Beats version 6.6.0

View commits

Breaking changes

Affecting all Beats

  • Dissect syntax change, use * instead of ? when working with field reference. 8054

Filebeat

  • Allow beats to blacklist certain part of the configuration while using Central Management. 9099

Metricbeat

  • Allow beats to blacklist certain part of the configuration while using Central Management. 9099

Functionbeat

  • The CLI will now log CloudFormation Stack events. 8912
  • Correctly normalize Cloudformation resource name. 10087

Bugfixes

Affecting all Beats

  • Fix autodiscover configurations stopping when metadata is missing. 8851
  • Refresh host metadata in add_host_metadata. 9359
  • When collecting swap metrics for beats telemetry or system metricbeat module handle cases of free swap being bigger than total swap by assuming no swap is being used. 6271 9383
  • Ignore non index fields in default_field for Elasticsearch. 9549
  • Update Golang to 1.10.6. 9563
  • Update Kibana index pattern attributes for objects that are disabled. 9644
  • Enforce validation for the Central Management access token. 9621
  • Fix registry handle leak on Windows (https://github.com/elastic/go-sysinfo/pull/33). 9920
  • Gracefully handle TLS options when enrolling a Beat. 9129
  • Allow to unenroll a Beat from the UI. 9452
  • The backing off now implements jitter to better distribute the load. 10172
  • Fix config appender registration. 9873
  • Fix TLS certificate DoS vulnerability. 10304

Filebeat

  • Fix improperly set config for CRI Flag in Docker Input 8899
  • Just enabling the elasticsearch fileset and starting Filebeat no longer causes an error. 8891
  • Fix macOS default log path for elasticsearch module based on homebrew paths. {pul}8939[8939]
  • Support IPv6 addresses with zone id in IIS ingest pipeline. 9836 error log: 9869 access log: 10030
  • Support haproxy log lines without captured headers. 9463 9958

Heartbeat

  • Heartbeat now always downloads the entire body of HTTP endpoints, even if no checks against the body content are declared. This fixes an issue where timing metrics would be incorrect in scenarios where the body wasn’t used since the connection would be closed soon after the headers were sent, but before the entire body was. 8894

Metricbeat

  • Add missing namespace field in http server metricset 7890
  • Fix issue with not collecting Elasticsearch cross-cluster replication stats correctly. 9179
  • The node.name field in the elasticsearch/node metricset now correctly reports the Elasticsarch node name. Previously this field was incorrectly reporting the node ID instead. 9209
  • Fix panics in vsphere module when certain values where not returned by the API. 9784
  • Fix pod UID metadata enrichment in Kubernetes module. 10081

Packetbeat

  • Fix issue with process monitor associating traffic to the wrong process. 9151 9443
  • Fix DHCPv4 dashboard that wouldn’t load in Kibana. 9850

Added

Affecting all Beats

  • Unify dashboard exporter tools. 9097
  • Dissect will now flag event on parsing error. 8751
  • Added the redirect_stderr option that allows panics to be logged to log files. 8430
  • Add cache.ttl to add_host_metadata. 9359
  • Add support for index lifecycle management (beta). 7963
  • Always include Pod UID as part of Pod metadata. {pull]9517[9517]
  • Release Jolokia autodiscover as GA. 9706

Auditbeat

  • Add system module. 9546

Filebeat - Added detect_null_bytes selector to detect null bytes from a io.reader. 9210 - Added syslog_host variable to HAProxy module to allow syslog listener to bind to configured host. 9366 - Allow to force CRI format parsing for better performance 8424 - Add event.dataset to module events. 9457 - Add field log.source.address and log.file.path to replace source. 9435 - Add support for multi-core thread_id in postgresql module 9156 9482 - Added netflow input type that supports NetFlow v1, v5, v6, v7, v8, v9 and IPFIX. 9399

Journalbeat

  • Add the ability to check against JSON HTTP bodies with conditions. 8667
  • Add cursor_seek_fallback option. 9234

Metricbeat

  • Collect custom cluster display_name in elasticsearch/cluster_stats metricset. 8445
  • Test etcd module with etcd 3.3. 9068
  • All elasticsearch metricsets now have module-level cluster.id and cluster.name fields. 8770 8771 9164 9165 9166 9168
  • All elasticsearch node-level metricsets now have node.id and node.name fields. 9168 9209
  • Add settings to disable docker and cgroup cpu metrics per core. 9187 9194 9589
  • The elasticsearch/node metricset now reports the Elasticsearch cluster UUID. 8771
  • Support GET requests in Jolokia module. 8566 9226
  • Add freebsd support for the uptime metricset. 9413
  • Add host.os.name field to add_host_metadata processor. 8948 9405
  • Add field event.dataset which is {module}.{metricset). 9393

Deprecated

Filebeat - Deprecate field source. Will be replaced by log.source.address and log.file.path in 7.0. 9435

Metricbeat

  • Deprecate field metricset.rtt. Replaced by event.duration which is in nano instead of micro seconds. 9393

Packetbeat

  • Support new TLS version negotiation introduced in TLS 1.3. 8647.