Changelog for version 5.5.0#

Released 13 August 2024#

Gravwell#

Additions#

  • Added multi-factor authentication (MFA) using TOTP and recovery codes.

  • Added the ability to specify time constraints in the query itself.

  • Added a new top/bottom search module.

  • Added acceleration hinting for eval in() function.

  • Added the ability to share a template URL.

  • Added the ability to share results for Persistent Searches.

  • Added a state filter to the Persistent Searches list page.

  • Added a Last 24h ingest total in Systems & Health.

  • Added a warning to Alerts to inform users if the alert owner does not have ingest capability.

  • Added unknown groups to the group permissions selector to inform user if his asset is shared by an admin with a group that the user does not have access to.

  • Added a warning acknowledgement for granting write access to automations.

  • Added buttons on License Upload page to navigate if license has already been uploaded.

  • Added a default sort order to Kit assets.

  • Added the ability to set notification ID to 0 to allow duplicate notifications.

  • Implemented undo history with element filter requests in Query Studio.

  • Packaged the Account Unlock tool to ship with Gravwell tools.

  • Replaced Dashboard advanced editor with import/export buttons.

  • Replaced Dashboard autosaving with a save button.

Bug Fixes#

  • Fixed syntax highlighting for special characters (double pipe, backtick, escaped quotes) in query editor.

  • Fixed an issue with passing non-string inputs to the eval time() function.

  • Fixed an issue with filter request logic in queries when field names needed quotes.

  • Fixed an issue where XML extractions were not being removed when they were not requested from AX.

  • Fixed an issue where gravlength would drop entries with missing EVs.

  • Fixed an issue where the Share Query URL in Query Studio would not update on zoom.

  • Fixed an issue where the overview chart would resize during live updates.

  • Fixed an issue with overview chart width sizing when re-sizing the browser window.

  • Fixed notifications to properly display body variable from Flows Notification node.

  • Fixed an issue with the Flows Resource node that caused memory exhaustion.

  • Fixed an issue accessing Alerts by GUID for nonexistent users.

  • Fixed an issue where Alert simple schema validation could not be scrolled.

  • Fixed an issue with uploading a Kit with an overlapping Resource.

  • Fixed an issue where a malformed Dashboard would continually send PUT requests.

  • Fixed an issue where adding to a Dashboard from Query Studio could be overwritten by Dashboard data open in another tab.

  • Fixed an issue where the ignore changes button would actually save changes in Dashboards.

  • Fixed an issue where creating a new Dashboard tile pointing at an existing search would duplicate the search.

  • Fixed an issue where a Dashboard tile could cover the settings button if live update was enabled.

  • Fixed an issue where the save button in Dashboard settings may cover other text.

  • Fixed an issue where SSO login may fail to redirect to home page for user that previously logged in and logged out.

  • Fixed an issue with webserver startup when an indexer is down.

  • Fixed an issue with rapid unplanned ageout.

  • Fixed an issue with chart rendering in Systems & Health when browser is zoomed.

  • Improved performance for getting Systems & Health stats.

  • Improved display of Systems & Health calendar to better understand ingestion of historical data.

  • Improved validation for live update interval in Dashboards.

  • Removed logic for creating directories when running the -validate command for well configuration. Running -validate should only inform the user.

Ingester Changes#

Additions#

  • Added a custom endpoint option for the Kinesis ingester.

Bug Fixes#

  • Updated HTTP ingester systemd service to remove unnecessary PIDFile setting to squash possible error message.