IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Beats version 7.17.5 Beats version 7.17.3 »
Elastic Docs Beats Platform Reference [7.17] Release notes

Beats version 7.17.4

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Beats version 7.17.4

edit

View commits

Bugfixes

edit

Affecting all Beats

  • Fix group write permissions on runtime directories. 30869
  • Store syslog version as string. 31446
  • Accept XML that declares non-UTF-8 encoding to allow decode_xml and decode_xml_wineventlog decoding of incorrectly annotated documents. 31395 31546

Filebeat

  • m365_defender: Fix processing when alerts.entities is an empty list. 31223 31227
  • Prevent filestream from rereading whole files if they are rotated using rename. 31268
  • google_workspace: Fix pagination to prevent skipped events when more than one page is present. 31372
  • cisco: Fix umbrella dns logs populating destination.ip instead of source.nat.ip. 31454

Packetbeat

  • Use /proc/<pid>/comm for linux process names where possible. 31527
  • Move "protocol" term from event.category to event.type in SIP events. 31599

Winlogbeat

  • Fix evtx parsing failures. 30621 30942
  • Fix resource handle leak during event log enrichment. 31504

Added

edit

Affecting all Beats

  • Update to Go 1.17.9 31350

Filebeat

  • Add storage_account_container configuration option to Azure logs. 31279
  • Sanitize the Azure storage account container names with underscores (_). 31384

Winlogbeat

  • Retry EvtSubscribe from start if fails with strict mode. 29793 30155
« Beats version 7.17.5 Beats version 7.17.3 »