winget install --id Elastic.PacketbeatAbout Beats packetbeat
Packetbeat is an open source network packet analyzer that ships the data to Elasticsearch. Think of it like a distributed real-time Wireshark with a lot more analytics features. The Packetbeat shippers sniff the traffic between your application processes, parse on the fly protocols like HTTP, MySQL, PostgreSQL, Redis or Thrift and correlate the messages into transactions. For each transaction, the shipper inserts a JSON document into Elasticsearch, where it is stored and indexed. You can then use Kibana to view key...
What's new in 9.4.1
Features and enhancements Libbeat - Cache add_locale processor and refresh only when zone or offset changes. #50343 #50322 Fixes All - Update go-ntlmssp to v0.1.1. #50497 - Fix a deadlock between shutdown and metrics collection in the OpenTelemetry telemetry bridge. #50528 - Fix OTel Beat processor to honor when conditions. #50555 #50549 Filebeat - Fix a race condition during multiline parser shutdown. #49980 - Fix Okta entity analytics OAuth2 config unpacking for jwk_json and jwk_pem fields. #50406 - Fix Active Directory entity analytics to emit device attributes under activedirectory.device. #50472 #50471 - Fix handling of OAuth2.0 timeouts in CrowdStrike streaming input. #50492 #49988 Libbeat - Fix OTel map conversion for []time.Duration fields to avoid dropping duration slices. #50486 #50474 Winlogbeat - Fix Long.decode failures in the Painless script for the Windows security ingest pipeline. #49869 - Disable Winlogbeat record ID gap detection when using xml_query so filtered queries do not loop on non-contiguous record IDs. #50443
Version history
| Version | Updated | Notes |
|---|---|---|
| 9.4.1 | Unknown | Features and enhancements Libbeat - Cache add_locale processor and refresh only when zone or offset changes. #50343 #50322 Fixes All - Update go-ntlmssp to v0.1.1. #50497 - Fix a deadlock between shutdown and metrics col... |
| 9.4.0 | Unknown | Features and enhancements All - Export all Beat receiver metrics to OTel telemetry. #49300 - Add add_agent_metadata processor to inject agent metadata efficiently. #49667 - Update OTel Collector components to v0.149.0/v1... |
| 9.3.4 | Unknown | Features and enhancements All - Update OTel Collector components to v0.149.0/v1.55.0. #50057 Metricbeat - Bump azure-sdk-for-go armmonitor from v0.8.0 to v0.11.0. #49866 Fixes Agentbeat - Update transient dependency gith... |
| 9.3.3 | Unknown | Features and enhancements All - Update OTel Collector components to v0.148.0. #49578 Filebeat - Add retry back-off logic to streaming input CrowdStrike follower. #48542 #46072 - Add secret_state config to CEL input for e... |
| 9.3.2 | Unknown | Features and enhancements Elastic Agent - Fix a bug that could report stopped inputs as still running. #49285 #47769 Filebeat - Add optional token_url support for JWT Bearer Flow in Salesforce input. #43933 #43963 The Sa... |
| 9.3.1 | Unknown | Features and enhancements Filebeat - Add support for managed identity authentication to the azure-eventhub input. #48655 #48680 - Improve log path sanitization for request trace logging. #48719 - Add descriptions and uni... |
| 9.3.0 | Unknown | This release also includes: Deprecations. Features and enhancements All - Introduce cloud connectors flow. #47587 - Make beats receivers emit status for their subcomponents. #48015 - Add GUID translation, base DN inferen... |
| 9.2.4 | Unknown | Features and enhancements Filebeat - Add client secret authentication method for Azure Event Hub and storage in Filebeat. #47256 - Add support for AMQP-over-WebSocket transport in the processor v2. #47956 #47823 Metricbe... |
| 9.2.3 | Unknown | Features and enhancements All - Make beats receivers emit status for their subcomponents. #48015 - Add GUID translation, base DN inference, and SSPI authentication to LDAP processor. #47827 Filebeat - Log unpublished eve... |
| 9.2.2 | Unknown | This release also includes: Breaking changes. Features and enhancements All - Include whether Beat is running from a FIPS distribution in User Agent. #47409 Filebeat - Add support for DPoP authentication for the CEL and... |
| 9.2.1 | Unknown | Features and enhancements Filebeat - Add data stream identification to Fleet health status updates. #47229 Metricbeat - Enhance GCP Billing metricset with additional fields. #47059 Fixes All - Add close to conditional pr... |
| 9.2.0 | Unknown | Release notes |
| 9.1.5 | Unknown | Release notes |
| 9.1.4 | Unknown | Release notes |
| 9.1.3 | Unknown | Release notes |
| 9.1.1 | Unknown | Release notes |
| 9.1.0 | Unknown | Release notes |
| 9.0.4 | Unknown | Release notes |
| 9.0.3 | Unknown | Release notes |
| 9.0.2 | Unknown | Features and enhancements Affecting all Beats - Update Go version to v1.24.3. 44270 Filebeat - Add support for collecting device entities in the Active Directory entity analytics provider. 44309 - The add_cloudfoundry_me... |