🚀 Features
Section titled “🚀 Features”TQL printer
Section titled “TQL printer”Jan 20, 2025 · @IyeOnline · #4921
You can use the new write_tql operator to print events as TQL expressions.
We added strip options to write_json and write_ndjson, allowing you to
strip null fields as well as empty records or lists.
Implement to_asl operator
Section titled “Implement to_asl operator”Jan 17, 2025 · @IyeOnline · #4911
We added a to_asl operator that can be used to send OCSF normalized events
to an Amazon Security Lake.
Implement match_regex
Section titled “Implement match_regex”Jan 17, 2025 · @IyeOnline · #4917
You can use the new string.match_regex(regex:string) function to check whether
a string partially matches a regular expression.
Introduce CAF metrics
Section titled “Introduce CAF metrics”Jan 15, 2025 · @dominiklohmann · #4897
metrics "caf" offers insights into Tenzir’s underlying actor system. This is
primarily aimed at developers for performance benchmarking.
The new merge function combines two records. merge(foo, bar) is a shorthand
for {...foo, ...bar}.
🔧 Changes
Section titled “🔧 Changes”Fix overzealous parameter validation in /pipeline/launch
Section titled “Fix overzealous parameter validation in /pipeline/launch”Jan 21, 2025 · @dominiklohmann · #4919
Contexts persist less frequently now in the background, reducing their resource usage.
Use adaptive resolution and Z suffix in timestamp printer
Section titled “Use adaptive resolution and Z suffix in timestamp printer”Jan 21, 2025 · @jachris · #4916
Timestamps are now printed with a Z suffix to indicate that they are relative
to UTC. Furthermore, the fractional part of the seconds is no longer always
printed using 6 digits. Instead, timestamps that do not have sub-second
information no longer have a fractional part. Other timestamps are either
printed with 3, 6 or 9 fractional digits, depending on their resolution.
Durations that are printed as minutes now use min instead of m.
Additionally, the fractional part of durations is now printed with full
precision instead of being rounded to two digits.
TQL printer
Section titled “TQL printer”Jan 20, 2025 · @IyeOnline · #4921
The implicit sources and sinks that can be set via commandline options or configuration now use TQL2.
The default implicit event sink now writes TQL values instead of JSON.
Improve configured pipeline startup errors
Section titled “Improve configured pipeline startup errors”Jan 14, 2025 · @jachris · #4886
Errors from the startup of configured pipelines, including those coming from configured packages, now have improved rendering.
🐞 Bug Fixes
Section titled “🐞 Bug Fixes”Fix CONVERSION part for GROK patterns
Section titled “Fix CONVERSION part for GROK patterns”Jan 21, 2025 · @IyeOnline · #4939
We fixed a bug which broke the CONVERSION part of the GROK pattern semantic.
Fix overzealous parameter validation in /pipeline/launch
Section titled “Fix overzealous parameter validation in /pipeline/launch”Jan 21, 2025 · @dominiklohmann · #4919
We fixed an overzealous parameter validation bug that prevented the use of the
/pipeline/launch API endpoint when specifying a cache_id without a
serve_id when definition contained a definition for a pipeline without a
sink.