What's new in Logstash 7.12.0

We are happy to announce the general availability of the Logstash 7.12.0 release. This is the latest stable release and is now available for download! Please refer to the release notes for the complete list of features and bug fixes.

The ECS journey continues

The Elastic Common Schema (ECS) provides users a consistent way for structuring data in Elasticsearch, and has become a tablestake for analyzing, visualizing, and correlating data within the Elastic Observability and Security solutions. Logstash continues to be one of the primary ways of ingesting time series datasets into the Elastic Stack, and we have been embarking on a journey to achieve ECS compliance across the product for some time now.

Logstash’s flexibility for data transformation and enrichment means that users have the power to do almost anything with their data; and with great power comes great responsibility. Within the Logstash ecosystem, there are plugins that allow users to explicitly create fields that may not align with ECS, like when using the add_field option in the mutate filter or the target option in the many different filter plugins. As users will continue being responsible for maintaining ECS compliance for pipelines with explicitly created fields, we added an ECS compatibility option for the Elasticsearch output plugin in Logstash 7.9.0 to provide a way for Elasticsearch to validate events prior to persistence with ECS compatible index templates.

There are also plugins which implicitly create fields that may not align with ECS today, like when the GeoIP filter looks up an IP address or the Beats input enriches host metadata. For plugins that exhibit this type of behavior, we have created a framework that will make this ECS transition experience easier for both plugin users and maintainers. Plugins will have access to an ECS compatibility mode which ensures that implicitly created fields will be under ECS compliant namespaces. In this release, we have added this functionality to the Beats input for the host metadata, and the grok filter when composite patterns are matched and applied. There is a large surface area here, and we plan to enable this mode for applicable plugins that we bundle and support with Logstash over time. Additionally, we introduced a pipeline-level ECS compatibility option back in Logstash 7.10.0, allowing users to control the ECS compatibility mode for all plugins within a pipeline at the same time. Although these features are currently opt-in, it enables users to try out and lock down specific behaviors for their pipelines prior to the next major release where we plan to make Logstash ECS compliant by default.

More details around the ECS journey and its progression can be found in this Github issue.

ARM support goes beta

Around our efforts to meet users where they are, we continue to offer Logstash across a myriad of platforms so that users can get started quickly in their own respective environments. With the growing popularity of ARM-based architectures, we are now graduating our ARM/AARCH64 support for Linux to beta in Logstash 7.12.0, bringing us a step closer to production readiness. These offerings are available as Linux artifacts and Docker images.

JDK 15 support

With this release, we are also happy to introduce support for Oracle/OpenJDK/AdoptOpenJDK 15. The Logstash JDK 15 documentation provides guidance around upgrades.

Please consult our support matrix for the full list of operating systems and JVM/JDKs that Logstash supports.

Try it yourself!

Please download Logstash 7.12.0, try it, and let us know what you think on Twitter (@elastic) or in our forums and community Slack. You can report any bugs or feature requests on the Logstash Github issues page or within the respective plugin repositories.

  • We're hiring

    Work for a global, distributed team where finding someone like you is just a Zoom meeting away. Flexible work with impact? Development opportunities from the start?