IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Beats version 8.18.4 Beats version 8.18.2 »
Elastic Docs Beats Platform Reference [8.18] Release notes

Beats version 8.18.3

edit
A newer version is available. Check out the latest documentation.

Beats version 8.18.3

edit

View commits

Known issues

edit
  • restart_on_cert_change causes panic due to seccomp policy. In versions 8.18.0 and later, enabling this option causes the Beat to panic on restart. This is due to the eventfd2 syscall missing from the default seccomp policy. To fix this, add eventfd2 to a custom seccomp policy. To fix this, add eventfd2 to a custom seccomp policy. For more details, refer to Use Linux Secure Computing Mode (seccomp).
Click to view the policy 
seccomp:
  syscalls:
    - action: allow
      names:
        - accept
        - accept4
        - access
        - arch_prctl
        - bind
        - brk
        - capget
        - chmod
        - chown
        - clock_gettime
        - clock_nanosleep
        - clone
        - clone3
        - close
        - connect
        - dup
        - dup2
        - dup3
        - epoll_create
        - epoll_create1
        - epoll_ctl
        - epoll_pwait
        - epoll_wait
        - eventfd2
        - execve
        - exit
        - exit_group
        - faccessat
        - faccessat2
        - fchdir
        - fchmod
        - fchmodat
        - fchown
        - fchownat
        - fcntl
        - fdatasync
        - flock
        - fstat
        - fstatfs
        - fsync
        - ftruncate
        - futex
        - getcwd
        - getdents
        - getdents64
        - geteuid
        - getgid
        - getpeername
        - getpid
        - getppid
        - getrandom
        - getrlimit
        - getrusage
        - getsockname
        - getsockopt
        - gettid
        - gettimeofday
        - getuid
        - inotify_add_watch
        - inotify_init1
        - inotify_rm_watch
        - ioctl
        - kill
        - listen
        - lseek
        - lstat
        - madvise
        - mincore
        - mkdirat
        - mmap
        - mprotect
        - munmap
        - nanosleep
        - newfstatat
        - open
        - openat
        - pipe
        - pipe2
        - poll
        - ppoll
        - prctl
        - pread64
        - pselect6
        - pwrite64
        - read
        - readlink
        - readlinkat
        - recvfrom
        - recvmmsg
        - recvmsg
        - rename
        - renameat
        - rseq
        - rt_sigaction
        - rt_sigprocmask
        - rt_sigreturn
        - sched_getaffinity
        - sched_yield
        - sendfile
        - sendmmsg
        - sendmsg
        - sendto
        - set_robust_list
        - setitimer
        - setrlimit
        - setsockopt
        - shutdown
        - sigaltstack
        - socket
        - splice
        - stat
        - statfs
        - sysinfo
        - tgkill
        - time
        - tkill
        - uname
        - unlink
        - unlinkat
        - wait4
        - waitid
        - write
        - writev

Bugfixes

edit

Affecting all Beats

  • Fix dns processor to handle IPv6 server addresses properly. 44526
  • Fix an issue where the Kafka output could get stuck if a proxied connection to the Kafka cluster was reset. 44606
  • Use Debian 11 to build linux/arm to match linux/amd64. Upgrades linux/arm64’s statically linked glibc version from 2.28 to 2.31. 44816

Filebeat

  • Journald input now works on Docker containers, all image variants except Wolfi. 41278 44040 44295
  • Fix publishing Okta entity analytics enrichments. 44483
  • If a Filestream input fails to be created, its ID is removed from the list of running input IDs. 44697
  • Fix timeout handling by Crowdstrike streaming input. 44720
  • Ensure DEPROVISIONED Okta entities are published by Okta entityanalytics provider. 12658 44719
  • Fix handling of cursors by the streaming input for Crowdstrike. 44364 44548
  • Added missing "text/csv" content-type filter support in azureblobsortorage input. 44596 44824
  • Fix unexpected EOF detection and improve memory usage. 44813
  • Fix handling of ADC (Application Default Credentials) metadata server credentials in HTTPJSON input. 44349 44436
  • Fix handling of ADC (Application Default Credentials) metadata server credentials in CEL input. 44349 44571

Metricbeat

  • Fix panic in kafka consumergroup member assignment fetching when there are 0 members in consumer group. 44576
  • Upgrade go.mongodb.org/mongo-driver from version v1.14.0 to v1.17.4 to fix connection leaks in MongoDB module. 44769
  • Fixed a bug where event.duration could be missing from an event on Windows systems due to low-resolution clock. 44440
  • Fix linux/pageinfo module mapping 45425

Added

edit

Affecting all Beats

  • Update Go version to 1.24.4. 44696

Filebeat

  • Filestream now logs at level warn the number of files that are too small to be ingested. 44751

Metricbeat

  • Add new metrics to vSphere Virtual Machine dataset (CPU usage percentage, disk average usage, disk read/write rate, number of disk reads/writes, memory usage percentage). 44205
  • Increase default polling period for MongoDB module from 10s to 60s. 44781
  • Add check for http error codes in the Metricbeat’s Prometheus query submodule. 44493
  • Sanitize error messages in Fetch method of SQL module. 44577
« Beats version 8.18.4 Beats version 8.18.2 »