Download the release on GitHub.
Features
Section titled “Features”Implement parse_syslog
Section titled “Implement parse_syslog”You can use the new parse_syslog function to parse a string as a syslog message.
By @IyeOnline in #4980.
Add explicit tls options to to_opensearch and to_splunk
Section titled “Add explicit tls options to to_opensearch and to_splunk”to_opensearch and to_splunk now feature an explicit tls option.
By @IyeOnline in #4983.
More parsing functions
Section titled “More parsing functions”It is now possible to define additional patterns in the parse_grok function.
The read_xsv family of parsers now accept the header as a list of strings as
an alternative to a single delimited string.
read_grok now accepts additional pattern_definitions as either a record
mapping from pattern name to definition or a string of newline separated
patterns definitions.
We introduced the parse_csv, parse_kv, parse_ssv, parse_tsv, parse_xsv and
parse_yaml functions, allowing you to parse strings as those formats.
The map function now handles cases where list elements mapped to different types.
By @IyeOnline in #4933.
Implement load_stdin and save_stdout
Section titled “Implement load_stdin and save_stdout”The new load_stdin operator accepts bytes from standard input, while save_stdout
writes bytes to standard output.
By @IyeOnline in #4969.
Changes
Section titled “Changes”Stop collecting metrics for hidden pipelines
Section titled “Stop collecting metrics for hidden pipelines”metrics "operator" no longer includes metrics from hidden pipelines, such as
pipelines run under-the-hood by the Tenzir Platform.
By @dominiklohmann in #4966.
Evict old caches when exceeding capacity limits
Section titled “Evict old caches when exceeding capacity limits”Unless specified explicitly, the cache has no more default capacity in terms
of number of events per cache. Instead, the node now tracks the global cache
capacity in number of bytes. This is limited to 1GiB by default, and can be
configured with the tenzir.cache.capacity option. For practical reasons, we
require at least 64MiB of caches.
The default write_timeout of caches increased from 1 minute to 10 minutes, and
can now be configured with the tenzir.cache.lifetime option.
The /serve endpoint now returns an additional field state, which can be one
of running, completed, or failed, indicating the status of the pipeline
with the corresponding serve operator at the time of the request.
By @dominiklohmann in #4984.
Bug Fixes
Section titled “Bug Fixes”More parsing functions
Section titled “More parsing functions”Re-defining a predefined grok pattern no longer terminates the application.
The string.parse_json() function can now parse single numbers or strings instead
of only objects.
read_leef and parse_leef now include the event_class_id in their output.
read_yaml now properly parses numbers as numbers.
By @IyeOnline in #4933.
Fix shutdown of the lookup helper actor
Section titled “Fix shutdown of the lookup helper actor”We sqashed a bug that prevented the tenzir-node process from exiting cleanly
while the lookup operator was used in a pipeline.
Evict old caches when exceeding capacity limits
Section titled “Evict old caches when exceeding capacity limits”We fixed an up to 60 seconds hang in requests to the /serve endpoint when the
request was issued after the pipeline with the corresponding serve operator
was started and before it finished with an error and without results.
By @dominiklohmann in #4984.