Cribl LogStream – Docs

Cribl LogStream Documentation

Questions? We'd love to help you! Meet us in #Cribl Community Slack (sign up here)
Download entire manual as PDF – v.3.1.2

v2.3.2 Release

about a year ago by Michael Katz

2020-10-13 - Cribl LogStream 2.3.2 – Maintenance Release

  • Improvement: CRIBL-3625 Added support for scheduled (automatic) git commit and git push

  • Improvement: CRIBL-3221 LogStream now validates collection jobs' configuration against schema

  • Improvement: CRIBL-3252 Jobs preview can now show data as processed by a configured Pipeline

  • Improvement: CRIBL-3251 Jobs > Pipeline configuration now offers a link to Pipelines page

  • Improvement: CRIBL-3491 Jobs' status now tracks number of events processed

  • Improvement: CRIBL-2355 Jobs Inspector results are now paginated

  • Improvement: CRIBL-3443 LogStream now saves the most-recent Collector run ID

  • Improvement: CRIBL-3472 Events are now logged when deleting job artifacts, and when setting the Keep flag

  • Improvement: CRIBL-3674 Jobs REST endpoint now enables filtering by collection job type (Ad hoc, Scheduled, System, or Running)

  • Improvement: CRIBL-3653 System jobs no longer count against user's job limit, and can be independently limited

  • Improvement: CRIBL-3654 System jobs now have dedicated system task consumers

  • Improvement: CRIBL-2756 Added new inline function for case-insensitive lookups (C.LookupIgnoreCase)

  • Improvement: CRIBL-3638 Improved performance on S2S (Splunk to Splunk) output

  • Improvement: CRIBL-2494 Cribl internal metrics now track counts of dropped events by Source, Route, and Pipeline

  • Improvement: CRIBL-3582 Worker-Master heartbeat now resumes faster after restart

  • Improvement: CRIBL-2451 Task logs are now viewable in the Log Viewer UI

  • Improvement: CRIBL-3603 Collapsed Function and Route groups now expose descriptions

  • Improvement: CRIBL-3624 Global Settings page is now reformatted with menu sidebars instead of accordions

  • Improvement: CRIBL-3596 Documentation now includes a Getting Started Guide

  • Security Fix: CRIBL-3236 Git Settings now include an Authentication Type control, enabling encryption of remote repo's URL when saving to local configuration

  • Security Fix: CRIBL-3694 LogStream now invalidates authorization tokens upon logout

  • Security Fix: CRIBL-3696 Logins are now rate-limited to prevent brute-force attacks

  • Security Fix: CRIBL-3697 API Server Settings now expose the option to add custom, security-relevant HTTP headers

  • Security Fix: CRIBL-3698 Redacted error messages to prevent inadvertent information disclosure

  • Security Fix: CRIBL-3762 Audited and updated vulnerable npm packages

  • Fix: CRIBL-3626 Corrected failure of boot-start command when run as different user

  • Fix: CRIBL-3635 Corrected failure of service cribl stop command, which blocked restart on boot

  • Fix: CRIBL-2948 Corrected: Event breaker ruleset whose ID ends in a space no longer breaks UI when breaker is modified or deleted

  • Fix: CRIBL-3035 Corrected: Distributed deployments did not commit all changes with a manually created Group

  • Fix: CRIBL-3720 Corrected: Deleting a grouped Function deleted other Functions in same group

  • Fix: CRIBL-3555 Full Run collection jobs no longer straddle Worker Groups

  • Fix: CRIBL-3583 Corrected collection jobs' unintended drops of distributed-mode tasks

  • Fix: CRIBL-3641 Corrected failure of Filesystem > Preview collection jobs when seeking more events than are present in file

  • Fix: CRIBL-3640 Corrected Preview collection jobs' failure to rerun

  • Fix: CRIBL-3768 Corrected spurious "pipeline and output are required" error when running a Filesystem Collector with no pre-Processing Pipeline

  • Fix: CRIBL-3471 Warning is now promptly displayed when previewing a collection job that would exceed the concurrent job limit

  • Fix: CRIBL-3759 Corrected Job Inspector's broken job type buttons (Ad hoc, Scheduled, System, Running)

  • Fix: CRIBL-3744 Corrected N/A values on Job Inspector > Stats tab

  • Fix: CRIBL-3501 Corrected empty Job inspector > Settings tab

  • Fix: CRIBL-3737 Corrected S3 Source's failure to download files from CrowdStrike

  • Fix: CRIBL-3681 Corrected S3 Source's failure to download files whose names containing spaces

  • Fix: CRIBL-3690 S3 Source now exposes options to skip or retry corrupted/failed files

  • Fix: CRIBL-3645 Expanded SQS Source documentation to cover __sqsSysAttrs contents

  • Fix: CRIBL-3581 Corrected Office 365 Sources' keepAlive error upon restarting Master Node

  • Fix: CRIBL-3709 Corrected false TLS Enabled header label on Sources and Destinations with TLS disabled

  • Fix: CRIBL-3685 Corrected exact lookup's excessive memory use with large files (1.3+ million rows)

  • Fix: CRIBL-3655 To support preview of large lookup files, added Timeout and Memory controls.

  • Fix: CRIBL-3747 Corrected "n.match not a function" error when filtering Workers page using search box

  • Fix: CRIBL-3142 Double click is no longer required to highlight within text fields

  • Fix: CRIBL-3166 Reclaimed Function pane's white space left over from dismissed fields

  • Fix: CRIBL-3270 In Add Sample Data modal, restored Add Fields to Events as top-level accordion

  • Fix: CRIBL-3465 Phone-home REST query now responds with specified et/lt, even if time-based metrics do not exist

  • Fix: CRIBL-3477 Corrected CloudWatch Logs output error when events were not in chronological order

  • Fix: CRIBL-3487 LogStream now hard-deletes Pipelines deleted via the UI (with rollback available via Git)

  • Fix: CRIBL-3489 Git Push button is now displayed as disabled when unavailable under current license

  • Fix: CRIBL-3610 Corrected ENOENT error when running ./cribl status with single-instance LogStream and no Git repo

  • Fix: CRIBL-3667 Added thirdparty folder to .gitignore

  • Fix: CRIBL-3283 Expanded Version Control documentation to include Git best practices and troubleshooting tips

  • Fix: CRIBL-3502 Clarified error message (replacing ENOENT) for invalid or missing Distributed > Config Helper setup

  • Fix: CRIBL-3510 Corrected API error failure when selecting Capture New in Microsoft Edge

  • Fix: CRIBL-3564 Removed obsolete registration prompt from Worker Nodes' UI

  • Fix: CRIBL-3568 Corrected UI's loss of state sync after reordering sortable lists

  • Fix: CRIBL-3594 Add scrolling capability to Master's Settings > Licensing page

  • Fix: CRIBL-3598 Resolved blocked data and full queues in Splunk HF logs when sending to LogStream Workers

  • Fix: CRIBL-3309 Monitoring page: Added health status for Output Router

  • Fix: CRIBL-3336 Monitoring page: Corrected scalability

  • Fix: CRIBL-3699 Conformed Destination > Live > Charts to Monitoring > Destinations chart's layout

  • Fix: CRIBL-3611 Monitoring page: Corrected Live indicators' pulsation even when live monitoring was disabled

  • Fix: CRIBL-3614 Monitoring page: Corrected Thruput indicators' pulsation even when live monitoring was disabled

  • Fix: CRIBL-3431 Collectors now validate relative-time modifier before collection runs

  • Fix: CRIBL-3616 REST Collector now follows redirects

  • Fix: CRIBL-3617 REST Collector now correctly encode URLs when the host/path/port references a variable

  • Fix: CRIBL-3422 Corrected Y-axis scale for in-flight tasks

  • Fix: CRIBL-3620 Corrected failure to clone sample files

  • Fix: CRIBL-3634 Corrected commit-deploy command's failure when there were no changes to commit

  • Fix: CRIBL-3686 Routes page > search filter: Corrected UI glitches and deletion of some Routes' configuration

  • Fix: CRIBL-3687 Corrected wrong sign on times returned from C.Time.adjustTz internal method

  • Fix: CRIBL-3548 Corrected display of internal fields in JavaScript expression preview modal

  • Fix: CRIBL-2848 Partitioning by time is now a check box

  • Fix: CRIBL-2784 Different Event Breaker types now display separate descriptions

  • Fix: CRIBL-3000 Don't re-encrypt unchanged configuration values

  • Fix: CRIBL-3612 Limited massive RPC log lines

  • Fix: CRIBL-3208 Removed object Object artifacts from docs search results