Changelog for version 5.4.3#

Released 30 November 2023#

Gravwell#

Additions#

  • Added filtering and grouping of Dispatchers and Consumers on the Alert form.

  • Added the option to select a Query Library item for a Scheduled Search.

  • Added multi-tag Extractor support to Kits.

  • Added manager startup options for docker to specify user/group and init script.

Bug Fixes#

  • Fixed an issue that broke scrolling data retrieval on a duplicated search tab.

  • Fixed an issue where Scheduled Search timeframe fields would not reflect current values.

  • Fixed an issue where zooming would become unresponsive on dashboards with Update all tiles when zooming enabled.

  • Fixed an issue where attaching to a search would not display the timeframe of the search used.

  • Fixed an issue where the Persistent Search import modal failed to clear previously imported searches from the list.

  • Fixed an issue where the json module would allow logs to pass through an extraction filter if the filter field was not present in the entry.

  • Fixed an issue where pointmap would display incorrect values for EVs.

  • Fixed an issue with inverted logic for AND and OR cases in words module.

  • Fixed an issue with hinting extractions that winlog cannot satisfy.

  • Fixed an issue with Live Search interval validation.

Ingesters#

Additions#

  • Added Pre-extraction to CustomTime Formats to better handle multiple timestamps or timestamp-like fields in incoming data.

Bug Fixes#

  • Fixed an issue with File Follower ingesting partial lines with bursty writes.

  • Fixed an issue with config block stucture provided by Windows Event ingester that caused Systems & Health to think the ingester was not connected securely.

  • Fixed the ingester stderr logger to include only error, critical, and fatal.

Kits#

Additions#

  • Updated PiHole Kit to add a script that pulls from the PiHole API and creates entries in Gravwell.