Changelog for version 4.2.0#
Released July 26 2021#
New Features and Default Configuration Changes#
Data Explorer and automatic AX generation.
Query Studio reaches beta.
Updated default gravwell.conf to help avoid out-of-disk errors.
Frontend Changes#
Fix a time zone offset issue with date range queries.
Fix an issue where the “Load more” button in a table shows despite fully loaded results.
Fix stats-related issues to correctly align overview chart with incoming data.
Add more detail to license info page.
Add detail to browser page title.
UX improvements for timeframe locking.
Improved UX of left naviation drawer, featuring kit-branded contextual navigation.
Improve tooltips in map renderers.
Improved availability and usability of actionables.
Various UX improvements and minor bug fixes.
Backend Changes#
Implemented AX functionality for JSON, Netflow, Syslog, IPFIX, CEF, and Winlog data types.
Implemented dns module.
Implemented anonymize module.
Implemented automatic license updating for applicable customers.
Improved detection & handling of conflicting items during kit installation.
Indexer, Webserver, and SearchAgent generate internal logs as compliant RFC5424 messages and are automatically ingested into the gravwell tag.
Fixed handling of delimiters for fields acceleration.
Webserver now detects updated tags much sooner after ingest.
Fixed geoip module’s “always strict” bug,
-s
flag is now properly respected.Fixed logic error in update checking code.
Fixed bug where typing a newline immediately before a search macro would cause a parse error.
Fixed importing of archived searches using the pointmap renderer.
Fixed issue where downloading JSON results from the
text
renderer could mangle binary data.Simple table displays (e.g.
tag=foo json user email | table user email
) are now automatically sorted by time unless another sort is specified.Enabled per tag acceleration definitions that are independent from well assignment.
Added preview flag to queries where indexers will find enough recent data to draw results and shutdown automatically.
Improved logic around query termination to enable faster query aborts.
Ingester, CLI, and Library Changes#
All ingesters now perform self logging via a properly formated RFC5424 logging format.
Fixed issue where an error was not properly relayed when no search protocol was defined.
Updated kit signature validation code to allow for custom signature hooks.
Increased verbocity of fatal error logs so that all goroutines are there.
Improved name validation in macro names.
Added README to kit metadata files.
Added the kitctl command to simplify managing kits in git repositories.
Security Changes#
Upgraded the Go runtime to 1.16.6.