Changelog for version 5.2.0#
Released 16 February 2023#
Query Studio now primary search interface.
Autocomplete and hinting in query interface.
New file browser in UI.
New secret store.
Ingester API now tracks ingesters and provides disconnected ingesters.
Queries now support raw strings using backtick character.
Data explorer fully merged into default renderer.
New HTML Format flow node.
New Advanced Query flow node.
New SNMP Ingester.
Removed Original Gravwell Search interface.
Removed Original Data Explorer interface.
Web UI Changes#
Fixed a dashboard issue where tile color may sometimes apply to more than one tile.
Fixed an issue where the “stop search” button would destroy a search.
Fixed an issue where a bad preferences config could cause a blank homepage.
Fixed an issue where the Timeframe Selector could cause errors in the preferences editor.
Removed preview timeframe from dashboards.
Standardized language to “start a query”.
Fixed an issue where kits with modified contents could not be deleted.
Changed Enable Scheduling switch, so that it does not trigger a save on Flows.
Made row styling width consistent in list views.
Fixed an issue with saving list preferences.
Fixed an issue launching actionables in external window.
Fixed issue where the user see menu items for actions that they do not have access to.
Fixed issue where some preferences would reset.
Fixed issue where some search functionality halts after error on search WebSocket.
Removed visualization renderer control multiselect from template.
Made “no more zoom data” modal dismissable.
Fixed an issue where query errors would not show on page refresh.
Fixed issue where schedule search pages would not fetch all items.
Fixed back button navigation for “View disks” link.
Fixed a problem with updating permissions on cover and banner images in playbooks.
Fixed an issue where pie, donut, and bar charts would not respect zoom.
Fixed problem where Details/Star icons overlapped with next row.
Fixed an issue where some browsers would offer to auto-fill password and label fields.
Changed automatic-opening behavior of details pane and extractor setup.
Fixed a problem with navigating back after clicking logo for homepage.
Fixed a bug where deleting tile from
Searches & Timeframe Overrideswould not delete all tiles associated with a search.
Fixed note icon consistency issue for Query Studio and Persistent Search.
Fixed a problem where changing themes would overwrite homepage preferences.
Fixed a bug where macros could not be backed up.
Updated options for homepage preferences.
Fixed a bug where the scripts form shows
only the Ownerinstead
Updated text that appears on Starred view when a new search has been run.
Fixed an issue where the overview/zoom chart would unnecessarily show.
Removed totals from dripper display in Systems & Health.
Fixed an issue where Basic details wouldn’t show properly after login.
Fixed a UX issue where sub-context menus would dismiss too quickly.
Improved editor features to Playbook editor.
Improved editor features to Scripts editor.
Combined Kits into a single navigation menu item.
Removed flows from QS, added to its own, independent menu item.
Added support for flows to kits.
Improved intelligence on timegrinder when missing the year component.
Improved quoting on query rewriting when using data explorer.
Fixed bug where old debug output is displayed when running a script.
Improved behavior of eval and controls over temporal queries and search pipeline collapse.
-dallflag to the kv module to improve handling of data sources like Cisco.
Fixed issue where creating a backup with a distributed frontend and remote searches could prevent a successful backup.
Updated Systems & Health page to send unique disk IDs for stats.
Fixed issue where some updates to flows would not cause the flow to refresh in the searchagent.
Fixed issue where a Federator could fault on shutdown.
Added access to HTTP headers in HTTP flow node when performing requests.
Added some additional “Magic” output formatting to Teams, Slack, and Email output nodes.
Ingesters can now attach enumerated values and enrichments at ingest time.
File Follower ingester can attach source filename to entries.
Improved handling of Splunk formats in HEC compatible listener for HTTP ingester.
Fixed issue where JSONListener configuration wasn’t handling multiple listeners correctly.
JSONListener can now handle multiline and formatted JSON values.
S3 Ingester can now use non-AWS S3 compatible endpoints.