We are pleased to announce the Beats 6.7.0 release. This is the latest stable version and it comes with a GA version release for Functionbeat and a migration tool for Beats Central Management.
A few months ago, we were announcing the first version of Functionbeat as beta, a serverless ingestion for Elasticsearch. Functionbeat is a new addition to the Beats product suite that can easily ingest data in a scalable, reliable and cost efficient fashion.
Besides getting the logs from AWS Cloudwatch and Simple Queue Service (SQS), the GA version also brings support for Kinesis.
Upgrade Beats Central Management (beta) to the 6.7 version
In the 6.7 version of the Beats Central Management, the schema of the configuration documents used by Kibana has changed. As a result of the template changes, enrolled Beats and tags created prior to 6.7 will not work with the new UI until they are moved to the new format. For this, we have created a one time tool to help you migrate your data from 6.6 to 6.7.
Before running the migration tool, you would need to configure your cluster details in the migrate.yml file under the url, username and password along with ssl.* settings.
Please check the documentation for more details.
New datasets in the Auditbeat system module
The Auditbeat system module, which was introduced in 6.6, got more functionality in this release:
logindataset that collects log in information by reading
packagedataset that collects the installed DEB, RPM, and Homebrew packages. Like most data sets in the Auditbeat system module, it can send the full list of installed packages but also differential updates (packages added or removed).
processdataset is now enhanced with user information, so it's easy to correlate between users and their processes.
- A new
entity_idis added to the various datasets to enable visualising the number of unique processes, sockets, users, etc. See this ticket for how this field is defined.
If you want to try the new features added in Beats 6.7.0, please download it, install it, and let us know what you think on Twitter (@elastic) or in our forum. Enjoy!