5.21.411 - 2024-11-18
Supports collectorforlinux version 5.21.x and below
- Update application for Splunk Cloud compatibility
5.21.410 - 2023-10-16
Supports collectorforlinux version 5.21.x and below
- New dashboard for Collectord metrics
- Added
version=1.1to all dashboards for Splunk Cloud compatibility and AppInspector
Collectord updates:
- Support global replace configurations to sanitize data before forwarding to Splunk
- When both volatile and persistent journald destinations exist, Collectord identifies which has the most recent data
- Send more precise timestamps to Splunk
- Send logs to multiple Splunk HEC endpoints simultaneously
collectord diagskips performance profiles unless--include-performance-profilesis set- Performance improvements for the acknowledgement database
- Acknowledgement database keeps state longer by refreshing entries when files still exist on disk
- Verify that only one Collectord instance can access the data folder where Collectord stores its state
- Send events with
event_id, a unique identifier for messages generated from logs - Splunk output supports
maximumMessageLengthto truncate messages exceeding this size - Splunk output supports
requireExplicitIndexto drop events that don’t carry an explicit index - Weighted Splunk output algorithm when multiple threads are used
- Improved grace period for expired licenses - bootstrap new nodes for 14 days after expiration
- Report source and source type for events with an incorrect index
- Allow multiple values for blacklist and whitelist on host logs
- Support for licensing server
- Support query parameters in Prometheus URLs for metrics
- Support journald databases written by systemd library 247+
- Support for CPU-based licenses
- Support for cgroupv2
- Support for arm64/aarch64 architecture
- Upgrade Go runtime to 1.21.3
- Upgrade sqlite3 library to 3.43.1
- Improved DNS resolution for Splunk output FQDNs
- Export internal Collectord metrics in Prometheus format
- Forward internal Collectord metrics to Splunk
- Include all open file descriptors in
collectord diag - Filter host logs with blacklist and whitelist
- Blacklist and whitelist Prometheus metrics - significantly reduces indexing cost
- Support templates in
index,source, andsourcetype - Allow excluding indexed fields when forwarding to Splunk
- Bug fix: Collectord clogs the output with WARN messages about closed Splunk outputs
- Bug fix: parse commas in log timestamps
- Bug fix: Collectord can clog the output if cgroupv2 is used and
blkiois not enabled - Bug fix: Collectord crashed when the default
output.splunkwas missing - now reports the error instead - Bug fix: real license key is no longer included in diag bundles
- Bug fix: Collectord reports high CPU usage for newly started hosts
- Bug fix: include the values of whitelists and blacklists in diag
- Bug fix:
verifycommand does not respect glob patterns for Prometheus inputs (certs, tokens) - Bug fix: trim spaces in token value for Prometheus inputs
- Bug fix: Prometheus metrics parser - empty fields could be filled with previous fields
- Bug fix: better handling of connections to metrics endpoints exported in Prometheus format
- Bug fix: HTTP connection improvements when Splunk is unresponsive
- Bug fix:
verifycommand can show an incorrect error when verifying journald input - Bug fix: when an event pattern is used to join multi-line events, errors raised by the pipeline input were swallowed
- Bug fix: reduce warnings about failing to get the new event in the pipeline
5.12.272 - 2019-11-08
Collectord updates:
- Bug fix: when rotated files reuse FileID/DevID, Collectord stops forwarding rotated files
5.12.271 - 2019-11-07
Collectord updates:
- Bug fix: when an event pattern is used to join multi-line events, errors raised by the pipeline input were swallowed
- Bug fix: reduce warnings about failing to get the new event in the pipeline
- Stability improvements
5.12.270 - 2019-10-22
- Initial release