Changelog for version 5.6.0#

Released 16 October 2024#

Gravwell#

Additions#

  • Added the Free and CE Advanced license tiers.

  • Added the ability to download installed Kits.

  • Added the Attach flow node.

  • Added support for single and double quotes in Data field extractions in winlog.

  • Added the ability to share results from scheduled searches and alerts globally or with multiple groups.

  • Added -maxtracked and -maxsize flags to the fuse module.

  • Added maps to persistent variables in the eval module.

  • Added acceleration hints to the intrinsic module.

  • Added src acceleration hints to the eval module.

  • Added additional error handling to searches.

  • Added support for an ERROR state on the Persistent Searches page.

Bug Fixes#

  • Improved Renderer Storage Limit notifications.

  • Improved recovery for searches resulting in errors.

  • Improved search agent detection of searches which hit an error during a query.

  • Improved sharing options for the Persistent Searches pages.

  • Improved ageout to prevent hot aging to cold when cold data storage is over its threshold.

  • Improved overview chart colors to better reflect the search status for default, warn, and error.

  • Fixed an edge case on the Scheduled Search API to improve compliance with OpenAPI spec.

  • Fixed an issue where overview stats could be incomplete when the Renderer Storage Limit was reached due to partial results returned.

  • Fixed an issue where SSO logins would fail when a token cookie gets too big (e.g. when the groups list is long).

  • Fixed an issue where a validation error could be shown on a Dispatcher owned by another user when changing an Alert schema.

  • Fixed an issue where a duplicate warning would be incorrectly shown when saving your first query.

  • Fixed an issue where uploading an invalid Flow would not display an error message.

  • Fixed an issue where a custom label added to a Flow node could be reset by changing focus.

  • Fixed an issue where a configuration Macro name would not be saved on Kit download.

  • Fixed an issue where Scripts were not properly displayed in the Kit Content List when deploying.

  • Fixed an issue where the cursor would jump to the end when trying to add characters to the beginning or middle of a Macro name.

  • Fixed an issue where the Last Run time would not be updated without refreshing for Scheduled Searches and Scripts.

  • Fixed an issue where the Scheduled value for Flows was incorrectly populated with the executed time instead of the scheduled time.

  • Fixed an issue where the text renderer did not show intrinsic EVs without using the intrinsic module.

  • Fixed an issue where acceleration was not working with the src module.

  • Fixed an issue where lookup module could not read a CSV smaller than 8 bytes.

  • Fixed an issue with resource name resolution for queries run as admin.

  • Fixed an issue where a timeframe lock would be lost after two consecutive launches in Query Studio.

  • Fixed an issue where enabling live search would cause the ‘Fetching data…’ message to be displayed until the next update.

  • Fixed permissions in shell installers to ensure all files are owned by gravwell:gravwell instead of root.

  • Sorted EVs in the Query Studio Fields tab to prevent them from rearranging.

Ingester Changes#

Bug Fixes#

  • Fixed a bug in the syslog ingester preprocessor that would crash given certain malformed input.