This list summarizes the most important enhancements in Beats. For the complete list, go to Beats release highlights.
Support added for TLS 1.3edit
In 7.6, we’ve added support for TLS 1.3, enabling you to take advantage of the security and performance improvements available in TLS 1.3 when Beats connects to an Elasticsearch cluster that supports it.
TLS 1.1, 1.2, and 1.3 are now enabled by default.
Azure cloud monitoring improvementsedit
We’ve also made it easier for you to do a cost analysis on metrics collection by adding a cost warning message to each metrics API call. The message indicates the cost applied while retrieving metric values from Azure resources.
Google cloud monitoring improvementsedit
We’ve also expanded support in Metricbeat by adding a beta release of the Google Cloud Platform module. This module fetches monitoring metrics from Google Cloud Platform (GCP) by using the Stackdriver Monitoring API.
On the logging side, we’ve added two new filesets to the Filebeat Google Cloud module to make it easier for you to ingest Gloogle Cloud logs:
auditfileset parses Google Cloud Audit Logs.
firewallfileset parses firewall logs generated by firewall rules logging.
Better support for document deduplicationedit
To help prevent duplicate events, we’ve introduced
in Beats that you can use to set the document ID before sending events to
an output. The ID is stored in the Beats
@metadata._id field and used to
set the document ID during indexing. Both the
decode_json_fields processor and
json options in the Filebeat have been enhanced to include a
document_id setting to use when decoding JSON data.
We’ve also added new processors for generating IDs when your data has no natural
key field. The
add_id processor generates a unique
ID for an event. The
generates a fingerprint of an event based on a specified subset of its fields.
To learn more, see Data deduplication.