers
andinclude_matches
. 29294 -
Add new
userAgent
andbeatInfo
template functions for httpjson input 29528 -
Add extraction of
related.hosts
to Microsoft 365 Defender ingest pipeline 29859 29863 -
threatintel module: Add new Recorded Future integration. 30030
-
Add pipeline in FB’s supported hints. 30212
Auditbeat
Filebeat
Heartbeat
Metricbeat
Packetbeat
Functionbeat
Winlogbeat
-
Improve the error message when the registry file content is invalid. 30543
Elastic Log Driver