🚀 Features
Section titled “🚀 Features”Add universal function call syntax
Section titled “Add universal function call syntax”Nov 6, 2024 · @jachris · #4730
TQL now supports “universal function call syntax,” which means that every method is callable as a function and every function with at least one positional argument is callable as a method.
Add spread syntax ...expr for lists
Section titled “Add spread syntax ...expr for lists”Nov 6, 2024 · @jachris · #4729
The spread syntax ... can now be used inside lists to expand one list into
another. For example, [1, ...[2, 3]] evaluates to [1, 2, 3].
Implement floor and ceil functions
Section titled “Implement floor and ceil functions”ceil and floor join the existing round function for rounding numbers,
durations, and timestamps upwards and downwards, respectively.
Port kafka connector to TQL2
Section titled “Port kafka connector to TQL2”New load_kafka and save_kafka operators enable seamless integration with
Apache Kafka in TQL2.
Add load_balance operator
Section titled “Add load_balance operator”Nov 5, 2024 · @jachris · #4720
The new load_balance operator distributes events over a set of subpipelines.
Add a splunk sink operator
Section titled “Add a splunk sink operator”Nov 4, 2024 · @IyeOnline · #4719
The new to_splunk sink operator writes data to Splunk HEC endpoint.
Implement in for list_type
Section titled “Implement in for list_type”Oct 31, 2024 · @raxyte · #4691
The relational operator in now supports checking for existence of an element
in a list. For example, where x in ["important", "values"] is functionally
equivalent to where x == "important" or x == "values".
Expose new hash functions
Section titled “Expose new hash functions”We’ve added new hash functions for commonly used algorithms: hash_md5,
hash_sha1, hash_sha224, hash_sha256, hash_sha384, hash_sha512,
hash_xxh3.
🔧 Changes
Section titled “🔧 Changes”splunk fixes & consistent operator naming
Section titled “splunk fixes & consistent operator naming”Nov 5, 2024 · @IyeOnline · #4726
We renamed the TQL2 azure_log_analytics operator to to_azure_log_analytics.
We renamed the TQL2 velociraptor operator to from_velociraptor.
🐞 Bug Fixes
Section titled “🐞 Bug Fixes”Correctly handle duplicate serve requests and tune some logs
Section titled “Correctly handle duplicate serve requests and tune some logs”We eliminated a rare crash in the serve operator that was introduced in
v4.20.3.
Make str(enum) return the name of the enum entry
Section titled “Make str(enum) return the name of the enum entry”Oct 31, 2024 · @jachris · #4717
The str function no longer returns the numeric index of an enumeration value.
Instead, the result is now the actual name associated with that value.
Fix TQL2 summarize with no groups and no input
Section titled “Fix TQL2 summarize with no groups and no input”Oct 29, 2024 · @dominiklohmann · #4709
TQL2’s summarize now returns a single event when used with no groups and no
input events just like in TQL1, making from [] | summarize count=count()
return {count: 0} instead of nothing.