IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Beats version 8.18.5 Beats version 8.18.3 »
Elastic Docs Beats Platform Reference [8.18] Release notes

Beats version 8.18.4

edit
A newer version is available. Check out the latest documentation.

Beats version 8.18.4

edit

View commits

Known issues

edit
  • restart_on_cert_change causes panic due to seccomp policy. In versions 8.18.0 and later, enabling this option causes the Beat to panic on restart. This is due to the eventfd2 syscall missing from the default seccomp policy. To fix this, add eventfd2 to a custom seccomp policy. To fix this, add eventfd2 to a custom seccomp policy. For more details, refer to Use Linux Secure Computing Mode (seccomp).
Click to view the policy 
seccomp:
  syscalls:
    - action: allow
      names:
        - accept
        - accept4
        - access
        - arch_prctl
        - bind
        - brk
        - capget
        - chmod
        - chown
        - clock_gettime
        - clock_nanosleep
        - clone
        - clone3
        - close
        - connect
        - dup
        - dup2
        - dup3
        - epoll_create
        - epoll_create1
        - epoll_ctl
        - epoll_pwait
        - epoll_wait
        - eventfd2
        - execve
        - exit
        - exit_group
        - faccessat
        - faccessat2
        - fchdir
        - fchmod
        - fchmodat
        - fchown
        - fchownat
        - fcntl
        - fdatasync
        - flock
        - fstat
        - fstatfs
        - fsync
        - ftruncate
        - futex
        - getcwd
        - getdents
        - getdents64
        - geteuid
        - getgid
        - getpeername
        - getpid
        - getppid
        - getrandom
        - getrlimit
        - getrusage
        - getsockname
        - getsockopt
        - gettid
        - gettimeofday
        - getuid
        - inotify_add_watch
        - inotify_init1
        - inotify_rm_watch
        - ioctl
        - kill
        - listen
        - lseek
        - lstat
        - madvise
        - mincore
        - mkdirat
        - mmap
        - mprotect
        - munmap
        - nanosleep
        - newfstatat
        - open
        - openat
        - pipe
        - pipe2
        - poll
        - ppoll
        - prctl
        - pread64
        - pselect6
        - pwrite64
        - read
        - readlink
        - readlinkat
        - recvfrom
        - recvmmsg
        - recvmsg
        - rename
        - renameat
        - rseq
        - rt_sigaction
        - rt_sigprocmask
        - rt_sigreturn
        - sched_getaffinity
        - sched_yield
        - sendfile
        - sendmmsg
        - sendmsg
        - sendto
        - set_robust_list
        - setitimer
        - setrlimit
        - setsockopt
        - shutdown
        - sigaltstack
        - socket
        - splice
        - stat
        - statfs
        - sysinfo
        - tgkill
        - time
        - tkill
        - uname
        - unlink
        - unlinkat
        - wait4
        - waitid
        - write
        - writev

Breaking changes

edit

Metricbeat

  • Change index summary metricset to use _nodes/stats API instead of _stats API to avoid data gaps. 45049

Bugfixes

edit

Affecting all Beats

  • The Elasticsearch output now correctly applies exponential backoff when being throttled by 429s ("too many requests") from Elasticsarch. 36926 45073

Filebeat

  • Add missing "text/csv" content-type filter support in GCS input. 44922 44923

Winlogbeat

  • Fix EvtVarTypeAnsiString conversion. 44026

Added

edit

Filebeat

  • Add input metrics to Azure Blob Storage input. 36641 43954

Heartbeat

  • Upgrade Node version to latest LTS v20.19.3. 45087
  • Add base64 encoding option to inline monitors. 45100

Metricbeat

  • Upgrade github.com/microsoft/go-mssqldb version from v1.7.2 to v1.8.2 44990
« Beats version 8.18.5 Beats version 8.18.3 »