Changelog for version 1.1.0#

User interface changes#

  • Searches

  • Non-temporal searches now hide overview graphs

  • Search progress bar now appropriately estimates search progress

  • Line chart can now be shown as a area chart with appropriate filling and overlay

  • Dashboards

  • Sharing system to import and share dashboards from marketplace

  • Dashboards can be cloned so that users can modify their own copy

  • Improved UI for deleting dashboards

  • User Controls

  • Can now see user resource usage and admins can terminate and delete users searches

  • Search bar now dynamically resizes to multiline bar

Backend Changes#

  • Search Modules

  • Added packetlayer module

  • Added anko module

  • Anko is a turing complete scripting engine allowing for inpipeline programs

  • regex can now import its regular expressions from a resource (lookup -r resource name)

  • Added relative slicing to slice module

  • CEF parser and search module

  • Fixed issue in subnet parser where trailing garbage did not cause an error

  • Fixed issue in packet processor where tcp.Port and udp.Port was not grabbing the lowest port

  • Distributed frontends

  • Distributed frontends now automatically fail over and can survive disconnections from datastore

  • Resource System

  • Implemented resource system that allows modules to import databases and data sets

  • Data Ageout

  • Updated ageout to take snapshots, allowing it to recover and continue from interrupted ageouts

  • Data Replication

  • Modified replication system to attempt to sync tags prior to starting ingest server

  • Fixed issue where data could be duplicated when indexers failed

  • Disallowed some special characters in usernames

Ingester Changes#

  • Fixed issue in ingest framework that could cause livelock on heavily loaded indexers when repeatedly disconnected

  • Enabled a cache ceiling on ingesters, so the ingester stops caching when it hits the ceiling

  • Federator

  • Enables secure segmentation and boundary hopping via ingest

  • Amazon Web Services Kinesis

  • Ingester that can consume from Amazon Kinesis streams

  • Session ingester

  • easy ingest of large blobs using network sessions

  • massFile

  • Bulk file processing and optimization for large sets of files

  • diskmonitor

  • native ingester that pulls disk latency, transfer, and page operations

  • Additional time formats in TimeGrinder