v.4.4.4 Release

January 17, 2024 · 2 min read
Jennifer Evans
Senior Technical Writer

2024-01-17 - Cribl Edge 4.4.4 | Maintenance Release | Stream 4.4.4 release notes are here.

Corrections

The Kubernetes Logs Source no longer emits duplicate events as a result of container log rotation. CRIBL-21576

We now ensure that data from Windows clients is in fact compressed before attempting to decompress it. This prevents the error Tried to interpret data bytes before a scheme was set that previously occurred in the Windows Event Forwarder when uncompressed data was incorrectly flagged as compressed. CRIBL-21957

The Windows Event Forwarder Source now correctly closes sockets upon receiving malformed requests from Windows clients. This avoids a situation where data flow stopped because the WEF Source had used up its maximum allowable active connections. CRIBL-21965

Shared New Features

The following new features are shared by Stream and Edge:

Load Balanced Webhook Destination

We’ve added support for load balancing in the Webhook Destination. You can enable load balancing and specify multiple webhook URLs and their load weights, which sets relative traffic-handling capabilities for each connection. You can also choose whether to exclude all IPs of the current host from the list of any resolved hostnames.

Exponential Backoff Retry for HTTP Destinations

In some HTTP-based Destinations, you can now configure retry behavior for HTTP requests to use an exponential backoff algorithm with settings for initial retry delay, retry delay multiplier, and maximum retry delay.

This works both for requests that time out (for example, because of Destination latency), or fail with a non-200 HTTP response code. You can configure retry behavior for the Google Chronicle, Azure Data Explorer, Dataset, and Elasticsearch Destinations.

Shared Corrections

The following corrections are shared by Stream and Edge:

Sources

  • The OpenTelemetry Source now correctly listens on the configured Address field instead of always listening on the default address regardless of configuration. CRIBL-21690

  • Splunk TCP Source can now properly send captures when the Max S2S version is set to v4. CRIBL-21378

  • OpenTelemetry now accurately reports when an HTTP server relinquishes listening on a port. Previously, Worker processes were failing to bind to a port when you swapped between two Sources that used the same port. CRIBL-21382

Destinations

  • We’ve added support for the labels field in the Google Chronicle Destination, so you can see which data was sent through Cribl. CRIBL-20950

  • The Google Chronicle Destination now holds subsequent attempts to receive data for 30 seconds by default. This helps if you’re running into quota limits and errors when sending data to Google Chronicle. CRIBL-21238

  • The DataDog Destination now correctly displays an error when an invalid token is added during configuration. CRIBL-21249