Skip to content

Tenzir Node v4.7.0

Download the release on GitHub.

Features

Section titled “Features”

Add file data to show partitions

Section titled “Add file data to show partitions”

show partitions now contains location and size of the store, index, and sketch files of a partition, as well the aggregate size at diskusage.

By @tobim in #3675.

Implement the geoip context

Section titled “Implement the geoip context”

The new geoip context is a built-in that reads MaxMind DB files and uses IP values in events to enrich them with the MaxMind DB geolocation data.

By @Dakostu in #3731.

Show processes and sockets

Section titled “Show processes and sockets”

With the new processes and sockets source operators, you can now get a snapshot of the operating system processes and sockets as pipeline input.

By @mavam in #3521.

Add grok parser

Section titled “Add grok parser”

The grok parser, for use with the parse operator, enables powerful regex-based string dissection.

By @eliaskosunen in #3683.

Add TCP saver

Section titled “Add TCP saver”

The tcp connector is now also a saver in addition to a loader.

By @mavam in #3727.

Add support for macOS-style syslog messages

Section titled “Add support for macOS-style syslog messages”

The syslog parser now supports macOS-style syslog messages.

By @eliaskosunen in #3692.

Include UDOs in show operators

Section titled “Include UDOs in show operators”

show operators now shows user-defined operators in addition to operators that ship with Tenzir or as plugins.

By @dominiklohmann in #3723.

Add kv parser

Section titled “Add kv parser”

The kv parser splits strings into key-value pairs.

By @jachris in #3646.

Implement the slice operator

Section titled “Implement the slice operator”

The slice operator keeps a range of events within a half-closed interval. Begin and end of the interval can be specified relative to the first or last event.

By @dominiklohmann in #3703.

Changes

Section titled “Changes”

Add support for macOS-style syslog messages

Section titled “Add support for macOS-style syslog messages”

The events created by the RFC 3164 syslog parser no longer has a tag field, but app_name and process_id.

By @eliaskosunen in #3692.

Allow empty field names

Section titled “Allow empty field names”

Records can now have fields where the name is empty.

By @jachris in #3742.

Show processes and sockets

Section titled “Show processes and sockets”

The show operator now always connects to and runs at a node. Consequently, the version and nics aspects moved into operators of their own.

By @mavam in #3521.

Bug Fixes

Section titled “Bug Fixes”

Prevent delays for blocking operators

Section titled “Prevent delays for blocking operators”

Pipeline operators blocking in their execution sometimes caused results to be delayed. This is no longer the case. This bug fix also reduces the time to first result for pipelines with many operators.

By @dominiklohmann in #3743.

Last updated: