Download the release on GitHub.
Features
Section titled “Features”Implement to_google_secops
Section titled “Implement to_google_secops”We now provide an integration for customers with a Google SecOps workspace via
the to_google_secops operator. This new operator can send logs via the
Chronicle Ingestion
API.
Implement .? and get for field access without warnings
Section titled “Implement .? and get for field access without warnings”The .? operator is a new alternative to the . operator that allows field
access without warnings when the field does not exist or the parent record is
null. For example, both foo.bar and foo.?bar return null if foo is
null, or if bar does not exist, but the latter does not warn about this.
Functionally, foo.?bar is equivalent to foo.bar if foo.has("bar").
The get method on records or lists is an alternative to index expressions that
allows for specifying a default value when the list index is out of bounds or
the record field is missing. For example, foo[bar] is equivalent to
foo.get(bar), and foo[bar] if foo.has(bar) else fallback is equivalent to
foo.get(bar, fallback). This works for both records and lists.
Indexing expressions on records now support numeric indices to access record
fields. For example, this[0] returns the first field of the top-level record.
The has method on records no longer requires the field name to be a constant.
The config function replaces the previous config operator as a more flexible
mechanism to access variables from the configuration file. If you rely on the
previous behavior, use from config() as a replacement.
By @dominiklohmann in #5099.
Bug Fixes
Section titled “Bug Fixes”Fix a stack-use-after-move in save_tcp
Section titled “Fix a stack-use-after-move in save_tcp”The save_tcp operator no longer panics or crashes on startup when it cannot
connect to the provided hostname and port, and instead produces a helpful error
message.
By @dominiklohmann in #5103.
Check array validity before iterating
Section titled “Check array validity before iterating”The parse_json function no longer crashes in case it encounters invalid
arrays.
Fix error response and lifetime issues in from_opensearch
Section titled “Fix error response and lifetime issues in from_opensearch”We fixed a bug that caused the from_opensearch operator to crash on high
volume input. Additionally, the operator now correctly responds to requests.