Changelog for version 2.0.0#

User interface changes#

  • User preferences

  • Users can now set preference to disable drawing FDGs during update

  • Users can set resolution of graphs in preferences

  • Dashboard

  • Rewored autozoom system to ensure graphs draw in a more timely manner

  • Resources

  • Resource system integrated

  • Additional information about resource size name, usage

  • Fixed issue where special characters were being dropped from passwords after password change

  • No security implications, but potentially locking users out of accounts

Backend Changes#

  • Search Modules

  • anko

  • Updated imported function list to be more concise

  • Added additional execution mode which enables more control over pipeline and entry flows

  • Updated parameter checking code to infer the script type and only check known imports

  • eval

  • Fixed issue where toFloat causes the output to corrupt the mantessa in the float structure for float32

  • Added lookup module to do fast white listing and data enrichment

  • Fixed issue in slice module which caused relative slicing to be off by one

  • Added modbus to packet processor

  • Added EthernetIP to packet processor

  • Added table names to error output on lookup module

  • Enabled filters on flexible enumerations

  • Updated math module hinting system to transparently help inform when distributed search should collapse the pipeine

  • Distributed Frontends

  • Implemented distributed frontends so multiple frontends can share data

  • Implemented central datastore for distributed frontends

  • Data Ageout

  • Fixed issue where combining size and time caused a failure to age out shards

  • Changed default compression system for cold shards to snappy

  • Added ability to specify reserved storage for ageout

  • Data Replication

  • Integrated replication system into indexers

  • Built offline replication engine that exists outside of indexers

  • Changed to backup tags to every replication peer

  • Added Environment Variable fallback to config variables

  • indexer and frontend can extract peers, secrets, etc. from env variables

  • Eases configuration and deployment in cloud and docker containers

  • Added native data downloading

  • Can directly download search data as CSV, text, JSON, table

  • Fixed issue in installer where ingesters that did not need to ship the open source directory were still trying to chown it

  • Cloning a dashboard now changes the name to indicate which dashboard is the clone

  • also changes ownership to the user that performed the clone

  • Upated installers to be more Docker friendly

Ingester Changes#

  • Netflow

  • Netflow collector that can process native netflowv5

  • Google Cloud Platform PubSub ingester

  • Ingester for gathering log entries from the GCP PubSub framework