🚀 Features
Section titled “🚀 Features”Implement the geoip context
Section titled “Implement the geoip context”Dec 19, 2023 · @Dakostu · #3731
The new geoip context is a built-in that reads MaxMind DB files and uses IP
values in events to enrich them with the MaxMind DB geolocation data.
Add support for macOS-style syslog messages
Section titled “Add support for macOS-style syslog messages”Dec 18, 2023 · @eliaskosunen · #3692
The syslog parser now supports macOS-style syslog messages.
Add TCP saver
Section titled “Add TCP saver”The tcp connector is now also a saver in addition to a loader.
Add kv parser
Section titled “Add kv parser”Dec 13, 2023 · @jachris · #3646
The kv parser splits strings into key-value pairs.
Add grok parser
Section titled “Add grok parser”Dec 12, 2023 · @eliaskosunen · #3683
The grok parser, for use with the parse operator, enables powerful
regex-based string dissection.
Show processes and sockets
Section titled “Show processes and sockets”With the new processes and sockets source operators, you can now get a
snapshot of the operating system processes and sockets as pipeline input.
Add file data to show partitions
Section titled “Add file data to show partitions”show partitions now contains location and size of the store, index, and
sketch files of a partition, as well the aggregate size at diskusage.
Include UDOs in show operators
Section titled “Include UDOs in show operators”Dec 8, 2023 · @dominiklohmann · #3723
show operators now shows user-defined operators in addition to operators
that ship with Tenzir or as plugins.
Implement the slice operator
Section titled “Implement the slice operator”Dec 7, 2023 · @dominiklohmann · #3703
The slice operator keeps a range of events within a half-closed interval.
Begin and end of the interval can be specified relative to the first or last
event.
🔧 Changes
Section titled “🔧 Changes”Add support for macOS-style syslog messages
Section titled “Add support for macOS-style syslog messages”Dec 18, 2023 · @eliaskosunen · #3692
The events created by the RFC 3164 syslog parser no longer has a tag field,
but app_name and process_id.
Allow empty field names
Section titled “Allow empty field names”Dec 18, 2023 · @jachris · #3742
Records can now have fields where the name is empty.
Show processes and sockets
Section titled “Show processes and sockets”The show operator now always connects to and runs at a node. Consequently, the
version and nics aspects moved into operators of their own.
🐞 Bug Fixes
Section titled “🐞 Bug Fixes”Prevent delays for blocking operators
Section titled “Prevent delays for blocking operators”Dec 18, 2023 · @dominiklohmann · #3743
Pipeline operators blocking in their execution sometimes caused results to be delayed. This is no longer the case. This bug fix also reduces the time to first result for pipelines with many operators.