Agent v1.38.0

CrowdStrike FDR Source, Log Parsing Mode for Kubernetes Input, Agent Identifier to Self Telemetry, and ed.pipeline.node.category & Component to Agent Self Logs.

  2 minute read  

May 29, 2025

New Features

  • Add CrowdStrike FDR Source: Introduced a new log source for CrowdStrike FDR, enabling ingestion of logs from AWS SQS with specific message formatting and broadening support for security telemetry pipelines.
  • Log Parsing Mode for Kubernetes Input: Enabled a parse JSON source option for the Kubernetes Log source node.
  • Add Agent Identifier to Self Telemetry: Enriched all self-telemetry data (metrics and logs) with the agent identifier and updated to use node name as the host name for Kubernetes components, improving observability and traceability.
  • Add ed.pipeline.node.category & Component to Agent Self Logs: Appended pipeline node category and component attributes to agent self logs, improving the granularity of telemetry data for input nodes.

Improvements

  • Log Threshold Monitor Performance: Optimized internal logic to avoid repeated map flattening and unnecessary computation, substantially improving evaluation speed and reducing memory pressure.
  • Self-Log Uploader Tag Map Initialization: Fixed occasional failures in the self log uploader by ensuring other tags map is always initialized, improving reliability of self-logs.
  • Deduplicate Logs Item-Time Batching: Introduced batching based on item timestamps (instead of system time) for the Deduplicate Logs processor, resulting in more accurate batched results and improved behavior with out-of-order data.
  • Aggregation Temporality Standardization: Modified aggregation temporality to be consistently lowercase, ensuring protocol compliance and consistent behavior across integrations.
  • Removed src_type: Removed the src_type attribute to all destinations and updated rollup rules to use category-based rules, streamlining data and complying with updated metric structures.
  • Name Optional for Aggregate Metric Rules: Made the name field for aggregate metric rules optional, enabling support for rollup mode within the aggregate metric processor and making aggregations more flexible for users.
  • Move Trace Attribute Enrichment to Output: Shifted trace attribute enrichment for Edge Delta-specific fields from the input/tailer logic to the output destination logic, centralizing attribute management and simplifying tailer implementations.

Bug Fixes

  • Log Item Body Return Result Correction: Fixed incorrect handling of log item body for non-string and non-byte array types, resolving compatibility and processor issues introduced with the previous update to support any type.