Changelog for version 3.0.4

Released April 22nd 2019

Backend and ingester changes

• Bugfix that could cause timegrinder to stick to a format without timezone on format changes

• Indexers will now notify users when Gravwell storage disks are almost full

• Cloud Archive added to indexer

• Packet search module can now transparently handle VLAN and MPLS layers

• Fixed issue where scripts could not access resources using getResource API

• Added MPLS layer to the packet search module

• Added ICMP layer to packet search module

• Removed some unsupported ICS protocol layers

• Enhanced syslog search module to be dramatically more tolerant to non-compliant syslog

• Fixed issue where regex search module could not use resources

• Fixed issue where autoextractors imported from GUI could contain invalid characters

• Added alias module to assign additional names to enumerated values.

• Added -v flag on regex search module to see entries which do not match the regular expression

• Updated logging system to include dialer info

• -save flag for table now supports UUIDs

Webserver changes

• Backgrounded searches now give a notification when complete

• More TLS configuration options for datastore setups

• When composing a query, Gravwell will now warn if an enumerated value is used without first being extracted upstream

• Fixed issue where distributed webservers could not share search results in HTTP-only mode

• Fixed issue where use of the ‘json’ module would prevent searches from being backgrounded.

• Webserver can now start without any indexers

Other

• Generators open source https://github.com/gravwell/generators

• Fixed issue where installer wasn’t creating a logging subdirectory on installer

• Fixed issue where permissions were not being set correctly on installer

• Added timezone files to published docker container