Changelog for version 5.4.2#

Released 07 November 2023#



  • Added the ability to map a single Extractor to multiple tags.

  • Added s3 ingester worker pool.

  • Added preference option to word wrap inside query editor.

  • Added additional fields to Event metadata for Alerts so that the triggering event can be queried.

  • Added ability to dismiss timeframe editor without saving changes.

  • Added new stats APIs to improve performace in Systems & Health.

Bug Fixes#

  • Added more validation for live update interval.

  • Added error message for exceeding max password length.

  • Disabled save buttons for Alerts if the user is not allowed to modify.

  • Fixed an issue where persistent searches cleaned up during list fetch would stall Persistent Search list page.

  • Fixed an issue where admins couldn’t see Alerts owned by other users.

  • Fixed an issue where caret cursor was not visible in dark themes.

  • Fixed an issue where new explore entries were not fetched for new searches.

  • Fixed an issue where Flows failed to open when clicking the link in the Alert consumers list.

  • Fixed an issue where stale live searches on Dashboards would not be cleaned up.

  • Fixed an issue where Update all tiles when zooming option in Dashboards would fail to zoom some tiles.

  • Fixed an issue where the performance stats in Query Studio were incorrectly gated by SystemInfoRead capability.

  • Fixed an issue where the -t flag for the dump module was not working.

  • Fixed an issue with broken pie charts.

  • Fixed an issue where heatmap would not work in non-temporal mode.

  • Fixed an issue where Alert consumers could be referenced by ID instead of GUID.

  • Fixed an issue that could result in a crash during search shutdown.

  • Fixed an issue that could result in a crash when hitting the searchHistoryUserGroup API.

  • Fixed comment handling during Data Exploration events.

  • Improved performance in Query Studio by removing extraneous poll requests to Extractors API.

  • Improved performance by canceling in-progress Persistent Search list requests after navigating away from the page.

  • Improved sort order for least found values in query performance stats.

  • Improved json object/array detections in eval.

  • Improved error message for text renderer chart zooming that results in too many results.

  • Improved handling and cleanup of searches that fail.

  • Removed expanded well details and sunbursts from Disks view due to nuances with well-to-disk mapping.


Bug Fixes#

  • Fixed a critical issue where a high load combined with preprocessors could result in dropped entries.

  • Removed restrictive HEC server timeouts for the HTTP ingester.



  • Added a new PiHole kit.