Changelog for version 3.3.4

Released Jan 17 2020

GUI Changes

• Fixed issue where time selection drop down would hide on certain click patterns

• Added tip about macros

• Added labels to resources

• Fixed issue where search stats were not showing total number of entries processed

• Updated dashboard, resource, macro, and scheduled query card page to show cards in sorted order

Backend Changes

• Added an Offline Replication docker container

• Updated handling of non-200 return codes on SOAR httpGet and httpPost helper functions

• Fixed panic in Federator when cache was enabled and no backends could be contacted

• Updated logging for replication when two indexers have the same GUID

• Fixed issue where replication could stall on a shard when data blocks were corrupted

• Fixed issue where queries could abort when data blocks were corrupted

• Fixed issue where replication restoration could fail when both shards had corrupted blocks

• Improved handling of disk data corruption in indexers

• Updated autoextractor system to use data store

• Autoextractors now fully support distributed frontends

• Fixed issue where data that is ingested wildly out of order using fulltext indexer could cause query abort

• Added new diff search module

• Fixed panic in search agent when heavily loaded

• Improved handling of SOAR functions that need to be closed on script exit

• Improves handling of dangling connections

Ingester Changes

• Updated configuration parser library to better handle environment imports for more types