Changelog for version 5.4.7#

Released 04 April 2024#

Gravwell#

Additions#

  • Added a new option to the HTTP Flow node to allow interpretation of Content-Type and response casting.

  • Added optional keys to the Throttle Flow node so that users can throttle based on a value in an Alert.

  • Added the ability for non-admin users to mass delete Alerts that they own.

  • Added icons for Alerts to improve sharing visibility.

  • Added icons for Alerts to improve visibility when associating with Scheduled Searches and Flows.

  • Added repair for indexer storage header that failed.

  • Allowed duplicated structure data in syslog.

  • Introduced new option to sort certain charts by field or magnitude.

Bug Fixes#

  • Fixed an issue with sorting Persistent Searches.

  • Fixed an issue where stale searches would be displayed in Persistent Searches.

  • Fixed an issue where filters were not persisted for Persistent Searches.

  • Fixed an issue where replication would fail if there was a folder in the storage location that was not named as expected.

  • Fixed an issue where word cracking requests in Query Studio would fail after websocket encountered an error or closed.

  • Fixed an issue where the association between a Scheduled Search and an Alert was lost after editing the Scheduled Search.

  • Fixed an issue where Query Library would prompt the user to save even if no changes had been made.

  • Fixed an issue where a Flow would incorrectly indicate it had been edited after saving.

  • Fixed an issue where debugging a Flow would prompt the user unnecessarily.

  • Fixed an issue where the cursor position sometimes appeared incorrect for text input.

  • Fixed an issue where a websocket was still available after the Search capability was removed from a user.

  • Fixed an issue where a non-admin user was able to make an Extractor global via an API request.

  • Improved behavior in memory-limited environments.

  • Improved error handling and logging for impersonation failures when debugging a Flow owned by another user.

  • Improved performance on the search History page.

  • Improved performance related to ingest reader timeouts when there is a large number of endpoints with dead connections.

  • Improved startup time when lots of replicated shards are present.

  • Improved shard restoration logic.

  • Improved logging around Scheduled Search retries.

  • Improved logging for indexer startup and shutdown.

Ingesters#

Bug Fixes#

  • Fixed an issue where the Attach directive was missing some entries if those entries were cached.

  • Improved logging when negotiating tags.

Kits#

Bug Fixes#

  • Fixed a syntax error in the GlobalProtect dashboard for the PaloAlto kit.