🚀 Features
Section titled “🚀 Features”Improve summarize result for empty inputs
Section titled “Improve summarize result for empty inputs”Nov 16, 2023 · @jachris · #3640
If the summarize operator has no by clause, it now returns a result even
if there is no input. For example, summarize num=count(.) returns an event
with {"num": 0}. Aggregation functions which do not have a single default
value, for example because it would depend on the input type, return null.
Add an operator blocklist
Section titled “Add an operator blocklist”Nov 15, 2023 · @dominiklohmann · #3642
The tenzir.disable-plugins option is a list of names of plugins and builtins
to explicitly forbid from being used in Tenzir. For example, adding shell
will prohibit use of the shell operator builtin, and adding kafka will
prohibit use of the kafka connector plugin. This allows for a more
fine-grained control than the tenzir.allow-unsafe-pipelines option.
Always enable time and bool synopses
Section titled “Always enable time and bool synopses”Nov 15, 2023 · @dominiklohmann · #3639
Lookups against uint64, int64, double, and duration fields now always use sparse
indexes, which improves the performance of export | where <expression> for
some expressions.
Flush implicitly in the import operator
Section titled “Flush implicitly in the import operator”Nov 14, 2023 · @dominiklohmann · #3638
The import operator now flushes events to disk automatically before returning,
ensuring that they are available immediately for subsequent uses of the export
operator.
Add an api source operator
Section titled “Add an api source operator”Nov 14, 2023 · @dominiklohmann · #3630
The api source operator interacts with Tenzir’s REST API without needing to
spin up a web server, making all APIs accessible from within pipelines.
Relax type restrictions for queries with numeric literals
Section titled “Relax type restrictions for queries with numeric literals”Nov 13, 2023 · @dominiklohmann · #3634
In where <expression>, the types of numeric literals and numeric fields in an
equality or relational comparison must no longer match exactly. The literals
+42, 42 or 42.0 now compare against fields of types int64, uint64, and
double as expected.
🔧 Changes
Section titled “🔧 Changes”Use prefix matching instead of suffix matching
Section titled “Use prefix matching instead of suffix matching”Nov 15, 2023 · @jachris · #3616
The operators drop, pseudonymize, put, extend, replace, rename and
select were converted from suffix matching to prefix matching and can
therefore address records now.
Always enable time and bool synopses
Section titled “Always enable time and bool synopses”Nov 15, 2023 · @dominiklohmann · #3639
Sparse indexes for time and bool fields are now always enabled, accelerating lookups against them.
🐞 Bug Fixes
Section titled “🐞 Bug Fixes”Ensure exporter metrics don’t get lost
Section titled “Ensure exporter metrics don’t get lost”The exporter.* metrics will now be emitted in case the exporter finishes
early.
Rename --appending option for save file to --append
Section titled “Rename --appending option for save file to --append”Nov 7, 2023 · @dominiklohmann · #3629
The long option --append for the file and directory savers now works as
documented. Previously, only the short option worked correctly.