Merge branch '7.15' into update-stack-version-20210901050725-7.15

CHANGELOG.asciidoc

@@ -3,6 +3,36 @@
 :issue: https://github.com/elastic/beats/issues/
 :pull: https://github.com/elastic/beats/pull/
 
+[[release-notes-7.14.1]]
+=== Beats version 7.14.1
+https://github.com/elastic/beats/compare/v7.14.0...v7.14.1[View commits]
+
+==== Bugfixes
+
+*Affecting all Beats*
+
+- Allow conditional processing in `decode_xml` and `decode_xml_wineventlog`. {pull}27159[27159]
+
+*Filebeat*
+
+- Convert the o365 module's `client.port` and `source.port` to numbers (from strings) in events. {pull}22939[22939]
+- Fix the Snyk module to work with the new API changes. {pull}27358[27358]
+- Fix a bug in `http_endpoint` that caused numbers encoded as strings. {issue}27382[27382] {pull}27480[27480]
+
+*Metricbeat*
+
+- Change `server_status_path` default setting to `nginx_status` for the `nginx` module. {pull}26642[26642]
+- Change `startTime` and `endTime` of `GetMetricData` API in cloudwatch metricset to be only one collection period apart. {pull}27327[27327]
+- Fix cloudwatch metricset collecting duplicate data points. {pull}27248[27248]
+- Add percent formatters to system/process. {pull}27374[27374]
+- Fix instance machineType reporting in compute metricset of GCP module. {pull}27363[27363]
+
+==== Added
+
+*Filebeat*
+
+- Update Elasticsearch module's ingest pipeline for parsing new deprecation logs. {issue}26857[26857] {pull}26880[26880]
+
 [[release-notes-7.14.0]]
 === Beats version 7.14.0
 https://github.com/elastic/beats/compare/v7.13.4...v7.14.0[View commits]

CHANGELOG.next.asciidoc

@@ -46,7 +46,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Disable the option of running --machine-learning on its own. {pull}20241[20241]
 - Fix PANW field spelling "veredict" to "verdict" on event.action {pull}18808[18808]
 - Add support for GMT timezone offsets in `decode_cef`. {pull}20993[20993]
-- Release Filebeat Stack Monitoring modules as GA {pull}26226[26226]
 - Remove all alias fields pointing to ECS fields from modules. This affects the Suricata and Traefik modules. {issue}10535[10535] {pull}26627[26627]
 - Add option for S3 input to work without SQS notification {issue}18205[18205] {pull}27332[27332]
 
@@ -127,7 +126,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - The `o365input` and `o365` module now recover from an authentication problem or other fatal errors, instead of terminating. {pull}21258[21258]
 - Improve `perfmon` metricset performance. {pull}26886[26886]
 - Preserve annotations in a kubernetes namespace metadata {pull}27045[27045]
-- Allow conditional processing in `decode_xml` and `decode_xml_wineventlog`. {pull}27159[27159]
 - Fix build constraint that caused issues with doc builds. {pull}27381[27381]
 - Do not try to load ILM policy if `check_exists` is `false`. {pull}27508[27508] {issue}26322[26322]
 - Fix bug with cgroups hierarchy override path in cgroups {pull}27620[27620]
@@ -255,12 +253,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Fix `logstash` module when `xpack.enabled: true` is set from emitting redundant events. {pull}22808[22808]
 - Change vsphere.datastore.capacity.used.pct value to betweeen 0 and 1. {pull}23148[23148]
 - Allow metric prefix override per service in gcp module. {pull}26960[26960]
-- Change `server_status_path` default setting to `nginx_status` for the `nginx` module. {pull}26642[26642]
-- Fix cloudwatch metricset collecting duplicate data points. {pull}27327[27327]
-- Fix cloudwatch metricset collecting duplicate data points. {pull}27248[27248]
-- Fix flaky test TestAddCounterInvalidArgWhenQueryClosed. {issue}27312[27312] {pull}27313[27313]
-- Add percent formatters to system/process {pull}27374[27374]
-- Fix instance machineType reporting in compute metricset of GCP module {pull}27363[27363]
 - Update metrics configuration and dashboards after changes in the Azure Monitor {pull}27520[27520]
 
 *Packetbeat*
@@ -408,62 +400,15 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Upgrade panw module to ecs 1.8 {issue}23118[23118] {pull}23931[23931]
 - Upgrade juniper/srx to ecs 1.8.0. {issue}23118[23118] {pull}23936[23936]
 - Upgrade okta to ecs 1.8.0 and move js processor to ingest pipeline {issue}23118[23118] {pull}23929[23929]
-- Update zoom module to ECS 1.8. {pull}23904[23904] {issue}23118[23118]
-- Support X-Forwarder-For in IIS logs. {pull}19142[192142]
-- Add support for logs generated by servers configured with `log_statement` and `log_duration` in PostgreSQL module. {pull}24607[24607]
-- Added fifteen new message IDs to Cisco ASA/FTD pipeline. {pull}24744[24744]
-- Added NTP fileset to Zeek module {pull}24224[24224]
-- Add `proxy_url` config for httpjson v2 input. {issue}24615[24615] {pull}24662[24662]
-- Change `okta.target` to `flattened` field type.  {issue}24354[24354] {pull}24636[24636]
-- Added `http.request.id` to `nginx/ingress_controller` and `elasticsearch/audit`. {pull}24994[24994]
-- Add `awsfargate` module to collect container logs from Amazon ECS on Fargate. {pull}25041[25041]
-- New module `cyberarkpas` for CyberArk Privileged Access Security audit logs. {pull}24803[24803]
-- Add `uri_parts` processor to Apache, Nginx, IIS, Traefik, S3Access, Cisco, F5, Fortinet, Google Workspace, Imperva, Microsoft, Netscout, O365, Sophos, Squid, Suricata, Zeek, Zia, Zoom, and ZScaler modules ingest pipelines. {issue}19088[19088] {pull}24699[24699]
-- New module `zookeeper` for Zookeeper service and audit logs {issue}25061[25061] {pull}25128[25128]
-- Add parsing for `haproxy.http.request.raw_request_line` field  {issue}25480[25480] {pull}25482[25482]
-- Mark `filestream` input beta. {pull}25560[25560]
-- Update PanOS module to parse Global Protect & User ID logs. {issue}24722[24722] {issue}24724[24724] {pull}24927[24927]
-- Add HMAC signature validation support for http_endpoint input. {pull}24918[24918]
-- Add new grok pattern for iptables module for Ubiquiti UDM {issue}25615[25615] {pull}25616[25616]
-- Add multiline support to aws-s3 input. {issue}25249[25249] {pull}25710[25710] {pull}25873[25873]
-- Add monitoring metrics to the `aws-s3` input. {pull}25711[25711]
-- Added `network.direction` fields to Zeek and Suricata modules using the `add_network_direction` processor {pull}24620[24620]
-- Add Content-Type override to aws-s3 input. {issue}25697[25697] {pull}25772[25772]
-- In Cisco Umbrella fileset add users from cisco.umbrella.identities to related.user. {pull}25776[25776]
-- Add fingerprint processor to generate fixed ids for `google_workspace` events. {pull}25841[25841]
-- Update PanOS module to parse HIP Match logs. {issue}24350[24350] {pull}25686[25686]
-- Support MongoDB 4.4 in filebeat's MongoDB module. {issue}20501[20501] {pull}24774[24774]
-- Enhance GCP module to populate orchestrator.* fields for GKE / K8S logs {pull}25368[25368]
-- Add log_group_name_prefix config into aws-cloudwatch input. {pull}26187[26187]
-- Move Filebeat azure module to GA. {pull}26114[26114] {pull}26168[26168]
-- Make `filestream` input GA. {pull}26127[26127]
-- http_endpoint: Support multiple documents in a single request by POSTing an array or NDJSON format. {pull}25764[25764]
-- Add new `parser` to `filestream` input: `container`. {pull}26115[26115]
-- Add support for ISO8601 timestamps in Zeek fileset {pull}25564[25564]
-- Add possibility to include headers in resulting docs and preserve the original event in http_endpoint input {pull}26279[26279]
-- Add `preserve_original_event` option to `o365audit` input. {pull}26273[26273]
-- Add `log.flags` to events created by the `aws-s3` input. {pull}26267[26267]
-- Add `include_s3_metadata` config option to the `aws-s3` input for including object metadata in events. {pull}26267[26267]
-- RFC 5424 and UNIX socket support in the Syslog input are now GA {pull}26293[26293]
-- Update grok patterns for HA Proxy module {issue}25827[25827] {pull}25835[25835]
-- Update PanOS module's date processor formats to parse `strict_date_optional_time_nanos`. {issue}26033[26033] {pull}26158[26158]
-- Update Okta module to parse additional fields to `okta.debug_context.debug_data`. {issue}25689[25689] {pull}25818[25818]
-- Added dataset `anomalithreatstream` to the `threatintel` module to ingest indicators from Anomali ThreatStream {pull}26350[26350]
-
-- Add support for `copytruncate` method when rotating input logs with an external tool in `filestream` input. {pull}23457[23457]
-- Add `uri_parts` and `user_agent` ingest processors to `aws.elb` module. {issue}26435[26435] {pull}26441[26441]
-- Added dataset `recordedfuture` to the `threatintel` module to ingest indicators from Recorded Future Connect API {pull}26481[26481]
-- Update `fortinet` ingest pipelines. {issue}22136[22136] {issue}25254[25254] {pull}24816[24816]
-- Use default add_locale for fortinet.firewall {issue}20300[20300] {pull}26524[26524]
 - Add new template functions and `value_type` parameter to `httpjson` transforms. {pull}26847[26847]
 - Add support to merge registry updates in the filestream input across multiple ACKed batches in case of backpressure in the registry or disk. {pull}25976[25976]
 - Add support to `decode_cef` for MAC addresses that do not contain separator characters. {issue}27050[27050] {pull}27109[27109]
-- Update Elasticsearch module's ingest pipeline for parsing new deprecation logs {issue}26857[26857] {pull}26880[26880]
 - Add new `hmac` template function for httpjson input {pull}27168[27168]
 - Update `tags` and `threatintel.indicator.provider` fields in `threatintel.anomali` ingest pipeline {issue}24746[24746] {pull}27141[27141]
 - Move AWS module and filesets to GA. {pull}27428[27428]
 - update ecs.version to ECS 1.11.0. {pull}27107[27107]
 
+
 *Heartbeat*
 
 - Bundle synthetics deps with heartbeat docker image. {pull}23274[23274]

libbeat/docs/release.asciidoc

@@ -8,6 +8,7 @@ This section summarizes the changes in each release. Also read
 <<breaking-changes>> for more detail about changes that affect
 upgrade.
 
+* <<release-notes-7.14.1>>
 * <<release-notes-7.14.0>>
 * <<release-notes-7.13.4>>
 * <<release-notes-7.13.3>>