A newer version is available. For the latest information, see the current release documentation.
Elastic Docs Beats Platform Reference [7.17] Release notes
« Beats version 7.17.5 Beats version 7.17.3 »

Beats version 7.17.4edit

View commits

Bugfixesedit

Affecting all Beats

  • Fix group write permissions on runtime directories. 30869
  • Store syslog version as string. 31446
  • Accept XML that declares non-UTF-8 encoding to allow decode_xml and decode_xml_wineventlog decoding of incorrectly annotated documents. 31395 31546

Filebeat

  • m365_defender: Fix processing when alerts.entities is an empty list. 31223 31227
  • Prevent filestream from rereading whole files if they are rotated using rename. 31268
  • google_workspace: Fix pagination to prevent skipped events when more than one page is present. 31372
  • cisco: Fix umbrella dns logs populating destination.ip instead of source.nat.ip. 31454

Packetbeat

  • Use /proc/<pid>/comm for linux process names where possible. 31527
  • Move "protocol" term from event.category to event.type in SIP events. 31599

Winlogbeat

  • Fix evtx parsing failures. 30621 30942
  • Fix resource handle leak during event log enrichment. 31504

Addededit

Affecting all Beats

  • Update to Go 1.17.9 31350

Filebeat

  • Add storage_account_container configuration option to Azure logs. 31279
  • Sanitize the Azure storage account container names with underscores (_). 31384

Winlogbeat

  • Retry EvtSubscribe from start if fails with strict mode. 29793 30155
« Beats version 7.17.5 Beats version 7.17.3 »