Agent v1.22.0

Domain for K8s Metrics, Node Status Updates, Cisco ASA Log Formatting, and Multi-Select Option Support.

  2 minute read  

November 5, 2024

New Features

  • Domain for K8s Metrics: Introduced a domain attribute for Kubernetes metrics to enhance data categorization.
  • Node Status Updates: Promoted several nodes including Splunk HEC, Kubernetes Trace Source, Top-k, OpenTSDB Parser, Ratio, and Generic Transform to Stable status.
  • Cisco ASA Log Formatting: Updated Cisco ASA logs in the Demo source for improved compatibility and standardized formatting.
  • Multi-Select Option Support: Added UI support for multi-select options, initially applied to the Log to Metric node.
  • OTTL Custom Functions: Added EDXExtractPatterns and EDXParseKeyValue OTTL custom functions. EDXExtractPatterns enables dynamic regex patterns from field references. EDXParseKeyValue handles duplicate keys in key-value pair strings by supporting multiple merge strategies such as first, last, append, concat, and indexed.

Security

  • Agent running as a service in Linux OS: The agent service can now be run by a non-root user. To upgrade Linux fleets to this agent version or higher, uninstall the existing root-user fleet and install a fresh non-root instance.

Enhancements

  • CEL Expression Evaluation Optimization: Reused evaluation context across expressions to minimize CPU and memory usage.
  • Data Item Type Casting: Streamlined and optimized item processing to eliminate redundant memory and CPU usage across various item types.
  • Lookup Optimization: Optimized memory usage and processing efficiency for lookup tables and fixed handling of tables with duplicate keys. Optimized process by prioritizing rows-first search during table lookup operations, streamlining resource usage.
  • Extended User-Agent header to include version, OS, architecture, and Go version for detailed reporting.
  • Severity and Timestamp: Enhanced GCL by supporting severity and timestamp extraction.
  • Log Sentiment Efficiency: Reduced CPU workload by calculating log sentiment scores only upon discovery of new pattern variations.

Bug Fixes

  • eBPF Load and Reload Fixes: Restored functionality in eBPF attaching under reload scenarios without waiting for pod change events.
  • Metric Name and Mapping Fixes: Addressed incorrect metric mappings for ed_k8s_metric_container_network_transmit_bytes and removed outdated metric paths.
  • Enhanced label validation for Loki, Prometheus and GCL destinations.
  • Log Duplication: Fixed duplication of logs to debug destination.

Miscellaneous

  • Metric Refactoring: Refined metric ingestion with new naming conventions and deprecated extraneous pathways.
  • Namespace Information: Added net peer namespace to Kubernetes Traffic and Kubernetes Trace nodes.

This release focuses on optimizing system performance, enhancing security measures on Linux services, and broadening metric categorization to enhance data clarity.