Changelog for version 5.2.2#

Released 18 April 2023#

New Additions#

  • New Trim search modules added.

  • New Syslog Router preprocessor.

  • Added Required-Retention flag for ageout configuration.

  • Added -maxtracked flag for Unique and Stats modules.

  • Added has() builtin to eval.

  • Added data explorer clickability to Query Studio Fields tab.

  • Added an option to Enable/Disable actionables.

  • Added an option to Download a shared File.

  • Added an option to Copy link to a File.

  • Added ability for an admin to change the ownership of a File.

Web UI Changes#

Bug Fixes#

  • Added adjustable split panes to details view to adjust for long values.

  • Fixed an issue where details pane would not show entry info.

  • Fixed an issue where extractors with missing description field would fail to render on edit page.

  • Fixed an issue where actionables did not work with text/raw renderer.

  • Fixed an issue where “No well filter” state was confusing on the data calendar.

  • Fixed an issue where disk usage percentage was incorrect on hardware disk graphs.

  • Fixed an issue where the new timeframe wasn’t used after unlocking.

  • Fixed an issue where launching a query with a locked timeframe from a Dashboard would fail.

  • Fixed an issue navigating to the filtered list of user files from the kit context.

  • Restored upload and download buttons to Dashboards JSON editor.

Backend Changes#

Bug Fixes#

  • Fixed limit-checking in shard validation.

  • Fixed an issue which failed to launch a query with compound elements.

  • Fixed an issue which resulted in no GUI response when a Preview search was performed and no data was found.

  • Fixed an issue which resulted in numbercard/gauge sometimes failing to render.

  • Fixed an issue which could cause the JSON module to crash.

  • Fixed a concurrent map write that caused an indexer crash.

  • Fixed table query formatting for the Mattermost node in Flows.

  • Fixed TLS and host handling in load balancer.

  • Improved shard freezing/sweeping and map pressure.

  • Improved autocomplete suggestions for partially-typed words.

  • Improved diagnostics for eval to handle underscores in variable names.

  • Improved diagnostics for invalid queries.

  • Improved hinting for syslog key names.

  • Improved response for uploading an expired license which has an update available on the license server.

  • Updated CBAC rules on some information-only API endpoints.

Ingester Changes#

Bug Fixes#

  • Implemented fix to track HEC IDs per request ID for HTTP ingester.