Changelog for version 5.2.0#

Released 16 February 2023#

New Additions#

  • Query Studio now primary search interface.

  • Autocomplete and hinting in query interface.

  • New file browser in UI.

  • New secret store.

  • Ingester API now tracks ingesters and provides disconnected ingesters.

  • Queries now support raw strings using backtick character.

  • Data explorer fully merged into default renderer.

  • New HTML Format flow node.

  • New Advanced Query flow node.

  • New SNMP Ingester.

  • Removed Original Gravwell Search interface.

  • Removed Original Data Explorer interface.

Web UI Changes#

Bug Fixes#

  • Fixed a dashboard issue where tile color may sometimes apply to more than one tile.

  • Fixed an issue where the “stop search” button would destroy a search.

  • Fixed an issue where a bad preferences config could cause a blank homepage.

  • Fixed an issue where the Timeframe Selector could cause errors in the preferences editor.

  • Removed preview timeframe from dashboards.

  • Standardized language to “start a query”.

  • Fixed an issue where kits with modified contents could not be deleted.

  • Changed Enable Scheduling switch, so that it does not trigger a save on Flows.

  • Made row styling width consistent in list views.

  • Fixed an issue with saving list preferences.

  • Fixed an issue launching actionables in external window.

  • Fixed issue where the user see menu items for actions that they do not have access to.

  • Fixed issue where some preferences would reset.

  • Fixed issue where some search functionality halts after error on search WebSocket.

  • Removed visualization renderer control multiselect from template.

  • Made “no more zoom data” modal dismissable.

  • Fixed an issue where query errors would not show on page refresh.

  • Fixed issue where schedule search pages would not fetch all items.

  • Fixed back button navigation for “View disks” link.

  • Fixed a problem with updating permissions on cover and banner images in playbooks.

  • Fixed an issue where pie, donut, and bar charts would not respect zoom.

  • Fixed problem where Details/Star icons overlapped with next row.

  • Fixed an issue where some browsers would offer to auto-fill password and label fields.

  • Changed automatic-opening behavior of details pane and extractor setup.

  • Fixed a problem with navigating back after clicking logo for homepage.

  • Fixed a bug where deleting tile from Searches & Timeframe Overrides would not delete all tiles associated with a search.

  • Fixed note icon consistency issue for Query Studio and Persistent Search.

  • Fixed a problem where changing themes would overwrite homepage preferences.

  • Fixed a bug where macros could not be backed up.

  • Updated options for homepage preferences.

  • Fixed a bug where the scripts form shows only the Owner instead Only me.

  • Updated text that appears on Starred view when a new search has been run.

  • Fixed an issue where the overview/zoom chart would unnecessarily show.

  • Removed totals from dripper display in Systems & Health.

  • Fixed an issue where Basic details wouldn’t show properly after login.

  • Fixed a UX issue where sub-context menus would dismiss too quickly.

  • Improved editor features to Playbook editor.

  • Improved editor features to Scripts editor.

  • Combined Kits into a single navigation menu item.

  • Removed flows from QS, added to its own, independent menu item.

  • Added support for flows to kits.

Backend Changes#

Bug Fixes#

  • Improved intelligence on timegrinder when missing the year component.

  • Improved quoting on query rewriting when using data explorer.

  • Fixed bug where old debug output is displayed when running a script.

  • Improved behavior of eval and controls over temporal queries and search pipeline collapse.

  • Added new -dall flag to the kv module to improve handling of data sources like Cisco.

  • Fixed issue where creating a backup with a distributed frontend and remote searches could prevent a successful backup.

  • Updated Systems & Health page to send unique disk IDs for stats.

  • Fixed issue where some updates to flows would not cause the flow to refresh in the searchagent.

  • Fixed issue where a Federator could fault on shutdown.

  • Added access to HTTP headers in HTTP flow node when performing requests.

  • Added some additional “Magic” output formatting to Teams, Slack, and Email output nodes.

Ingester Changes#

Bug Fixes#

  • Ingesters can now attach enumerated values and enrichments at ingest time.

  • File Follower ingester can attach source filename to entries.

  • Improved handling of Splunk formats in HEC compatible listener for HTTP ingester.

  • Fixed issue where JSONListener configuration wasn’t handling multiple listeners correctly.

  • JSONListener can now handle multiline and formatted JSON values.

  • S3 Ingester can now use non-AWS S3 compatible endpoints.