2021-03-09 - Cribl LogStream 2.4.3 – Maintenance Release
This release provides the following improvements:
CRIBL-4046 Office 365 Message Trace data can now be ingested via a native Source.
CRIBL-4317 AWS Sources now provide options to reuse HTTP connections, and to establish TLS connections to servers with self-signed certs.
CRIBL-4438 For Sources that support TLS, enabling the TLS Validate client certs toggle is now dependent on enabling Authenticate Client (mutual auth).
CRIBL-4336 The AppScope Source now parses AppScope metric events into LogStream metric events.
CRIBL-3184 The REST Collector now supports pagination of returned results.
CRIBL-3676 Job artifacts' names now include their run type.
CRIBL-2997 The Aggregations Function now provides internal
CRIBL-1374 Within the Aggregations Function, Group by Fields now supports wildcards.
CRIBL-4580 The Aggregations Function now provides an option to omit null values.
CRIBL-4556 The Regex Extract Function can now create array fields.
CRIBL-3202 Grok patterns now provide a preview/validation modal like regex rules.
CRIBL-3894 Corrected how events display in the Regex Extract and Mask Functions' preview/validation modals.
CRIBL-4032 You can now select/deselect individual files to commit via Git.
CRIBL-3351 The Commit Changes modal now provides an Undo button, to discard uncommitted changes.
CRIBL-2160 The Monitoring > Logs page now includes Git actions.
CRIBL-4552 The Username field now allows administrators to override the OpenID default identifier format.
CRIBL-3245 You can now create new sample files at intermediate stages, such as previewing the result of a pre-processing Pipeline.
CRIBL-2100 You can now create a datagen from an existing data sample file.
CRIBL-4000 The Preview pane now displays a warning icon and tooltip when an event lacks a valid
_time field (i.e., UNIX epoch time, in seconds resolution).
CRIBL-3793 The Monitoring page now displays partial (most-recent) buckets as dotted lines, to be less scary.
CRIBL-3618 Searching against Routes and Pipelines now includes the contents of Description fields and Comment Functions
CRIBL-3909 Pipelines now automatically scroll down to a newly added Function, to prevent accidental overwriting of existing Functions' fields.
CRIBL-4180 You can now press
Ctrl+Enter (Linux/Windows) or
Cmd+Return (Mac OS) to submit most UI forms.
CRIBL-3920 The CLI now provides more-specific error messages.
This release includes the following fixes:
CRIBL-4315 The Settings > Authentication > LDAP > Role Mapping section now allows adding mappings for similar (non-duplicate) external group names without deleting existing mappings.
CRIBL-4326 In General > TLS Settings, the Private Key Path field now provides validation and error messaging.
CRIBL-4524 You can now enter multiple authentication tokens on Splunk HEC and Splunk TCP Sources, to prevent broken data flow upon upgrade to LogStream 2.4.x.
CRIBL-4427 The Splunk HEC Source now recognizes valid tokens with Basic Authentication.
CRIBL-4395 The LogStream Download page now provides FIPS-compliant checksums.
CRIBL-4519 Corrected failure to initialize Git remote repo upon startup, after upgrading to LogStream 2.4.2.
CRIBL-4452 Addressed "Possible EventEmitter memory leak detected" error when attempting to bind to a bound port on startup.
CRIBL-4454 Addressed "Cannot read property 'getReader' of undefined" error when attempting to bind to a bound port on startup.
CRIBL-4571 Relaxed the restart time for Workers shut down by the Linux OOM killer.
install-worker.sh bootstrap script now provides an option to disable TLS.
CRIBL-4592 In General Settings > Job Limits, corrected the rejection of the Concurrent Scheduled Job Limit field's default
CRIBL-4237 LogStream now minimizes Workers' unintended restarts when managed by systemd.
cribl mode‑worker CLI command now echoes complete usage options.
CRIBL-3497UI configuration options now error-check for integers where required.
CRIBL-4535 Expression fields now warn about type mismatches rather than arbitrarily assigning new types to values.
CRIBL-4443 Corrected Cribl App for Splunk's replication settings in
CRIBL-4418 Corrected version-update errors reading "message":"Entity with "NEW_VERSION" ID already exists."
CRIBL-4204 All HTTP Sources provide a new Advanced Settings > Max active requests setting, to prevent overflow and hanging if Destinations are blocked.
CRIBL-4584 Corrected ElasticSearch Destination's data output to Filebeat (and associated diagnostics) when using index templates.
CRIBL-4617 Corrected the detection of downstream Elasticsearch version when Elasticsearch is not running.
CRIBL-4448 Corrected the Elasticsearch API Source's default endpoint.
CRIBL-4432 On the Splunk Load Balanced Destination, corrected DNS resolution and indexer discovery to prevent unintended persistent queueing.
CRIBL-4546 In the Splunk HEC Source, corrected the Token field to behave as a standard password field.
CRIBL-4263 Corrected the AppScope Source's display of fields from
CRIBL-4414 Corrected a bug in the Splunk Load Balanced Destination that incorrectly displayed a 404 status for Workers.
CRIBL-4455 Extended New Relic Destination's retry interval to correct handling of log data.
CRIBL-4415 Corrected Filesystem Destination's blank Output Location column.
CRIBL-4233 Destinations' Output ID fields now provide clearer error messaging.
CRIBL-3338 Corrected the validation of
POST /jobs requests.
CRIBL-4611 In post-processing Pipelines, corrected the Aggregations Function's misdirection of data to the Default Destination, rather than to the Pipeline's attached Destination.
CRIBL-4526 A Route's empty Filter field now defaults to
false upon save, and no longer breaks other Routes.
CRIBL-4401 Shrank Routes page's Show All | Enabled | Disabled dropdown to avoid overlap with Events selector.
CRIBL-4342 In Routes > Filter validation modal, prevented suggestions pop-up from overlapping editor fields.
CRIBL-4293 On the Pipelines page, enabled selection of the
CRIBL-4569 On Safari, corrected Event Breakers' failure to show OUT events.
CRIBL-4390 Corrected the CSV Event Breaker's unintended regeneration of
_raw field via serialization.
ESC key's closing of parent Event Breaker modal along with focused child modal.
CRIBL-4376 Corrected CSV Event Breaker > Rules editor modal's display of embedded newlines.
CRIBL-4498 Corrected the Parser Function's unintended stringification of
CRIBL-4405 The Lookup Function's Lookup and Output field names are now error-checked for special characters.
CRIBL-4400 In Functions with + Add Field buttons, newly added rows now promptly validate entry of required values.
CRIBL-4445 In the Add Sample Data modal, pressing
Esc now prompts to save pending changes.
CRIBL-4568 In the Preview pane, corrected the behavior of the Show Internal Fields and Show Dropped Events toggles.
CRIBL-4209 A renamed sample data file now properly appears in the files list, without requiring a browser refresh.
CRIBL-4599 Improved data-flow diagrams under Preview Simple and Preview Full tooltips.
CRIBL-4399 On the Monitoring > Logs page, the search box's history button now retains its selected or deselected state.
CRIBL-4168 Monitoring > Logs now retains previous timezone selection when switching to a different log.
CRIBL-2285 In Settings > Logging > Levels page, corrected errors triggered by changing log level to
info (or to other non-default levels).
CRIBL-4638 Corrected the Capture modal's duplicate vertical scrollbars.
CRIBL-4421 Corrected column sorting on multiple pages.
CRIBL-4422 Corrected the negative row count displayed when re-saving Lookup tables in text editor.
CRIBL-4381 In Distributed > Master Settings, corrected behavior of disabled Worker UI access toggle.
CRIBL-4484 Corrected the unintended lowercasing of error messages.
CRIBL-2472 Corrected the unintended lowercasing of regex in validation error messages.
CRIBL-4207 The Live button is now grayed out on disabled Routes and Pipelines.
CRIBL-2903 Corrected Settings > Diagnostics page's hidden sidebars after switches between dark and light mode.
CRIBL-4226 Corrected the Git diff view's hiding of single-line changes when the diff gets long.
CRIBL-4486 Corrected the overlap of Git commit buttons.
CRIBL-4492 On S3-based Destinations, corrected the wording of Key prefix fields' tooltips.
CRIBL-4216 Clarified the Aggregations Function's tooltips.
CRIBL-4370 In Source modals, corrected Enabled button's overlap with scroll bars.
CRIBL-4594 In Collectors > Discover results, corrected the display of List of Files rows.
CRIBL-4560 Corrected the Save and Cancel buttons' overlap when resaving a sample data file or datagen.
CRIBL-4536 browse/CRIBL-4560) Corrected Save and Cancel buttons' misalignment when cloning a sample data file or datagen.
CRIBL-4098 The Pipelines page's header has been redesigned.
CRIBL-4520 Corrected Event Breaker field's overlay of Copy button over Flags menu.
CRIBL-4497 Corrected Copy button's position in Event Breaker Rulesets.
CRIBL-4451, CRIBL-4464 Corrected Copy button's overlap of Hide/Show Password button.
CRIBL-4608 Corrected the Aggregations Function's Copy button position.
CRIBL-4619 Corrected the Copy button's behavior in Collector settings > Job Details.
CRIBL-4579 Corrected the Copy button's position on Auth tokens > Description fields.
CRIBL-4589 Corrected Copy buttons' overlap of Certificates modal's field boundaries. (Copy buttons have definitely been biting us lately.)
CRIBL-3739 Corrected API docs' display of Collection Jobs endpoints.
CRIBL-3451 Corrected API docs to display Licenses API.
CRIBL-4610 TLS/SSL docs: Added guidance on validating Common Names in regex .
CRIBL-3023 Clarified Encryption and Decryption docs.