Beats highlightsedit

This list summarizes the most important enhancements in Beats. For the complete list, go to Beats release highlights.

Support added for TLS 1.3edit

In 7.6, we’ve added support for TLS 1.3, enabling you to take advantage of the security and performance improvements available in TLS 1.3 when Beats connects to an Elasticsearch cluster that supports it.

TLS 1.1, 1.2, and 1.3 are now enabled by default.

Azure cloud monitoring improvementsedit

The new storage metricset in the Metricbeat Azure module adds the ability to collect metrics from storage accounts.

We’ve also made it easier for you to do a cost analysis on metrics collection by adding a cost warning message to each metrics API call. The message indicates the cost applied while retrieving metric values from Azure resources.

Google cloud monitoring improvementsedit

Starting with 7.6, you can deploy Functionbeat as a Google Function via Google Cloud Deployment Manager and pull log events from Google Pub/Sub and Google Cloud Storage.

We’ve also expanded support in Metricbeat by adding a beta release of the Google Cloud Platform module. This module fetches monitoring metrics from Google Cloud Platform (GCP) by using the Stackdriver Monitoring API.

On the logging side, we’ve added two new filesets to the Filebeat Google Cloud module to make it easier for you to ingest Gloogle Cloud logs:

  • The audit fileset parses Google Cloud Audit Logs.
  • The firewall fileset parses firewall logs generated by firewall rules logging.

Better support for document deduplicationedit

To help prevent duplicate events, we’ve introduced document_id settings in Beats that you can use to set the document ID before sending events to an output. The ID is stored in the Beats @metadata._id field and used to set the document ID during indexing. Both the decode_json_fields processor and json options in the Filebeat have been enhanced to include a document_id setting to use when decoding JSON data.

We’ve also added new processors for generating IDs when your data has no natural key field. The add_id processor generates a unique ID for an event. The fingerprint processor generates a fingerprint of an event based on a specified subset of its fields.

To learn more, see Data deduplication.