Announcing Graylog 6.2 Beta.1

This is a beta for the upcoming release of Graylog v6.2. Please read on for detailed descriptions of everything that is included.

Download Links

• Upgrade notes
• DEB and RPM packages are available in our repositories
• Docker Compose
• Container images:
  • Graylog Open
  • Graylog Enterprise
  • Graylog Data Node
• Tarballs for manual installation:
  • Graylog Server
  • Graylog Server (bundled JVM, linux-x64)
  • Graylog Server (bundled JVM, linux-aarch64)
  • Graylog Enterprise Server
  • Graylog Enterprise Server (bundled JVM, linux-x64)
  • Graylog Enterprise Server (bundled JVM, linux-aarch64)
  • Graylog Data Node (bundled JVM, linux-x64)
  • Graylog Data Node (bundled JVM, linux-aarch64)

 

GRAYLOG FORWARDER V6.3 Beta.1

• Operating system packages:
  • DEB Package
  • RPM Package
• Docker Compose
• Container image:
  • Docker Hub

 

GRAYLOG 6.2 Beta.1

Released: 2025-03-17

Added

• Added multi_grok pipeline rule to support processing a string against many grok patterns at once. graylog2-server#15301 graylog2-server#20924
• Added new config options to Email Notifications for send as single email, CC emails/users, and BCC emails/users. graylog2-server#20809 graylog2-server#20836
• Implement common entity data table with sorting and filtering for events page graylog2-server#20881 graylog2-server#20831 graylog-plugin-enterprise#9020
• Add datanode.log to support bundle. graylog2-server#20919 graylog2-server#21553
• Client certificate validity configurable in data node graylog2-server#20928 graylog2-server#20941
• Add unit handling to a single number widget graylog2-server#20965 graylog2-server#21339
• Add option to render a pluggable navigation item after another specific item. graylog2-server#21296 graylog2-server#21827
• Added overview-page for access-tokens, accessible by admins. graylog2-server#21321 graylog2-server#21396 graylog2-server#21315
• Added new Configuration to define default for allowing access tokens for external users. graylog2-server#21322 graylog2-server#21438
• Adds token management page in the ‘Users and Teams’ section. graylog2-server#21397 graylog2-server#21737
• Adds token TTL to user token creation form graylog2-server#21441 graylog2-server#21917
• Add preflight check for data node and graylog server, veryfing that password_secret is configured to the same value everywhere. graylog2-server#21504 graylog2-server#21491
• Added new Configuration to define default for restricting access tokens to admins only. graylog2-server#21509 graylog2-server#21619
• Add new configurable default TTL for creating API tokens. graylog2-server#21660 graylog2-server#21661 graylog2-server#21662 graylog2-server#21687
• Add PBKDF2 password hash function for FIPS 140-2 support graylog2-server#20658
• Automatically trim newline characters for Fortigate messages received through Syslog inputs. graylog-plugin-enterprise#8980 graylog2-server#20788
• Add auto refresh button to events page graylog-plugin-enterprise#8661 graylog2-server#20996
• Unified snapshot configuration, role and cache management in datanode graylog2-server#21031
• Allow sorting events/alerts based on aggregation time range. graylog2-server#21044
• Allowing to filter events based on event definition, priority, key & aggregation time range. graylog2-server#21055 graylog2-server#21056
• Adding endpoint for bulk retrieval of event definitions. graylog2-server#21089
• Adding advanced field type for event definitions, looking up titles in aggregations and message table. graylog2-server#21136
• Enable defining required permissions for navigation web interface plugin. graylog2-server#21205
• Enabling bulk actions for event definitions. graylog2-server#21238
• Adding ‘Replay Search’ Bulk action to alerts & events. graylog2-server#21262
• Added metrics to the shared “scheduler” and “daemonScheduler” thread pools. graylog2-server#21454
• Added escape character handling to the key_value pipeline function. graylog-plugin-enterprise#9552 graylog2-server#21456 graylog2-server#21556
• Add input for OpenTelemetry logs. graylog2-server#21536
• Add support for overriding opensearch configuration options in data node using a configuration file specified as opensearch_configuration_overrides_file in datanode.conf. Please note that we only recommend changing certain properties. All others will emit warnings on data node startup. graylog2-server#21707
• Allow specifying a TTL when creating a new API-token. Also, automatically delete expired tokens. graylog2-server#21440 graylog2-server#21773
• Showing chart for alerts/events over time on alerts page. graylog2-server#21811
• Adding an interface to tag inputs for enterprise functionality, extracting scripting API methods into a service for reuse graylog2-server#21835 graylog-plugin-enterprise#9869
• Added Data Node Upgrade Tab in Cluster Configuration Page graylog2-server#21948 graylog-plugin-enterprise#9962 graylog2-server#21847
• Make type specific field value renderer pluggable. graylog2-server#21795
• Added system notification with link to upgrade page if Graylog server and one of the connected Data Nodes’ versions do not match. graylog2-server#21701 graylog2-server#21887
• Add the Global API browser link to the Help menu graylog-plugin-enterprise#9955 graylog2-server#21974

Changed

• Log usage of deprecated pipeline functions, specifically remove_field. graylog2-server#19287 graylog2-server#21386
• Datanode preflight check that verifies if hostname is bound to an IP graylog2-server#20503 graylog2-server#20492
• Removed noisy system notification when event limit is exceeded. graylog2-server#20785 graylog2-server#21080
• Data node: store keystore and truststore passwords in Opensearch keystore graylog2-server#20926 graylog2-server#20923
• Prevent messages from being ingested with timestamps that are in the future. Invalid timestamps will be forced to the receive time or current time. graylog2-server#21408 graylog2-server#21429
• Replace datanode insecure_startup configuration with selfsigned_startup, providing full selfsigned SSL setup graylog2-server#18911 graylog2-server#20842
• Suppress noisy aggregation search error when it is likely due to cloud maintenance. graylog-plugin-enterprise#8919 graylog2-server#20968
• Better handling of intermediate CAs in datanode truststore graylog2-server#21062
• Adjust Event Priority field choices for consistency with Graylog Security. graylog2-server#21123
• Prevent accidental deletion of the default system index set. graylog-plugin-enterprise#5904 graylog2-server#21174
• Upgraded MongoJack dependency to 5.0.2. This might require changes to third-party plugins. Please check Graylog upgrade notes. graylog2-server#21493
• Add more logging around CA upload in preflight, support more private key types. graylog2-server#21632
• Refer to official AWS Kinesis/Cloudwatch input for permissions on first page of input setup. graylog2-server#21755
• AmqpTransport: Log root cause of IOException, if possible graylog2-server#21764
• Better self-signed certificate check in datanode keystore graylog2-server#21811
• Set default User-Agent header in HTTP client to Graylog. graylog2-server#21864
• Admin user can no longer cancel search jobs of other users. graylog-plugin-enterprise#9926 graylog2-server#21932
• Generated certificates now use 4096 bit keys. graylog-plugin-enterprise#9951 graylog2-server#21943
• More concise information on when/how to change permissions for the OpenSearch data directory in the Data Node migration wizard. . graylog-plugin-enterprise#9231 graylog2-server#21959

Deprecated

• Deprecated Palo Alto Networks version 8.x and 9.x inputs graylog2-server#21579

Fixed

• Fix custom highlighting of field values in the message details of the message table widget graylog2-server#18388 graylog2-server#20921
• Improve performance of close and delete actions when working with a lot of index sets. graylog2-server#18563 graylog2-server#21195
• Add a note clarifying how making changes to index sets does not apply to existing indices graylog2-server#18836 graylog2-server#20659
• Fixing highlighting of message in message table by id. graylog2-server#19058 graylog2-server#21389
• Catch and report exceptions during grok pattern matching. graylog2-server#19975 graylog2-server#21290
• Fixing keyboard shortcut conflicts for opening query history by changing it to ctrl+space on win and linux os graylog2-server#20423 graylog2-server#21336
• Set datanode remote reindex status to error if any log entry is of error type graylog2-server#20461 graylog2-server#20622
• Fixed the issue when the streams link in the message table was not working on the streams page. graylog2-server#20465 graylog2-server#21338
• Suppress repeated error logging for Whois lookup adapter when following redirects. graylog2-server#20571 graylog2-server#21838
• Fix that non visible items are selected in index sets table when changing field type graylog2-server#20592 graylog2-server#20616
• Fix encoding of CName in generated CA certificates graylog2-server#20738 graylog2-server#20745
• Fixing text color of bar labels in bar chart, which are displayed outside of a bar. graylog2-server#20789 graylog2-server#20948
• Fixing output class name for prometheus exporter. graylog2-server#20790 graylog2-server#20844
• Fixing up extraction of effective time range for async searches. graylog2-server#20800 graylog2-server#20808
• Hiding zoom-out notifier when zooming in on graph. graylog2-server#20833 graylog2-server#21850
• Fixing unkown format issue in widgets when using gradiant highlighting. graylog2-server#20876 graylog2-server#20882
• Fix handling of path prefix in useSendTelemetry. graylog2-server#20899 graylog2-server#20909
• Fix failing of executing search on event definition page graylog2-server#20925 graylog2-server#20953
• Fix error when ticking or unticking show event annotations graylog2-server#20932 graylog2-server#21028
• Fix unescaped double quotes in map and collection typed fields in Custom HTTP Notification JSON body. graylog2-server#20955 graylog2-server#21167
• Handle path prefix when serving web interface assets. graylog2-server#21015 graylog2-server#21104
• Fix when widget title input in widget edit mode looses cursor position on change graylog2-server#21145 graylog2-server#21327
• Fix displaying very small percentages. graylog2-server#21185 graylog2-server#21368
• Fix JNA temp directory to be located in the configured server data dir. graylog2-server#21223 graylog2-server#21298
• Add error handling for event definition bulk action on general perspective. graylog2-server#21248
• Fixed poor performance of CIDR data adapter lookups. graylog2-server#21272 graylog2-server#21474 graylog-plugin-enterprise#9628
• Retrying indexing messages failing due to circuit breaker exception. graylog2-server#21282 graylog2-server#21313
• Add default auto refresh config on events and alerts page graylog2-server#21350 graylog2-server#21351
• Fix an issue causing saving searches/dashboards after clearing the unit type to fail with error. graylog2-server#21398 graylog2-server#21399
• Fixed issue preventing quoted entity search values from finding exact matches on various pages throughout Graylog. graylog2-server#21565 graylog2-server#21567
• Show helpful error/explanation on message permalink page when index/message is missing. graylog2-server#21653 graylog2-server#21663
• Make latest metric preserve field type of field used in frontend. graylog2-server#21837 graylog2-server#21833
• Fixed query validation with parameter usage. Parameters representing field names do not cause ‘unknown field’ warnings anymore. graylog2-server#9368 graylog2-server#21469
• Added value sanitation to MarkdownEditor component graylog-plugin-enterprise#9778 graylog2-server#21786 graylog-plugin-enterprise#9830
• Sorting pivot values numerically when field is numeric. graylog-plugin-enterprise#6479 graylog2-server#20918
• Hide warnings on Graylog enterprise events in Data Node. graylog-plugin-enterprise#9372 graylog2-server#21890
• Fix various issues in AMQP input: allow passive queue declaration, fix leaks in thread execution and connection handling, expose client metrics, set proper connection name, clarify parallelQueues option graylog2-server#6827 graylog2-server#7747 graylog2-server#20270
• Fix statvfs warnings from oshi on server startup. graylog2-server#20629
• Add missing any/all option to stream rules in routing/intake page graylog-plugin-enterprise#8497 graylog2-server#20678
• Hide stream rule Matching-Type-Switcher when stream is not editable graylog2-server#20714
• Optimize widgets warnings graylog-plugin-enterprise#8213 graylog2-server#20748
• Fixes issue where some event types did not display all actions that should have been available. graylog-plugin-enterprise#8638 graylog2-server#20847
• Enterprise Traffic Graph: Ensure license data is visible on Cloud graylog-plugin-enterprise#6055 graylog2-server#20858
• Fixing replay search routes when path prefix is present. graylog2-server#20910
• Directory compatibility check for datanode inplace migration rejects empty dir graylog2-server#20912
• Fixing route for AWS integration when path prefix is present. graylog2-server#20969
• Fix line wrapping in new sidecar default configurations for filebeat. graylog2-server#21043
• Centralized view of Graylog cluster components graylog2-server#20997 graylog2-server#21058
• Add archive restore retry on mapper parsing exception. graylog-plugin-enterprise#9208 graylog2-server#21197 graylog-plugin-enterprise#9413
• Filters system event definitions from list of entities that can be exported in a content pack. graylog2-server#21166 graylog2-server#21206
• batching request for index block status if the combined length of the indices exceed the max possible URL length graylog2-server#21208
• Fixed bug where inputs with multiple encrypted configuration values could not be saved. graylog2-server#21217
• Fix org.graylog2.outputs.ElasticSearchOutput.writes metric. graylog2-server#21286
• Fix missing Query Parameters in Event Definitions in Content Packs. graylog-plugin-enterprise#9274 graylog2-server#21349
• Fix error when clicking the Replay search link in event definition summary in edit modal on security events page graylog-plugin-enterprise#9289 graylog2-server#21359
• Adding missing API descriptions on method parameters for Simple Scripting API. graylog2-server#20821 graylog2-server#21367
• Improve readability of filter preview error message in event definition wizard (dark mode). graylog-plugin-enterprise#9336 graylog2-server#21376
• UI Framework for deprecating pipeline functions graylog2-server#19287 graylog2-server#21467
• Upgrade AWS Kinesis client libary to version 6.1.0 to fix potential shard processing issues. graylog2-server#21451 graylog2-server#21538
• Don’t add search role if node_roles are user-defined in datanode.conf graylog-plugin-enterprise#9704 graylog2-server#21622
• Better handling of keystore aliases in datanode. graylog2-server#21783
• Fix escaping of response headers in API browser. graylog2-server#21795
• Improved validation and handling of uploaded certficate authorities. graylog2-server#21832 graylog2-server#21858
• Fix display of encrypted configuration values for inputs. graylog2-server#21927

 

GRAYLOG ENTERPRISE 6.2.0-beta.1

Released: 2025-03-17

Added

• Added new Sophos Central input. graylog-project-illuminate#394 graylog-plugin-enterprise#8915
• Added support for global retention configuration in the data warehouse, with the option to override it on a per-stream basis. graylog-plugin-enterprise#9092 graylog-plugin-enterprise#9093 graylog-plugin-enterprise#9221 graylog-plugin-enterprise#9211 graylog-plugin-enterprise#9199 graylog-plugin-enterprise#9265
• New security welcome page design graylog-plugin-enterprise#7948
• Added Event Procedures to Security Events. graylog-plugin-enterprise#8625 graylog-plugin-enterprise#8825 graylog-plugin-enterprise#9324 graylog-plugin-enterprise#9375 graylog2-server#21108
• Add bulk action to events page graylog-plugin-enterprise#8663 graylog-plugin-enterprise#9245 graylog2-server#21027
• Added Executive Overview page graylog-plugin-enterprise#8680 graylog-plugin-enterprise#8889
• Added Grid Layout for Executive Overview graylog-plugin-enterprise#8681 graylog-plugin-enterprise#8925
• Added filter functionality to the Data Warehouse, enabling data retrieval based on up to three predefined field filters. graylog-plugin-enterprise#8837 graylog-plugin-enterprise#8874 graylog-plugin-enterprise#8890
• Added configuration ‘data_tiering_ignore_repositories’ to optionally hide internal repositories. graylog-plugin-enterprise#8850
• Added a new role that grants search and retrieval access to the data warehouse graylog-plugin-enterprise#8518 graylog-plugin-enterprise#9109
• Add Event Procedures. graylog-plugin-enterprise#9163 graylog-plugin-enterprise#9694
• Added new Mimecast input. graylog-plugin-enterprise#9250 graylog-plugin-enterprise#9276 graylog-plugin-enterprise#9654 graylog-plugin-enterprise#9693
• Add support for custom Salesforce application URLs in the Salesforce input. graylog-plugin-enterprise#9345 graylog-plugin-enterprise#9414 graylog-plugin-enterprise#9424 graylog-plugin-enterprise#9435
• Display asset title for value of associated_assets field. graylog-plugin-enterprise#9447 graylog-plugin-enterprise#9882
• Added bulk actions to Security Events in asset details drawer. graylog-plugin-enterprise#9572 graylog-plugin-enterprise#9818
• Added support for Sigma correlation rules. graylog-plugin-enterprise#9630 graylog-plugin-enterprise#9668 graylog-plugin-enterprise#9765 graylog-plugin-enterprise#9791 graylog-plugin-enterprise#9828 graylog-plugin-enterprise#9883 graylog-plugin-enterprise#9918 graylog2-server#21736 graylog2-server#21785
• Added new Microsoft Graph input. graylog-plugin-enterprise#9805 graylog-plugin-enterprise#9854
• Apply index settings and mappings for Illuminate-retrieved streams stored in the data lake. graylog-plugin-enterprise#9823 graylog-plugin-enterprise#9824
• Adds token TTL to the forwarder token creation step. graylog-plugin-enterprise#9972 graylog-plugin-enterprise#9972
• Threat Chain widget that shows the list of sigma rules responsable to trigger the alert/event graylog-plugin-enterprise#10012
• Add a ‘category_’ prefix on category fields for Anomaly Detection to avoid naming conflicts. graylog-plugin-enterprise#8592
• Added Bitdefender GravityZone input. graylog-plugin-enterprise#8648
• Added ability to automatically open the first selected investigation by default in the drawer when adding new evidence graylog-plugin-enterprise#8690
• Introduced new Illuminate marketplace. graylog-plugin-enterprise#8795 graylog-plugin-enterprise#8819 graylog-plugin-enterprise#8770 graylog-plugin-enterprise#8867 graylog-plugin-enterprise#8879 graylog-plugin-enterprise#8914 graylog-plugin-enterprise#8981 graylog-plugin-enterprise#8990 graylog-plugin-enterprise#8991
• Add new Security Welcome page. graylog-plugin-enterprise#8924
• Add asset details dashboard to Asset Details page and list. graylog-plugin-enterprise#9236
• Adding bulk security event retrieval by id. graylog-plugin-enterprise#9299
• Changed Illuminate bundle installation to a more pack-centric workflow and added new Illuminate Content hub page. graylog-plugin-enterprise#9333 graylog-plugin-enterprise#9474
• Amplify Event Risk scores if they are part of threat campaigns. graylog-plugin-enterprise#9385 graylog-plugin-enterprise#9422 graylog-plugin-enterprise#9423 graylog-plugin-enterprise#9425 graylog-plugin-enterprise#9594 graylog-plugin-enterprise#9777 graylog-plugin-enterprise#9495 graylog-plugin-enterprise#9843
• Added new GELF (Newline-delimited) option for AWS S3 input. graylog-plugin-enterprise#9695
• Add AND/OR operator field to Retrieving from Data Lake form. graylog-plugin-enterprise#9713
• Store input processing errors in message failure index. graylog-plugin-enterprise#9578 graylog-plugin-enterprise#9790 graylog2-server#21725
• Revamping Security Events list, adding extended filtering & sorting.. graylog-plugin-enterprise#9868
• Limiting Sigma Rules in Threat Coverage widget to products ingesting graylog2-server#21835 graylog-plugin-enterprise#9869
• Removed the unnecessary steps in the Improve Threat Coverage For All Tactics modal. Use latest Content Hub API endpoints. graylog-plugin-enterprise#9940 graylog-plugin-enterprise#9901 graylog-plugin-enterprise#9941

Changed

• Changed default Investigation status to ‘Open’ for new installs and existing installs without a default set. graylog-plugin-enterprise#8640 graylog-plugin-enterprise#8827
• Check for forwarder loops. graylog-plugin-enterprise#9280 graylog-plugin-enterprise#9311
• New Illuminate Content Hub look graylog-plugin-enterprise#9946
• Create dropdown in navigation for data warehouse related pages. graylog-plugin-enterprise#9488
• Improvements for Security Activity Dashboards. graylog-plugin-enterprise#9516
• Adding search fields operators AND/OR to data lake retrieval to support the same queries as in the preview. graylog-plugin-enterprise#9687
• Adding the AND/OR operator to the filter query in the estimate function. graylog-plugin-enterprise#9703
• Updating the Investgation Summary by AI template. graylog-plugin-enterprise#9716

Removed

• Removed .keyword fields from unmapped Sigma query fields after Illuminate index templates update. graylog-plugin-enterprise#8518 graylog-plugin-enterprise#8828
• Remove output path variables tooltip graylog-plugin-enterprise#8568 graylog-plugin-enterprise#8863
• Removed unique name constraint for Assets. graylog-plugin-enterprise#8838 graylog-plugin-enterprise#9485
• Removed Replay Search button from Anomaly events that cannot be replayed. graylog-plugin-enterprise#8847 graylog-plugin-enterprise#8969 graylog-plugin-enterprise#9032
• Removed /plugins/org.graylog.plugins.files/* REST API endpoints. graylog-plugin-enterprise#9808

Fixed

• Fixed issue where Asset sorting was case-sensitive. graylog-plugin-enterprise#6017 graylog-plugin-enterprise#9498
• Fixed issue where cloned Sigma Rules originally provided by Illuminate could not be modified. graylog-plugin-enterprise#7068 graylog-plugin-enterprise#9001
• Rename Data Warehouse to Data Lake graylog-plugin-enterprise#8310 graylog-plugin-enterprise#9618 graylog-plugin-enterprise#9664 graylog2-server#21507 graylog2-server#21593
• Ignore unmapped tiebreaker fields when sorting logs. graylog-plugin-enterprise#8492 graylog-plugin-enterprise#9135
• Fix corrupted event details view when open from events widget. graylog-plugin-enterprise#8558 graylog-plugin-enterprise#9520
• Fixed issue that prevented standard hyphenated (YYYY-MM-DD) Sigma date field values. graylog-plugin-enterprise#8575 graylog-plugin-enterprise#9573
• Use pagination to avoid error when importing a large number of assets from Active Directory or LDAP. graylog-plugin-enterprise#8582 graylog-plugin-enterprise#9844 graylog-plugin-enterprise#9845
• Fix displaying null – null as time range when deleting the entire archive. graylog-plugin-enterprise#8727 graylog-plugin-enterprise#8851
• Data warehouse UI improvements graylog-plugin-enterprise#8807 graylog-plugin-enterprise#8954
• Allow parallel external snapshots for data tiering. graylog-plugin-enterprise#8845 graylog-plugin-enterprise#7566 graylog-plugin-enterprise#9644
• Improve error handling for loading assets for Events and Investigations. graylog-plugin-enterprise#8859 graylog-plugin-enterprise#8167 graylog-plugin-enterprise#8891 graylog-plugin-enterprise#8921
• Fixed issue where duplicate events/messages are listed after being added to an Investigation. graylog-plugin-enterprise#8900 graylog-plugin-enterprise#8904
• Fixed issue with downloading audit log CSV and JSON export. graylog-plugin-enterprise#8929 graylog-plugin-enterprise#8930
• Fix error when loading main Security Investigations page when limited stream permissions are present. graylog-plugin-enterprise#8938 graylog-plugin-enterprise#8941
• Fix the wrong font color when export widget into PDF from a Dark Mode graylog-plugin-enterprise#8967 graylog-plugin-enterprise#9075
• Fixing output class name for prometheus exporter. graylog2-server#20790 graylog-plugin-enterprise#9028
• Fixing implicit browser sharing during PDF rendering. graylog-plugin-enterprise#9046 graylog-plugin-enterprise#9053
• Fixing up inclusion of report id in audit log entry. graylog-plugin-enterprise#9048 graylog-plugin-enterprise#9056
• Fix Security Events list in Asset details drawer graylog-plugin-enterprise#9067
• Fixed Illuminate Customizations requiring a server restart before taking effect. graylog-plugin-enterprise#9086 graylog-plugin-enterprise#9557 graylog2-server#21439
• Fixing archiving and data warehouse routes when path prefix is present. graylog-plugin-enterprise#9133 graylog-plugin-enterprise#9137
• Fixing routes for some integrations when path prefix is present. graylog-plugin-enterprise#9148 graylog-plugin-enterprise#9156
• Fixing login via OIDC authentication service when path prefix is present. graylog-plugin-enterprise#9149 graylog-plugin-enterprise#9150
• Fixing restore for archives whose mappings differs from the index template. graylog-plugin-enterprise#9208 graylog2-server#21054
• Fixing reporting failures due to timeout when converting to PDF. graylog-plugin-enterprise#9438 graylog-plugin-enterprise#9430
• Fixed Illuminate Sigma Rules scope permissions. graylog-plugin-enterprise#9473 graylog2-server#21600 graylog-plugin-enterprise#9709
• Fixing reporting jobs getting stuck in Running state. graylog-plugin-enterprise#9535 graylog-plugin-enterprise#9536
• Make sure a data lake backend is not accessed by another cluster. graylog-plugin-enterprise#9577 graylog-plugin-enterprise#9959
• Fixed issue with email claim on Entra / OIDC login. graylog-plugin-enterprise#9610 graylog-plugin-enterprise#9842
• Fixed invalid overwriting of Sigma rule search filters when updating via Illuminate upgrade. graylog-plugin-enterprise#9680 graylog-plugin-enterprise#9692
• Reduced the default Iceberg commit interval from 1h to 15min, applied only for new installations graylog-plugin-enterprise#9748 graylog-plugin-enterprise#9907
• Improve performance of Data Warehouse data file deletion when expiring snapshots. graylog-plugin-enterprise#8831
• Fix erroneous reduction in asset risk score varaince factor after assets are edited graylog-plugin-enterprise#8834
• Fix calendar time input controls not aligned graylog2-server#20177 graylog-plugin-enterprise#8843
• Fix data warehouse journal size metric graylog-plugin-enterprise#8856
• Support draw-down licenses in AI Service calls. graylog-plugin-enterprise#8923
• Fix SSO login link display issue. graylog2-server#20770 graylog-plugin-enterprise#8966
• Fix incorrect asset factor when calculating Event and Asset risk scores. graylog-plugin-enterprise#8972
• Fixed issue preventing Small Business licenses from accessing Open Illuminate release. graylog-plugin-enterprise#9037 graylog-plugin-enterprise#9036
• Fix data warehouse retrieval form inclusion types labels. graylog-plugin-enterprise#9076 graylog-plugin-enterprise#9077
• Fixing reporting routes when path prefix is present. graylog-plugin-enterprise#9078
• Improved Defender for Endpoint input error handling. graylog-plugin-enterprise#9084
• Fix retrieval action showing when license is invalid. graylog-plugin-enterprise#9178 graylog-plugin-enterprise#9191
• Fixing widget export filename sanitization. graylog2-server#21128 graylog-plugin-enterprise#9346
• Improving delete asset category user experience. graylog-plugin-enterprise#9304 graylog-plugin-enterprise#9303 graylog-plugin-enterprise#9403
• Fix missing Query Parameters in Event Definitions in Content Packs. graylog-plugin-enterprise#9274 graylog-plugin-enterprise#9606

 

Graylog Forwarder 6.3-beta.1

Released: 2025-03-19

Added

• Add OpenTelemetry input. forwarder#155 graylog2-server#21536

Let us know what you’d like to have included in our GitHub issue tracker.