Announcing Graylog Illuminate 6.4.1

Special Note:

To upgrade to this Illuminate V6.4.1 Release, you must be already running minimum Graylog-Enterprise V6.1 first.

FIXED

• Apache HTTP: Prioritize custom application_name field in Filebeat configuration for log type identification (2933)
  The field application_name can optionally be added to Filebeat configuration input blocks to identify  the input log type e.g. access, error, ssl instead of relying on the log file path e.g. /access.log, /error.log.  The check for application_name now takes priority over log file path for log type identification if the field is set.  Identification via log file path name acts as a fallback.

CHANGED

• AWS Security Lake: Disable dynamic date detection and convert combined date fields into string array. (2930)
  Dynamic date detection is now disabled for the AWS Security Lake index template to mitigate possible indexing errors from unknown or unaccounted date formats and combined date values. Renamed the fields vendor_data_unmapped_responseObject.metadata.managedFields__.time and vendor_data_unmapped_responseObject.status.conditions__.lastTransitionTime to  vendor_data_unmapped_responseObject_metadata_managedFields_time and vendor_data_unmapped_responseObject_status_conditions_lastTransitionTime, respectively.  Each field is converted to a unique array to handle multiple date values.
• Cisco ISE: Updated the list of inputs this pack is associated with to include RAW types when using the Input Setup Wizard. (2937)

Let us know what you’d like to have included in our GitHub issue tracker.