Logstash 7.10.0 Release Notesedit

New features and enhancementsedit

Architecture-specific artifacts with bundled JDKedit

Logstash 7.10.0 offers new architecture-specific download and installation options that include a bundled Java Development Kit (JDK). AdoptOpenJDK 11, the latest long term support (LTS) release, is the bundled version. Before Logstash included the JDK, users had to install a JDK before they could install Logstash. Logstash with AdoptOpenJDK 11 makes installation and setup easier, especially for first time users.

Upgrade impacts

  • If you have JAVA_HOME set to use a custom JDK, Logstash will continue to use the JDK version you have specified.
  • If you are using the system’s JDK (from Ubuntu/Debian/CentOS archives, for example) and have not set JAVA_HOME, Logstash will default to the bundled version of Java after you upgrade. Set JAVA_HOME to use your system’s JDK if that is the version you prefer.

Elastic Common Schema (ECS) compatibilityedit

As we continue to add opt-in ECS compatibility modes in Logstash plugins, Release 7.10.0 introduces a new pipeline-level setting in logstash.yml. The pipeline.ecs_compatibility setting allows users to control the ECS compatibility of all plugins in a pipeline at once instead of configuring each instance manually. While ECS compatibility in these plugins is off-by-default in Logstash 7.x, we plan to make them on-by-default in Logstash 8.0. This setting allows users to lock in a specific behavior in advance of their next major version upgrade.

New Docker images and improvementsedit

  • This release adds RedHat Universal Base Images (UBIs). We have updated license information and added fixes that enable images to pass RedHat docker image certification. #12248, #12296.
  • We have given users more security options by exposing proxy and ssl verification modes for management and monitoring of a Docker image. #12201, #12151, #12205

Performance improvements and notable issues fixededit

Java pipeline execution and management

  • We have addressed an issue with the aggregate filter in the Java execution. The issue prevented events from being generated (when the amount of time for an aggregation event timed out), preventing a pipeline from effectively summing events. #12204
  • We have made pipelines more stable by calling close on input plugins when a pipeline is terminated or reloaded. #12195

Keystore thread safety. After a recent performance improvement, Logstash could fail to start reliably in certain configurations involving parameter expansion and multiple pipelines. Access to the shared keystore has since been made thread-safe and is no longer a source of errors. #12233

Dead letter queue (DLQ). We changed the DLQ writer policy to avoid the possibility of the DLQ reader processing an incomplete DLQ segment. Logstash now writes to a temporary file that is renamed upon completion. #12304

Persistent queues (PQ). We have addressed PQ issues in which exceptions were impacting pipeline execution and causing Logstash to crash or to fail to reload. #12019

Updates to dependencies

  • Update jruby to
  • Pinned open-ssl version to 0.10.4 to avoid "Gem not found" error with jruby-openssl-0.10.5 #12300

Plugin releasesedit

Elasticsearch Input - 4.8.1

  • Fixed connection error when using multiple slices #133
  • Added the ability to configure connection-, request-, and socket-timeouts with connect_timeout_seconds, request_timeout_seconds, and socket_timeout_seconds #121

Kafka Integration - 10.5.1

  • [DOC]Replaced plugin_header file with plugin_header-integration file #46
  • [DOC]Update kafka client version across kafka integration docs #47
  • [DOC]Replace hard-coded kafka client and doc path version numbers with attributes to simplify doc maintenance #48
  • Changed: retry sending messages only for retriable exceptions #27
  • [DOC] Fixed formatting issues and made minor content edits #43

Aws Mixin - 4.4.1

  • Fix: proxy with assumed role (properly) #50
  • Fix: credentials/proxy with assumed role. Plugin no longer assumes access_key_id/secret_access_key credentials not to be set when role_arn specified. #48

Elasticsearch Output - 10.7.0

  • Changed: don’t set the pipeline parameter if the value resolves to an empty string #962