Agent v2.14.0

April 2, 2026

Breaking Changes

New Features

• Generic Monitor Node: Log and event threshold monitors are now merged under a single generic monitor node, simplifying the monitoring pipeline and enabling a unified code path for all threshold-based monitors.
• OTTL v0.148.0: Upgraded the OTTL engine to v0.148.0, bringing in the latest upstream bug fixes and security patches from the OpenTelemetry Transformation Language project.
• GCL Labels Metadata Mapping: Added a new labels field to the Google Cloud Logging destination metadata mapping configuration. Users can now dynamically map log item fields to GCL user-defined labels using OTTL expressions, with support for enabled, path, and keep_in_item options.
• Watcher OOM Detection from BackOff Events: The ED Watcher now detects OOM kills from Kubernetes BackOff and CrashLoopBackOff events by querying pod termination status. Previously, OOM detection relied only on Killing events with specific message patterns, which could miss certain OOM scenarios.
• Watcher ResourceVersion Recovery: The Kubernetes watcher now resets stale resourceVersion values on channel close and error events, improving recovery after API disconnections or failures.
• GitHub Event Action Filtering: The connector event filter processor now appends the action field to GitHub webhook event types (for example, issues.opened instead of issues), enabling more granular event filtering.
• Helm Chart fsGroupChangePolicy: Added podSecurity.fsGroupChangePolicy: "OnRootMismatch" as the default in all Helm charts (daemonset, deployment, aggregator, compactor, rollup, coordinator, gateway). This reduces pod startup time by only changing volume permissions when the root directory ownership does not match, rather than recursively on every pod start.

Improvements

• JSON Processor Optimization: Rewrote the ParseJSONAttributes, UnescapeJSON, and UnrollJSON processors to use the fastjson library instead of Go’s standard encoding/json. This delivers faster JSON parsing with lower memory allocations across all JSON processing nodes.
• Base64 Decode Optimization: Optimized the base64 decode processor to use pooled byte buffers and smarter encoding selection, reducing memory allocations and GC pressure for pipelines that decode base64-encoded data.
• OTTL Expression Performance: Improved reflection performance for OTTL expressions and reduced CPU overhead on every pipeline item processed through OTTL expressions.
• Split-with-Delimiter Optimization: Replaced strings.Split with an iterative index-based loop in the split-with-delimiter processor, reducing memory allocations for high-volume pipelines. Similar optimizations were applied to metric name sanitization in the Dynatrace output and several other input tailers.
• Streaming Decompression: Adopted DecompressorTo across the codebase for streaming decompression directly into pooled byte buffers. Applied to the Datadog agent input, edport input, Elasticsearch input, and gzip processor. Added deflate decompression support. This reduces memory usage and GC pressure for all pipelines processing compressed data.
• S3 Input Memory Optimization: The S3 source node now uses pooled byte buffers for both downloading and decompressing objects, significantly reducing memory allocations when processing many small objects or large compressed objects from S3.
• Telemetry Generator Performance: Various internal performance improvements for the telemetry generator input node.

Bug Fixes

• Log-to-Pattern OTTL in Sequence Processor: Fixed a bug where the log-to-pattern processor did not support OTTL expressions when used inside a sequence processor. The processor now correctly initializes OTTL expression evaluation when expression_type is set to OTTL in a sequence context.
• Elasticsearch Health Check: Fixed the Elasticsearch input node to accept HEAD requests for the root path and health check endpoint. This resolves HTTP 405 errors from Logstash’s Elasticsearch output plugin, which sends HEAD requests as health probes.
• Journald Timestamp Handling: Fixed timestamp parsing in the journald input node. The node now uses local time instead of UTC for the --since flag, resolving issues where journalctl expected local time and could miss logs or produce duplicates on systems in non-UTC timezones. Also removed the redundant --show-cursor flag.
• Watcher Self-Detection: Fixed a bug where the host watcher could detect itself as the target process when searching by process name, causing false positive health metrics. The watcher now tracks its own PID and skips it. Port conflicts in watcher mode are also prevented by disabling the profiler and expvar.
• Empty Deployed Timestamp: Fixed a bug where the agent’s deployed timestamp appeared empty after a configuration reload. The config metadata is now correctly preserved across reloads.
• Integration Name Fallback: When the Edge Delta output cannot find an ed_output attribute for naming integrations, it now falls back to the node type instead of leaving the integration name empty.
• Event Item Type Preservation: Fixed event data types being incorrectly converted to log items during ingestion pipeline processing. Event items now retain their correct data type throughout the pipeline.
• Event Path Extraction: Fixed connector event processing to correctly extract fields from structured event payloads (for example, GitHub webhook JSON) rather than requiring a string body.
• Helm Chart edCustomTags Comment: Corrected the edCustomTags comment in Helm charts from “comma separated” to “pipe separated” to match the actual behavior.

Security

• gRPC Upgrade: Upgraded google.golang.org/grpc to v1.79.3 to address CVE-2026-33186.
• Go Module Updates: Upgraded golang.org/x/crypto, golang.org/x/net, and golang.org/x/sys to their latest versions.