This is the first release candidate for the upcoming release of Graylogv5.0.
The packages now also come with the option to use a bundled JVM version, for two separate Linux architectures (x64 and ARM). This change makes it easier for users to ensure they are running the correct JVM version and simplifies the installation. There’s still the option to use a custom JVM if required.
Download Links
- Docker image
- DEB and RPM packages are available in our repositories
- Docker Compose
- Tarballs (manual installation):
GRAYLOG FORWARDER
- Tarball (manual installation):
- OS Packages
- Docker image:
- Docker Hub
- docker pull graylog/graylog-forwarder:5.0-rc.1-1
Please report bugs and any other issues in our GitHub issue tracker. Thank you!
GRAYLOG CORE PLATFORM
Released: 2022-11-23
Added
- Added support for custom OIDC claims graylog2-server#11528 graylog2-server#3544 graylog2-server#12624 Note: This was already backported to 4.2 and 4.3, so it’s not technically new.
- Added validation for field value types. It will detect the correct type of the field and warn if user enters a value of different data type. graylog2-server#11973 graylog2-server#12088
- Added ability for inputs to specify encoding graylog2-server#12337 graylog2-server#12654
- The list of fields can now show only the fields that are present in selected streams, if stream_aware_field_types config property is set to true. graylog2-server#12572 graylog2-server#9397 graylog2-server#13363
- Event definition page now includes a button to edit it directly graylog2-server#12910 graylog2-server#13248
- Show Elasticsearch/OpenSearch cluster health on index sets overview page. graylog2-server#13017 graylog2-server#13024 (Thanks: @supahgreg)
- New configuration flag ignore_migration_failures to skip migrations which are blocked graylog2-server#13053 graylog2-server#13137
- Show title of dashboards and saved searches on page. graylog2-server#13116 graylog2-server#13491
- Added a new built-in “Pipelines Manager” role. graylog2-server#13251 graylog2-server#13866
- Feature preview of Scripting API. graylog2-server#3807 graylog2-server#13809
- Reimplement ability to reorder dashboard pages. graylog2-server#13744 graylog2-server#7470
- Allowed sorting columns in data table widget. graylog2-server#13432 graylog2-server#9998
- Added config option to set upper limit for index retention period. graylog2-server#12299
- Support configuration of sidecars on Darwin and FreeBSD. collector-sidecar#377 graylog2-server#12387
- Added simple actions to copy field name/value/message fields to clipboard. graylog2-server#12877
- Added ability to pull Geo Location Processor database files from an S3 bucket. graylog2-server#13204
- Enabled search filter feature (Enterprise). graylog2-server#13640
- Allowed pinning row pivot columns in data table widget. graylog-plugin-enterprise#249 graylog2-server#13510
- Show in field select if fields are qualified for metric function. graylog2-server#13643
- Allowed setting TCP-keepalive for all sockets used in HTTP notifications. graylog2-server#13736
- Updated bin/graylogctl to support a bundled JVM. graylog2-server#13980
Changed
- Set elasticsearch_index_optimization_jobs default to 10 graylog2-server#12025 graylog2-server#13521
- Index detail shard numbers (segments, open search contexts, and deleted messages) are now formatted. graylog2-server#13021 (Thanks: @supahgreg)
- Switched from ‘openjdk’ to ‘eclipse-temurin’ for Graylog Server test image. graylog2-server#13114 graylog2-server#13002 (Thanks: @supahgreg)
- Changed items displayed in the System dropdown menu to match the permissions for the page that they link to. graylog2-server#13157 graylog2-server#13188
- Pre-flight check requires at least MongoDB 5.0 graylog2-server#13660 graylog2-server#13778
- Fresh Graylog Installations will have a new default message processor order graylog2-server#5040 graylog2-server#13081
- Auto focus first suggestion in search query input autocompletion. graylog2-server#6909 graylog2-server#12991
- ‘Outdated version’ notifications now include links to the changelog pages. graylog2-server#7593 graylog2-server#7689 graylog2-server#12648 (Thanks: @supahgreg)
- Replaced nested with linear bucketing in aggregations. graylog2-server#8111 graylog2-server#13805 graylog2-server#13806 graylog2-server#13855
- When selecting roles from the dropdown they are now automatically assigned to the team/user graylog2-server#9933 graylog-plugin-enterprise#3969 graylog2-server#13277 graylog-plugin-enterprise#4002
- Retry on Elasticsearch Request entity too large errors graylog2-server#13113 graylog2-server#7071
- Renamed ‘All Messages’ stream to ‘Default Stream’ graylog2-server#13258
- Java 17 graylog2-server#13276 graylog-plugin-enterprise#3961 graylog-plugin-enterprise-integrations#869 graylog-plugin-collector#205 graylog-plugin-aws#663 graylog-plugin-integrations#1153 graylog2-server#13330 graylog2-server#12644
- OpenSearch 2 Support graylog2-server#13340 graylog-plugin-enterprise#4005
- Disabled rollup columns by default for new aggregations. graylog2-server#11516 graylog2-server#13410 graylog2-server#13690
- Unified position of ‘create new entity’ buttons in page header. graylog2-server#13577
- Moved submit button in widget edit mode next to configuration form. graylog2-server#13581
- Improved the way we display the navigation for subareas of a page. graylog2-server#13677
- Unified position of documentation links in page headers. graylog2-server#13691
- Updated jersey from 2.32 to 2.37 graylog2-server#13710
- Masked custom properties for Kafka inputs on the inputs page to hide sensitive information. graylog2-server#13383 graylog2-server#13873
- Changed default of search window and execution frequency for new event configurations from 1 to 5 minutes. graylog-plugin-enterprise#3740 graylog2-server#13943 graylog-plugin-enterprise#4343
- Changed default value for http_thread_pool_size and proxied_requests_thread_pool_size to 64. graylog-plugin-enterprise#4325 graylog2-server#13960
- Sorting options in aggregations have been limited for deterministic results. graylog2-server#13957 graylog2-server#14017
- Modified how Microsoft Teams notification templates are processed. graylog-plugin-integrations#1096 graylog-plugin-integrations#1200 graylog-plugin-integrations#1202
Removed
- Removed support for Elasticsearch 6 graylog2-server#13317 graylog2-server#13321 graylog-plugin-enterprise#3992 graylog-project-internal#77 graylog-plugin-enterprise#4035
- Removed legacy alerting management pages. graylog2-server#12987
- Removed unused and dysfunctional MetricsHistoryResource. graylog2-server#2443 graylog2-server#13553
- Removed ineffective settings for output buffer processor thread pool. graylog2-server#13971
Fixed
- Hid edit button for permissions config if the user doesn’t have edit permissions. graylog2-server#12090 graylog2-server#13939
- Fixed incorrect prometheus mapping for input metrics. graylog2-server#12421 graylog2-server#12560
- Fixed bug when installing Sidecar collector configuration in Content Pack. graylog2-server#12778 graylog2-server#13632
- Uses whitespace analyzer for query parsing and validation. This is needed to prevent unexpected field value parsing. graylog2-server#12888 graylog2-server#12918
- Fixed sorting exception on aggregations by removing ‘latest’ metrics from the list of possible sorts. graylog2-server#12908 graylog2-server#14027
- Fixed breaking change in Geo-Location Processor fields. graylog2-server#12909 graylog2-server#13202 graylog2-server#13203 graylog2-server#13094
- When using the index time rotation strategy, roatating of empty index sets is skipped. graylog2-server#13028 graylog2-server#13735 graylog-plugin-enterprise#3869
- Fixed autocompletion for inputs with quoting/containing slashes. graylog2-server#13082 graylog2-server#13087 graylog2-server#13092
- Fixed source field extraction for Beats version 8 and later. graylog2-server#13254 graylog2-server#13895
- Do not toggle message details in message table widget, when selecting text. graylog2-server#13259 graylog2-server#13263
- Fixed performance regression on UDP inputs with newer Java versions graylog2-server#13306 graylog2-server#14005 (Thanks: @giangi)
- Fixed journal directory preflight size check graylog2-server#13454 graylog2-server#13470
- Queries that have the form of _exists_:field_name are now validated without any wrong warning messages. graylog2-server#13455 graylog2-server#13489
- Fixed latest aggregation if field is not present in time range. graylog2-server#13593 graylog2-server#13640
- Fixed “Unauthorized” messages in server log when “Trusted Header Authentication” is enabled and a user session expires. graylog2-server#13721 graylog2-server#13735
- Took into account if “Always match” rule is inverted. Previously it was ignored for this rule type. graylog2-server#13819 graylog2-server#13847
- The pipeline function flatten_json now respects the original JSON types. An optional parameter is provided for backwards compatibility. graylog2-server#13888 graylog2-server#13947
- Removed not needed rel=’noreferer’ from documentation links graylog2-server#13934 graylog2-server#13941
- Allowed non-word-characters in lookup tables key field graylog2-server#13973 graylog2-server#14029
- Fixed appearing toast errors when creating HTTP JSONPath data adapter and start editing the title. graylog2-server#14004
- Fixed alert system on low message input graylog2-server#6770 graylog2-server#13556
- Fixed bug preventing installation of Content Packs that reference System Streams. graylog2-server#7212 graylog2-server#13398
- Fixed bug preventing processing of CEF message fields with large integer values. graylog2-server#7371 graylog2-server#13812
- Fixed content pack imports error for event notifications. graylog2-server#7801 graylog2-server#13171 graylog-plugin-enterprise-integrations#859 graylog-plugin-integrations#1129
- Reset time-based rotation strategy after leader change. graylog2-server#12370
- Fixed parsing of invalid search operators in query validation. graylog2-server#12420
- Improved server startup to log all errors to the log file instead of writing some of them to STDERR. graylog2-server#13088
- Display current page as active in navigation. graylog2-server#13498
- Fixed server –dump-default-config command graylog2-server#13507
- Allow “Show Top Values” action for enumerable compound fields. graylog2-server#137892
- Filter autocompletion suggestions to currently selected streams. graylog2-server#13553
- Isolated errors in result extraction to search type(s) causing it graylog2-server#13955
- Fixed bug where old PagerDuty notifications would fail to load. graylog-plugin-integrations#1054 graylog-plugin-integrations#1077
Security Fixes
- Updated Jackson to latest stable version 2.13.4 graylog-plugin-enterprise#3674 graylog2-server#13541
- Updated Netty from 4.1.60 to 4.1.84 graylog2-server#13879
GRAYLOG OPERATIONS/GRAYLOG SECURITY
Added
- Illuminate Lookup tables are now available in user space. graylog-plugin-enterprise#2877 graylog-plugin-enterprise#3823 graylog2-server#13048
- Allowed defining multiple scheduling frequencies for report delivery graylog-plugin-enterprise#3214 graylog-plugin-enterprise#3581
- Added search filter feature. graylog-plugin-enterprise#3401 graylog-plugin-enterprise#3609
- Added a config option to automatically delete archive files that are older than a defined age graylog-plugin-enterprise#4113 graylog-plugin-enterprise#3542 graylog-plugin-enterprise#4198 graylog-plugin-enterprise#4218 graylog2-server#12682 graylog2-server#13707 graylog2-server#13734
- Added Illuminate Spotlight content packs to Illuminate bundle installation. graylog-plugin-enterprise#3868 graylog-plugin-enterprise#3622
- Added deprecated warning and status metrics reporting. graylog-plugin-enterprise#4147 graylog-plugin-enterprise#4156 graylog2-server#13631
- Support restoring archives in bulk graylog-plugin-enterprise#3681
- Added backend support for storing timerange overrides for each report frequency configuration graylog-plugin-enterprise#3713
- Added gRPC health check endpoints. graylog-plugin-enterprise#3941
- Added support for Sigma rules. graylog-plugin-enterprise#3967
- Added a Store Full Message field option to the Azure Logs input, which stores the entire message payload received from Azure Logs. graylog-plugin-enterprise-integrations#769 graylog-plugin-enterprise-integrations#779
Changed
- Display parameter inputs inside search bar. graylog-plugin-enterprise#3492 graylog-plugin-enterprise#3407
- Reported deliveries use generic scheduler instead of periodical task graylog-plugin-enterprise#3797
Let us know what you’d like to have included in our GitHub issue tracker.
