We have updated our Terms of Service, Code of Conduct, and Addendum.

Cribl v4.2.2

Tony Reinke - Cribl
Tony Reinke - Cribl Posts: 134 admin
edited September 2023 in General Discussions

Everyone can stop holding their breath, Cribl v4.2.2 is officially here! We got a bunch to talk about, but I will try and summarize it.

 Stream:
We have been able to make a bunch of fixes to make sure our Stream product is humming along. We have fixes in Access and Authorizations, Sources. Destinations, Persistent Queue. Diagnostics, Monitoring and Metrics, and Other Functional and UX/UI.Couple of fixes to note:

  • CRIBL-19154 Corrected File Monitor Source's memory leak.
  • CRIBL-18156 Corrected blocked data ingest on Source persistent queue read/write conflicts.
  • CRIBL-18667 Increased FileSystemOut logging to better diagnose hung event processing.

 Edge:
Edge has been able to add a few new features while working on a few corrections.New Features:

  • CRIBL-17135 Zip, zip, hooray! The File Monitor Source in Cribl Edge can now process .zip files.
  • CRIBL-19248 Need to grab a memory snapshot? Now it’s easier than ever with the diag heapsnapshot command, available in Edge and Stream on-prem deployments. For detailed instructions, check out Including Memory Snapshots. Happy snapping!
  • CRIBL-10895 The Windows Event Logs Source now supports rendering events in XML format as well as JSON.

Fixes to note:

  • CRIBL-19154 Corrected File Monitor Source's memory leak.
  • CRIBL-19157 File Monitor events now display host property values.
  • CRIBL-18923 Members with the Fleet-level Editor Permissions can now use manual file discovery.

 Search:
We have been able to expand the abilities of Search in this release. Check out these new features.

  • You can now export dashboards and panels as .jpg or .png files.
  • The new mv-expand operator expands an array or object within an event into multiple events, where each of the generated events contains a single value of the original array or object.
  • The new externaldata operator fetches external data from HTTP(S) URLs.
  • The lookup operator can match fields with different names with two new supported syntax variations, map and join.
  • The export operator that creates or updates a lookup table now supports compression.
  • The send operator now includes start and end messages for reporting its status. These messages indicate the initiation and completion of the operator, point out any process errors, and contribute to monitoring the overall process status.

We are working on rolling out Cribl v.4.2.2 to all of the cloud instances. You can download the latest at https://cribl.io/download/