Changelog for version 3.2.2#

Released Sept 10 2019#

GUI Changes#

  • Fixed issue where resource upload failure did not display error

  • Added multipart uploader to resource system for better upload reliability on very large resources

  • Updated autosave on dashboards to better handle table display parameters

  • Updated number cards in dashboard to allow very small tiles

  • Removed buffering on resources, script, and dashboards to better handle multiple users changing things at the same time

  • Removed results link on scheduled scripts

  • Fixed last run data on scheduled scripts

  • Added build IDs to license info page

  • Added ability to upload AX definitions as a file

  • Added ability to attach notes and a name to persistent searches

  • Scheduled scripts no prompt if changes are not saved

  • Fixed issue where errors were not properly displayed when attaching to corrupted searches

  • Fixed issue where negative numbers on gauges were not drawing properly

  • Added fixed time values for “this week”, “today”, “this month”, etc.

  • Added progress bar on resources

Backend Changes#

  • Added grok search module

  • Optimized userland compression to dramatically reduce memory usage

  • Added producesEnum and consumesEnum APIs to anko system to help with enumerated value hinting

  • Added ability to override label on guages and number cards

  • Updated error on rejected resource uploads to show max file size

  • Updated timespan handler on search agent to deal with very heavy load

  • Fixed lock contention on replication

  • Added ability to add attachments to alert emails

  • Updated text output on stats renderers to improve formatting

  • Optimized grok and regex to only produce Enumerated Values if they are used

  • Fixed issue where result history was not cleaned up on script errors

  • Added notification for failed ingest routine

  • Fixed parse error on words module

  • Optimized replication shard recovery for dramatically faster restoration after node failure

  • Fixed issue where storage and entry metrics were not updated when persistent search transitions state

  • Optimized shard handling when ingest data spans very large timespans

  • Optimized shard handling when queries span very large timespans

  • Fixed issue where replication system reported errors on shards that were missing components

  • Optimized query system to reduce memory usage when query does not need entry components

  • Added additional well configurations to control compression independently for hot and cold storage

  • Added dot11info member to packet search module

Ingester Changes#

  • Updated WinEvent ingester installer

  • Support passing a config file at install time

  • Support silent installs

  • Remove start menu items

  • Added “print version info and exit” option

  • Added STDIN support for single file ingesters

  • Fixed issue on cache that could cause tag mismatch on repeated connection failures

  • Fixed issue with windows installer that prevented old version uninstall on upgrades