IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Beats version 8.17.3
edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
Beats version 8.17.3
editKnown issues
edit-
restart_on_cert_changecauses panic due to seccomp policy. In versions 8.17.3 and later, enabling this option causes the Beat to panic on restart. This is due to theeventfd2syscall missing from the default seccomp policy. To fix this, addeventfd2to a custom seccomp policy. To fix this, addeventfd2to a custom seccomp policy. For more details, refer to Use Linux Secure Computing Mode (seccomp).
Click to view the policy
seccomp:
syscalls:
- action: allow
names:
- accept
- accept4
- access
- arch_prctl
- bind
- brk
- capget
- chmod
- chown
- clock_gettime
- clock_nanosleep
- clone
- clone3
- close
- connect
- dup
- dup2
- dup3
- epoll_create
- epoll_create1
- epoll_ctl
- epoll_pwait
- epoll_wait
- eventfd2
- execve
- exit
- exit_group
- faccessat
- faccessat2
- fchdir
- fchmod
- fchmodat
- fchown
- fchownat
- fcntl
- fdatasync
- flock
- fstat
- fstatfs
- fsync
- ftruncate
- futex
- getcwd
- getdents
- getdents64
- geteuid
- getgid
- getpeername
- getpid
- getppid
- getrandom
- getrlimit
- getrusage
- getsockname
- getsockopt
- gettid
- gettimeofday
- getuid
- inotify_add_watch
- inotify_init1
- inotify_rm_watch
- ioctl
- kill
- listen
- lseek
- lstat
- madvise
- mincore
- mkdirat
- mmap
- mprotect
- munmap
- nanosleep
- newfstatat
- open
- openat
- pipe
- pipe2
- poll
- ppoll
- prctl
- pread64
- pselect6
- pwrite64
- read
- readlink
- readlinkat
- recvfrom
- recvmmsg
- recvmsg
- rename
- renameat
- rseq
- rt_sigaction
- rt_sigprocmask
- rt_sigreturn
- sched_getaffinity
- sched_yield
- sendfile
- sendmmsg
- sendmsg
- sendto
- set_robust_list
- setitimer
- setrlimit
- setsockopt
- shutdown
- sigaltstack
- socket
- splice
- stat
- statfs
- sysinfo
- tgkill
- time
- tkill
- uname
- unlink
- unlinkat
- wait4
- waitid
- write
- writev
Bugfixes
editAffecting all Beats
- Restored event Meta fields in the Elasticsearch output’s error logs. 42559
Filebeat
-
[Journald] Fixes handling of
journalctlrestart. A known symptom was broken multiline messages when there was a restart of journalctl while aggregating the lines. 41331 42595 - Fix entityanalytics activedirectory provider full sync use before initialization bug. 42682
-
In the
http_endpointinput, fix the check for a missing HMAC HTTP header. 42756
Metricbeat
- Fixed panic caused by uninitialized meraki device wifi0 and wifi1 struct pointers in the device WiFi data fetching. 42745 42746
- Only fetch cluster-level index stats summary. 36019 42901
- Fixed an issue in Metricbeat’s Windows module where data collection would fail if the data was unavailable. 42802 42803
Winlogbeat
- Sync missing changes in modules pipelines. 42619