Beats version 8.3.0edit

View commits

Bugfixesedit

Affecting all Beats

  • Allow loading secrets that contain commas from the keystore 31694.

Auditbeat

  • Fix audit status collection on kernels prior to version 5.9. 31616 31710

Filebeat

  • Do not emit error log when filestream reader reaches EOF and close.reader.on_eof is enabled. 31109
  • sophos.xg: Update module to handle new log fields. 31038 31388
  • Fix MISP documentation for var.filters config option. 31434
  • Fix type mapping of client.as.number in okta module. 31676
  • If a file is ignored by filestream because of ignore_older settings, when it is updated, only the new lines are shipped to the output. 31924 31972

Heartbeat

  • Fix unintentional use of no-op logger. 31543

Metricbeat

  • make system/filesystem code sensitive to hostfs and migrate libraries to elastic-agent-opts 31001
  • Fix kubernetes module’s internal cache expiration issue. This avoid metrics like kubernetes.container.cpu.usage.limit.pct from not being populated. 31785
  • add missing HealthyHostCount and UnHealthyHostCount for application ELB. 31853

Winlogbeat

  • Sysmon: Drop fields with "-" value (unset) 31556

Addededit

Affecting all Beats

  • Add new config option timestamp.precision to configure timestamps. 31682

Auditbeat

  • Add backlog_wait_time_actual to the output of the auditbeat auditd show-status command. 31535

Filebeat

  • Support SASL/SCRAM authentication in the Kafka input. 31167
  • checkpoint module: Add network.transport derived from IANA number. 31076
  • Add URL Encode template function for httpjson input. 30962
  • Add application/zip decoder to the httpsjon input. 31282 31304
  • Default value of filebeat.registry.flush increased from 0s to 1s. CPU and disk I/O usage are reduced because the registry is not written to disk for each ingested log line. 30279
  • Cisco ASA/FTD: Add support for messages 434001 and 434003. 31533
  • Change threatintel module from beta to GA. 31693
  • Add template helper function for hashing strings. 31613 31630
  • Add extended okta.debug_context.debug_data handling. 31676
  • Add a new salesforce module to collect data from salesforce. 31486

Auditbeat

  • auditd: Updated the go-libaudit library version to v2.3.0. This refreshes the syscall names for Linux and adds ECS categorizations for more audit anomaly events. 31519

Filebeat

  • http_endpoint input: Add support for requests with Content-Encoding: gzip. 31005

Heartbeat

  • Add support for pushed browser monitor source from the synthetics agent. 31428
  • Add ARM64 seccomp profile. 31285 31422
  • Add new playwright_options config for browser monitors. 28196 31737

Metricbeat

  • Add new Kubernetes module dashboards 31591
  • system/core: add cpuinfo information for Linux hosts 31643

Winlogbeat

  • Add parent process ID to new process creation events. 29237 31102
  • Sysmon: Support for Sysmon Registry non-QWORD/DWORD events. 31556

Deprecatededit

Heartbeat - Bump node.js version for synthetics to 16.15.0. 31675