Affecting all Beats
- Removed empty sections from the template files, causing indexing
errors for array objects.
Metricbeat
- Fix issue affecting Windows services timing out at startup.
- Add filtering to system filesystem metricset to remove relative
mountpoints like those from Linux network namespaces.
Packetbeat
- Clean configured geoip.paths before attempting to open the database.
Affecting all Beats
- Fix importing the dashboards when the limit for max open files is
too low.
- Fix console output.
- Binaries upgraded to Go 1.7.6 which contains security fixes.
Filebeat
- Fix issue that new prospector was not reloaded on conflict.
- Fix grok pattern in filebeat module system/auth without hostname.
- Fix the Mysql slowlog parsing of IP addresses.
Winlogbeat
- Add the ability to use LevelRaw if Level isn't populated in the
event XML.
==== Bugfixes
Affecting all Beats
- Improve error message when downloading the dashboards fails.
- Fix potential Elasticsearch output URL parsing error if protocol
scheme is missing.
- Downgrade Elasticsearch per batch item failure log to debug level.
- Make `@timestamp` accessible from format strings.
Filebeat
- Allow log lines without a program name in the Syslog fileset.
- Don't stop Filebeat when modules are used with the Logstash output.
Metricbeat
- Fixing panic on the Prometheus collector when label has a comma.
- Make system process metricset honor the `cpu_ticks` config option.
Winlogbeat
- Fix null terminators include in raw XML string when include_xml is
enabled.
==== Added
Affecting all Beats
- Update index mappings to support future Elasticsearch 6.X.
Filebeat
- Add auditd module for reading audit logs on Linux.
- Add fileset for the Linux authorization logs.
Heartbeat
- Add default ports in HTTP monitor.
Metricbeat
- Add beta Jolokia module.
- Add dashboard for the MySQL module.
- Module configuration reloading is now beta instead of experimental.
- Marked http fields from the HAProxy module optional to improve
compatibility with 1.5.
- Add support for custom HTTP headers and TLS for the Metricbeat
modules.
Packetbeat
- Add DNS dashboard for an overview the DNS traffic.
- Add DNS Tunneling dashboard to highlight domains with large numbers
of subdomains or high data volume.
Affecting all Beats
- Fix panic when testing regex-AST to match against date patterns.
Filebeat
- Fix modules default file permissions.
- Allow - in Apache access log byte count.
Metricbeat
- Avoid errors when some Apache status fields are missing.
==== Breaking changes
Affecting all Beats
- Configuration files must be owned by the user running the Beat or by
root, and they must not be writable by others.
- Change Beat generator. Use
`$GOPATH/src/github.com/elastic/beats/script/generate.py` to
generate a beat.
Filebeat
- Always use absolute path for event and registry. This can lead to
issues when relative paths were used before.
Metricbeat
- Linux cgroup metrics are now enabled by default for the system
process metricset. The configuration option for the feature was
renamed from `cgroups` to `process.cgroups.enabled`.
- Change field names `couchbase.node.couch.*.actual_disk_size.*` to
`couchbase.node.couch.*.disk_size.*`
==== Bugfixes
Affecting all Beats
- Add `_id`, `_type`, `_index` and `_score` fields in the generated
index pattern.
Filebeat
- Fix empty registry file on machine crash.
Metricbeat
- Add error handling to system process metricset for when Linux
cgroups are missing from the kernel.
- Add labels to the Docker healthcheck metricset output.
Winlogbeat
- Fix handling of empty strings in event_data.
==== Added
Affecting all Beats
- Files created by Beats (logs, registry, file output) will have 0600
permissions.
- RPM/deb packages will now install the config file with 0600
permissions.
- Add the option to pass custom HTTP headers to the Elasticsearch
output.
- Unify `regexp` and `contains` conditionals, for both to support
array of strings and convert numbers to strings if required.
- Add the option to load the sample dashboards during the Beat startup
phase.
- Disabled date detection in Elasticsearch index templates. Date
fields must be explicitly defined in index templates.
- Using environment variables in the configuration file is now GA,
instead of experimental.
Filebeat
- Add Filebeat modules for system, apache2, mysql, and nginx.
- Add the `pipeline` config option at the prospector level, for
configuring the Ingest Node pipeline ID.
- Update regular expressions used for matching file names or lines
(multiline, include/exclude functionality) to new matchers improving
performance of simple string matches.
- The `symlinks` and `harverster_limit` settings are now GA, instead
of experimental.
- close_timeout is also applied when the output is blocking.
- Improve handling of different path variants on Windows.
Metricbeat
- Add experimental dbstats metricset to MongoDB module.
- Use persistent, direct connections to the configured nodes for
MongoDB module.
- Add dynamic configuration reloading for modules.
- Add docker health metricset
- Add docker image metricset
- System module uses new matchers for white-listing processes.
- Add Beta CEPH module with health metricset.
- Add Beta php_fpm module with pool metricset.
- The Docker, Kafka, and Prometheus modules are now Beta, instead of
experimental.
- The HAProxy module is now GA, instead of experimental.
- Add the ability to collect the environment variables from system
processes.
==== Deprecated
Affecting all Beats
- Usage of field `_type` is deprecated. It should not be used in
queries or dashboards.
Filebeat
- The experimental `publish_async` option is now deprecated and is
planned to be removed in 6.0.
- Metricbeat: Fix go routine leak in docker module.
- Packetbeat: Fix error in the NFS sample dashboard.
- Winlogbeat: Fix error in the Winlogbeat sample dashboard.
==== Bugfixes
Affecting all Beats
- Fix overwriting explicit empty config sections.
Filebeat
- Fix alignment issue were Filebeat compiled with Go 1.7.4 was crashing
on 32 bits system.
Metricbeat
- Fix service times-out at startup.
- Kafka module case sensitive host name matching.
- Fix interface conversion panic in couchbase module
Packetbeat
- Fix issue where some Cassandra visualizations were showing data from
all protocols.
==== Added
Affecting all Beats
- Add support for passing list and dictionary settings via -E flag.
- Support for parsing list and dictionary setting from environment
variables.
- Added new flags to import_dashboards (-cacert, -cert, -key,
-insecure).
- The limit for the number of fields is increased via the mapping
template.
- Updated to Go 1.7.4.
- Added a NOTICE file containing the notices and licenses of the
dependencies.
Heartbeat
- First release, containing monitors for ICMP, TCP, and HTTP.
Filebeat
- Add enabled config option to prospectors.
- Add target option for decoded_json_field.
Metricbeat
- Kafka module broker matching enhancements.
- Add a couchbase module with metricsets for node, cluster and bucket.
- Export number of cores for CPU module.
- Experimental Prometheus module.
- Add system socket module that reports all TCP sockets.
- Kafka consumer groups metricset.
Winlogbeat
- Reduced amount of memory allocated while reading event log records.
Filebeat
- Fix registry migration issue from old states were files were only
harvested after second restart.
Packetbeat
- Fix error on importing dashboards due to colons in the Cassandra
dashboard.
- Fix error on importing dashboards due to the wrong type for the
geo_point fields.
Winlogbeat
- Fix for "The array bounds are invalid" error when reading large
events.
The Beats are lightweight processes, written in Go, that you install
on your servers to capture all sorts of operational data like logs,
operating system metrics or network packet data, and to send it to
Elasticsearch, either directly or via Logstash, so it can be
visualized with Kibana.
