Agent v2.6.0

Apache Kudu destination, Splunk TCP output, EDXCode function (Beta), exponential histogram support, and OTLP gRPC transport hardening.

  3 minute read  

September 22, 2025

New Features

  • Apache Kudu Destination: Added an Apache Kudu output node for routing data to Kudu, enabling low-latency analytics on high-volume datasets.
  • Splunk TCP Destination Node: Introduced a Splunk TCP (S2S) output node to send data directly to Splunk over TCP, simplifying migrations and hybrid deployments.
  • Webhook Output (Metrics): Added support for the Metric datatype (gauge, sum, histogram) in the Webhook output with new templating options; also fixes header propagation so custom headers are forwarded as configured.
  • EDXCode Function (Beta): Added an OTTL function to execute inline JavaScript expressions for advanced transformations and rapid prototyping within Telemetry Pipelines.
  • Exponential Histogram Support: Added exponential histogram handling across OTLP and Prometheus inputs, updated the OTLP tailer, storage format, and schemas to capture high-dynamic-range metrics end to end.

Improvements

  • AWS Region Configuration for S3/SQS Inputs: Added s3_config and sqs_config settings (with validation and fallback) for S3 and CrowdStrike FDR inputs to support cross-region deployments without redirects.
  • OTTL Library Upgrade: Upgraded OTTL to v0.135.0 to enable newer functions (e.g., Index) and improvements across transformation logic.
  • Self Telemetry Node Controls: Added source metadata and an advanced option to unselect unwanted dimensions to control cardinality and reduce ingestion.
  • Input Node UX: Added documentation links to input node messages and improved warnings when binding to ports 0-1024 without root privileges to help avoid ingestion issues.
  • Capture Payload Controls: Parameterized capture lower/upper thresholds to prevent oversized payloads and reduce browser memory usage during troubleshooting.
  • Live Tail Payload Management: Added configurable truncation for large payloads with environment variables (ED_CAPTURER_ITEM_MAX_BODY_SIZE and ED_CAPTURER_ITEM_TRUNCATION_SIZE) for body size and truncation thresholds, preventing UI freezing with oversized data during live capture.
  • SNMP Trap Source (v3): Added SNMPv3 support to the SNMP Trap source with security fields and engine ID for secure trap ingestion.
  • Gateway Connections: Added a passthrough name-resolution option for gRPC gateway connections to support environments that require external resolver behavior.

Bug Fixes

  • HTTP Pagination (JSONPath): Always processes initial response data even when no pagination URLs are present and handles null pagination URLs with debug logging to prevent data loss on final pages.
  • HTTP Dispatcher Stability: Added the missing Start call, introduced early-exit checks for subscribe/unsubscribe when the component is not running, and corrected locking to prevent race conditions and inaccessible fleets.
  • Source Metadata: Fixed missing SourceDef/metadata for Syslog, SNMP Trap, and SNMP Pull nodes to ensure consistent connector context and enrichment.
  • Event Hubs Input: Added connection string format validation to prevent startup crash loops and provide actionable error messages.

Security

  • OTLP gRPC Transport Hardening: Fixed a critical issue where the OTLP gRPC server accepted plaintext; with TLS configured, connections are now encrypted, and when TLS is absent the server logs a clear warning while using existing Edge Delta TLS configuration.