IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Release notes Beats version 8.16.5 »
Elastic Docs Beats Platform Reference [8.16] Release notes

Beats version 8.16.6

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Beats version 8.16.6

edit

View commits

Known issues

edit
  • restart_on_cert_change causes panic due to seccomp policy. In versions 8.16.6 and later, enabling this option causes the Beat to panic on restart. This is due to the eventfd2 syscall missing from the default seccomp policy. To fix this, add eventfd2 to a custom seccomp policy. For more details, refer to Use Linux Secure Computing Mode (seccomp).
Click to view the policy 
seccomp:
  syscalls:
    - action: allow
      names:
        - accept
        - accept4
        - access
        - arch_prctl
        - bind
        - brk
        - capget
        - chmod
        - chown
        - clock_gettime
        - clock_nanosleep
        - clone
        - clone3
        - close
        - connect
        - dup
        - dup2
        - dup3
        - epoll_create
        - epoll_create1
        - epoll_ctl
        - epoll_pwait
        - epoll_wait
        - eventfd2
        - execve
        - exit
        - exit_group
        - faccessat
        - faccessat2
        - fchdir
        - fchmod
        - fchmodat
        - fchown
        - fchownat
        - fcntl
        - fdatasync
        - flock
        - fstat
        - fstatfs
        - fsync
        - ftruncate
        - futex
        - getcwd
        - getdents
        - getdents64
        - geteuid
        - getgid
        - getpeername
        - getpid
        - getppid
        - getrandom
        - getrlimit
        - getrusage
        - getsockname
        - getsockopt
        - gettid
        - gettimeofday
        - getuid
        - inotify_add_watch
        - inotify_init1
        - inotify_rm_watch
        - ioctl
        - kill
        - listen
        - lseek
        - lstat
        - madvise
        - mincore
        - mkdirat
        - mmap
        - mprotect
        - munmap
        - nanosleep
        - newfstatat
        - open
        - openat
        - pipe
        - pipe2
        - poll
        - ppoll
        - prctl
        - pread64
        - pselect6
        - pwrite64
        - read
        - readlink
        - readlinkat
        - recvfrom
        - recvmmsg
        - recvmsg
        - rename
        - renameat
        - rseq
        - rt_sigaction
        - rt_sigprocmask
        - rt_sigreturn
        - sched_getaffinity
        - sched_yield
        - sendfile
        - sendmmsg
        - sendmsg
        - sendto
        - set_robust_list
        - setitimer
        - setrlimit
        - setsockopt
        - shutdown
        - sigaltstack
        - socket
        - splice
        - stat
        - statfs
        - sysinfo
        - tgkill
        - time
        - tkill
        - uname
        - unlink
        - unlinkat
        - wait4
        - waitid
        - write
        - writev

Breaking changes

edit

Affecting all Beats

  • The Beats logger and file output rotate files when necessary. The beat now forces a file rotation when unexpectedly writing to a file through a symbolic link.

Bugfixes

edit

Affecting all Beats

  • The Kafka output now drops events when there is an authorisation error. 42343 42401

Filebeat

  • Prevent computer details being returned for user queries by Active Directory Entity Analytics provider. 11818 42796
  • Handle unexpectedEOF error in aws-s3 input and enforce retrying using download failed error. 42756
  • Prevent azureblobstorage input from logging key details during blob fetch operations. 43169
  • Fixed race conditions in the global ratelimit processor that could drop events or apply rate limiting incorrectly.

Metricbeat

  • Add missing ECS Cloud fields in GCP metrics metricset when using exclude_labels: true. 40437 40467
  • Add AWS OwningAccount support for cross account monitoring. 40570 40691
  • Use namespace for GetListMetrics when exists in AWS. 41022
  • Fix Kubernetes metadata sometimes not being present after startup. 41216
  • Do not report non-existant 0 values for RSS metrics in docker/memory. 41449
  • Log Cisco Meraki getDevicePerformanceScores errors without stopping metrics collection. 41622
  • Don’t skip first bucket value in GCP metrics metricset for distribution type metrics. 41822
  • Fixed creation_date scientific notation output in the elasticsearch.index metricset. 42053
  • Fix bug where metricbeat unintentionally triggers Windows ASR. 42177
  • Remove hostname field from zookeeper’s mntr data stream. 41887
  • Continue collecting metrics even if the Cisco Meraki getDeviceLicenses operation fails. 42397
  • Fixed errors in the elasticsearch.index metricset when index settings are missing. 42424 42426
  • Fixed panic caused by uninitialized meraki device wifi0 and wifi1 struct pointers in the device WiFi data fetching. 42745 42746
  • Only fetch cluster-level index stats summary. 36019 42901
  • Fixed an issue in Metricbeat’s Windows module where data collection would fail if the data was unavailable. 42802 42803
  • Fix logging argument number mismatch in Metricbeat(Redis). 43072

Added

edit

Affecting all Beats

  • Update Go version to 1.23.6. 42705

Filebeat

  • Add configuration option to limit HTTP Endpoint body size. 43171
« Release notes Beats version 8.16.5 »