Beats version 8.4.0 | Beats Platform Reference [8.5]

IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

› ›

« Beats version 8.4.1 Beats version 8.3.3 »

Beats version 8.4.0edit

View commits

Breaking changesedit

Heartbeat - Browser monitors (beta) now write to the synthetics-* index prefix. 32064 - Setting a custom index for a given monitor is now deprecated. Streams are preferred. 32064 - Browser monitors now default to a max concurrency of two. 32564

Bugfixesedit

Affecting all Beats

Fix namespacing for agent self-monitoring, CPU no longer reports as zero. 32336
Expand fields in decode_json_fields if target is set. 31712 32010

Auditbeat

auditd module: Fix parsing of audit rules where arguments are quoted (like file paths containing spaces). 32421
auditd module: Fix minimum AuditStatus length so that library can support kernels from 2.6.32. 32421
system/socket: Reduce memory usage of the dataset. 32191 32192

Filebeat

Fix counter for number of events published in httpjson input. 31993
Fix handling of Checkpoint event for R81. 32380 32458
gcp-pubsub input: Restart Pub/Sub client on all errors. 32550 32712

Heartbeat

Send targetted error message for unexpected synthetics exits. 31936
Reduced memory usage slightly for browser monitors. 32317
Automatically kill zombie-ish node processes. 32393
Added timeout for browser monitors. 32434
Fix bug with browser jobs that had missing check groups or sent empty events. 32542

Metricbeat

Update Kubernetes apiserver metricset to not collect deprecated metrics and fix dashboard. 31973
Check for nil metadata in GCP. 32281
Update Kubernetes controllermanager metricset to not collect deprecated metrics and fix dashboard. 32037
Fix ARN parsing for Cloudwatch resource names with leading slashes. 32358
Fix an infinite loop in AWS billing metricset. 32626
Add missing metrics in AWS Transit Gateway module 32617
Replace internal expiring cache used by the Kubernetes module with in-memory dictionary. 32539
Oracle Module: Refactor module to use existing host parsers instead of doing its own parsing of hosts. 31611 #31692
Oracle Module: Correctly handle special characters in the connection string. 24609 #31368

Winlogbeat

Powershell: Fix processing of parameter details. 31833
Security: Fix processing of sidlist, access list and access mask. 31833
Fix fatal invalid memory write on Windows 11. 32469 32519
Fix handling of event formatting when no metadata is available on Windows 11. 32468 32519

Addededit

Affecting all Beats

Improve performance of disk queue by coalescing writes. 31935

Auditbeat

Add immutable option to the auditd module. 8352 32381

Filebeat

Add auth.oauth2.google.jwt_json option to httpjson input. 31750
Add authentication fields to RabbitMQ module documents. 31159 31680
Add template helper function for decoding hexadecimal strings. 31886
Add new parser called include_message to filter based on message contents. 31794 32094
Extend list of mapped record types in o365 Audit module. 32217
Add references for CRI-O configuration in input-container and in our Kubernetes manifests. 32149 32151
httpjson input: Add replaceAll helper function to template context. 32365
Optimize grok patterns in system.auth module pipeline. 32360
Checkpoint module: add authentication operation outcome enrichment. 32230 32431
Add documentation for decode_xml_wineventlog processor field mappings. 32456

Metricbeat

Oracle Module: New sysmetric metricset. 30946 #31462
AWS Fargate: Added support for DesiredStatus and KnownStatus. 32077 #32342
Enable Generic SQL merge metrics to a single event for sql_queries using new flag. 32394
Add distribution type metrics for GCP. 32170

Packetbeat

Add support for specifying default route interface sniffing. 31905 31950
Add support for TCP transport to the SIP protocol. 28166 32346

« Beats version 8.4.1 Beats version 8.3.3 »