Changelog for version 4.0.4#
Released Nov 18 2020#
Fixed issue where large JSON arrays could cause the
jsonmodule to abort
Fixed issue where network failures could cause TLS ingesters to hang
Web UI Changes#
Search chart granularity is now more intelligent (eliminate unintuitive “spikes” in charts).
Scheduled searches & scripts can now be shared with group members or set global (by admins).
Improved playbook editing.
Kits can now be saved to the “Favorites” menu.
Fixed issue where charts could occasionally appear “squashed” on search results.
Fixed issue where kits may not be displayed in “available kits” page.
Fixed incorrect behavior in ISO duration & custom duration timeframe selection.
Fixed scrolling in actionable sub-menus.
Fixed various spacing & display bugs in dashboards, actionables, and elsewhere.
Improved display of images in kits and playbooks.
limitmodule now supports “N M” mode, e.g.
limit 5 10will drop the first 5 entries, then pass the next 5, then drop all further entries.
Fixed race condition where extremely brief queries could be improperly marked “SAVED”.
Fixed bug where queries could temporarily read from the wrong well if wells are configured with wildcard tags and a new tag is added to the well.
Fixed bug where autoextractors could fail if some indexers lacked a particular tag.
Improved error messages for certificate problems.
Improved handling of corrupted nodes in entry index files.
saveSearchfunction so scripts can save searches for later.
toDurationfunction in anko scripts is now more flexible.
Searchagent should now execute debug scripts much sooner, also eliminated potential bug where searchagent could execute a debug script twice when using distributed webservers.
Indexer and webserver processes now send both stdout and stderr to the systemd journal.
Version API now includes server timezone.
Ingesters and Ingest Library Changes#
Added “health check” URL capability to HTTP ingester.
Added Rate-Limit config option to all ingesters.
Fixed map access race in Federator.
Fixed bug where standalone Federator listening on a Unix pipe wouldn’t create /opt/gravwell/comms automatically.
Fixed potential deadlock when calling NegotiateTag with no open indexer connections.
Fixed bug where
Fixed some potential races in the gravwelforwarder preprocessor.
jsonarraysplit preprocessor can now split on a top-level array (an entry consisting solely of a JSON array).
Improved some logging.
Released new Zeek kit.