Agent v2.1.0

July 2, 2025

New Features

• Source-based Metadata Filtering: Added the ability to define and filter metadata fields for eligible source nodes, enabling more granular control over ingested metadata at the configuration level.
• Lookup Processor Matching Modes: Introduced new match modes (contain, prefix, suffix) for the lookup processor.
• TelemetryGen Source Node: Added a new TelemetryGen source node supporting metrics and traces with multiple template configurations, enabling richer and more customizable synthetic telemetry data generation.
• Securonix Output Node: Added support for Securonix SIEM as an output destination, allowing seamless integration with Securonix for security event ingestion.
• Router Node (OTTL-based): Introduced a new Route node supporting OTTL statements, expanding routing capabilities with advanced expression support.
• Expose Parallel Worker Count for Outputs: Exposed configuration for parallel request (worker) count in advanced settings for non-notifier output nodes, allowing for increased throughput customization.
• TLS Config for HTTP Pull Source: Added TLS configuration options to the HTTP Pull input node, enabling secure HTTPS data ingestion.
• Support for EndpointSlices in Helm Chart: Added native support for the EndpointSlices Kubernetes resource in the Helm chart to improve load balancing and scalability in Kubernetes environments.

Improvements

• Telemetry Provider Resource Pre-initialization: Pre-initialized resource and attribute maps within self telemetry, improving performance and reducing latency in metric bucketing.
• Self Telemetry Node Advanced Setting: Added an advanced setting to the self telemetry node to disable intermediate node telemetry, only emitting data from input and output nodes for streamlined reporting.
• Disable Old Telemetry Components: Disabled pipeline I/O stats and node health counting when new self telemetry is enabled, reducing resource usage and metric duplication.
• Deprecated Health Manager: Finalized removal of the health manager in favor of using obsreport and self telemetry for pipeline health metrics, simplifying telemetry collection and infrastructure.
• Parameterize File Tailer Settings: Made tailer buffer size and seek capacity for file tailing configurable via advanced settings and pipeline YAML, enhancing tuning options for high-throughput or resource-constrained environments.
• File Tailer Buffer Default Update: Updated file tailer to be unbuffered by default, reducing memory usage and preventing OOM scenarios, with an option to adjust via advanced settings.
• Support Numeric Types in Probabilistic Sampling: Enabled support for all numeric types in the priority field of the probabilistic sampling processor, improving flexibility in rule definition.
• GCS Destination Native Auth Support: The GCS output node now supports empty authentication fields for use with Google workload identity, allowing seamless integration without static credentials; backward compatibility retained with HMAC keys.
• Common S3 Path Format for Presigned Uploads: Updated presigned S3 upload endpoint to include destination name in the object key, preventing key collisions and improving upload reliability.
• Support Identifier-based pprof Ingestion: Enhanced pprof ingestion to associate data with unique agent identifiers in addition to host names, improving debugging and analytics resolution.

Bug Fixes

• Metadata Field Name Correction for Windows Event: Corrected incorrect field naming for Windows event sources, fixing compatibility and ingestion issues on Windows environments.
• Fix for Compactor and Coordinator Clients: Addressed bugs related to S3 path handling and coordinator client state refresh, improving upload reliability and connection management.
• Fix Winevent Tailer Field Traversal: Stopped sending Edge Delta-specific fields (ed.tag, ed.conf.id, ed.org.id) in logs and events that can be inferred from file upload paths, reducing data overhead and destination pollution.
• Self Log & ObsReport Gaps for Gateway Connection: Fixed gaps in self log and obsreport metrics for gateway connection, ensuring accurate telemetry and reporting.
• Path Extraction Logic in JSON Unroll: Updated JSON Unroll node to use proper OTTL and correct path extraction logic, preventing errors and supporting expected behavior.
• Output Error Log Rate Limiter Adjustments: Increased error log rate limiter interval for output nodes to 5 minutes and added granular error log rate limiters for processors and output nodes to reduce log spam and improve clarity.
• Rate Limiter for Self Log Uploader: Introduced a rate limiter to the self log uploader, preventing excessive log uploads and protecting backend resources.
• Error Log Rate Limiter Updates: Increased error log rate limiter interval to 1 minute for specific output scenarios to further control error log verbosity.

Security

• CVE-2025-30204: Upgraded the echo package to address a high severity vulnerability.

Performance

• Increase SQS Messages Per Request: Increased the maximum number of SQS messages downloadable per request, significantly boosting data throughput for SQS source nodes.
• Archive Buffer Refactor: Refactored archive buffering and strategy construction, allowing maximum buffer size and flush interval to be set at construction time and improving configuration for scalable data archival.