Product release

Beats 7.2.0 released

We’re proud to announce the general availability of the Beats 7.2.0 release. This is the latest stable release and is now available for download! This Beats release introduces more processing capabilities along with a myriad of new integrations. Please refer to the release notes for the complete list of bug fixes and features.

Before upgrading from Beats 6.x, we recommend reviewing the breaking changes and the Beats upgrade guide. If you’re planning to upgrade the entire Elastic Stack, don’t forget to read the Elastic Stack upgrade guide.

Scripted Processing at the Edge

Event processing is a key component of the data ingestion journey that can be conducted in different layers of the software architecture stack. Although often a server-side responsibility, Elastic Stack users are shifting some lightweight processing and enrichment workloads over to the edge where Beats are collecting the data. Over time, we’ve been grooming a suite of processors to equip users with more processing functionality in Beats.

With this release, Beats now offer a new script processor for processing events with Javascript code, introducing a whole new level of processing flexibility that was not feasible with existing processors. It also includes an event API that eases the overall event manipulation experience. As Beats often run on host servers, the script processor has been properly sandboxed to only execute ECMAScript 5.1 code. It can therefore only manipulate the event that it’s given and cannot interact with the host or any external services.

More Integrations, More Data, More Insights

As lightweight data shippers, we’re continuing to grow the breadth of integrations available in Beats. In this release, Beats has introduced eight new modules and a new Filebeat input across the security analytics, cloud native, and Windows ecosystems.

Security Analytics

The Elastic Stack has become a vastly popular platform for security analytics use cases, so enabling wide data ingestion coverage of security data sources and devices is critical for fostering a strong security posture across all the different assets throughout your infrastructure.

We’re excited to announce new logging modules for two popular firewall technologies. The Palo Alto Networks module in Filebeat monitors PAN-OS firewall logs and the Cisco ASA module in Filebeat monitors Cisco ASA firewall logs. These logs can be received via syslog or extracted directly from file. Additionally, we’ve added a new NetFlow module in Filebeat that monitors NetFlow and IPFIX flow records.

Security analytics dashboard powered by Beats

Beyond these integrations, there’s even more good news for our security analytics users. With the 7.2.0 release, we’ve officially introduced the Elastic SIEM application in Kibana! For more details, check out the Introducing Elastic SIEM blog post.

Cloud Native

With the continued rise of containerization and the cloud, we’re continuing to augment our integrations ecosystem within the cloud native realm. Full details around observability feature updates across the Elastic Stack can be found in the Observability 7.2.0 blog post.

The NATS module is now available in Filebeat for monitoring the NATS messaging system logs. This complements the NATS module in Metricbeat that was introduced in Beats 7.0.0. We’ve also added CoreDNS modules in Filebeat and Metricbeat to monitor CoreDNS logs and metrics.

Cloud logs and metrics powered by Beats

Adapting to the evolving world of containers, we’ve introduced a new container input in Filebeat as a more dynamic way of collecting container logs. It supports auto-detection of both Docker and CRI-O log formats. CRI-O is an increasingly popular container runtime for Kubernetes. The container input should be used in favor of the existing Docker input, which is now deprecated.


Windows is an important platform for our users and we enjoy showing love through building stronger integrations with it.

Winlogbeat has added two new modules in this release. The Sysmon module monitors event log records from the Sysinternal System Monitor and the Security module monitors Windows Security event logs. We’ve also added support for the newer Windows XML Event Log (EVTX) format.


Please download Beats 7.2.0, try it out, and let us know what you think on Twitter (@elastic) or in our forums. You can report any bugs or feature requests on the GitHub issues page.