Beats version 1.1.0

View commits

Bugfixes

Affecting all Beats

  • Fix logging issue with file based output where newlines could be misplaced during concurrent logging 650
  • Reduce memory usage by separate queue sizes for single events and bulk events. 649 516
  • Set default default bulk_max_size value to 2048 628

Packetbeat

  • Fix setting direction to out and use its value to decide when dropping events if ignore_outgoing is enabled 557
  • Fix logging issue with file-based output where newlines could be misplaced during concurrent logging 650
  • Reduce memory usage by having separate queue sizes for single events and bulk events. 649 516
  • Set default bulk_max_size value to 2048 628
  • Fix logstash window size of 1 not increasing. 598

Packetbeat

  • Fix the condition that determines whether the direction of the transaction is set to "outgoing". Packetbeat uses the direction field to determine which transactions to drop when dropping outgoing transactions. 557
  • Allow PF_RING sniffer type to be configured using pf_ring or pfring 671

Filebeat

  • Set spool_size default value to 2048 628

Added

Affecting all Beats

  • Add include_fields and drop_fields as part of generic filtering 1120
  • Make logstash output compression level configurable. 630
  • Some publisher options refactoring in libbeat 684
  • Move event preprocessor applying GeoIP to packetbeat 772

Packetbeat

  • Add support for capturing DNS over TCP network traffic. 486 554

Topbeat

  • Group all CPU usage per core statistics and export them optionally if cpu_per_core is configured 496

Filebeat

  • Add multiline support for combining multiple related lines into one event. 461
  • Add exclude_lines and include_lines options for regexp based line filtering. 430
  • Add exclude_files configuration option. 563
  • Add experimental option to enable filebeat publisher pipeline to operate asynchonrously 782

Winlogbeat

  • First public release of Winlogbeat