Changelog for version 4.2.2#

Released Sept 10 2021#

Frontend Changes#

  • Various UI/UX cleanup.

  • Improved contrast of highlighting in Query Studio.

  • Improved table renderer on Query Studio.

  • Fixed issue where some investigative dashboards were not cleaning up queries quickly when completed.

  • Improved query cleanup logic on Query Studio.

  • Fixed issue where System Hardware stats stop updating when an indexer is down.

  • Fixed issue where history from Query Studio was logging expanded query and stripping formatting.

  • Improved time locking and zoom when user has custom timeframes defined.

  • Improved kit refresh after kit install.

  • Fixed issue where some point2point renderer images were not properly displaying lines.

  • Improved default info handling when adding new users.

  • Improved overview stats so that bucketing lines up on zoom.

  • Improved date detection when zooming on overview chart.

Backend Changes#

  • Fixed issue where some large queries could cause windowing errors in overview chart.

  • Improved webserver compression on HTTP requests.

  • Reduced memory usage when distributing very large resources between webserver and indexers.

  • Fixed issue where the limit module was not generating accurate stats.

  • Added version handshake between datastore and webservers.

  • Added validation of backup file when generated by the CLI.

  • Fixed response code when templates are not found.

  • Added -asc flag to the nosort module.

  • Fixed issue where extremely large storage blocks could cause queries to stall in cluster mode.

  • Fixed issue where syslog was not dropping entries with missing Message fields when a filter was applied.

  • Improved default charting logic when in chart renderer when no operators are specified.

  • Fixed issue in syslog module where ] characters were not escaped properly.

  • Improved efficiency of startup when using replication.

  • Added log in gravwell tag when a notification is fired.

  • Improved corrupted block recovery when using userland compression.

  • Fixed issue where large web uploads were not cleaning up temporary files when completed.

  • Fixed issue where internal logs were exceeding the 32 character limit for MsgID in RFC5424.

  • Fixed issue where table renderer was not reporting an error when it failed to save a resource.

  • Improved timeout on queries that cover very long time ranges.

Ingester, CLI, and Library Changes#

  • Improved config file error logs to include line number containing the error.

  • Fixed shell installers to appropriately detect docker containers in Debian 11.


Beginning with version 4.2.2 the webservers and the datastore are version locked. When upgrading you may see notifications and errors indicating that the version handshake failed until both the webservers and datastore have been upgraded. Webservers will continue to attempt to connect to the datastore until the version handshake succeeds.