Logstash 5.4.1 Release Notes

  • Fixed an issue on Windows where Logstash was unable to locate the default log4j2.properties file (Issue 6352).

Input Plugins

Beats:

  • Fixed an issue where Logstash would incorrectly close the connection from beats due to a timeout (Issue 185).

JDBC:

  • This plugin now automatically reconnects on connection issues (Issue 45).

HTTP Poller:

  • Added option to specify top-level user/password options that apply to all URLs by default.
  • Added eager auth functionality. This means the client will send any credentials in its first request rather than waiting for a 401 challenge.

Log4j:

  • This input now rejects any non-log4j log objects sent as input.

RabbitMQ:

  • Updated the underlying RabbitMQ Java lib to v3.0.0.

S3:

  • Fixed an issue where Logstash would crash when attempting to ingest a JSON file with a message attribute that was not a string (Issue 109).

Elasticsearch:

  • Fixed scrolling to use JSON bodies in the requests.

Filter Plugins

Date:

  • This plugin now ignores canceled events. Previously, these events were unnecessarily processed.

Fingerprint:

  • Improved error messages that could happen during startup.

Grok:

  • Fixed an issue where a subdirectory under the patterns directory could cause Logstash to crash at startup (Issue 110).
  • Added ability to define custom patterns within a grok filter by using the pattern_definitions config option.

URL Decode:

  • Fixed an issue where Logstash would crash when processing Unicode input with this filter.

Output Plugins

S3:

  • Fixed the restore_from_crash option to use the same upload options as the normal uploader (Issue 140).
  • Updated the canned_acl option to allow public-read, public-read-write and authenticated-read as possible values.

RabbitMQ:

  • Updated the underlying RabbitMQ Java lib to v3.0.0.

Elasticsearch:

  • Added support for customizing the sniffing path with the sniffing_path and absolute_sniffing_path config options.

Kafka:

  • Fixed a bug when Logstash would fail to start up when SASL_SSL and PLAIN (no Kerberos) options were specified.