Logstash 7.12.1 Release Notesedit

Notable issues fixededit

  • Set correct permissions for /usr/share/logstash on (RPM, DEB) pkg installs #12782
  • Allow plugin manager to remove plugin regardless of the current working directory #12786

Pluginsedit

Cef Codec - 6.1.2

  • Added error log with full payload when something bad happens in decoding a message #84

Fingerprint Filter - 3.2.3

  • [DOC] Expanded description for concatenate_sources behavior and provided examples #60

Mutate Filter - 3.5.1

  • Fix: removed a minor optimization in case-conversion helpers that could result in a race condition in very rare and specific situations #151

Beats Input - 6.1.2

  • [DOC] Added naming attribute to control plugin name that appears in docs, and set up framework to make attributes viable in code sample
  • [DOC] Enhanced ECS compatibility information for ease of use and readability #413

File Input - 4.2.4

  • Fix: sincedb_write issue on Windows machines #283

Redis Input - 3.6.1

  • Fix: resolve crash when commands_map is set #86

Tcp Input - 6.0.9

  • [DOC] Reorder options alphabetically #171
  • [DOC] better description for tcp_keep_alive option #169

Udp Input - 3.4.1

  • [DOC] Fixed typo in code sample #54

Kafka Integration - 10.7.4

  • Docs: make sure Kafka clients version is updated in docs #83
  • Changed decorate_events to add also Kafka headers #78
  • Update Jersey dependency to version 2.33 #75

Elasticsearch Output - 10.8.6

  • Fixed an issue where a single over-size event being rejected by Elasticsearch would cause the entire entire batch to be retried indefinitely. The oversize event will still be retried on its own and logging has been improved to include payload sizes in this situation #972
  • Fixed an issue with http_compression => true where a well-compressed payload could fit under our outbound 20MB limit but expand beyond Elasticsearch’s 100MB limit, causing bulk failures. Bulk grouping is now determined entirely by the decompressed payload size #823
  • Improved debug-level logging about bulk requests.
  • Feat: assert returned item count from _bulk #997
  • Fixed an issue where a retried request would drop "update" parameters #800
  • Avoid to implicitly set deprecated type to _doc when connects to Elasticsearch version 7.x #994

S3 Output - 4.3.4

  • [DOC] Added note about performance implications of interpolated strings in prefixes #233

Core Patterns - 4.3.1

  • Fix: incorrect syslog (priority) field name #303
  • Fix: missed ciscotag field ECS-ification (cisco.asa.tag) for the CISCO_TAGGED_SYSLOG pattern