Affecting all Beats
Topbeat
libbeat
Packetbeat
-
Rename output fields in the dns package. Former flag
recursion_allowedbecomesrecursion_available. 803 Former SOA fieldttlbecomesminimum. 803 -
The fully qualified domain names which are part of output fields values of the dns package now terminate with a dot. 803
-
Remove the count field from the exported event 1210
Topbeat
Filebeat
Winlogbeat
Affecting all Beats
-
Logstash output will not retry events that are not JSON-encodable 927
Packetbeat
Topbeat
-
Fix issue with
cpu.system_pbeing greater than 1 on Windows 1128
Filebeat
Winlogbeat
Affecting all Beats
-
Update builds to Golang version 1.6
-
Add option to Elasticsearch output to pass http parameters in index operations 805
-
Improve Logstash and Elasticsearch backoff behavior. 927
-
Add experimental Kafka output. 942
-
Add config file option to configure GOMAXPROCS. 969
-
Improve shutdown handling in libbeat. 1075
-
Add
fieldsandfields_under_rootoptions under theshipperconfiguration 1092 -
Add the ability to use a SOCKS5 proxy with the Logstash output 823
-
The
-configtestflag will now print "Config OK" to stdout on success 1249
Packetbeat
Topbeat
-
Add
usernameto processes 845
Filebeat
Winlogbeat
-
Add caching of event metadata handles and the system render context for the wineventlog API 888
-
Improve config validation by checking for unknown top-level YAML keys. 1100
-
Add the ability to set tags, fields, and fields_under_root as options for each event log 1092
-
Add additional data to the events published by Winlogbeat. The new fields are
activity_id,event_data,keywords,opcode,process_id,provider_guid,related_activity_id,task,thread_id,user_data, andversion. 1053 -
Add
event_id,level, andproviderconfiguration options for filtering events 1218 -
Add
include_xmlconfiguration option for including the raw XML with the event 1218
-
All Beats can hang or panic on shutdown if the next server in the pipeline (e.g. Elasticsearch or Logstash) is not reachable. 1319
-
When running the Beats as a service on Windows, you need to manually load the Elasticsearch mapping template. 1315
-
The ES template automatic load doesn’t work if Elasticsearch is not available when the Beat is starting. 1321
Filebeat
-
Default config for ignore_older is now infinite instead of 24h, means ignore_older is disabled by default. Use close_older to only close file handlers.
Packetbeat
-
Split real_ip_header value when it contains multiple IPs 1241
Winlogbeat
-
Fix invalid
event_idon Windows XP and Windows 2003 1227
Affecting all Beats
Packetbeat
-
Fix setting direction to out and use its value to decide when dropping events if ignore_outgoing is enabled 557
-
Fix logging issue with file-based output where newlines could be misplaced during concurrent logging 650
-
Reduce memory usage by having separate queue sizes for single events and bulk events. 649 516
-
Set default bulk_max_size value to 2048 628
-
Fix logstash window size of 1 not increasing. 598
Packetbeat
Filebeat
-
Set spool_size default value to 2048 628
Affecting all Beats
Packetbeat
Topbeat
-
Group all CPU usage per core statistics and export them optionally if cpu_per_core is configured 496
Filebeat
Winlogbeat
-
First public release of Winlogbeat
Filebeat
-
Fix force_close_files in case renamed file appeared very fast. 302
Packetbeat
-
Improve MongoDB message correlation. 377
-
Improve redis parser performance. 422
-
Fix panic on nil in redis protocol parser. 384
-
Fix errors redis parser when messages are split in multiple TCP segments. 402
-
Fix errors in redis parser when length prefixed strings contain sequences of CRLF. 402
-
Fix errors in redis parser when dealing with nested arrays. 402
Affecting all Beats
-
Fix random panic on shutdown by calling shutdown handler only once. elastic/filebeat#204
-
Fix credentials are not send when pinging an elasticsearch host. elastic/fileabeat#287
Filebeat
-
Fix problem that harvesters stopped reading after some time and filebeat stopped processing events #257
-
Fix line truncating by internal buffers being reused by accident #258
-
Set default ignore_older to 24 hours #282
Affecting all Beats
-
The
shipperoutput field is renamed tobeat.name. #285 -
Use of
enabledas a configuration option for outputs (elasticsearch, logstash, etc.) has been removed. #264 -
Use of
disabledas a configuration option for tls has been removed. #264 -
The
-testcommand line flag was renamed to-configtest. #264 -
Disable geoip by default. To enable it uncomment in config file. #305
Filebeat
-
Removed utf-16be-bom encoding support. Support will be added with fix for #205
-
Rename force_close_windows_files to force_close_files and make it available for all platforms.
Affecting all Beats
-
Disable logging to stderr after configuration phase. #276
-
Set the default file logging path when not set in config. #275
-
Fix bug silently dropping records based on current window size. elastic/filebeat#226
-
Fix direction field in published events. #300
-
Fix elasticsearch structured errors breaking error handling. #309
Packetbeat
-
Packetbeat will now exit if a configuration error is detected. #357
-
Fixed an issue handling DNS requests containing no questions. #369
Topbeat
-
Fix leak of Windows handles. #98
-
Fix memory leak of process information. #104
Filebeat
-
Filebeat will now exit if a configuration error is detected. #198
-
Fix to enable prospector to harvest existing files that are modified. #199
-
Improve line reading and encoding to better keep track of file offsets based on encoding. #224
-
Set input_type by default to "log"
Affecting all Beats
-
Rename timestamp field with @timestamp. #237
Packetbeat
-
Rename timestamp field with @timestamp. #343
Topbeat
-
Rename timestamp field with @timestamp for a better integration with Logstash. #80
Filebeat
-
Rename the timestamp field with @timestamp #168
-
Rename tail_on_rotate prospector config to tail_files
-
Removal of line field in event. Line number was not correct and does not add value. #217
Affecting all Beats
-
Use stderr for console log output. #219
-
Handle empty event array in publisher. #207
-
Respect '*' debug selector in IsDebug. #226 (elastic#339)
-
Limit number of workers for Elasticsearch output. elastic#226
-
On Windows, remove service related error message when running in the console. #242
-
Fix waitRetry no configured in single output mode configuration. elastic/filebeat#144
-
Use http as the default scheme in the elasticsearch hosts #253
-
Respect max bulk size if bulk publisher (collector) is disabled or sync flag is set.
-
Always evaluate status code from Elasticsearch responses when indexing events. #192
-
Use bulk_max_size configuration option instead of bulk_size. #256
-
Fix max_retries=0 (no retries) configuration option. #266
-
Filename used for file based logging now defaults to beat name. #267
Packetbeat
-
Close file descriptors used to monitor processes. #337
-
Remove old RPM spec file. It moved to elastic/beats-packer. #334
Topbeat
-
Don’t wait for one period until shutdown #75
Filebeat
-
Omit 'fields' from event JSON when null. #126
-
Make offset and line value of type long in elasticsearch template to prevent overflow. #140
-
Fix locking files for writing behaviour. #156
-
Introduce 'document_type' config option per prospector to define document type for event stored in elasticsearch. #133
-
Add 'input_type' field to published events reporting the prospector type being used. #133
-
Fix high CPU usage when not connected to Elasticsearch or Logstash. #144
-
Fix issue that files were not crawled anymore when encoding was set to something other then plain. #182
Affecting all Beats
-
Add Console output plugin. #218
-
Add timestamp to log messages #245
-
Send @metadata.beat to Logstash instead of @metadata.index to prevent possible name clashes and give user full control over index name used for Elasticsearch
-
Add logging messages for bulk publishing in case of error #229
-
Add option to configure number of parallel workers publishing to Elasticsearch or Logstash.
-
Set default bulk size for Elasticsearch output to 50.
-
Set default http timeout for Elasticsearch to 90s.
-
Improve publish retry if sync flag is set by retrying only up to max bulk size events instead of all events to be published.
Filebeat
-
Introduction of backoff, backoff_factor, max_backoff, partial_line_waiting, force_close_windows_files config variables to make crawling more configurable.
-
All Godeps dependencies were updated to master on 2015-10-21 [#122]
-
Set default value for ignore_older config to 10 minutes. #164
-
Added the fields_under_root setting to optionally store the custom fields top level in the output dictionary. #188
-
Add more encodings by using x/text/encodings/htmlindex package to select encoding by name.
Affecting all Beats
-
Update tls config options naming from dash to underline #162
-
Feature/output modes: Introduction of PublishEvent(s) to be used by beats #118 #115
Packetbeat
-
Renamed http module config file option 'strip_authorization' to 'redact_authorization'
-
Save_topology is set to false by default
-
Rename elasticsearch index to [packetbeat-]YYYY.MM.DD
Topbeat
-
Percentage fields (e.g user_p) are exported as a float between 0 and 1 #34
Affecting all Beats
-
Determine Elasticsearch index for an event based on UTC time #81
-
Fixing ES output’s defaultDeadTimeout so that it is 60 seconds #103
-
ES outputer: fix timestamp conversion #91
-
Fix TLS insecure config option #239
-
ES outputer: check bulk API per item status code for retransmit on failure.
Packetbeat
-
Support for lower-case header names when redacting http authorization headers
-
Redact proxy-authorization if redact-authorization is set
-
Fix some multithreading issues #203
-
Fix negative response time #216
-
Fix memcache TCP connection being nil after dropping stream data. #299
-
Add missing DNS protocol configuration to documentation #269
Topbeat
-
Don’t divide the reported memory by an extra 1024 #60
Affecting all Beats
-
Add logstash output plugin #151
-
Integration tests for Beat → Logstash → Elasticsearch added #195 #188 #168 #137 #128 #112
-
Large updates and improvements to the documentation
-
Add direction field to publisher output to indicate inbound/outbound transactions #150
-
Add tls configuration support to elasticsearch and logstash outputers #139
-
All external dependencies were updated to the latest version. Update to Golang 1.5.1 #162
-
Guarantee ES index is based in UTC time zone #164
-
Cache: optional per element timeout #144
-
Make it possible to set hosts in different ways. #135
-
Expose more TLS config options #124
-
Use the Beat name in the default configuration file path #99
Packetbeat
-
add [.editorconfig file](http://editorconfig.org/)
-
add (experimental/unsupported?) saltstack files
-
Sample config file cleanup
-
Moved common documentation to [libbeat repository](https://github.com/elastic/libbeat)
-
Update build to go 1.5.1
-
Adding device descriptions to the -device output.
-
Generate coverage for system tests
-
Move go-daemon dependency to beats-packer
-
Rename integration tests to system tests
-
Made the
-devicesoption more user friendly in casesudois not used. Issue #296. -
Publish expired DNS transactions #301
-
Update protocol guide to libbeat changes
-
Add protocol registration to new protocol guide
-
Make transaction timeouts configurable #300
-
Add direction field to the exported fields #317
Topbeat
-
Document fields in a standardized format (etc/fields.yml) #34
-
Updated to use new libbeat Publisher #37 #41
-
Update to go 1.5.1 #43
-
Updated configuration files with comments for all options #65
-
Documentation improvements