View commits
Affecting all Beats
-
Fix group write permissions on runtime directories. 30869
-
Store syslog version as string. 31446
-
Accept XML that declares non-UTF-8 encoding to allow decode_xml and decode_xml_wineventlog decoding of incorrectly annotated documents. 31395 31546
Filebeat
-
Netflow: replace invalid field value. 31295
-
google_workspace: Fix pagination to prevent skipped events when more than one page is present. 31372
-
cisco: Fix umbrella dns logs populating destination.ip instead of source.nat.ip. 31454
-
Duplicate awscloudwatch.* fields to aws.cloudwatch.* in aws-cloudwatch input. 31488
-
aws-s3 input: Stop SQS keep-alive routine on InvalidParameterValue error. 30675 31499
-
Supporting the double digit date parsing in ingest pipeline for oracle logs. 31514
-
Fix handling of code_sign data in ThreatIntel Malwarebazaar. 29972 31552
-
Remove invalid term from event.outcome in the cisco asa and ftd modules. 31628
Heartbeat
-
Restrict setuid to containerized environments. 30869
Metricbeat
-
Improve handling of disabled commands in Zookeeper Metricbeat module. #31013
Packetbeat
-
Use /proc/<pid>/comm for linux process names where possible. 31527
-
Move "protocol" term from event.category to event.type in SIP events. 31599
Winlogbeat
-
Fix resource handle leak during event log enrichment. 31504
-
Fix winlogbeat.registry_flush being ignored. 31666 31669
Affecting all Beats
-
Update to Go 1.17.10 31636
-
Add support for nanosecond precision timestamps. 15871 31553
Filebeat
-
Add
storage_account_container configuration option to Azure logs. 31279
-
Sanitize the Azure storage account container names with underscores (_). 31384
-
Add missing docs for the
delegated_account option in the httpjson input. 31498
Metricbeat
-
Extend documentation about
orchestrator.cluster fields 30518
-
Generic SQL code reorganization, with support for raw metrics and query lists 31568
-
Add metadata for missing k8s resources/metricsets 31590
-
Fix
include_top_n fields in system/process 31595