Changelog for version 5.9.0

Released 21 May 2026

Gravwell

Additions

• Added new tool calls in Gravwell MCP.

• Added MCP integration with external tools.

• Added a default expiration for background searches.

• Added the ability to chown orphaned accounts by specifying a UID with the CLI.

• Added better logging when the owner of an Alert has been deleted.

• Added ability for Logbot AI to help write, copy, and execute queries.

• Added improved performance for displyaing ingester rates in Systems & Health.

• Added improved error handling for Query Studio and Logbot AI.

Bug Fixes

• Fixed an issue where the banner to inform users of a version mismatch would not appear.

• Fixed an issue where updating macOS ingesters via .pkg would overwrite the old conf file.

• Fixed an issue where searchagent could fail to exit cleanly during an upgrade.

• Fixed an issue where first and last names were not properly displayed with a space between them for SSO users created by SAML.

• Fixed an issue where the ‘other’ category was misapplied to an unrelated label in chart views when configured to be excluded.

• Fixed an issue where the Data Ingester page would not render previously ingested data until some other click or action was performed.

• Fixed an issue where toggling the node palette in Flows would cause the flow canvas to duplicate.

• Fixed an issue where a zero timestamp was not properly handled when attempting to download search results using the CLI.

• Fixed an issue where an incorrect shardID could appear in log messages.

• Fixed an issue where psi sampling could cause a panic on old kernels.

• Fixed an issue with duplicate error messages that could occur due to misspellings or lack of quotes in the config.

• Fixed an issue with a panic due to missing end quote in the config.

• Fixed an issue with search result retention that occurred when a scheduled search and an alert were linked but owned by two different users.

• Fixed table formatting in Logbot AI responses.

Ingester Changes

Additions

• Added a new Mimecast ingester.

• Added a new Okta ingester.

• Added a Max-Entry-Size configuration option for ingesters.

• Added a Debug-Posts configuration option to all HTTP ingesters.

• Added a Buffer-Size HTTP listener configuration option.

Bug Fixes

• Fixed an issue where missing milliseconds caused timegrinder to fail to extract a timestamp.

• Fixed an issue where the HTTP ingester dynamic config reload would not negotiate tags to push the config.

• Fixed an issue where invalid SD-PARAMs would cause the whole log entry to be dropped.

• Fixed an issue where the S3/SQS ingester did not report which queue does not exist in error messages.