Logstash

general
- Updated to Elasticsearch 1.5.2, Kibana 3.1.2 and JRuby 1.7.17

output
- File: Sandbox output to protect against issues like creating new files
outside defined paths

general
- fixed path issues when invoking bin/logstash outside its home directory

input
- bugfix: generator: fixed stdin option support
- bugfix: file: fixed debian 7 path issue

codecs
- improvement: stdin/tcp: automatically select json_line and line codecs with the tcp and stdin streaming inputs
- improvement: collectd: add support for NaN values

outputs
- improvement: nagios_nsca: fix external command invocation to avoid shell escaping

General
- bumped Elasticsearch to 1.1.1 and Kibana to 3.0.1
- improved specs & testing (Colin Surprenant), packaging (Richard Pijnenburg) & doc (James Turnbull)
- better $JAVA_HOME handling (Marc Chadwick)
- fixed bin/plugin target dir for when installing out from form logstash home (lr1980)
- fixed Accessors reset bug in Eventoverwrite that was causing the infamous
"undefined method `tv_sec'" bug with the multiline filter (Colin Surprenant)
- fixed agent stalling when also using web option (Colin Surprenant)
- fixed accessing array-indexed event fields (Jonathan Van Eenwyk)
- new sysv init style scripts based on pleaserun (Richard Pijnenburg)
- better handling of invalid command line parameters (LOGSTASH-2024, Colin Surprenant)
- fixed running from a path containing spaces (LOGSTASH-1983, Colin Surprenant)

inputs
- improvement: rabbitmq: upgraded Bunny gem to 1.1.8, fixes a threading leak and improves
latency (Michael Klishin)
- improvement: twitter: added "full_tweet" option (Jordan Sissel)
- improvement: generator: fixed the example doc (LOGSTASH-2093, Jason Kendall)
- improvement: imap: option to disable certificate validation (Sverre Bakke)

codecs
- new: collectd: better performance & error handling than collectd input (Aaron Mildenstein)
- improvement: graphite: removed unused charset option (Colin Surprenant)
- improvement: json_spooler: is now deprecated (Colin Surprenant)
- improvement: proper charset support in all codecs (Colin Surprenant)

filters
- bugfix: date: on_success actions only when date parsing actually succeed (Philippe Weber)
- bugfix: multiline: "undefined method `tv_sec'" fix (Colin Surprenant)
- bugfix: multiline: fix for "undefined method `[]' for nil:NilClass" (1258, Colin Surprenant)
- improvement: date: fix specs for non "en" locale (Olivier Le Moal)
- improvement: grok: better pattern for RFC-5424 syslog format (Guillaume Espanel)
- improvement: grok: refactored the LOGLEVEL pattern (Lorenzo González)
- improvement: grok: fix example doc (LOGSTASH-2093, Jason Kendall)
- improvement: metrics: document .pXX metric (Juarez Bochi)

outputs
- improvement: rabbitmq: upgraded Bunny gem to 1.1.8, fixes a threading leak and improves
latency (Michael Klishin)
- improvement: elasticsearch: start embedded server before creating a client to fix discovery
problems "waited for 30s ..." (Jordan Sissel)
- improvement: elasticsearch: have embedded ES use "bind_host" option for "network.host"
ES config (Jordan Sissel)

General
- We've included some upgrade-specific release notes with more details about
the tarball changes and contrib packaging here:
http://logstash.net/docs/1.4.0/release-notes
- Ships with Kibana 3.0.0
- Much faster field reference implementation (Colin Surprenant)
- Fix a bug in character encoding which would cause inputs using non-UTF-8
codecs to accidentally skip re-encoding the text to UTF-8. This should
solve a great number of UTF-8-related bugs. (Colin Surprenant)
- Fixes missing gem for logstash web which was broken in 1.4.0 beta1
(LOGSTASH-1918, Jordan Sissel)
- Fix 'help' output being emitted twice when --help is invoked.
(LOGSTASH-1952, 1168)
- Logstash now supports deletes! See outputs section below.
- Update template to fit ES 1.0 API changes (untergeek)
- Lots of Makefile, gem and build improvements courtesy of untergeek, Faye
Salwin, mrsolo, ronnocol, electrical, et al
- Add `env` command so you can run arbitrary commands with the logstash
environment setup (jordansissel)
- Bug fixes (lots). Did I mention bug fixes? (Thanks, community!)
- Elasticsearch 1.0 libraries are now included. See the Elasticsearch
release notes for details: http://www.elasticsearch.org/downloads/1-0-0/
- Kibana 3 milestone 5 is included as the 'web' process.
- An empty --pluginpath directory is now accepted (917, Richard Pijnenburg)
- Piles of documentation improvements! A brand new introductory tutorial is
included, and many of the popular plugins have had their docs greatly
improved. This effort was lead by Kurt Hurtado with assists by James
Turnbull, Aaron Mildenstein, Brad Fritz, and others.
- Testing was another focus of this release. We added many more tests
to help us prevent regressions and verify expected behavior. Helping with
this effort was Richard Pijnenburg, Jordan Sissel, and others.
- The 'debug' setting was removed from most plugins. Prior to this,
most plugins advertised the availability of this setting but actually
did not use it (996, Jordan Sissel).
- bugfix: --pluginpath now lets you load codecs. (1077, Sergey Zhemzhitsky)

inputs
- bugfix: collectd: Improve handling of 'NaN' values (1015, Pieter Lexis)
- bugfix: snmptrap: Fixes exception when not specifying yamlmibdir (950, Andres Koetsier)
- improvement: Add Multi-threaded workers and queues to UDP input (johnarnold + untergeek)
- improvement: log4j: port now defaults to 4560, the default log4j
SocketAppender port. (757, davux)
- bugfix: rabbitmq: auto_delete and exclusive now default to 'false'.
The previous version's defaults caused data loss on logstash restarts.
Further, these settings are recommended by the RabbitMQ folks. (864,
Michael Klishin)
This change breaks past default behavior, so just be aware. (Michael
Klishin)
- bugfix: collectd: fix some type calculation bugs (905, Pieter Lexis)
- improvement: collectd: Now supports decryption and signature verification
(905, Pieter Lexis)
- improvement: wmi: now supports remote hosts (918, Richard Pijnenburg)
- bugfix: elasticsearch: Long scrollids now work correctly (935, Jonathan
Van Eenwyk)
- bugfix: tcp: the 'host' field is correctly set now if you are using the
json codec and include a 'host' field in your events (937, Jordan Sissel)
- bugfix: file: the 'host' field is correctly set now if you are using the
json codec and include a 'host' field in your events (949, Piotr
Popieluch)
- bugfix: udp: the 'host' field is correctly set now if you are using the
json codec and include a 'host' field in your events (965, Devin
Christensen)
- bugfix: syslog: fix regression (986, Joshua Bussdieker)

codecs
- improvement: netflow: You can now specify your own netflow field
definitions using the 'definitions' setting. See the netflow codec
docs for examples on how to do this. (808, Matt Dainty)

filters
- bugfix: clone: Correctly clone events with numeric field values.
(LOGSTASH-1225, 1158, Darren Holloway)
- bugfix: zeromq: Add `timeout` and `retries` settings for retrying on
request failures. Also adds `add_tag_on_timeout` so you can act on retry
failures. (logstash-contrib23, Michael Hart)
- new: fingerprint: Checksum, anonymize, generate UUIDs, etc! A generalized
solution to replace the following filters: uuid, checksum, and anonymize.
(907, Richard Pijnenburg)
- new: throttle: Allows you to tag or add fields to events that occur with a
given frequency. One use case is to have logstash email you only once if an
event occurs at least 3 times in 60 seconds. (940, Mike Pilone) -
- improvement: translate: A new 'refresh_interval' setting lets you tell
logstash to periodically try reloading the 'dictionary_path' file
without requiring a restart. (975, Kurt Hurtado)
- improvement: geoip: Now safe to use with multiple filter workers and
(990, 997, LOGSTASH-1842; Avleen Vig, Jordan Sissel)
- improvement: metrics: Now safe to use with multiple filter workers (993,
Bernd Ahlers)
- bugfix: date: Fix regression that caused times to be local time instead of
the intended timezone of UTC. (1010, Jordan Sissel)
- bugfix: geoip: Fix encoding of fields created by geoip lookups
(LOGSTASH-1354, LOGSTASH-1372, LOGSTASH-1853, 1054, 1058; Jordan Sissel,
Nick Ethier)

outputs
- bugfix: elasticsearch: flush any buffered events on logstash shutdown
(1175)
- feature: riemann: Automatically map event fields to riemann event fields
(logstash-contrib15, Byron Pezan)
- bugfix: lumberjack: fix off-by-one errors causing writes to another
logstash agent to block indefinitely
- bugfix: elasticsearch: Fix NameError Socket crash on startup
(LOGSTASH-1974, 1167)
- improvement: Added `action` awesomeness to elasticsearch output (1105, jordansissel)
- improvement: Implement `protocol => http` in elasticsearch output (1105, jordansissel)
- bugfix: fix broken pipe output to allow EBADF instead of EPIPE,
allowing pipe command to be restarted (974, Paweł Puterla)
- improvement: Adding dns resolution to lumberjack output (1048, Nathan Burns )
- improvement: added pre- and post-messages to the IRC output (1111, Lance O'Connor)
- bugfix: pipe: fix handling of command failures (1023, 1034, LOGSTASH-1860; ronnocol, Jordan Sissel)
- improvement: lumberjack: now supports codecs (1048, LOGSTASH-1680; Nathan Burns)

general
- bugfix: Fix SSL cert load problem on plugins using aws-sdk: S3, SNS, etc.
(LOGSTASH-1778, LOGSTASH-1787, LOGSTASH-1784, 924; Adam Peck)
- bugfix: Fix library load problems for aws-sdk (LOGSTASH-1718, 923; Jordan
Sissel)
- bugfix: Fix regression introduced in 1.3.2 while trying to improve time
parsing performance. (LOGSTASH-1732, LOGSTASH-1738, 913; Jordan Sissel)
- bugfix: rabbitmq: honour the passive option when creating queues.
(LOGSTASH-1461, Tim Potter)

codecs
- bugfix: json_lines, json: Fix bug causing invalid json to be incorrectly
handled with respect to encoding (920, LOGSTASH-1595; Jordan Sissel)

upgrade notes
- Users of logstash 1.3.0 or 1.3.1 should set 'template_overwrite => true' in
your elasticsearch (or elasticsearch_http) outputs before upgrading to this
version to ensure you receive the fixed index template.

general
- web: don't crash if an invalid http request was sent
(878, LOGSTASH-704; Jordan Sissel)
- Ships with Elasticsearch 0.90.9
- logstash will now try to make sure the timestamp field is of the
correct format.
- Fix a bug in 1.3.1/1.3.0's elasticsearch index template causing phrase
searching to not work. Added tests to ensure search behavior works as
expected with this template. (Aaron Mildenstein, Jordan Sissel)
- Update README.md to be consistent with Makefile use of JRuby 1.7.8
- Time parsing in things like the json codec (and other similar parts of
logstash) are *much* faster now. This fixes a speed regression that was
introduced in logstash 1.2.0.

filters
- improvement: date: roughly 20% faster (Jordan Sissel)

outputs
- new: csv: write csv format to files output. (Matt Gray)
(This output will become a codec usable with file output in the next
major version!)