Announcing Graylog 5.1 Beta.3

This is a beta for the upcoming release of Graylog v5.1. Please read on for detailed descriptions of everything that has changed since the beta.1 release.

Download Links

• DEB and RPM packages are available in our repositories
• Docker Compose
• Container Images
  • Graylog Open
  • Graylog Enterprise
• Tarballs (manual installation)
  • Graylog Server
  • Graylog Server (bundled JVM, linux-x64)
  • Graylog Server (bundled JVM, linux-aarch64)
  • Graylog Enterprise Server
  • Graylog Enterprise Server (bundled JVM, linux-x64)
  • Graylog Enterprise Server (bundled JVM, linux-aarch64)

 

GRAYLOG FORWARDER

• Tarball (manual installation)
  • Graylog Forwarder
• OS Packages
  • DEB Package
  • RPM Package
• Docker image
  • Docker Hub
  • docker pull graylog/graylog-forwarder:5.1-beta.1-1

Please report bugs and any other issues in our GitHub issue tracker. Thank you!

 

GRAYLOG 5.1 BETA.3

Released: 2023-04-26

 

Added

• Provided ability to configure an email attribute for LDAP. graylog2-server#11131 graylog2-server#14041
• Added global session timeout configuration. graylog2-server#11379 graylog2-server#14343
• Generated an event in the System Event stream for every system notification graylog2-server#12555 graylog2-server#14345 graylog2-server#13833
• Added support to skip TLS verification on HTTP event notifications. graylog2-server#12959

• Added a unique username index to the user collection to prevent creation of duplicate users.
• Any existing duplicates are resolved by appending the user ID.

• graylog2-server#12963 graylog2-server#14649
• Implemented option to filter streams overview based on stream status. graylog2-server#13852 graylog2-server#14640 graylog2-server#14690
• Standardized sort icons for data table and message list. graylog2-server#13982 graylog2-server#13987
• Added support for a reply-to address in email notifications. graylog2-server#14254 graylog2-server#14337
• Added support for encrypted storage of secret input configuration parameters. graylog2-server#14433 graylog2-server#14459
• Added replay search pages for events, alerts and event definitions graylog2-server#14540 graylog2-server#14657
• Added functionality which allows user create event definition from values graylog2-server#14544 graylog2-server#15054
• Added an “Undo Reset” button to fields in input configuration forms. graylog2-server#14767 graylog2-server#15147 graylog-plugin-enterprise#4964
• Stored selected filters and search query on streams and dashboards overview as URL query params. graylog2-server#14826 graylog2-server#15011
• Implemented index set filter for streams overview. graylog2-server#14827 graylog2-server#14905
• Implemented creation date filter for streams overview. graylog2-server#14828 graylog2-server#14966
• Implemented bulk start and stop action for streams overview. graylog2-server#14881 graylog2-server#14882 graylog2-server#14883
• Introduced ability to simulate a single pipeline rule in isolation. graylog2-server#14891 graylog2-server#14892
• Added telemetry for generic usage metric collection graylog2-server#14900 graylog2-server#14979
• Added configurable default timezone to syslogs inputs and parse tz field from FortiGate msg’s graylog2-server#3853 graylog2-server#14737 syslog4j-graylog2#41 graylog-plugin-integrations#1332
• Allowed pipeline function “remove_field” to take a regex pattern instead of a field name. graylog2-server#5653 graylog2-server#15131
• Added normalize_fields pipeline rule function for normalizing message field names. graylog2-server#6527 graylog2-server#14636
• Implemented option to copy a dashboard page to another dashboard. graylog2-server#8506 graylog2-server#14348
• Introduced a new pipeline function “lookup_has_value” to determine if a given key is present in the lookup table. graylog2-server#9173 graylog2-server#15143
• Added ability to replay the search that triggered an Event. graylog2-server#9438 graylog2-server#13931
• Added output_batch_size to the values exposed by the system/configuration API call. graylog2-server#9461 graylog2-server#14123
• Added support for configuring Index Set Defaults graylog-plugin-enterprise#3264 graylog-plugin-enterprise#3319 graylog2-server#13018
• Replaced getting started guide with start page which lists recently opened and favorite saved searches and dashboards and recent activity. graylog2-server#13970
• Dynamic Startup Page Backend additions for Recent Activity, Pinned Items, Last Opened graylog2-server#13985
• Added option to sort streams returned by API endpoint to be sorted by index set title. graylog2-server#14085
• Added REST API endpoint for bulk assignment of streams to index sets. graylog2-server#14096
• Provided plugin API to supply custom query input commands. graylog2-server#14239
• Added the option to toggle between a linear and a logarithmic axis for area/bar/line/scatter charts. graylog2-server#14269
• Added inline widget creation in empty slots on grid. graylog2-server#14331
• Graylog DataNode. Initial version. graylog2-server#14417
• Introduced a new index rotation strategy combining features of size-based and time-based strategies. graylog-plugin-enterprise#4447 graylog2-server#14424 graylog-plugin-enterprise#4572
• Added a page for tracking failures in Sidecar. collector-sidecar#433 graylog2-server#14435
• Exposed JVM metrics to prometheus. graylog-plugin-enterprise#4393 graylog2-server#14437
• Added OpenTelemetry tracing instrumentation to select code paths. graylog2-server#14550
• Added option to bulk delete dashboards in dashboards overview. graylog2-server#14566
• Added option to bulk delete saved searches in saved searches overview. graylog2-server#14567
• Persist selected sorting, displayed columns and page size in streams overview for each user. graylog2-server#14293 graylog2-server#14591
• Persist selected sorting, displayed columns and page size in dashboards overview for each user. graylog2-server#14293 graylog2-server#14598
• Persist selected sorting, displayed columns and page size in saved searches overview for each user. graylog2-server#14293 graylog2-server#14600
• Reported runtime failures for polling Inputs. graylog2-server#14726
• Allowed user-configurable auto-refresh settings & default interval. graylog2-server#14742
• Enabed the simple search/scripting API. graylog2-server#14749
• Added dashboards, searches, messages and events to an open investigation. graylog-plugin-enterprise#4794 graylog2-server#14897
• Added support bundle export feature. graylog2-server#14938
• Added preflight UI for indexer configuration
• Added badge to navigation bar to show when a new Illuminate bundle is ready to download and install. graylog-plugin-enterprise#4868 graylog2-server#15001
• Added support for CIDR lookups in CSV file data adapters graylog2-server#15016
• Added Add Evidence Modal graylog-plugin-enterprise#4848 graylog2-server#15148
• Added autodetection of opensearch distribution in datanode. graylog2-server#15216
• Updated login background and claim. graylog2-server#15215 graylog2-server#15295
• Made messages with identical timestamps sortable by ULID graylog2-server#2741 graylog2-server#6711
• Added option to omit title portion of Slack notifications to reduce clutter. graylog-plugin-integrations#1172 graylog-plugin-integrations#1320
• Added support for timezones in Slack and Teams notifications. graylog-plugin-integrations#1318 graylog-plugin-integrations#1320
• Added option to notify @here in Slack notifications. graylog-plugin-integrations#780 graylog-plugin-integrations#1320

 

Changed

• Improved validation of grok pattern definition. graylog2-server#11342 graylog2-server#14853
• Consistent use of message identifiers in strings. Message id visible in message list. graylog2-server#13628 graylog2-server#14562
• Displayed streams overview as a table to improve usability. graylog2-server#13887 graylog2-server#13930
• Started JSON path value from HTTP API input on leader node only, if Global option was selected in input configuration. graylog2-server#14074
• Changed bulk indexing retry failure log-level from error to warning. graylog2-server#14086 graylog2-server#14088
• Changed event definitions and notifications to new paginated list and entity list ui component. This enables bulk deletion of event definitions and notifications and bulk enabling/disabling event definitions. graylog2-server#14285 graylog2-server#14502
• Prevented deletion of event definitions that are still referenced in other definitions. graylog2-server#14302 graylog2-server#14792 graylog-plugin-enterprise#4765
• Disabled two TLS ciphers that are considered weak. graylog2-server#14428 graylog2-server#14592
• Instead of showing all configurations on one page it is now seperated into sections with a sidebar navigation. graylog2-server#14735 graylog2-server#15025
• Generated a system notification when an aggregation search errors out unexpectedly. graylog2-server#14746 graylog2-server#14967
• Included URLs for authentication service(s) in the CSP header connect-src. graylog2-server#15238 graylog2-server#15283 graylog-plugin-enterprise#5053
• GL will no longer perform a temporary redirect based on the Host header. graylog-plugin-enterprise#4889 graylog2-server#15067
• Refreshed and modernized look of login dialog. graylog2-server#13780
• Displayed dashboards overview as a table to improve usability. graylog2-server#14105
• Reduced the default connection and read timeouts for email sending from 60 seconds to 10 seconds graylog2-server#14199
• Displayed saved searches overview as a table to improve usability. graylog2-server#14223
• Forwarder inputs can be used for the ‘match input’ stream rule. graylog-plugin-cloud#1066 graylog2-server#14240 graylog-plugin-enterprise#4485
• Sorted streams case-insensitive in API. graylog2-server#14262
• Unified fields configuration in aggregation builder and messages export modal. graylog2-server#14725
• Merged Threat Intel Plugin into server repository. graylog2-server#14953
• Made sure all bindings which use createIndex are threadsafe and make them singletons. graylog-plugin-enterprise#4862 graylog2-server#14965
• Removed stack trace from the generic server error response. graylog-plugin-enterprise#4891 graylog2-server#14978
• Added a Content Security Policy header to responses. graylog-plugin-enterprise#4887 graylog2-server#14991
• Used database time for node registration and heartbeat
• datanode: add conf option to be able to force single-node type
• Set a specific Content Security Policy header for API-Browser responses. graylog-plugin-enterprise#4887 graylog2-server#15184
• Updated Opensearch distributed with Datanode to 2.5.0 graylog2-server#15198
• Consistent use of message identifiers in strings. graylog2-server#13628 graylog-plugin-aws#673
• Marked CloudTrail input as incompatible with Forwarder. graylog-plugin-aws#676
• Consistent use of message identifiers in strings. graylog2-server#13628 graylog-plugin-integrations#1291

 

Removed

• Removed garbage collection warnings. graylog2-server#8592 graylog2-server#14298
• Removed deprecated inputs “AWS Logs (deprecated)” and “AWS Flow Logs (deprecated)”. graylog-plugin-aws#674

 

Fixed

• Fixed Maxmind database types in cloud environment. graylog2-server#13911
• Properly escaped event content for HTML email notifications graylog2-server#11183 graylog2-server#14286 (Thanks: zhu)
• Fixed count based index rotation on idle indices. graylog2-server#11689 graylog2-server#14512
• Trimmed whitespace characters on stream names. graylog2-server#14359
• Fixed too_long_http_line_exception/HTTP/1.1 413 FULL head problem when Graylog Event Processor operates on huge number of indices graylog2-server#12996 graylog2-server#13675 graylog2-server#13790 graylog-plugin-enterprise#4252 graylog2-server#13718 graylog2-server#13722 graylog-plugin-enterprise#4213
• Supported filter queries when listing authentication backends. We were ignoring them. graylog2-server#13023 graylog2-server#14270
• Fixed parsing, so that ES/OS errors without index data are handled properly graylog2-server#13221 graylog2-server#14203
• Wrapped latest metric with filter clause for existence of field. graylog2-server#13596 graylog2-server#14815
• Allowed creating notification in event definition wizard when no notification exists graylog2-server#13825 graylog2-server#15286
• Fixed time-based rotation check when closed indices are present. graylog2-server#13872 graylog2-server#15326
• Fixed Clone Action style on Collectors configurations list graylog2-server#13874 graylog2-server#13899
• Saved searches can be now sorted by 3 additional fields: owner, description and summary. graylog2-server#14140 graylog2-server#14355
• Fixed CIDR parsing of IP in query validation graylog2-server#14142 graylog2-server#14204
• Improved JVM security provider compatibility by switching to a widely supported cipher transformation graylog2-server#14153 graylog2-server#14193
• Avoided GET APIs for cluster/deflector health to avoid overly long requests. graylog2-server#14164 graylog2-server#14177
• Provided query suggestions for numerical fields. graylog2-server#14279
• Added an info box for auto assigned configs using tags graylog2-server#14229 graylog2-server#14565
• LUT – Show no results message on empty search return and fix delete cache functionality graylog2-server#14234 graylog2-server#14238
• Fixed concatenation of query strings in export. graylog2-server#14268 graylog2-server#14284
• Sorting of indices inside an index set is based on their numbers, descending. graylog2-server#14280 graylog2-server#14339
• Fixed filtering and loader on the Lookup Table pages graylog2-server#14318 graylog2-server#14405
• Fixed grouping in aggregation builder for fields which only exist in the All Events, All System Events or Processing and Indexing Failures stream. graylog2-server#14387 graylog2-server#14404
• Added a welcome page link in the menu if a user has a start page set. graylog2-server#14668 graylog2-server#14736
• Added the default search page as an option to the start pages in the user’s profile. graylog2-server#14669 graylog2-server#14739
• Fixed extractors reordering issues graylog2-server#14693 graylog2-server#14757
• Fixed the way we display long field names in aggregation grouping configuration. graylog2-server#14787 graylog2-server#14789
• Combined dashboard and widget query when replaying search for dashboard widget. graylog2-server#14885 graylog2-server#15285
• Fixed overflow problem with grouping section in aggregation builder. graylog2-server#14907 graylog2-server#14934
• Fixed sidecar process button position issue on safari graylog2-server#14939 graylog2-server#15293
• Fixed visibility of events and notification definition pages. graylog2-server#14940 graylog2-server#15052
• Fixed bug causing input status data not to be removed when an input was deleted. graylog2-server#14952 graylog2-server#14954 forwarder#99
• Improved performance by avoiding unnecessary attempts to create index for access tokens. graylog2-server#15012 graylog2-server#15097
• Avoided excessive DB requests for maintaining token last access time. graylog2-server#15013
• Added (now always missing) timezone to the export command, if set in the REST call. graylog2-server#15030 graylog2-server#15296
• Fixed overlay problem with data table header and dashboard tabs dropdown. graylog2-server#15073 graylog2-server#15091
• Fixed NodeService#allActive() implementation, returning only nodes of correct type graylog2-server#15129 graylog2-server#15139
• Fixed Unable to add custom field when creating event definition graylog2-server#15209 graylog2-server#15226
• Fixed show telemetry settings for local admin. graylog2-server#15244 graylog2-server#15247
• Fixed ConcurrentModificationException when listing input states. graylog2-server#15277
• Improved position, visibilty and default of the “Grace Period” option when creating an Alert. graylog2-server#3741 graylog2-server#3741
• Fixed to_date() pipeline conversion function to honor an optional timezone argument. graylog2-server#6486 graylog2-server#14252
• Only executed widgets of current page ond dashboards. graylog2-server#6867 graylog2-server#14890
• Fixed connectivity check when Elasticsearch/OpenSearch is not available. graylog2-server#14063
• Fixed potential duplicates in outputs during node restarts. graylog2-server#14067
• Prevented RejectedExecutionException during shutdown with a large number of outputs. graylog2-server#14097
• Removed ability for users to change Event Definition Condition Type if it is not meant to be changeable. graylog2-server#14110
• Fixed uncommittedMessages metric for non-empty journal before first commit. graylog2-server#14154
• Triggering field types refetching upon search refresh. graylog2-server#14171
• Fixed output shutdown triggering twice when the ouput is globally deleted. graylog2-server#14225
• Avoided vanishing grouping direction when dragged. graylog2-server#14277
• Fixed non-stop loading indicator issue in authentication backends graylog2-server#13023 graylog2-server#14283
• Removed single-quotes from jvm.memory metric names graylog-plugin-enterprise#4394 graylog2-server#14370
• Reduced logging and add metric for “Couldn’t remove default stream” warning. graylog-plugin-enterprise#3481 graylog2-server#14409
• Supported nested and tupled groupings in aggregations. graylog2-server#14446
• Fixed possible HTTP API thread pool exhaustion by processing proxied cluster metrics requests asynchronously. graylog2-server#14462
• Fixed missing offset handling in Legacy Searches. graylog2-server#14575
• Handled deprecated short time zone IDs in job scheduler definitions. graylog-plugin-enterprise#4311 graylog2-server#14605
• Removed undesired retention strategies in Cloud graylog-plugin-cloud#1081 graylog2-server#14616
• Hid sort/pin icons in data table when non-interactive graylog2-server#14654
• Additional preventLoops parameter in clone_message() function to prevent creation of endless loops. graylog2-server#5759 graylog2-server#14659
• Improved CSV File Adapter error handling. graylog-plugin-enterprise#3821 graylog2-server#14670
• Extended browser support back to Chrome 68. graylog2-server#14677 graylog2-server#14688
• Escaped $ properly when part of value that is added to query. graylog2-server#14692
• Changed default refresh interval to five seconds. graylog2-server#14720
• Scheduled next search refresh only after current one completed. graylog2-server#14723
• Avoided full-page refresh when showing node details from message details. graylog2-server#14762
• Fixed parsing of date math expressions in query validation graylog2-server#14791
• Prevented accidental hiding of columns in reporting widgets. graylog-plugin-enterprise#4761 graylog2-server#14805
• Prevented accidental hiding of columns in message list widget for reporting. graylog2-server#14823
• Fixed WARNING: sun.reflect.Reflection.getCallerClass is not supported. on server startup. graylog2-server#7223 graylog2-server#9802 graylog2-server#11634 graylog2-server#14884
• Fixed pagination of sidecar admin page when collectors are selected. graylog2-server#14924 graylog2-server#14925
• Avoided excessive index creation for AccessToken. graylog-plugin-enterprise#4850 graylog2-server#14926
• Fixed error on missing permission when creating email event notifications. Adds users:list permission to role User Inspector graylog-plugin-enterprise#4886 graylog2-server#14974
• Sent new header on server response X-Content-Type-Options:nosniff graylog-plugin-enterprise#4890
• Fixed CSV File adapter to only verify file read access graylog2-server#14998 graylog2-server#15058
• Fixed isFreshInstallation flag in setups with newly registred datanodes graylog2-server#15141
• Fixed calculation and expression of CPU load in OshiProbe. graylog2-server#15195 graylog2-server#15183 (Thanks: panxt)
• Fixed OSHI system stats on docker cgroupv2. graylog2-server#15242
• Fixed query parser’s tokenizer state after regex has ended. graylog-plugin-enterprise#5014 graylog2-server#15306
• Fixed JSON deserialization errors in AWS CloudTrail input. graylog-plugin-aws#667 graylog-plugin-aws#677
• Fixed issue with Palo Alto Global Protect logs parsing last 5 fields incorrectly. graylog-plugin-integrations#1327 graylog2-server#14363 graylog-plugin-integrations#1328 (Thanks: @giveen)

 

Security

• Updated to freemarker 2.3.31 and use a more secure default configuration. graylog2-server#14354
• Updated Netty from 4.1.84 to 4.1.91 graylog2-server#15186
• Updated to Apache Shiro dependency to version 1.11.0. (the fixed CVEs don’t affect Graylog) graylog2-server#15187
• Updated json-path to 2.8.0 to fix a security issue in json-smart. graylog2-server#15190

 

 

GRAYLOG OPERATIONS 5.1 BETA.3

Released: 2023-04-26

 

Added

• Added the ability to set TTLs for MongoDB Data Adapter entries. graylog2-server#14574 graylog-plugin-enterprise#4854 graylog2-server#15014
• Added configuration values for hiding widget query and description in reports graylog-plugin-enterprise#1491 graylog-plugin-enterprise#4462
• Added support for importing Sigma rules from multiple Git repositories. graylog-plugin-enterprise#4260
• Added ability to create and edit custom anomaly detectors. graylog-plugin-enterprise#4279 graylog-plugin-enterprise#4453
• Added support for Sigma rules with Regular Expressions (’re’ modifier). graylog-plugin-enterprise#4519 graylog-plugin-enterprise#4561
• Added support for CIDR lookups in MongoDB data adapters graylog-plugin-enterprise#4785 graylog-plugin-enterprise#4904
• Dynamic Startup Page Backend additions for Recent Activity, Pinned Items, Last Opened graylog-plugin-enterprise#4373
• Added shortcut to create search filters from query input with Ctrl+Enter. graylog-plugin-enterprise#4484
• Added ability to import all and refresh all rules from a Sigma rule repository. graylog-plugin-enterprise#4487
• Added investigations module. graylog-plugin-enterprise#4618 graylog-plugin-enterprise#4622 graylog-plugin-enterprise#4619 graylog-plugin-enterprise#4620 graylog-plugin-enterprise#4678 graylog-plugin-enterprise#4718 graylog-plugin-enterprise#4699 graylog-plugin-enterprise#4713 graylog-plugin-enterprise#4794 graylog-plugin-enterprise#4719 graylog-plugin-enterprise#4847 graylog-plugin-enterprise#4849 graylog-plugin-enterprise#4821 graylog-plugin-enterprise#4877 graylog-plugin-enterprise#4848 graylog-plugin-enterprise#4558 graylog-plugin-enterprise#4574 graylog-plugin-enterprise#4584 graylog-plugin-enterprise#4608 graylog-plugin-enterprise#4632 graylog-plugin-enterprise#4647 graylog-plugin-enterprise#4671 graylog-plugin-enterprise#4665 graylog-plugin-enterprise#4677 graylog-plugin-enterprise#4645 graylog-plugin-enterprise#4673 graylog-plugin-enterprise#4680 graylog-plugin-enterprise#4683 graylog-plugin-enterprise#4684 graylog-plugin-enterprise#4717 graylog-plugin-enterprise#4720 graylog-plugin-enterprise#4746 graylog-plugin-enterprise#4753 graylog-plugin-enterprise#4767 graylog-plugin-enterprise#4830 graylog-plugin-enterprise#4837 graylog-plugin-enterprise#4835 graylog-plugin-enterprise#4861 graylog-plugin-enterprise#4870 graylog-plugin-enterprise#4871 graylog-plugin-enterprise#4878 graylog-plugin-enterprise#4906 graylog-plugin-enterprise#4933 graylog-plugin-enterprise#4966
• Added ability to assign notifications to Sigma rule Alerts from Sigma pages. graylog-plugin-enterprise#4565 graylog-plugin-enterprise#4740
• Added filters on Sigma Rules List. graylog-plugin-enterprise#4553 graylog-plugin-enterprise#4607
• Added the ability to download and install Illuminate from within Graylog. graylog-plugin-enterprise#4875 graylog-plugin-enterprise#4876 graylog-plugin-enterprise#4866 graylog-plugin-enterprise#4895 graylog-plugin-enterprise#4931 graylog-plugin-enterprise#4948 graylog-plugin-enterprise#4960 graylog-plugin-enterprise#4970 graylog-plugin-enterprise#4974 graylog-plugin-enterprise#5017 graylog-plugin-enterprise#5080
• Added Illuminate hub UI. graylog-plugin-enterprise#4868 graylog-plugin-enterprise#4867 graylog-plugin-enterprise#4901 graylog-plugin-enterprise#4935
• Added extra error logging for empty OpenSearch Anomaly Detection error responses graylog-plugin-enterprise#4961
• Added info message to bundle page showing there is a new illuminate bundle graylog-plugin-enterprise#4954 graylog-plugin-enterprise#4981
• Added proxy support to Azure Event Logs input graylog-plugin-enterprise-integrations#908 graylog-plugin-enterprise-integrations#914 (Thanks: @Srinidhi-Saravanan)
• Allowed running Azure Event Hubs input in cloud. graylog-plugin-cloud#1091 graylog-plugin-enterprise-integrations#1030
• Enabled “Office 365 Log Events” input in cloud. graylog-plugin-cloud#1091 graylog-plugin-enterprise-integrations#1032
• Added Microsoft Defender for Endpoint input graylog-plugin-enterprise-integrations#685 (Thanks: @Srinidhi-Saravanan)
• Added multi-node support for the Azure Event Logs input. graylog-plugin-enterprise-integrations#931 graylog-plugin-enterprise-integrations#979

 

Changed

• Improved error message for enabling Anomaly Detectors graylog-plugin-enterprise#4246
• Prevented creation of incompatible inputs on Forwarders. graylog-plugin-enterprise#4817 graylog-plugin-enterprise#4818 graylog2-server#14866
• Traffic violation emails will now create an audit log entry. graylog-plugin-cloud#1077 graylog-plugin-enterprise#4595
• Unified fields configuration in log view builder with fields configuration in other aggregation builder. graylog-plugin-enterprise#4738
• Changed date format on Sigma Rules and Investigations lists graylog-plugin-enterprise#4947 graylog-plugin-enterprise#4989
• Changed Sigma Rule roles to Sigma Rule Manager and Sigma Rule Reader graylog-plugin-enterprise#5057
• Changed decommissioned link in O365 Input wizard to updated link. graylog-plugin-enterprise-integrations#988 graylog-plugin-enterprise-integrations#1004
• Created new plugin for CrowdStrike logs graylog-plugin-enterprise-integrations#742 (Thanks: @Srinidhi-Saravanan)
• Created new plugin for F5 BIG-IP logs graylog-plugin-enterprise-integrations#966 (Thanks: @Srinidhi-Saravanan)
• Consistent use of message identifiers in strings. graylog2-server#13628 graylog-plugin-enterprise-integrations#986
• Renamed Azure Log Events input to Azure Event Hubs. graylog-plugin-enterprise-integrations#978 graylog-plugin-enterprise-integrations#992

 

Fixed

• Hid Team source information on cloud graylog-plugin-enterprise#1080 graylog-plugin-enterprise#5074
• Fixed Enterprise UI badge validation state graylog-plugin-enterprise#1825 graylog-plugin-enterprise#4506
• Also included query/timerange/filter(s)/streams when switching message table to log view. graylog-plugin-enterprise#3328 graylog-plugin-enterprise#4729
• Fixed failure to synchronize Anomaly Detectors that are active in Opensearch but marked as inactive in Graylog. graylog-plugin-enterprise#4115 graylog-plugin-enterprise#4477
• Fixed page size selector on archives page is a bit off. graylog-plugin-enterprise#4251 graylog-plugin-enterprise#4376
• Fixed validation logic by adding an additional debounced validation. graylog-plugin-enterprise#4271 graylog-plugin-enterprise#4392
• Fixed sigma rules and repos page not having Graylog footer. graylog-plugin-enterprise#4275 graylog-plugin-enterprise#4425
• Fixed incorrect deprecated Illuminate warning check. graylog-plugin-enterprise#4388 graylog-plugin-enterprise#4397
• Fixed Illuminate data adapters being unusable from user space without a server restart. graylog-plugin-enterprise#4411 graylog-plugin-enterprise#4416
• Allowed configuration of retention time of archives in cloud ui interface. graylog-plugin-enterprise#4463 graylog-plugin-enterprise#4472
• Fixed failure to load Anomaly Detection Configuration page. graylog-plugin-enterprise#4465 graylog-plugin-enterprise#4468
• Fixed bug where Illuminate lookup table data adapters were being populated with incorrect values graylog-plugin-enterprise#4602 graylog-plugin-enterprise#4603
• Fixed bug where disabling Illuminate processing packs displayed an error. graylog-plugin-enterprise#4628 graylog-plugin-enterprise#4629
• Fixed issue with Lookup Entity Mappings migration that prevented the server from starting on 5.0 if deprecated Illuminate content packs were installed. graylog-plugin-enterprise#4641 graylog-plugin-enterprise#4657
• Fixed Sigma Rule query creation to correctly handle lists of maps. graylog-plugin-enterprise#4687 graylog-plugin-enterprise#4688
• Fixed broken audit log documention link. graylog-plugin-enterprise#4757 graylog-plugin-enterprise#4764 graylog-plugin-enterprise#4768
• Moved default save location of temporary Sigma Git data to a temp directory graylog-plugin-enterprise#4778 graylog-plugin-enterprise#4797 graylog-plugin-enterprise#4786 graylog-plugin-enterprise#4831
• Fixed list of priorities not displaying in order of priority in New Investigation modal graylog-plugin-enterprise#4788 graylog-plugin-enterprise#4819
• Fixed handling of unknown input types on Forwarder Input Profiles page. graylog-plugin-enterprise#4798 graylog-plugin-enterprise#4803
• Fixed issue where Illuminate bundle could not be upgraded if a lookup entity inside had a naming collision with an existing entity. graylog-plugin-enterprise#4827 graylog-plugin-enterprise#4832
• Fixed slow archive restore. graylog-plugin-enterprise#4925 graylog-plugin-enterprise#4926
• Fixed incorrect Graylog Security Network dashboard widget name. graylog-plugin-enterprise#4457
• Fixed breaking change in api/plugins/org.graylog.plugins.archive/config API. graylog-plugin-enterprise#4466
• Fixed error causing Illuminate bundle install timeouts. graylog-project-illuminate#1022 graylog-plugin-enterprise#4497 graylog-plugin-enterprise#4540
• Fixed error when enabling anomaly detectors in OpenSearch 2.x. graylog-plugin-enterprise#4507 graylog-plugin-enterprise#4518
• Handled deprecated short time zone IDs in report definitions. graylog-plugin-enterprise#4311 graylog-plugin-enterprise#4658
• Allowed disabling of retention strategies graylog-plugin-cloud#1081 graylog-plugin-enterprise#4667
• Avoided exception thrown during report rendering being swallowed. graylog-plugin-enterprise#4691
• Closed the add rule modal after sigma rule is created. graylog-plugin-enterprise#4808
• Executed reporting widgets in chunks when rendering report. graylog-plugin-enterprise#3562 graylog-plugin-enterprise#4856
• Fixed bug where MongoDB data adapter entries were not removed when the owning data adapter was deleted. graylog-plugin-enterprise#4872
• Fixed unneccessary anomaly detector sync queries causing Opensearch errors. graylog2-server#14917 graylog-plugin-enterprise#4881
• Avoided erroneous warning message on archive restore. graylog-plugin-enterprise#5075
• Fixed error on decoding Google Workspace Logs with some types of parameters. graylog-plugin-enterprise-integrations#1019
• Fixed credential check for Gmail Log Events input. graylog-plugin-enterprise-integrations#940 graylog-plugin-enterprise-integrations#974
• Fixed verbose failure of journaled outputs due to license issues. graylog-plugin-enterprise-integrations#953
• Showed available log types in edit form for Google inputs. graylog-plugin-enterprise-integrations#1010
• Fixed F5 Big IP input bug causing inability to load API browser components. graylog-plugin-enterprise-integrations#1027
• Improved informational logging when partition ownership changes occur. graylog-plugin-enterprise-integrations#1031 graylog-plugin-enterprise-integrations#1033
• Fixed broken on-screen validation of Azure EventHubs Maximum Wait Time field. graylog-plugin-enterprise-integrations#1036
• Fixed outputs stopping to output messages after messages were dropped, i.e. due to missing pipeline_output or full_message field. graylog-plugin-enterprise-integrations#1042 graylog-plugin-enterprise-integrations#1043
• Fixed buffering to journal when TCP based outputs experience connection issues. graylog-plugin-enterprise#4226 graylog-plugin-enterprise-integrations#937
• Fixed issue where users could not create O365 Log Event inputs with GCC High or DOD subscription types. graylog-plugin-enterprise#4380 graylog-plugin-enterprise-integrations#949
• Fixed unclean shutdown of ouput journal under high load. graylog-plugin-enterprise-integrations#963
• Ran GCP, Gmail, Google Workspace, and Office 365 Inputs on the leader node instead of a random cluster node by default. graylog-plugin-enterprise-integrations#939 graylog-plugin-enterprise-integrations#973

 

Let us know what you’d like to have included in our GitHub issue tracker.