2021-02-03 - Cribl LogStream 2.4.1 – Maintenance Release
This release provides the following enhancements:
You can now define Event Breaker Rules of Type: CSV, to extract fields in CSV streams that include a header line.
You can now define Event Breaker Rules of Type: Timestamp, to break events at the beginning of any line in which LogStream finds a timestamp.
Sources and Destinations with full TLS support now enable you to (optionally) specify minimum and/or maximum TLS versions for connections.
Splunk Load Balanced Destinations now allow you to constrain the number of concurrent indexer connections, per Worker Process, to limit memory consumption.
Splunk Sources' connection open/close logs are moved to the
The Output Router Destination's Rules table now provides a Description column.
The S3 Collector, upon Preview, now provides more-detailed error messaging about incorrect connection settings.
The Numerify Function now provides a Format option to round or truncate extracted numeric values.
The Publish Metrics Function now supports adding, and removing, metrics as well as dimensions.
The Auto Timestamp Function's Strptime format field is now a combo box, offering an (optional) drop-down to select among predefined formats.
Multiple fields now display a Copy button upon hover.
You can now use filter expressions to search within previewed and captured data samples.
The Capture Sample Data modal has been Marie Kondo'ed (decluttered). Sample File Settings are now displayed only after selecting Save as Sample File.
LogStream now protects against duplicate datagen and sample file names.
Pipelines now provide clearer visual indicators to separate adjacent and focused Functions.
Pipelines now provide better error handling and warnings around invalid configurations.
Mappings Rulesets now have an Active indicator, and warn that saving changes will take effect immediately.
The Lookups page now displays row counts per lookup file.
A new log event indicates when Workers pull a configuration bundle from the Master.
LogStream no longer returns an HTTP response code 200 when malformed JSON events are received but then dropped.
This release includes the following fixes:
CRIBL-4384 Workers with compression enabled can now connect to the Master after upgrade to v.2.4.1.
CRIBL-4270 Corrected unintended re‑encryption of the S3 Source's auth secret key, which blocked data input.
CRIBL-4265 Google Cloud Storage Destination now supplies the
https://storage.googleapis.com. endpoint, as intended.
CRIBL-4343 Corrected the Master process' failure due to missing
CRIBL-4257 Corrected the Cribl Splunk app's unintended persistence of free license files in
SPLUNK_HOME after uninstall.
CRIBL-4350 Corrected the Kafka Destination's support for compression.
CRIBL-4126 Streaming Sources now protect Worker Processes against connection storms.
CRIBL-3402 Corrected unintended retries when a Worker Process shuts down on API exit.
CRIBL-4225 Corrected logs' handling of multi-line content.
CRIBL-4274 Corrected the Prometheus Source's unintended passing of metric values as strings.
CRIBL-4268 Corrected the New Relic Destination's failure to post metrics to New Relic dashboards.
CRIBL-4260 Corrected Splunk Destinations' unintended indexing of LogStream heartbeat events.
CRIBL-4247 Corrected the
C.Text.parseWinEvent method's failure to parse the
CRIBL-4231 Corrected the unintended flattening of fields specified in the Aggregations Function > Group by Fields.
CRIBL-4045 Corrected datagen creation for Windows Event Logs where a timestamp occupies the entire first line.
CRIBL-4249 Corrected the Capture Sample Data modal's failure to copy custom Filter Expression values from Routes (with fallback to the default
CRIBL-4341 In Splunk HEC Sources, an empty Allowed Indexes field is no longer used to validate index values.
CRIBL-4146 Keyword search now filters on the Cribl Internal Source, as intended.
CRIBL-4303 Added checks against "unhandledRejection" errors when the
outputs.yml file contains broken configuration.
CRIBL-4252 Added a path-name length check to prevent EADDRINUSE errors.
CRIBL-2996 LogStream now forces any configured Maximum TLS version to be no lower than any Minimum TLS version configured on the same object.
‑b' flag from git status` command, to prevent errors
CRIBL-2900 On the MinIO and S3 Destinations, the Output ID field now interactively validates users' entries for accepted format.
CRIBL-4349 Improved error messaging when LDAP is configured with wrong User Name field.
CRIBL-4306 Restored Master's access to Sources' configuration and Live status when viewing Workers' UI.
CRIBL-4149 Corrected the S3 Source's incorrect green status display when LogStream cannot delete SQS events from the queue. The status now displays as yellow.
CRIBL-4259 Restored UI configuration of Worker Nodes' Local Users.
CRIBL-4319 Restored full Preview when viewing a Worker's UI from the Master.
CRIBL-4378 In Preview and Capture modals, the All and None toggle buttons now work as intended.
CRIBL-4201 Corrected the Preview pane's unintended display of
+ expansion symbols on single values.
CRIBL-4351 Corrected the sorting of Sample Files by the File Name column.
CRIBL-4354 Corrected Knowledge > Lookups text editor's failure to create a new file, triggering "no such file or directory" error.
CRIBL-4344 Corrected error when pressing
Enter on sortable list items.
CRIBL-4320 Restored the Pipelines page's missing Actions column header.
CRIBL-4289 Corrected the Filters pop-up's blocking of the underlying Filter field.
CRIBL-4330 When a collector Run fails, clicking on Logs no longer hides the modal's context.
CRIBL-4318 Corrected log search bar's behavior in Master mode.
CRIBL-4309 Corrected timestamp highlighting in the Event Breaker UI.
CRIBL-4073 The Settings > Access Management > Local Users > Password field is now properly labeled as Required (
CRIBL-4105 Settings > Custom Login Page > Logo file now enforces and error-checks images' maximum file size, maximum dimensions, and
.png file format.
CRIBL-4075 Pressing the
Esc key now consistently closes modals (interposing a confirmation dialog for unsaved changes).
CRIBL-4230 Corrected Grok Patterns' unintended display of a Save button on unaltered files.
CRIBL-2902 In Dark Mode, corrected the random display of
••• symbols in the top menu bar. Aliens were not involved.
CRIBL-2835 Corrected API Docs' display in Dark Mode.
CRIBL-4251 Restored the in-app display of Destinations' docs.
CRIBL-4296 Corrected API Docs' rendering of metrics and status endpoints.