winget install --id Elastic.WinlogbeatAbout Beats winlogbeat
Winlogbeat is an open-source log collector that ships Windows Event Logs to Elasticsearch or Logstash. It installs and runs as a Windows service.
What's new in 9.4.1
Features and enhancements Libbeat - Cache add_locale processor and refresh only when zone or offset changes. #50343 #50322 Fixes All - Update go-ntlmssp to v0.1.1. #50497 - Fix a deadlock between shutdown and metrics collection in the OpenTelemetry telemetry bridge. #50528 - Fix OTel Beat processor to honor when conditions. #50555 #50549 Filebeat - Fix a race condition during multiline parser shutdown. #49980 - Fix Okta entity analytics OAuth2 config unpacking for jwk_json and jwk_pem fields. #50406 - Fix Active Directory entity analytics to emit device attributes under activedirectory.device. #50472 #50471 - Fix handling of OAuth2.0 timeouts in CrowdStrike streaming input. #50492 #49988 Libbeat - Fix OTel map conversion for []time.Duration fields to avoid dropping duration slices. #50486 #50474 Winlogbeat - Fix Long.decode failures in the Painless script for the Windows security ingest pipeline. #49869 - Disable Winlogbeat record ID gap detection when using xml_query so filtered queries do not loop on non-contiguous record IDs. #50443
Version history
| Version | Updated | Notes |
|---|---|---|
| 9.4.1 | Unknown | Features and enhancements Libbeat - Cache add_locale processor and refresh only when zone or offset changes. #50343 #50322 Fixes All - Update go-ntlmssp to v0.1.1. #50497 - Fix a deadlock between shutdown and metrics col... |
| 9.4.0 | Unknown | Features and enhancements All - Export all Beat receiver metrics to OTel telemetry. #49300 - Add add_agent_metadata processor to inject agent metadata efficiently. #49667 - Update OTel Collector components to v0.149.0/v1... |
| 9.3.4 | Unknown | Features and enhancements All - Update OTel Collector components to v0.149.0/v1.55.0. #50057 Metricbeat - Bump azure-sdk-for-go armmonitor from v0.8.0 to v0.11.0. #49866 Fixes Agentbeat - Update transient dependency gith... |
| 9.3.3 | Unknown | Features and enhancements All - Update OTel Collector components to v0.148.0. #49578 Filebeat - Add retry back-off logic to streaming input CrowdStrike follower. #48542 #46072 - Add secret_state config to CEL input for e... |
| 9.3.2 | Unknown | Features and enhancements Elastic Agent - Fix a bug that could report stopped inputs as still running. #49285 #47769 Filebeat - Add optional token_url support for JWT Bearer Flow in Salesforce input. #43933 #43963 The Sa... |
| 9.3.1 | Unknown | Features and enhancements Filebeat - Add support for managed identity authentication to the azure-eventhub input. #48655 #48680 - Improve log path sanitization for request trace logging. #48719 - Add descriptions and uni... |
| 9.3.0 | Unknown | This release also includes: Deprecations. Features and enhancements All - Introduce cloud connectors flow. #47587 - Make beats receivers emit status for their subcomponents. #48015 - Add GUID translation, base DN inferen... |
| 9.2.4 | Unknown | Features and enhancements Filebeat - Add client secret authentication method for Azure Event Hub and storage in Filebeat. #47256 - Add support for AMQP-over-WebSocket transport in the processor v2. #47956 #47823 Metricbe... |
| 9.2.3 | Unknown | Features and enhancements All - Make beats receivers emit status for their subcomponents. #48015 - Add GUID translation, base DN inference, and SSPI authentication to LDAP processor. #47827 Filebeat - Log unpublished eve... |
| 9.2.2 | Unknown | This release also includes: Breaking changes. Features and enhancements All - Include whether Beat is running from a FIPS distribution in User Agent. #47409 Filebeat - Add support for DPoP authentication for the CEL and... |
| 9.2.1 | Unknown | Features and enhancements Filebeat - Add data stream identification to Fleet health status updates. #47229 Metricbeat - Enhance GCP Billing metricset with additional fields. #47059 Fixes All - Add close to conditional pr... |
| 9.2.0 | Unknown | Release notes |
| 9.1.5 | Unknown | Release notes |
| 9.1.4 | Unknown | Release notes |
| 9.1.3 | Unknown | Release notes |
| 9.1.2 | Unknown | No notes |
| 9.1.1 | Unknown | Release notes |
| 9.1.0 | Unknown | Release notes |
| 9.0.4 | Unknown | Release notes |
| 9.0.3 | Unknown | Release notes |