Changelog for version 5.0.4#

Released June 30 2022#

Web UI Changes#

Bug Fixes#

  • Fixed an issue where saved searches were not included in backups.

  • Fixed an issue where dashboard searches launched repeatedly.

  • Fixed an issue where DateRange timeframe sometimes initialized without a default date.

  • Fixed an issue where dashboard searches were not stopped on navigation.

  • Fixed an issue where an admin could only filter other users’ macros if they had at least one macro.

  • Fixed an issue where dropdown checkbox was not working properly on systems/indexers.

  • Fixed an issue where unnecessary requests were made when favoriting/unfavoriting items.

  • Made it possible to have global Macros.

  • Updated to use default timeframe when producing share URL data for saved query.

  • Updated dashboard URL when variables updated.

  • Changed to wrap table cols by default.

New Additions#

Backend Changes#

New Features#

  • Changed Systems API to report uncompressed size by default and added a compressed size member in API responses.

  • Improved logic around HTTP node to respect additional content types in responses.

  • Improved handling of webserver ingest when entries have a zero value timestamp.

  • Improved handling of webserver ingest with very large entries.

Bug Fixes#

  • Improved handling of corrupted storage during ingest.

  • Added integrated recovery systems so that indexers can recover from storage corruption at ingest time.

  • Improved sanity checking on HTTP node when responses are very large.

  • Fixed issue where template would not show up in API responses immediately after creation.

  • Fixed issue where admins could not create globally accessible macros.

  • Fixed SDK to include method to remove SearchGroup from user.

  • Fixed issue where malformed packets could break the pcap renderer.

  • Fixed issue where CEF module was not properly filtering entries.

  • Fixed issue where some APIs allowed AX definitions to be updated with invalid specifications.

  • Fixed issue where dump module was not hinting the table renderer properly.

Ingester Changes#

  • Improved error handling of WinEvents ingester when Event Channels are missing or removed.

  • Improved recovery when an Event Channel is created while running.

  • Fixed issue where logging Fatal call was displaying the wrong file and line number.

  • Updated Google PubSub ingester to require fewer permissions.

  • Added new “time tester” tool which can help debug timestamp parsing issues.