IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Beats version 8.17.6 Beats version 8.17.4 »
Elastic Docs Beats Platform Reference [8.17] Release notes

Beats version 8.17.5

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Beats version 8.17.5

edit

View commits

Known issues

edit
  • restart_on_cert_change causes panic due to seccomp policy. In versions 8.17.3 and later, enabling this option causes the Beat to panic on restart. This is due to the eventfd2 syscall missing from the default seccomp policy. To fix this, add eventfd2 to a custom seccomp policy. To fix this, add eventfd2 to a custom seccomp policy. For more details, refer to Use Linux Secure Computing Mode (seccomp).
Click to view the policy 
seccomp:
  syscalls:
    - action: allow
      names:
        - accept
        - accept4
        - access
        - arch_prctl
        - bind
        - brk
        - capget
        - chmod
        - chown
        - clock_gettime
        - clock_nanosleep
        - clone
        - clone3
        - close
        - connect
        - dup
        - dup2
        - dup3
        - epoll_create
        - epoll_create1
        - epoll_ctl
        - epoll_pwait
        - epoll_wait
        - eventfd2
        - execve
        - exit
        - exit_group
        - faccessat
        - faccessat2
        - fchdir
        - fchmod
        - fchmodat
        - fchown
        - fchownat
        - fcntl
        - fdatasync
        - flock
        - fstat
        - fstatfs
        - fsync
        - ftruncate
        - futex
        - getcwd
        - getdents
        - getdents64
        - geteuid
        - getgid
        - getpeername
        - getpid
        - getppid
        - getrandom
        - getrlimit
        - getrusage
        - getsockname
        - getsockopt
        - gettid
        - gettimeofday
        - getuid
        - inotify_add_watch
        - inotify_init1
        - inotify_rm_watch
        - ioctl
        - kill
        - listen
        - lseek
        - lstat
        - madvise
        - mincore
        - mkdirat
        - mmap
        - mprotect
        - munmap
        - nanosleep
        - newfstatat
        - open
        - openat
        - pipe
        - pipe2
        - poll
        - ppoll
        - prctl
        - pread64
        - pselect6
        - pwrite64
        - read
        - readlink
        - readlinkat
        - recvfrom
        - recvmmsg
        - recvmsg
        - rename
        - renameat
        - rseq
        - rt_sigaction
        - rt_sigprocmask
        - rt_sigreturn
        - sched_getaffinity
        - sched_yield
        - sendfile
        - sendmmsg
        - sendmsg
        - sendto
        - set_robust_list
        - setitimer
        - setrlimit
        - setsockopt
        - shutdown
        - sigaltstack
        - socket
        - splice
        - stat
        - statfs
        - sysinfo
        - tgkill
        - time
        - tkill
        - uname
        - unlink
        - unlinkat
        - wait4
        - waitid
        - write
        - writev

Breaking changes

edit

Metricbeat

  • Handle permission errors while collecting data from Windows services and don’t interrupt the overall collection by skipping affected service. 40765 43665

Bugfixes

edit

Affecting all Beats

  • Restore maintainer label for container images. 43683

Metricbeat

  • Fix the function to determine CPU cores on windows. 42593 43409
  • Changed tier_preference, creation_date and version fields to be omitted from the resulting documents when not pulled from source indices. 43637

Added

edit

Filebeat

  • Allow a grace time for awss3 input shutdown to enable incomplete SQS message processing to be completed. 43369

Heartbeat

  • Upgrade node version to latest LTS v18.20.7. 43511

Metricbeat

  • Add a warning log to metricbeat.vsphere in case vSphere connection has been configured as insecure. 43104
  • Updated Meraki API endpoint for Channel Utilization data. Switched to GetOrganizationWirelessDevicesChannelUtilizationByDevice. 43485

Packetbeat - Add tls.server.ja3s tls fingerprint. 43284

« Beats version 8.17.6 Beats version 8.17.4 »