« Beats version 8.18.1 Beats version 8.17.6 »
Elastic Docs Beats Platform Reference [8.18] Release notes

Beats version 8.18.0

edit
A newer version is available. Check out the latest documentation.

Beats version 8.18.0

edit

View commits

Breaking changes

edit

Affecting all Beats

  • Removed support for a single - to precede multi-letter command line arguments. Use -- instead. 42117 42209

Filebeat

  • The fields produced by the Journald input are updated to better match ECS. Renamed fields: Dropped fields: syslog.priority and syslog.facility while keeping their duplicated equivalent: log.syslog.priority,log.syslog.facility.code. Renamed fields: syslog.identifierlog.syslog.appname, syslog.pidlog.syslog.procid. container.id_truncated is dropped because the full container ID is already present as container.id and container.log.tag is dropped because it is already present as log.syslog.appname. The field container.partial is replaced by the tag partial_message if it was true, otherwise no tag is added. 42208 42403

Osquerybeat

  • Upgrade osquery version to 5.13.1. 40849

Packetbeat

  • Use base-16 for reporting serial_number value in TLS fields in line with the ECS recommendation. 41542

Bugfixes

edit

Auditbeat

  • Add a cached hasher for upcoming backend. 41952
  • Split common tty definitions. 42004

Filebeat

  • Redact authorization headers in HTTPJSON debug logs. 41920
  • The _id generation process for S3 events has been updated to incorporate the LastModified field. This enhancement ensures that the _id is unique. 42078
  • Fix truncation of bodies in request tracing by limiting bodies to 10% of the maximum file size. 42327

Metricbeat

  • Fix the function to determine CPU cores on windows. 42593 43409

Winlogbeat

  • Reset EventLog if error EOF is encountered. 42826
  • Implement backoff on error retrial. 42826

Added

edit

Auditbeat

  • Improve logging in system/socket. 41571

Filebeat

  • Update CEL mito extensions version to v1.16.0. 41727
  • Filebeat’s registry is now added to the Elastic-Agent diagnostics bundle. 33238 41795
  • Add unifiedlogs input for MacOS. 41791
  • Add evaluation state dump debugging option to CEL input. 41335
  • The Filestream input can automatically migrate state from files when changing the file_identity if the previous file identity was native (the default) or path. 40197 41762
  • Rate limiting operability improvements in the Okta provider of the Entity Analytics input. 40106 41977
  • Journald input now can report its status to Elastic-Agent 39791 42462
  • The journald input is now generally available. 42107
  • Add etw input fallback to attach an already existing session. 42847
  • Update CEL mito extensions to v1.17.0. 42851
  • Allow a grace time for awss3 input shutdown to enable incomplete SQS message processing to be completed. 43369

Heartbeat

  • Upgrade node version to latest LTS v18.20.7. 43511

Metricbeat

  • Add support for podman metrics in docker module. 41889
  • Add new OpenAI (openai) module for tracking usage data. 41516
  • Preserve queries for debugging when merge_results: true in SQL module. 42271
  • Add a warning log to metricbeat.vsphere in case vSphere connection has been configured as insecure. 43104

Metricbeat - Add benchmark module. 41801

Packetbeat - Add tls.server.ja3s tls fingerprint 43284

Winlogbeat

  • Properly set events UserData when experimental API is used. 41525
  • Include XML is respected for experimental API. 41525
  • Forwarded events use renderedtext info for experimental API. 41525
  • Language setting is respected for experimental API. 41525
  • Language setting also added to decode xml wineventlog processor. 41525
  • Format embedded messages in the experimental API. 41525
  • Make the experimental API GA and rename it to winlogbeat-raw. 39580 41770
  • Remove 22 clause limitation. 35047 42187
  • Add handling for recoverable publisher disabled errors. 35316 42187
« Beats version 8.18.1 Beats version 8.17.6 »