Product release

Beats 1.2.0 released

Today we announce a new Beats release along with new versions of Kibana, Logstash, and Elasticsearch.

Here are the highlights of the Beats release:

Expand environment variables in configuration files

It is now possible to use environment variables in the configuration file of any of the Beats. Here is an example for injecting the Elasticsearch host:

output:
    elasticsearch:        
        hosts: [“${ELASTICSEARCH}:9200”]

Or if you would like to provide a default value in case the variable is not set:

output:      
    elasticsearch:        
        hosts: [“${ELASTICSEARCH:localhost}:9200”]

You can find more details in the docs.

Managing the Elasticsearch template

The mapping templates for Elasticsearch that we provide for each Beat need to be loaded before the Beat starts for the first time, otherwise Elasticsearch cannot know how to correctly assign types to the received data.

So far we were asking our users to run a curl command to load the template, but that was easily forgotten and led to issues later on. With this release, the Beats themselves can load the Elasticsearch template by setting it in the configuration file, for example:

template:       
    name: filebeat       
    path: filebeat.template.json       
    overwrite: true

By default the Elasticsearch template is not loaded. For more details check the Filebeat docs.

Topbeat: export command line for a process

Topbeat used to only collect the process name, but this information was not enough to differentiate between two processes of the same application. Starting with the 1.2 version, Topbeat exports the full command line used to start the process on all supported platforms: Linux, Windows and OS X.

Filebeat: introduce close_older setting

The ignore_older setting in Filebeat used to do two things: ignore files with a modification time larger than a given value but also close the open files that had no activity for the given amount of time. The problem with having the two combined was that sometimes there’s no single value that can be used for both.

So we now introduced a close_older configuration option, with a default of 1 hour, and we modified the ignore_older option to no longer close the open files.

Send us feedback!

A big Thank You to everyone who contributed code, reported issues, created a new Beat or just tried the Beats. Start your experience with Beats 1.2.0 and let us know what you think on discuss, Twitter, or open an issue on GitHub.