general
- new 'worker' setting for outputs. This helps improve throughput on
request-oriented outputs such as redis, rabbitmq, elasticsearch,
elasticsearch_http, etc. Workers run in separate threads each handling
events as they come in. This allows you to linearly scale up outputs across
cores or as blocking-io permits.
- grok performance is up 600%
- lots of bug fixes
- bugfixes to conditionals (682, Matt Dainty)
- rabbitmq now replaces the old deprecated amqp plugins. amqp plugins are
removed.
- inputs will now do their best to handle text which is encoded differently
than the charset you have specified (LOGSTASH-1443, Jordan Sissel)
inputs
- bugfix: udp: respects teardown requests via SIGINT, etc (LOGSTASH-1290,
Jordan Sissel)
- bugfix: rabbitmq: disable automatic connection recovery (LOGSTASH-1350,
641, 642; Michael Klishin)
- bugfix: twitter: works again (640, Bernd Ahlers)
- compatibility: Restored the old 'format' setting behavior. It is still
deprecated, but was accidentally removed in 1.2.0. It will be removed
later, but is restored as part of our backwards-compat promise (Jordan
Sissel)
- bugfix: s3: fix LOGSTASH-1321 and LOGSTASH-1319 (Richard Pijnenburg)
- bugfix: log4j: fix typo (Jordan Sissel)
- bugfix: rabbitmq: disable automatic connection recover because logstash
will handle it (LOGSTASH-1350, Michael Klishin)
- bugfix: heroku: works again (LOGSTASH-1347, 643; Bernd Ahlers)
- bugfix: tcp: improve detection of closed connections to reduce lost events
(Jordan Sissel)
- bugfix: elasticsearch: now works correctly (670, Richard Pijnenburg)
- improvement: elasticsearch: make size and scroll time configurable (670,
Richard Pijnenburg)
- improvement: elasticsearch: tunable search type (670, Richard Pijnenburg)
- compatibility: restore 'format' setting which was accidentally removed in
1.2.0. This feature is still deprecated, but it has been restored
temporarily as part of our backwards compatibility promise. (706, Jordan
Sissel)
- bugfix: syslog: fix socket leakage (704, Bernd Ahlers)
- improvement: all aws-related plugins: Add proxy_uri setting (714, Malthe
Borch)
- bugfix: unix: fix variable name crash (720, Nikolay Bryskin)
codecs
- new: graphite: parse graphite formated events (Nick Ethier)
- new: json_lines: parse streams that are lines of json objects (731, Nick
Ethier)
- bugfix: multiline: time is now correctly in UTC. (Jordan Sissel)
- bugfix: oldlogstashjson: improved conversion of old logstash json to the
new schema (654, Jordan Sissel)
- bugfix: oldlogstashjson: fix typo breaking encoding (665, Tom Howe)
- bugfix: json: now assumes json delimited by newline character
(LOGSTASH-1332, 710; Nick Ethier)
- improvements: netflow: new target and versions settings (686, Matt Dainty)
filters
- performance: grok: 6.3x performance improvement (681, Jordan Sissel)
- bugfix: geoip: empty values (nil, empty string) are not put into the event
anymore. (Jordan Sissel)
- bugfix: geoip: allow using Maxmind's ASN database (LOGSTASH-1394, 694;
Bernd Ahlers)
- improvement: kv: target will now overwrite any existing fields, including
the source (Jordan Sissel).
- improvement: Kv: 'prefix' setting now respects sprintf (LOGSTASH-913,
647; Richard Pijnenburg)
- checksum: sha128 was not a valid digest, removed from list
- feature: metrics: added clear_interval and flush_interval parameters for
setting flush rates and when to clear metrics (545)
- new: collate: group events by time and/or count into a single event. (609,
Neway Liu)
- feature: date: now supports a 'target' field for writing the timestamp into
a field other than timestamp. (625, Jonathan Van Eenwyk)
- bugfix: riemann: event tagging works again (631, Marc Fournier)
- improvement: grok: IPV6 pattern (623, Matt Dainty)
- improvement: metrics: add clear_interval and flush_interval settings (545,
Juarez Bochi)
- improvement: useragent: include operating system details (656, Philip
Kubat)
- improvement: csv: new quote_char setting (725, Alex Markham)
outputs
- feature: all outputs have a 'worker' setting now that allows you to
perform more work at the same time. This is useful for plugins like
elasticsearch_http, redis, etc, which can bottleneck on waiting for
requests to complete but would otherwise be happy processing more
simultaneous requests. (708, Jordan Sissel)
- bugfix: elasticsearch: requests are now synchronous. This avoid overloading
the client and server with unlimited in-flight requests. (688, Jordan
Sissel)
- bugfix: elasticsearch_http: fix bug when sending multibyte utf-8 events
(LOGSTASH-1328, 678, 679, 695; Steve Merrill, Christian Winther,
NickEthier, Jordan Sissel)
- performance: elasticsearch_http: http client library uses TCP_NODELAY now
which dramatically improves performance. (696, Jordan Sissel)
- feature: elasticsearch_http now supports a 'replication' setting to
allow you to choose how you wait for the response. THe default is 'sync'
which waits for all replica shards to be written. If you set it to 'async'
then all index requests will respond once only the primary shards have been
written and the replica shards will be written later. This can improve
throughput. (700, Nick Ethier, Jordan Sissel)
- bugfix: elasticsearch: the default port range is now 9300-9305; the older
range up to 9400 was unnecessary and could cause problems for the
elasticsearch cluster in some cases.
- improvement: aws-based outputs (e.g. cloudwatch) now support proxy uri.
- bugfix: rabbitmq: disable automatic connection recovery (LOGSTASH-1350)
(642)
- bugfix: riemann: fixed tagging of riemann events (631)
- bugfix: s3: fix LOGSTASH-1321 and LOGSTASH-1319 (636, 645; Richard
Pijnenburg)
- bugfix: mongodb: Fix mongodb auth (LOGSTASH-1371, 659; bitsofinfo)
- bugfix: datadog: Fix time conversion (LOGSTASH-1427, 690; Bernd Ahlers)
- bugfix: statsd: Permit plain floating point values correctly in the
config. Example: sample_rate => 0.5 (LOGSTASH-1441, 705; Jordan Sissel)
- bugfix: syslog: Fix timestamp date formation. 'timestamp' setting is now
deprecated and the format of the time depends on your rfc selection.
(LOGSTASH-1423, 692, 739; Jordan Sissel, Bernd Ahlers)
patterns
- improvement: added IPV6 support to IP pattern (623)