Logstash 7.15.1 Release Notesedit

Performance improvements and notable issues fixededit

  • Bootstrap air-gapped environment for GeoIP database service #13104. For an air-gapped environment, users can run the elasticsearch-geoip script to bootstrap a mock server to interact with Logstash. Set xpack.geoip.download.endpoint to use the mock server. For more info, see Manage your own databases in the Geoip filter plugin docs.
  • Fixed a shutdown error that could occur when using an external GeoIP DB #13224
  • Fixed GeoIP database service SSL verification error #13273

    • Work-around for the recent expiration of the "DST Root CA X3" certificate
  • Added missing configs that support customization using environment variables in Docker #13200
  • Our ECS efforts introduced a problem that can occur when updating some plugins that are dependent on our ecs_compatibility_support helper. This issue is resolved in #13268.

Updates to dependencies

  • Update bundled JDK to 11.0.12+7 #13185


Fluent Codec - 3.4.1

  • Fix: handle multiple PackForward-encoded messages in a single payload #28

Multiline Codec - 3.1.1

  • Fix: avoid reusing per-identity codec instances for differing identities. Removes a very minor optimization so that stateful codecs like CSV can work reliably #70

Dissect Filter - 1.2.1

  • [DOC] Added note to clarify notation for dot or nested fields #76

Elasticsearch Filter - 3.9.5

  • Fixed SSL handshake hang indefinitely with proxy setup #151

Geoip Filter - 7.2.3

  • [DOC] Add documentation for bootstrapping air-gapped environment for database auto-update #189

Mutate Filter - 3.5.4

  • [DOC] In replace documentation, mention add behavior #155
  • [DOC] Add warning about #27 #101
  • [DOC] Expand description and behaviors for rename option #156

Elasticsearch Input - 4.9.3

  • Fixed SSL handshake hang indefinitely with proxy setup #156

Http Input - 3.4.2

  • [DOC] Added v8 as an acceptable value for ecs_compatibility #142

Snmp Input - 1.2.8

  • Fixed interval handling to only sleep off the remainder of the interval (if any), and to log a helpful warning when crawling the hosts takes longer than the configured interval #61

Tcp Input - 6.2.1

  • Fix: restore logic to add the Bouncy-Castle security provider at runtime #181

Elasticsearch Output - 11.0.5

  • Fixed running post-register action when Elasticsearch status change from unhealthy to healthy #1035
  • [DOC] Clarify that http_compression applies to requests, and remove noise about response decompression #1000
  • Fixed SSL handshake hang indefinitely with proxy setup #1032

Lumberjack Output - 3.1.9

  • [DOC] Specified the policy selection of host from hosts setting #32

S3 Output - 4.3.5

  • Feat: cast true/false values for additional_settings #241