Changelog for version 4.2.0#

Released July 26 2021#

New Features and Default Configuration Changes#

  • Data Explorer and automatic AX generation.

  • Query Studio reaches beta.

  • Updated default gravwell.conf to help avoid out-of-disk errors.

Frontend Changes#

  • Fix a time zone offset issue with date range queries.

  • Fix an issue where the “Load more” button in a table shows despite fully loaded results.

  • Fix stats-related issues to correctly align overview chart with incoming data.

  • Add more detail to license info page.

  • Add detail to browser page title.

  • UX improvements for timeframe locking.

  • Improved UX of left naviation drawer, featuring kit-branded contextual navigation.

  • Improve tooltips in map renderers.

  • Improved availability and usability of actionables.

  • Various UX improvements and minor bug fixes.

Backend Changes#

  • Implemented AX functionality for JSON, Netflow, Syslog, IPFIX, CEF, and Winlog data types.

  • Implemented dns module.

  • Implemented anonymize module.

  • Implemented automatic license updating for applicable customers.

  • Improved detection & handling of conflicting items during kit installation.

  • Indexer, Webserver, and SearchAgent generate internal logs as compliant RFC5424 messages and are automatically ingested into the gravwell tag.

  • Fixed handling of delimiters for fields acceleration.

  • Webserver now detects updated tags much sooner after ingest.

  • Fixed geoip module’s “always strict” bug, -s flag is now properly respected.

  • Fixed logic error in update checking code.

  • Fixed bug where typing a newline immediately before a search macro would cause a parse error.

  • Fixed importing of archived searches using the pointmap renderer.

  • Fixed issue where downloading JSON results from the text renderer could mangle binary data.

  • Simple table displays (e.g. tag=foo json user email | table user email) are now automatically sorted by time unless another sort is specified.

  • Enabled per tag acceleration definitions that are independent from well assignment.

  • Added preview flag to queries where indexers will find enough recent data to draw results and shutdown automatically.

  • Improved logic around query termination to enable faster query aborts.

Ingester, CLI, and Library Changes#

  • All ingesters now perform self logging via a properly formated RFC5424 logging format.

  • Fixed issue where an error was not properly relayed when no search protocol was defined.

  • Updated kit signature validation code to allow for custom signature hooks.

  • Increased verbocity of fatal error logs so that all goroutines are there.

  • Improved name validation in macro names.

  • Added README to kit metadata files.

  • Added the kitctl command to simplify managing kits in git repositories.

Security Changes#

  • Upgraded the Go runtime to 1.16.6.