v.2.4.5 Release
2021-04-20 – Cribl LogStream 2.4.5 – Maintenance Release
New Features
This release provides the following improvements:
New and Enhanced Sources, Destinations, and Collectors
CRIBL-4719 Added a new Azure Blob Storage Collector.
CRIBL-4863 Added a new Google Cloud Storage Collector.
CRIBL-4715 The Splunk HEC Source now recognizes metrics without the event:metric
field.
CRIBL-4327 LogStream’s AWS SDK is upgraded to v.2.880.0.
CRIBL-4908 LogStream now supports AWS EC2 Instance Metadata Service Version 2 (IMDSv2).
Enhanced Functions
CRIBL-3970 The Rename Function now supports top-level fields and wildcards in Base Fields.
Security and Administration Improvements
CRIBL-4648 Autocomplete/autofill is now disabled for sensitive fields (usernames, tokens, keys, etc.).
CRIBL-4930 Tokens that Splunk HEC rejects as invalid are now logged for debugging, with redaction.
Internal Logging Improvements
CRIBL-4879 HTTP Destinations now write out failed (4xx) requests for inspection.
UI Improvements
CRIBL-4487 Previewed events now have right-side padding.
CRIBL-4632 In regex fields, you can now batch-set multiple flags before the flags pop-up closes.
CRIBL-3482 Changed Dark Mode drop-down (at Settings > General Settings > Display Settings) to a toggle slider.
Deprecated Environment Variables
The following environment variables are deprecated as of LogStream 2.4.5. We plan to remove them as of LogStream 3.0:
CRIBL_CONFIG_LOCATION
CRIBL_SCRIPTS_LOCATION
Corrections
This release includes the following fixes:
Startup and Communication Fixes
CRIBL-4799 Setting $CRIBL_VOLUME_DIR
on the Master no longer breaks the bootstrap script.
CRIBL-4621 Corrected some Worker Processes’ failure to reload Route and Pipeline changes during configuration deployments.
CRIBL-4636 Browsers’ JavaScript console no longer logs spurious errors while a user has not yet logged in.
Security and Authentication Fixes
CRIBL-4958 LDAP users’ Role mappings now properly handle multiple CN (common name) components within DNs (distinguished names).
CRIBL-4924 In the Certificates page’s cert/key fields, the Enter/Return key now properly inserts a newline.
CRIBL-4791 The Splunk TCP Source now redacts invalid authentication tokens when logging them.
CRIBL-4952 Corrected broken Token > Generate button.
CRIBL-4953 Corrected broken paste into password fields.
CRIBL-4991 Corrected paste’s failure to overwrite password fields’ values.
CRIBL-4943 Corrected S3 Collector > Auto populate from option’s treatment of Secret Key from S3 Destinations.
Source, Destinations, and Collectors Fixes
CRIBL-4894 Corrected memory leak and OOM errors on Splunk TCP and Splunk Load Balanced Destinations.
CRIBL-4532 The Splunk HEC Source now properly sets metric inputs’ host
, source
, and sourcetype
as dimensions.
CRIBL-4963 Manage Sources pages’ Enabled slider now correctly updates the list view.
CRIBL-4874 Moved Multiplexbreaker’s high-frequency “flushed stale channels” message to debug level, to allow Worker Processes’ logs to rotate properly and prevent memory leaks.
CRIBL-4695 Splunk TCP and Splunk HEC Sources’ configuration modals now have consistent tab order.
CRIBL-4840 The S3 Source, in distributed deployments, now properly enforces specifying a Region (unless the Queue entry is a URL or ARN that includes a Region).
CRIBL-4893 The Office 365 Message Trace Source now properly uses the Received
field as _time
, including in corresponding search filters.
CRIBL-4596 Corrected the Office 365 Message Trace Source’s rerunning of scheduled jobs.ß
CRIBL-4779 The S3 Collector’s S3 bucket field now supports JavaScript expressions, which properly enables the Auto populate from control.
CRIBL-4832 Corrected the Azure Blob Storage Source modal’s Enabled
slider. Enabling is now enabled.
CRIBL-4792 The Splunk Load Balanced Destination now properly resets active connections after the Auth token field is updated.
CRIBL-4725 On S3, MinIO, and Google Cloud Storage Destinations, we now annotate “Bucket does not exist” error messages with the underlying error.
CRIBL-4881 On Destinations’ Status tab, you can now correctly expand Persistent Queue errors.
CRIBL-4566 On the Splunk Single Instance Destination, disambiguated “Persistent Queue engaged” success notification from “Error: sender is blocked” notification.
CRIBL-4939 The Prometheus Destination now includes cribl_host
and cribl_wp
System fields by default. Cribl recommends keeping these fields onboard, to prevent errors such as sample invalid label
, duplicate label name
, or out of order
.
CRIBL-3800 On all AWS-related Sources and Destinations, renamed the API key field to Access key for clarity.
Functions Fixes
CRIBL-4957 Corrected the C.Text.relativeEntropy()
method’s loading of models for Lookup tables.
CRIBL-4640 The Clone Function’s value fields now support JavaScript expressions.
CRIBL-4750 The Redis Function’s Redis URL field now supports and validates redacted, password-only URLs.
Git Integration Fixes
CRIBL-4620 The Git Commit modal now lazy-loads long diffs, to prevent browser lockup.
CRIBL-4622 Corrected the Git Commit & Push button’s distribution of global config changes to Worker Groups.
Data Preview, Monitoring, and Logging Fixes
CRIBL-4576 Editing a sample file’s name in the Samples modal no longer prematurely changes the name before Save is pressed.
CRIBL-4663 In Preview modals, the Event view now displays events correctly after switching to Table view, then back.
CRIBL-4605 Improved HTTP Destinations’ logging of rejected-data errors.
CRIBL-4971 Restored Save button to Log Levels page.
Version Upgrade Fixes
CRIBL-4892 Corrected empty and bigass Settings > Controls > Upgrade modal.
CRIBL-4833 In distributed mode, corrected Upgrade button’s red on-hover color.
CRIBL-4834 In distributed mode, realigned Upgrade confirmation text.
Other UX/UI Fixes
CRIBL-4944 Enabled numeric separators at the beginning and end of numeric literals.
CRIBL-4581 On Routes’ context menu, after creating or deleting a Route, the Move to Position option now refreshes with current indexes.
CRIBL-4613 The Reuse Connections slider is now consistently placed across AWS-related Sources and Destinations.
CRIBL-4490 Corrected in-app search error when a search token has no Roles.
CRIBL-4882 In Event Breaker Rule modals, restored In tab’s zebra stripes.
CRIBL-4858 The Settings > Authentication > Type drop-down no longer displays a (disabled) Cribl Cloud option.
Other Functional Fixes
CRIBL-4922 Corrected SmartGunzip utility’s error handling, to prevent components from hanging when trying to decompress an invalid .gz
file.
CRIBL-4800 Setting the $CRIBL_VOLUME_DIR
environment variable on Docker containers no longer suppresses tailing logs.
CRIBL-4809 The Cribl App for Splunk, if switched to Local Authentication, can now correctly switch back to Splunk Authentication.
Documentation Fixes
CRIBL-4294 Our documentation’s former Use Cases and Best Practices sections are merged into a new, more-flexible Techniques & Tips section, which starts with a new Tips and Tricks page.
CRIBL-4431 Added Using REST/API Collectors examples.
CRIBL-4614 Documented more LogStream internal metrics.
CRIBL-4363 Added new Estimating Memory Requirements section.
CRIBL-3368 Expanded System Proxy Configuration instructions, now moved to their own page.
CRIBL-4898 Splunk HEC Source doc now clarifies precedence among event fields, Auth Token fields, and metadata fields
CRIBL-3630 For LogStream Free and One licenses, clarified telemetry requirements and exceptions.
CRIBL-3890 Added a blog post on best practices for chaining LogStream instances.