Changelog for version 5.4.6#

Released 15 March 2024#



  • Added a button in Query Studio to Apply a timeframe without launching a search.

  • Added the ability for Actionable readers to access the form page with disabled inputs.

  • Added the ability to enter multi-line Secrets.

  • Added a retry for a failed attempt to pull results for an Alert.

  • Added the ability to share write access with a group for Scheduled Searches, Flows, and Alerts.

  • Any Scheduled Search (dispatcher) or Flow (consumer) that you have access to can be added to an Alert - even if you do not own the Scheduled Search or Flow.

Bug Fixes#

  • Fixed an issue where ingest would fail and retry with overly dramatic logs when attempting to write to a block that was actively aging out.

  • Fixed an issue where a search far into the future would consume significant CPU on the webserver in a cluster environment.

  • Fixed an issue where a “beginning of line” regex delimiter could cause a dropped buffer while waiting for next delimiter and potentially cause data loss in File Follower.

  • Fixed an issue where a user could see cached webpages using an expired license and the browser Back button.

  • Fixed an issue where uploading a kit could show a duplicate in a different state.

  • Fixed an issue where a Gravwell API tokens were not respected when hitting an Alerts endpoint.

  • Fixed an issue with writing back to files when performing searches that caused stress on COW file systems.

  • Fixed an issue with failover well feeder locking when aborting queries.

  • Fixed an incorrect type assertion that could cause a crash in the slice module.

  • Fixed an issue with indexer shutdown related to timeouts in network connectivity.

  • Fixed an issue with detecting and handling oversized blocks in the ingest server.

  • Fixed an issue with bounds checking in the ipfix packet parser.

  • Fixed an issue with tile metadata in Dashboards.

  • Fixed an issue with creating a Scheduled Search from Query Studio when using a custom duration timeframe.

  • Fixed an issue with performance on the Persistent Searches page when there are a large number of searches.

  • Improved problems with extremely long launch delays when replication was backed by very low IOP storage.

  • Improved the way the webserver shuts down.

  • Made IP-based filters with no CIDR notation imply a /32 or /128.


  • Updated HTTP ingester to use AWS Firehose naming schemes.


  • For a timestamp that is zero or some very low value, the HEC ingester will now use the ingest time instead.

Bug Fixes#

  • Fixed an issue with the HTTP ingester running out of memory upon mass reconnect or failure to ingest.

  • Improved Federator throughput when lots of indexers are present.