Logstash Lines: A few improvements this week

Welcome to Logstash Lines! With these weekly series, we're keeping you up to date with what's new in Logstash, including the latest commits and releases.

Did you know that Logstash 6.4 is already available? Try it and let us know what you think.

Improved cgroups information collection when mounted in a different location

When using Logstash within a container the cgroups information was mounted in a different location causing Logstash to not collect the information (#6797). A similar issue was affecting other parts of the stack so a fix has been merged to Logstash (#9999) that applies the same strategy as implemented in Elasticsearch (#22757) and beats (#3692).

Improved compliance to CEF spec with new "reverse_mapping" option

Currently, the Logstash cef codec, when decoding a payload, will use as keys the long name form of the CEF specification fields. However, this same spec advises that the short form should be used instead. A new boolean option called "reverse_mapping" has been introduced (PR #51) to perform this conversion. This option is disabled by default as it would introduce a breaking change but will very likely be flipped in the next major version of Logstash.

All changes

Repository: elastic/logstash

  • Make cgroups more robust and provide the override similar to ES #9999

Repositories under elastic/logstash-plugins:

logstash-codec-cef - 5.0.6

  • Added reverse_mapping option, which can be used to make encoder compliant to spec #51

logstash-filter-math - 1.1.1

  • Fix to make registers threadsafe #10

logstash-input-cloudwatch - 2.2.4

  • Fixed shutdown handling #43
  • We're hiring

    Work for a global, distributed team where finding someone like you is just a Zoom meeting away. Flexible work with impact? Development opportunities from the start?