Changelog for version 5.2.1#

Released 20 March 2023#

New Additions#

  • Added Missing Ingesters to Systems & Health.

  • Added documentation links to autocomplete hints.

  • Autosized flow text area height.

  • Improved editor in Templates.

  • Improved editor in Dashboards advanced JSON editor.

  • Replaced ‘Stats & Data Analysis’ button in Query Studio with ‘Fields’ and ‘Performance’ buttons.

  • Replication enables rapid push mode when only one peer is defined.

Web UI Changes#

Bug Fixes#

  • Added scroll bar for numbercards in Dashboards.

  • Added tooltips to see full query for tab names in Query Studio.

  • Added sub-matches to actionables and displayed them in a More context menu.

  • Fixed an issue where editing a secret’s name resulted in an empty secret.

  • Fixed an issue where tab duplication would use a stale query.

  • Fixed an issue where all flows were displayed inside of a kit context.

  • Fixed an issue where indexer list ingestion stats were off by 10.

  • Fixed an issue where indexer offline notification banner would not clear after indexer reconnected.

  • Fixed an issue where stale list filters would be used.

  • Fixed an issue where adding a query to dashboards would reset chart settings.

  • Fixed ingester sort by version.

  • Improved search refresh in Query Studio.

  • Preferred explicit renderer (numbercard/gauge) in query as default visualization option.

  • Removed double scrollbar for kit deployment.

  • Updated tokens page to display capabilities directly from backend.

Backend Changes#

Bug Fixes#

  • Fixed issue where Gravwell Flow ingester node would add a trailing newline.

  • Improved performance and memory usage of indexer when scanning many thousands of shards over a long period of time.

  • Fixed issue where Data Explorer would inject un-needed spaces when rewriting a query.

  • Fixed issue where the winlog search module was not emitting autocomplete suggestions.

  • Fixed issue where tracked ingesters were not updating the LastSeen value of deeply nested children.

  • Replication fixed excessive memory usage and poor compression performance when transport compression is enabled.

  • Fixed issue where transaction module was dropping entries when key enumerated values did not exist.

  • Fixed issue where the Federator could not bind to both TLS and Cleartext listeners in a single block.

  • Improved handling of tables in the Flows PDF node when columns may exceed available page space.

  • License handling API now returns much more info when a license update is rejected.

  • Fixed issue with replication that could cause connection restarts on very large block transfers.

  • Fixed issue with the eval module where some math operations could emit incorrect results with overlapping values.

  • Improved API Token interface to only show API tokens allowed by user CBAC controls.

  • Improved performance of “preview” searches with extremely sparse tag data.

  • Fixed issue where CBAC API could return incorrect token capability IDs.

Ingester Changes#

Bug Fixes#

  • IPMI ingester no longer attempts to elevate to ADMIN privileges.

  • HTTP HEC compatible listener now handles fields directives appropriately.

  • HTTP HEC compatible listener now routes on URLs missing event or raw correctly.

  • Gravwell Generator has better throughput and supports intrinsic EVs with each value type.