Please note this changelog is for Graylog Operations. For the core Graylog changelog, please see the following article.

Graylog Operations 5.1.8

Released: 2023-11-01

Fixed

• Retry index action for already archived indices. graylog-plugin-enterprise#5799

• Take timezone of report into consideration when scheduling the trigger. graylog-plugin-enterprise#5886 graylog-plugin-enterprise#5981

Graylog Operations 5.1.7

Released: 2023-10-12

No changes in Graylog Operations for 5.1.7.

Graylog Operations 5.1.6

Released: 2023-10-04

Fixed

• Fixed Illuminate activation errors for non default root users. graylog2-server#16302 graylog-plugin-enterprise#5734

• Fix event definition enable UI state for Event Correlation. graylog2-server#16070 graylog-plugin-enterprise#5549

• Fix several CrowdStrike input issues and adjusted parsing. graylog-plugin-enterprise-integrations#1084 graylog-plugin-enterprise-integrations#1093

Graylog Operations 5.1.5

Released: 2023-09-06

Added

• Added ability to filter users when assigning investigations. graylog-plugin-enterprise#5565 graylog-plugin-enterprise#5587

• Added the ability to run the CrowdStrike Input in Graylog Cloud. graylog-plugin-enterprise-integrations#1080

Fixed

• Fixed error when adding Sigma Git repo rule directories with the default branch. graylog-plugin-enterprise#5613

Graylog Operations 5.1.4

Released: 2023-08-02

Changed

• Changed the minimum allowed Anomaly Detector interval to 10 minutes. graylog-plugin-enterprise#5383 graylog-plugin-enterprise#5524

Fixed

• Fixes race condition in range calculation when restoring small indices. graylog-plugin-enterprise#2220 graylog-plugin-enterprise#5393

• Fixed handling of backslashes in Sigma rule queries that caused OpenSearch errors. graylog-plugin-enterprise#5326 graylog-plugin-enterprise#5440

• Fix unknown email_attributes error when using AD team sync; honor user-configured LDAP attribute names. graylog2-server#15652 graylog-plugin-enterprise#5423

Graylog Operations 5.1.3

Released: 2023-07-05

Added

• Add claim-based team sync support for OIDC backends. graylog-plugin-enterprise#5267graylog-plugin-enterprise#5350graylog-plugin-enterprise#5304graylog2-server#15792

Fixed

• Fix invalid index prefix options in anomaly detector creation menu. graylog-plugin-enterprise#5275graylog-plugin-enterprise#5360

• Fix anomaly detector audit log messages not displaying IDs/names. graylog-plugin-enterprise#5308graylog-plugin-enterprise#5328

• Fixed indefinite error loop in Office 365 Input. graylog-plugin-enterprise-integrations#1049graylog-plugin-enterprise-integrations#1065

Graylog Operations 5.1.2

Released: 2023-06-07

Changed

• Added ability to skip background Anomaly Detection jobs graylog-plugin-enterprise#3337graylog-plugin-enterprise#5234

• Adjusted F5 BIG-IP input log fields graylog-plugin-enterprise-integrations#1058

Fixed

• Fix Archving with Snappy compression on Java 17. graylog-plugin-enterprise#5221graylog-plugin-enterprise#5222

• Fix for issue with plugin routes when web server sets a path prefix graylog-plugin-enterprise#5238graylog-plugin-enterprise#5242

• Fixed several F5 Input runtime issues. graylog-plugin-enterprise-integrations#1050graylog-plugin-enterprise-integrations#1052

Graylog Operations 5.1.1

Released: 2023-05-25

Changed

• On cloud migrate the IndexSetDefault configuration to new time size based rotation strategy. graylog-plugin-cloud#1149 graylog-plugin-enterprise#5213 graylog2-server#15556

Graylog Operations 5.1.0

Released: 2023-05-11

Added

• Added the ability to set TTLs for MongoDB Data Adapter entries. graylog2-server#14574graylog-plugin-enterprise#4854graylog2-server#15014

• Added configuration values for hiding widget query and description in reports graylog-plugin-enterprise#1491graylog-plugin-enterprise#4462

• Added support for importing Sigma rules from multiple Git repositories. graylog-plugin-enterprise#4260

• Add ability to create and edit custom anomaly detectors. graylog-plugin-enterprise#4279graylog-plugin-enterprise#4453

• Added support for Sigma rules with Regular Expressions (’re’ modifier). graylog-plugin-enterprise#4519graylog-plugin-enterprise#4561

• Added support for CIDR lookups in MongoDB data adapters graylog-plugin-enterprise#4785graylog-plugin-enterprise#4904

• Dynamic Startup Page Backend additions for Recent Activity, Pinned Items, Last Opened graylog-plugin-enterprise#4373

• Adding shortcut to create search filters from query input with Ctrl+Enter. graylog-plugin-enterprise#4484

• Added ability to import all and refresh all rules from a Sigma rule repository. graylog-plugin-enterprise#4487

• Added investigations module. graylog-plugin-enterprise#4618graylog-plugin-enterprise#4622graylog-plugin-enterprise#4619graylog-plugin-enterprise#4620graylog-plugin-enterprise#4678graylog-plugin-enterprise#4718graylog-plugin-enterprise#4699graylog-plugin-enterprise#4713graylog-plugin-enterprise#4794graylog-plugin-enterprise#4719graylog-plugin-enterprise#4847graylog-plugin-enterprise#4849graylog-plugin-enterprise#4821graylog-plugin-enterprise#4877graylog-plugin-enterprise#4848graylog-plugin-enterprise#4558graylog-plugin-enterprise#4574graylog-plugin-enterprise#4584graylog-plugin-enterprise#4608graylog-plugin-enterprise#4632graylog-plugin-enterprise#4647graylog-plugin-enterprise#4671graylog-plugin-enterprise#4665graylog-plugin-enterprise#4677graylog-plugin-enterprise#4645graylog-plugin-enterprise#4673graylog-plugin-enterprise#4680graylog-plugin-enterprise#4683graylog-plugin-enterprise#4684graylog-plugin-enterprise#4717graylog-plugin-enterprise#4720graylog-plugin-enterprise#4746graylog-plugin-enterprise#4753graylog-plugin-enterprise#4767graylog-plugin-enterprise#4830graylog-plugin-enterprise#4837graylog-plugin-enterprise#4835graylog-plugin-enterprise#4861graylog-plugin-enterprise#4870graylog-plugin-enterprise#4871graylog-plugin-enterprise#4878graylog-plugin-enterprise#4906graylog-plugin-enterprise#4933graylog-plugin-enterprise#4966

• Added ability to assign notifications to Sigma rule Alerts from Sigma pages. graylog-plugin-enterprise#4565graylog-plugin-enterprise#4740

• Added filters on Sigma Rules List. graylog-plugin-enterprise#4553graylog-plugin-enterprise#4607

• Added the ability to download and install Illuminate from within Graylog. graylog-plugin-enterprise#4875graylog-plugin-enterprise#4876graylog-plugin-enterprise#4866graylog-plugin-enterprise#4895graylog-plugin-enterprise#4931graylog-plugin-enterprise#4948graylog-plugin-enterprise#4960graylog-plugin-enterprise#4970graylog-plugin-enterprise#4974graylog-plugin-enterprise#5017graylog-plugin-enterprise#5080

• Added Illuminate hub UI. graylog-plugin-enterprise#4868graylog-plugin-enterprise#4867graylog-plugin-enterprise#4901graylog-plugin-enterprise#4935

• Added extra error logging for empty OpenSearch Anomaly Detection error responses graylog-plugin-enterprise#4961

• Added info message to bundle page showing there is a new illuminate bundle graylog-plugin-enterprise#4954graylog-plugin-enterprise#4981

• Added proxy support to Azure Event Logs input graylog-plugin-enterprise-integrations#908graylog-plugin-enterprise-integrations#914 (Thanks: @Srinidhi-Saravanan)

• Allow running Azure Event Hubs input in cloud. graylog-plugin-cloud#1091graylog-plugin-enterprise-integrations#1030

• Enable “Office 365 Log Events” input in cloud. graylog-plugin-cloud#1091graylog-plugin-enterprise-integrations#1032

• Added Microsoft Defender for Endpoint input graylog-plugin-enterprise-integrations#685 (Thanks: @Srinidhi-Saravanan)

• Added multi-node support for the Azure Event Logs input. graylog-plugin-enterprise-integrations#931graylog-plugin-enterprise-integrations#979

Changed

• Improved error message for enabling Anomaly Detectors graylog-plugin-enterprise#4246

• Prevent creation of incompatible inputs on Forwarders. graylog-plugin-enterprise#4817graylog-plugin-enterprise#4818graylog2-server#14866

• Traffic violation emails will now create an audit log entry. graylog-plugin-cloud#1077graylog-plugin-enterprise#4595

• Unify fields configuration in log view builder with fields configuration in other aggregation builder. graylog-plugin-enterprise#4738

• Change date format on Sigma Rules and Investigations lists graylog-plugin-enterprise#4947graylog-plugin-enterprise#4989

• Changed Sigma Rule roles to Sigma Rule Manager and Sigma Rule Reader graylog-plugin-enterprise#5057

• Changed decommissioned link in O365 Input wizard to updated link. graylog-plugin-enterprise-integrations#988graylog-plugin-enterprise-integrations#1004

• Created new plugin for CrowdStrike logs graylog-plugin-enterprise-integrations#742 (Thanks: @Srinidhi-Saravanan)

• Created new plugin for F5 BIG-IP logs graylog-plugin-enterprise-integrations#966 (Thanks: @Srinidhi-Saravanan)

• Consistent use of message identifiers in strings. graylog2-server#13628graylog-plugin-enterprise-integrations#986

• Rename Azure Log Events input to Azure Event Hubs. graylog-plugin-enterprise-integrations#978graylog-plugin-enterprise-integrations#992

Fixed

• Hide Team source information on cloud graylog-plugin-enterprise#1080graylog-plugin-enterprise#5074

• Fix Enterprise UI badge validation state graylog-plugin-enterprise#1825graylog-plugin-enterprise#4506

• Also include query/timerange/filter(s)/streams when switching message table to log view. graylog-plugin-enterprise#3328graylog-plugin-enterprise#4729

• Fixed failure to synchronize Anomaly Detectors that are active in Opensearch but marked as inactive in Graylog. graylog-plugin-enterprise#4115graylog-plugin-enterprise#4477

• Fix page size selector on archives page is a bit off. graylog-plugin-enterprise#4251graylog-plugin-enterprise#4376

• Fix validation logic by adding an additional debounced validation. graylog-plugin-enterprise#4271graylog-plugin-enterprise#4392

• Fix sigma rules and repos page not having Graylog footer. graylog-plugin-enterprise#4275graylog-plugin-enterprise#4425

• Fix incorrect deprecated Illuminate warning check. graylog-plugin-enterprise#4388graylog-plugin-enterprise#4397

• Fix Illuminate data adapters being unusable from user space without a server restart. graylog-plugin-enterprise#4411graylog-plugin-enterprise#4416

• Allow configuration of retention time of archives in cloud ui interface. graylog-plugin-enterprise#4463graylog-plugin-enterprise#4472

• Fixed failure to load Anomaly Detection Configuration page. graylog-plugin-enterprise#4465graylog-plugin-enterprise#4468

• Fixed bug where Illuminate lookup table data adapters were being populated with incorrect values graylog-plugin-enterprise#4602graylog-plugin-enterprise#4603

• Fixed bug where disabling Illuminate processing packs displayed an error. graylog-plugin-enterprise#4628graylog-plugin-enterprise#4629

• Fixed issue with Lookup Entity Mappings migration that prevented the server from starting on 5.0 if deprecated Illuminate content packs were installed. graylog-plugin-enterprise#4641graylog-plugin-enterprise#4657

• Fixed Sigma Rule query creation to correctly handle lists of maps. graylog-plugin-enterprise#4687graylog-plugin-enterprise#4688

• Fix broken audit log documention link. graylog-plugin-enterprise#4757graylog-plugin-enterprise#4764graylog-plugin-enterprise#4768

• Moved default save location of temporary Sigma Git data to a temp directory graylog-plugin-enterprise#4778graylog-plugin-enterprise#4797graylog-plugin-enterprise#4786graylog-plugin-enterprise#4831

• Fix list of priorities not displaying in order of priority in New Investigation modal graylog-plugin-enterprise#4788graylog-plugin-enterprise#4819

• Fix handling of unknown input types on Forwarder Input Profiles page. graylog-plugin-enterprise#4798graylog-plugin-enterprise#4803

• Fixed issue where Illuminate bundle could not be upgraded if a lookup entity inside had a naming collision with an existing entity. graylog-plugin-enterprise#4827graylog-plugin-enterprise#4832

• Fixed slow archive restore. graylog-plugin-enterprise#4925graylog-plugin-enterprise#4926

• Fixed bug where Illuminate Spotlight Packs marked as core did not have their content packs installed graylog-plugin-enterprise#5142graylog-plugin-enterprise#5143

• Fix incorrect Graylog Security Network dashboard widget name. graylog-plugin-enterprise#4457

• Fix breaking change in api/plugins/org.graylog.plugins.archive/config API. graylog-plugin-enterprise#4466

• Fixed error causing Illuminate bundle install timeouts. graylog-project-illuminate#1022graylog-plugin-enterprise#4497graylog-plugin-enterprise#4540

• Fixed error when enabling anomaly detectors in OpenSearch 2.x. graylog-plugin-enterprise#4507graylog-plugin-enterprise#4518

• Handle deprecated short time zone IDs in report definitions. graylog-plugin-enterprise#4311graylog-plugin-enterprise#4658

• Allow disabling of retention strategies graylog-plugin-cloud#1081graylog-plugin-enterprise#4667

• Avoid exception thrown during report rendering being swallowed. graylog-plugin-enterprise#4691

• Closes the add rule modal after sigma rule is created. graylog-plugin-enterprise#4808

• Executing reporting widgets in chunks when rendering report. graylog-plugin-enterprise#3562graylog-plugin-enterprise#4856

• Fixed bug where MongoDB data adapter entries were not removed when the owning data adapter was deleted. graylog-plugin-enterprise#4872

• Fixed unneccessary anomaly detector sync queries causing Opensearch errors. graylog2-server#14917graylog-plugin-enterprise#4881

• Avoid erroneous warning message on archive restore. graylog-plugin-enterprise#5075

• Fixed problem with concurrently running report jobs graylog-plugin-enterprise#5114

• Fixes error on decoding Google Workspace Logs with some types of parameters. graylog-plugin-enterprise-integrations#1019

• Fix credential check for Gmail Log Events input. graylog-plugin-enterprise-integrations#940graylog-plugin-enterprise-integrations#974

• Fix verbose failure of journaled outputs due to license issues. graylog-plugin-enterprise-integrations#953

• Show available log types in edit form for Google inputs. graylog-plugin-enterprise-integrations#1010

• Fixed F5 Big IP input bug causing inability to load API browser components. graylog-plugin-enterprise-integrations#1027

• Improved informational logging when partition ownership changes occur. graylog-plugin-enterprise-integrations#1031graylog-plugin-enterprise-integrations#1033

• Fix broken on-screen validation of Azure EventHubs Maximum Wait Time field. graylog-plugin-enterprise-integrations#1036

• Fixed outputs stopping to output messages after messages were dropped, i.e. due to missing pipeline_output or full_message field. graylog-plugin-enterprise-integrations#1042graylog-plugin-enterprise-integrations#1043

• Fix buffering to journal when TCP based outputs experience connection issues. graylog-plugin-enterprise#4226graylog-plugin-enterprise-integrations#937

• Fixed issue where users could not create O365 Log Event inputs with GCC High or DOD subscription types. graylog-plugin-enterprise#4380graylog-plugin-enterprise-integrations#949

• Fix unclean shutdown of ouput journal under high load. graylog-plugin-enterprise-integrations#963

• Run GCP, Gmail, Google Workspace, and Office 365 Inputs on the leader node instead of a random cluster node by default. graylog-plugin-enterprise-integrations#939graylog-plugin-enterprise-integrations#973

Graylog Operations 5.0.13

Released: 2023-10-12

No changes in Graylog Operations for 5.0.13.

Graylog Enterprise 5.0.12

Released: 2023-10-04

Fixed

• Fixed Illuminate activation errors for non default root users. graylog2-server#16302 graylog-plugin-enterprise#5734

Graylog Operations 5.0.11

Released: 2023-09-06

No changes in Graylog Operations for 5.0.11.

Graylog Operations 5.0.10

Released: 2023-08-02

Changed

• Changed the minimum allowed Anomaly Detector interval to 10 minutes. graylog-plugin-enterprise#5383 graylog-plugin-enterprise#5524

Fixed

• Fixed handling of backslashes in Sigma rule queries that caused OpenSearch errors. graylog-plugin-enterprise#5326 graylog-plugin-enterprise#5440

Graylog Operations 5.0.9

Released: 2023-07-05

Fixed

• Fix anomaly detector audit log messages not displaying IDs/names. graylog-plugin-enterprise#5308 graylog-plugin-enterprise#5328

• Fixed indefinite error loop in Office 365 Input. graylog-plugin-enterprise-integrations#1049 graylog-plugin-enterprise-integrations#1065

Graylog Operations 5.0.8

Released: 2023-06-07

Changed

• Adjusted F5 BIG-IP input log fields graylog-plugin-enterprise-integrations#1058

Fixed

• Fixed bug where Illuminate Spotlight Packs marked as core did not have their content packs installed graylog-plugin-enterprise#5142graylog-plugin-enterprise#5143

• Fix Archving with Snappy compression on Java 17. graylog-plugin-enterprise#5221graylog-plugin-enterprise#5222

• Fix for issue with plugin routes when web server sets a path prefix graylog-plugin-enterprise#5238graylog-plugin-enterprise#5241

• Fixed problem with concurrently running report jobs graylog-plugin-enterprise#5114

• Fixed several F5 Input runtime issues. graylog-plugin-enterprise-integrations#1050 graylog-plugin-enterprise-integrations#1052

Graylog Operations 5.0.7

Released: 2023-05-03

Added

• Added extra error logging for empty OpenSearch Anomaly Detection error responses. graylog-plugin-enterprise#4961

Fixed

• Fixed slow archive restore. graylog-plugin-enterprise#4925 graylog-plugin-enterprise#4926

• Fixed broken Message Summary and Indicator Templates. graylog-plugin-enterprise#5050 graylog-plugin-enterprise#5056

Graylog Operations 5.0.6

Released: 2023-04-05

Fixed

• Fixed issue where Illuminate bundle could not be upgraded if a lookup entity inside had a naming collision with an existing entity. graylog-plugin-enterprise#4827 graylog-plugin-enterprise#4832

• Fixed bug where MongoDB data adapter entries were not removed when the owning data adapter was deleted. graylog-plugin-enterprise#4872

• Fixed unnecessary anomaly detector sync queries causing OpenSearch errors. graylog2-server#14917 graylog-plugin-enterprise#4881

• Fix broken on-screen validation of Azure EventHubs Maximum Wait Time field. graylog-plugin-enterprise-integrations#1036

Graylog Operations 5.0.5

Released: 2023-03-06

Fixed

• Fixed F5 Big IP input bug causing inability to load API browser components. graylog-plugin-enterprise-integrations#1027

Graylog Operations 5.0.4

Released: 2023-03-01

Added

• Added proxy support to Azure Event Logs input. graylog-plugin-enterprise-integrations#908 graylog-plugin-enterprise-integrations#914 (Thanks: @Srinidhi-Saravanan)

• Added multi-node support for the Azure Event Logs input. graylog-plugin-enterprise-integrations#931 graylog-plugin-enterprise-integrations#979

Changed

• Changed decommissioned link in O365 Input wizard to updated link. graylog-plugin-enterprise-integrations#988 graylog-plugin-enterprise-integrations#1004

• Created new plugin for F5 BIG-IP logs. graylog-plugin-enterprise-integrations#966 (Thanks: @Srinidhi-Saravanan)

• Rename Azure Log Events input to Azure Event Hubs. graylog-plugin-enterprise-integrations#978 graylog-plugin-enterprise-integrations#992

Fixed

• Also include query/timerange/filter(s)/streams when switching message table to log view. graylog-plugin-enterprise#3328 graylog-plugin-enterprise#4729

• Fixed issue with Lookup Entity Mappings migration that prevented the server from starting on 5.0 if deprecated Illuminate content packs were installed. graylog-plugin-enterprise#4641 graylog-plugin-enterprise#4657

• Fixed Sigma Rule query creation to correctly handle lists of maps. graylog-plugin-enterprise#4687 graylog-plugin-enterprise#4688

• Handle deprecated short time zone IDs in job scheduler definitions. graylog-plugin-enterprise#4311 graylog-plugin-enterprise#4674

• Avoid exception thrown during report rendering being swallowed. graylog-plugin-enterprise#4691

• Fixes error on decoding Google Workspace Logs with some types of parameters. graylog-plugin-enterprise-integrations#1019

Graylog Operations 5.0.3

Released: 2023-02-01

Fixed

• Fixed failure to synchronize Anomaly Detectors that are active in OpenSearch but marked as inactive in Graylog. graylog-plugin-enterprise#4115 graylog-plugin-enterprise#4477

• Allow configuration of retention time of archives in cloud UI interface. graylog-plugin-enterprise#4463 graylog-plugin-enterprise#4472

• Fixed bug where Illuminate lookup table data adapters were being populated with incorrect values graylog-plugin-enterprise#4602 graylog-plugin-enterprise#4603

• Fixed bug where disabling Illuminate processing packs displayed an error. graylog-plugin-enterprise#4628 graylog-plugin-enterprise#4629

• Fixed error causing Illuminate bundle install timeouts. graylog-project-illuminate#1022 graylog-plugin-enterprise#4497 graylog-plugin-enterprise#4540

Graylog Operations 5.0.2

Released: 2023-01-04

Fixed

• Fixed failure to load Anomaly Detection Configuration page. graylog-plugin-enterprise#4465 graylog-plugin-enterprise#4468

• Fixed incorrect Graylog Security Network dashboard widget name. graylog-plugin-enterprise#4457

• Fixed error when enabling anomaly detectors in OpenSearch 2.x. graylog-plugin-enterprise#4507 graylog-plugin-enterprise#4518

• Fix buffering to journal when TCP based outputs experience connection issues. graylog-plugin-enterprise#4226 graylog-plugin-enterprise-integrations#937

Graylog Operations 5.0.1

Released: 2022-12-14

Fixed

• Fix incorrect deprecated Illuminate warning check. graylog-plugin-enterprise#4388 graylog-plugin-enterprise#4397

• Fix Illuminate data adapters being unusable from user space without a server restart. graylog-plugin-enterprise#4411 graylog-plugin-enterprise#4416

• Fixed issue where users could not create O365 Log Event inputs with GCC High or DOD subscription types. graylog-plugin-enterprise#4380 graylog-plugin-enterprise-integrations#949

Graylog Operations 5.0.0

Released: 2022-12-07

Added

• Illuminate Lookup tables are now available in user space. graylog-plugin-enterprise#2877 graylog-plugin-enterprise#3823 graylog2-server#13048

• Allow defining multiple scheduling frequencies for report delivery graylog-plugin-enterprise#3214 graylog-plugin-enterprise#3581

• Adding search filter feature. graylog-plugin-enterprise#3401 graylog-plugin-enterprise#3609

• Add a config option to automatically delete archive files that are older than a defined age graylog-plugin-enterprise#4113 graylog-plugin-enterprise#3542 graylog-plugin-enterprise#4198 graylog-plugin-enterprise#4218 graylog2-server#12682 graylog2-server#13707 graylog2-server#13734

• Added Illuminate Spotlight content packs to Illuminate bundle installation. graylog-plugin-enterprise#3868 graylog-plugin-enterprise#3622

• Added deprecated warning and status metrics reporting. graylog-plugin-enterprise#4147 graylog-plugin-enterprise#4156 graylog2-server#13631

• Support restoring archives in bulk graylog-plugin-enterprise#3681

• Added backend support for storing timerange overrides for each report frequency configuration graylog-plugin-enterprise#3713

• Add gRPC health check endpoints. graylog-plugin-enterprise#3941

• Added support for Sigma rules. graylog-plugin-enterprise#3967

• Added a Store Full Message field option to the Azure Logs input, which stores the entire message payload received from Azure Logs. graylog-plugin-enterprise-integrations#769 graylog-plugin-enterprise-integrations#779

Changed

• Display parameter inputs inside search bar. graylog-plugin-enterprise#3492 graylog-plugin-enterprise#3407

• Report deliveries use generic scheduler instead of periodical task graylog-plugin-enterprise#3797

• Index archive names are now guaranteed to be unique by appending the index ID. graylog-plugin-enterprise#3071

Graylog Operations 4.3.15

Released: 2023-05-03

Added

• Added extra error logging for empty OpenSearch Anomaly Detection error responses. graylog-plugin-enterprise#4961

Graylog Operations 4.3.14

Released: 2023-04-05

Fixed

• Fixed bug where MongoDB data adapter entries were not removed when the owning data adapter was deleted. graylog-plugin-enterprise#4872

• Fixed unnecessary anomaly detector sync queries causing OpenSearch errors. graylog2-server#14917 graylog-plugin-enterprise#4881

• Fix broken on-screen validation of Azure EventHubs Maximum Wait Time field. graylog-plugin-enterprise-integrations#1036

• Fixed issue with Palo Alto Global Protect logs parsing last 5 fields incorrectly. graylog-plugin-integrations#1327 graylog2-server#14363 graylog-plugin-integrations#1328 (Thanks: @giveen)

Graylog Operations 4.3.13

Released: 2023-03-01

Changed

• Changed decommissioned link in O365 Input wizard to updated link. graylog-plugin-enterprise-integrations#988 graylog-plugin-enterprise-integrations#1004

Fixed

• Handle deprecated short time zone IDs in job scheduler definitions. graylog-plugin-enterprise#4311 graylog-plugin-enterprise#4670

Graylog Operations 4.3.12

Released: 2023-02-01

Fixed

• Fixed failure to synchronize Anomaly Detectors that are active in OpenSearch but marked as inactive in Graylog. graylog-plugin-enterprise#4115 graylog-plugin-enterprise#4477

Graylog Operations 4.3.11

Released: 2023-01-04

Fixed

• Fixed failure to load Anomaly Detection Configuration page. graylog-plugin-enterprise#4465 graylog-plugin-enterprise#4468

• Fixed error when enabling anomaly detectors in OpenSearch 2.x. graylog-plugin-enterprise#4507 graylog-plugin-enterprise#4518

• Fixed buffering to journal when TCP based outputs experience connection issues. graylog-plugin-enterprise#4226 graylog-plugin-enterprise-integrations#937

Graylog Operations 4.3.10

Released: 2022-12-14

Fixed

• Fix LDAP group membership matching by memberUid attribute. graylog2-server#13811 graylog-plugin-enterprise#4307

• Fixed issue where users could not create O365 Log Event inputs with GCC High or DOD subscription types. graylog-plugin-enterprise#4380 graylog-plugin-enterprise-integrations#949

Graylog Operations 4.3.9

Released: 2022-11-02

Added

• Add default_archive_retention_time and max_archive_retention_time config file settings for the archive auto-removal feature. graylog-plugin-enterprise#4113graylog-plugin-enterprise#4221

Fixed

• Fix team sync for Okta authentication backends. graylog-plugin-enterprise#4182graylog-plugin-enterprise#4183

• Fix S3 archive backend creation form. graylog-plugin-enterprise#4230graylog-plugin-enterprise#4245

• Fix license traffic violation error triggering one day too early. graylog-plugin-enterprise#4158

Security

• Update Okta UI widget to version 7.0.0 to fix CVE-2020-11023. graylog-plugin-enterprise#4272graylog-plugin-enterprise#4268

Graylog Operations 4.3.8

Released: 2022-10-05

Changed

• Reduce log level for noisy log messages in the Office365 input. graylog-plugin-enterprise-integrations#894

Fixed

• Fix problem with archive retention configuration form. graylog2-server#13497graylog-plugin-enterprise#4079

• Fix file handle leak in HTTP-based lookup table adapters. graylog-plugin-enterprise#4022graylog-plugin-enterprise-integrations#897

Graylog Operations 4.3.7

Released: 2022-09-16

Added

• Add optional archive retention to automatically delete old archives after a configurable time. (This is disabled by default.) graylog-plugin-enterprise#3514graylog-plugin-enterprise#3542

Fixed

• Fix archive Overview page to remain operational when one or more cluster nodes are missing. graylog-plugin-enterprise#4042graylog-plugin-enterprise#4044

Graylog Operations 4.3.6

Released: 2022-09-07

Added

• Add gRPC health check endpoint to the forwarder input. graylog-plugin-cloud#1824graylog-plugin-enterprise#3941

Fixed

• Fix inconsistent sorting and other smaller issues on the archiving overview page. graylog-plugin-enterprise#3510graylog-plugin-enterprise#3535
• Gracefully handle unclean shutdown of the forwarder health status manager. graylog-plugin-enterprise#3982
• Fix infinite loop problem in the error handling of the Office365 input. graylog-plugin-enterprise-integrations#880

Graylog Operations 4.3.5

Released: 2022-08-09

Added

• Add custom OIDC claims in the OIDC authentication backend configuration. graylog2-plugin-enterprise#3544

Graylog Operations 4.3.4

Released: 2022-08-03

Added

• Addreport_accept_insecure_certsconfig file option to make reporting work for setups with self-signed TLS certificates. graylog-plugin-enterprise#3852

Fixed

• Fix license check for external actions. graylog-plugin-enterprise#3873graylog-plugin-enterprise#3897
• Fix timing issue for the Forwarder status display on the Forwarder overview page. graylog-cloud-plugin#1036graylog-plugin-enterprise#3905

Security

• No longer displays (short-lived) session token in-error messages when reporting fails. graylog-plugin-enterprise#3804graylog-plugin-enterprise#3805

Graylog Operations 4.3.3

Released: 2022-07-06

Fixed

• Fix state detection of anomaly detector status in the UI. graylog-plugin-enterprise#3643graylog-plugin-enterprise#3787
• Fix license check on reports page. graylog-plugin-enterprise#3739
• Fix duplicate message ingest for the Office365 input by only running the input on the leader node. graylog-plugin-enterprise-integrations#826graylog-plugin-enterprise-integrations#828
• Fix thread leak in TCP Enterprise Outputs. graylog-plugin-enterprise-integrations#836graylog-plugin-enterprise-integrations#838

Graylog Operations 4.3.2

Released: 2022-06-15

Fixed

• Fix problem with UI code that prevented a user session to time out. graylog-plugin-enterprise#3475graylog2-server#10613graylog-plugin-enterprise#3705
• Fix parameter handling for parameters that are not used in queries. graylog-plugin-enterprise#3695graylog-plugin-enterprise#3712

Graylog Operations 4.3.1

Released: 2022-06-01

Fixed

• Fix copying of Security dashboards. graylog-plugin-enterprise#3610graylog-plugin-enterprise#3660
• Fix system overview page for non-admin users. graylog-plugin-enterprise#3648graylog2-server#12751

Graylog Operations 4.3.0

Released: 2022-05-25

Added

• Display roles from assigned teams on the user details page. graylog-plugin-enterprise#2124graylog-plugin-enterprise#3070
• Support multiple values in watchlist functions. graylog-plugin-enterprise#2743graylog-plugin-enterprise#2749graylog-plugin-enterprise#2770
• Allow users to override built-in Illuminate lookup tables. graylog-plugin-enterprise#2878graylog-plugin-enterprise#2989graylog-plugin-enterprise#3210
• Display a warning in the UI for upcoming license violations and export a related backend metric. graylog-plugin-enterprise#2914graylog-plugin-enterprise#3097graylog-plugin-enterprise#3143
• Add a configurable notification in the UI when an archiving operation fails. graylog-plugin-enterprise#3016graylog-plugin-enterprise#3127graylog-plugin-enterprise#3148
• Add hourly interval for automatic report generation. graylog-plugin-enterprise#3187graylog-plugin-enterprise#3201graylog-plugin-enterprise#3226
• Add support for OpenSearch. graylog-plugin-enterprise#2819
• Add support for reports creation on ARM64 platforms. graylog-plugin-enterprise#3087graylog-plugin-enterprise#3108
• Add validation for search query parameters. graylog-plugin-enterprise#3106
• Add Graylog Security application. graylog-plugin-enterprise#3115graylog-plugin-enterprise#3140graylog-plugin-enterprise#3152
• Add minimal team sync backend for OIDC authentication service. graylog-plugin-enterprise#3132
• Send notification emails for license violations to a configurable list of subscribers. graylog-plugin-enterprise#3141graylog-plugin-enterprise#3166
• Add edit links for dashboards, dashboard pages, and widgets to report content pages. graylog-plugin-enterprise#3142
• Show forwarder version in the UI. forwarder#53graylog-plugin-enterprise#3171
• Add time zone support for report scheduling. graylog2-server#9546graylog-plugin-enterprise#3174
• Show the license limit on the daily traffic graph. graylog-plugin-enterprise#3197graylog-plugin-enterprise#3339
• Add anomaly detection for Graylog Security. graylog-plugin-enterprise#3285

Changed

• Group widgets by dashboard pages in reports content selection. graylog-plugin-enterprise#2276graylog-plugin-enterprise#3088
• Send error notifications to report subscribers when report generation fails. graylog-plugin-enterprise#3137graylog-plugin-enterprise#3136

Fixed

• Improve license messages for Illuminate. graylog-plugin-enterprise#2763graylog-plugin-enterprise#2767
• Avoid unnecessary index updates for Illuminate. graylog-plugin-enterprise#2775graylog-plugin-enterprise#2777
• Fix Illuminate bundle upload from browsers running on Microsoft Windows. graylog-plugin-enterprise#2800graylog-plugin-enterprise#2812
• Improve notifications for missing or expired licenses on the forwarder pages. graylog-plugin-enterprise#2849graylog-plugin-enterprise#2909
• Several improvements for reports creation and update. graylog-plugin-enterprise#3056graylog-plugin-enterprise#3094graylog-plugin-enterprise#3074
• Warn users when they delete a dashboard or widget that is referenced in a report. graylog-plugin-enterprise#3057graylog-plugin-enterprise#3216
• Improve log output for the reporting backend in case of errors. graylog-plugin-enterprise#3077graylog-plugin-enterprise#3099
• Fix logo display in report configuration with large images. graylog-plugin-enterprise#3290graylog-plugin-enterprise#3302
• Don't allow report creation or modification when parameter values are missing. graylog-plugin-enterprise#3299graylog-plugin-enterprise#3313
• Improve Illuminate processor restart handling. graylog-plugin-enterprise#2768
• Improve Illuminate processing restart resiliency. graylog-plugin-enterprise#2831
• Improve message failure handler to continue processing if MongoDB is unreachable. graylog-plugin-enterprise#2926
• Improve error handling for reports. graylog-plugin-enterprise#3093
• Fix log view message export to honor query time limits. graylog-plugin-enterprise#3111
• Fix report generation when a report has no widgets configured. graylog-plugin-enterprise#3157
• Fix timing issue with logo rendering in reports. graylog-plugin-enterprise#3208
• Allow report creation in landscape format. graylog-plugin-enterprise#3220
• Disable team deletion when no valid license is installed. graylog2-server#12258graylog-plugin-enterprise#3320

Graylog Operations 4.2.11

Released: 2022-07-06

Fixed

• Fix thread leak in TCP Enterprise Outputs. graylog-plugin-enterprise-integrations#836graylog-plugin-enterprise-integrations#841

Graylog Operations 4.2.10

Released: 2022-06-15

Operations

No changes since 4.2.9.

Operations Integrations Plugin

Fixed

• Add option to store the full message for the Azure Logs plugin.

Graylog Operations 4.2.9

Released: 2022-05-04

Operations

No changes since 4.2.8.

Operations Integrations Plugin

Fixed

• Treatazure_connection_stringfield in the Azure Logs input as password to conceal it in the UI.

Graylog Operations 4.2.8

Released: 2022-04-12

Operations

Changed

• Convert built-in forwarder user to service account.

Graylog Operations 4.2.7

Released: 2022-03-02

Operations

Fixed

• Fix report history status icon.

Graylog Operations 4.2.6

Released: 2022-02-02

Operations

Fixed

• Fix a report generation issue with widgets that don’t have a configured time range.
• Remove unused log4j 1.x dependency.

Operations Integrations Plugin

No changes since 4.2.5.

Graylog Operations 4.2.5

Released: 2022-01-05

Operations

• Add right-click action for GreyNoise IP lookup
• Added loading indicator when performing Illuminate bundle operations

Operations Integrations Plugin

• Check for reserved IP addresses in GreyNoise Community IP Lookup Adapter.
• Add Azure Event Logs input (../Getting_in_Log_Data/Azure_Event_Hub.html)

Graylog Operations 4.2.4

Released: 2021-12-16

Operations

No changes since 4.2.3.

Operations Integrations Plugin

No changes since 4.2.3.

Graylog Operations 4.2.3

Released: 2021-12-10

Operations

No changes since 4.2.2.

Operations Integrations Plugin

No changes since 4.2.2.

Graylog Operations 4.2.2

Released: 2021-12-01

Operations

Fixed

• Increase reliability of the failure handler feature.
• Fix index set upgrade problem with Illuminate bundles.
• Don’t render optional fields in message summary if related value doesn’t exist.

Operations Integrations Plugin

Changed

• Include more data fields from the NOISE response in the GreyNoise lookup data adapter.

Graylog Operations 4.2.1

Released: 2021-11-03

Operations

Added

• Add ability to delete a disabled Illuminate bundle.

Fixed

• Allow archive S3 backend to work without thes3:CreateBucketpermission when the bucket already exists.
• Fix misleading log warning regarding index updates on Illuminate installation.
• Fix issue with watchlist key creation.

Operations Integrations Plugin

Fixed

• Fix exception in Gmail input if there are no logs for the current day.
• Fix default value for the polling interval setting for Google Cloud inputs.

Graylog Operations 4.2.0

Released: 2021-10-13

Operations

Added

• Display message summaries based on message event types.
• Add external value actions for message field values.
• Allow horizontal scrolling in log view widget.
• Add generic OIDC authentication backend.
• Add Illuminate bundle support.
• Add Illuminate message processor.
• Support lookup tables in search parameters.
• Store indexing and processing failures in a separate stream and index set to simplify debugging.
• Add watchlist lookup table.
• Add watchlist indicator to message details.
• Add “Add to watchlist” and “Remove from watchlist” value actions for message fields.
• Support custom authentication server for Okta backend.

Changed

• Create system notifications for archiving errors to improve visibility.

Fixed

• Fix formatting for forwarder related audit log entries.
• Add default spool directory for S3 archiving backend.
• Improve Okta authentication error reporting.
• Improve error handling for S3 archiving.
• Fix issue with switchting forwarder input profiles.
• Fix search parameter problem when copying widget from search to dashboard.
• Improve sorting on forwarders page.
• Support an empty archive output path for S3 backends.

Operations Integrations Plugin

Added

• Add Raw UDP Enterprise output.
• Add Google Cloud input to pull VPC, firewall, and audit logs.
• Add Google Workspace input to pull admin, drive, login, calendar, token, and message tracking logs.
• Add Gmail input to pull mail logs from BigQuery.

Graylog Operations 4.1.14

Released: 2022-04-12

Operations

Changed

• Convert built-in forwarder user to service account.

Graylog Operations 4.1.13

Released: 2022-03-02

Operations

Fixed

• Fix report history status icon.

Graylog Operations 4.1.12

Released: 2022-02-02

Operations

Fixed

• Remove unused log4j 1.x dependency.

Operations Integrations Plugin

No changes since 4.1.11.

Graylog Operations 4.1.11

Released: 2022-01-05

Operations

No changes since 4.1.10

Operations Integrations Plugin

No changes since 4.1.10

Graylog Operations 4.1.10

Released: 2021-12-16

Operations

No changes since 4.1.9.

Operations Integrations Plugin

No changes since 4.1.9.

Graylog Operations 4.1.9

Released: 2021-12-10

Operations

No changes since 4.1.8.

Operations Integrations Plugin

No changes since 4.1.8.

Graylog Operations 4.1.8

Released: 2021-12-01

Operations

No changes since 4.1.7.

Operations Integrations Plugin

No changes since 4.1.7.

Graylog Operations 4.1.7

Released: 2021-11-03

Operations

No changes since 4.1.6.

Graylog Operations 4.1.6

Released: 2021-10-06

Operations

Added

• Add support for custom auth servers in Okta authentication backend.

Graylog Operations 4.1.5

Released: 2021-09-13

Operations

Fixed

• Fix an issue when adding a widget with an option dropdown parameter in reports.
• Fix Graylog Forwarder documentation URLs.

Graylog Operations 4.1.4

Released: 2021-09-01

Operations

Fixed

• Fixed an issue when adding a widget with an option dropdown parameter in reports. (Graylog2/graylog-plugin-enterprise#2586)

Graylog Operations 4.1.3

Released: 2021-08-04

Operations

No changes since 4.1.2.

Graylog Operations 4.1.2

Released: 2021-07-28

Operations

Security

Session ID leak in Graylog DEBUG log file and audit log.

We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.

The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Operations Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.

We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Fixed

• Fix license check issue in LogView widget. Graylog2/graylog2-server#10940Graylog2/graylog-plugin-enterprise#2449

Graylog Operations 4.1.1

Released: 2021-07-07

Operations

Fixed

• Add default value for the spool directory in the UI configuration for the S3 archiving backend.
• Improve Forwarder request/response handling when server has high load.

Operations Integrations Plugin

Added

• Add lookup data adapter for abuse.ch ThreadDox IOC.

Graylog Operations 4.1.0

Released: 2021-06-23

Operations

Added

• Add theme customization options to allow the usage of custom colors.
• Add support for global notifications to display announcements and other messages to all users or a selected group of users.
• Add authentication and team-sync support for the Okta indentity provider.
• Add support for the Graylog Forwarder. The Graylog Forwarder is a standalone agent for sending log data to Graylog Cloud or an on-premise Graylog Server cluster.
• Add Log View widget including file export. This allows users to read log messages in a way similar to reading plain text log files.
• Add support for exporting messages in JSON, NDJSON and plain text formats.
• Add S3 archiving backend to store archives in AWS S3 compatible object stores.
• Add option to make archive batch size configurable for performance tuning.
• Extend search and dashboard parameters to allow pre-defined values based on static lists or available message field values.
• Add pagination for reports overview.

Fixed

• Improve archiving multiple indices.
• Fix rendering world map visualization in reports.
• Improved search and dashboard parameter validation and styling.
• Use case-insensitive matching for LDAP/AD group sync.
• Disable confusing traffic warning log messages by default.

Operations Integrations Plugin

Added

• Add ActiveDirectory user lookup data adapter.
• Add Operations Greynoise lookup data adapter.
• Add URLhaus lookup data adapter.

Graylog Operations 4.0.17

Released: 2022-07-06

Fixed

• Fix thread leak in TCP Enterprise Outputs. graylog-plugin-enterprise-integrations#836graylog-plugin-enterprise-integrations#840

Graylog Operations 4.0.16

Released: 2022-04-12

Operations

Changed

• Convert built-in forwarder user to service account.

Graylog Operations 4.0.15

Released: 2021-12-16

Operations

No changes since 4.0.14.

Operations Integrations Plugin

No changes since 4.0.14.

Graylog Operations 4.0.14

Released: 2021-12-10

Operations

No changes since 4.0.13.

Operations Integrations Plugin

No changes since 4.0.13.

Graylog Operations 4.0.13

Released: 2021-09-13

Operations

No changes since 4.0.11.

Graylog Operations 4.0.12

Released: 2021-09-01

Operations

No changes since 4.0.11.

Graylog Operations 4.0.11

Released: 2021-08-04

Operations

No changes since 4.0.10.

Graylog Operations 4.0.10

Released: 2021-07-28

Operations

Security

Session ID leak in Graylog DEBUG log file and audit log.

We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.

The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Operations Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.

We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Graylog Operations 4.0.9

Released: 2021-07-07

No changes since 4.0.8.

Graylog Operations 4.0.8

Released: 2021-06-02

Operations

Fixed

• Lower log level for irregular traffic record check.

Graylog Operations 4.0.7

Released: 2021-05-05

Operations

Fixed

• Fix rendering of the world map visualization in reports.

Graylog Operations 4.0.6

Released: 2021-04-07

Operations

Fixed

• Change LDAPGroupResolver to use case-insensitive matching

Operations Integrations Plugin

Added

• Add “drop sensitive data” option to Microsoft365 input

Graylog Operations 4.0.5

Released: 2021-02-22

Operations

No changes since 4.0.4.

Graylog Operations 4.0.4

Released: 2021-02-22

Operations

No changes since 4.0.3.

Graylog Operations 4.0.3

Released: 2021-02-16

Operations

No changes since 4.0.2.

Operations Integrations Plugin

Added

• Add full-message transformer to Enterprise Output Framework.

Graylog Operations 4.0.2

Released: 2021-01-27

Operations

Added

• Allow modification of timezone in report scheduling settings.

Fixed

• Fix report preview styling when dark mode is active.

Operations Integrations Plugin

Fixed

• Reduce noise of legacy script alarm callback notification.
• Fix timing issue with old checkpoints in Office365 plugin.
• Properly shut down TCP connections when stopping Operations outputs.

Graylog Operations 4.0.1

Released: 2020-11-25

Operations

No changes since 4.0.0.

Operations Integrations Plugin

• Do not shut down Okta input on errors.
• Let Office 365 plugin use configured proxy settings.

Graylog Operations 4.0.0

Released: 2020-11-18

Operations

Added

• Add support for grouping users in teams.
  • See: Permission Management
• Add support for managing access to streams, searches and dashboards through teams.
  • See: Permission Management
• Add support for syncing groups from LDAP and Active Directory into Graylog teams.
  • See: Permission Management
• Add configurable header badge.
• Create notification for failed Operations outputs.
• Add cluster resources for archiving to allow archiving to be managed from all server nodes.

Fixed

• Don’t fail reports migration if a widget is missing.
• Improve error logging for report generation.

Operations Integrations Plugin

Added

• Script event notification plugin to replace the legacy script alarm callback plugin.

Graylog Operations 3.3.17

Released: 2022-04-12

Operations

Changed

• Convert built-in forwarder user to service account.

Graylog Operations 3.3.16

Released: 2021-12-16

Operations

No changes since 3.3.15.

Operations Integrations Plugin

No changes since 3.3.15.

Graylog Operations 3.3.15

Released: 2021-12-10

Operations

No changes since 3.3.14.

Operations Integrations Plugin

No changes since 3.3.14.

Graylog Operations 3.3.14

Released: 2021-07-28

Operations

Security

Session ID leak in Graylog DEBUG log file and audit log.

We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.

The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Operations Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.

We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Graylog Operations 3.3.13

Released: 2021-05-05

Operations

Fixed

• Fix rendering of the world map visualization in reports.

Graylog Operations 3.3.12

Released: 2021-04-14

No changes since 3.3.11.

Graylog Operations 3.3.11

Released: 2021-02-16

No changes since 3.3.10.

Graylog Operations 3.3.10

Released: 2021-01-27

Operations

Added

• Allow modification of timezone in report scheduling settings.

Graylog Operations 3.3.9

Released: 2020-11-25

Operations

Fixed

• Fix audit formatting for file resource.
• Fix permission issue with reports.
• Fix logo images in reports.
• Fix issue with rendering help buttons.

Operations Integrations Plugin

Fixed

• Do not shut down Office 365 input on errors.
• Do not shut down Okta input on errors.
• Fix issue with Office 365 logon data parsing.
• Let Office 365 plugin use configured proxy settings.

Graylog Operations 3.3.8

Released: 2020-10-12

Operations Integrations Plugin

Fixed

• Fixed an issue with the O365 codec where it was not handling the event timestamp correctly.

Graylog Operations 3.3.7

Released: 2020-10-08

Operations Integrations Plugin

Fixed

• Ensure cleanup of on-disk journal when Operations Output is deleted.

Graylog Operations 3.3.6

Released: 2020-09-28

Operations

Fixed

• Improve error logging during report generation.

Operations Integrations Plugin

Added

• Add Google BigQuery output to the Operations output framework.

Fixed

• FixNullPointerExceptionand thread-safety issues in the Operations output framework.
• Fix retry logic and overall robustness of the office365 input.
• Improve error detection and error handling in the Operations output framework.

Graylog Operations 3.3.5

Released: 2020-08-17

Fixed

• Fix NullPointerException when deleting an output, which caused the on-disk journal to not get cleaned up.

Graylog Operations 3.3.4

Released: 2020-08-06

Changed

• Fix pipeline selection on output creation to make the pipeline optional rather than required.

Fixed

• Fixed a bug which occurred during the setup of the O365 Input.
• Fix error when starting the Forwarder with the Operations Integrations plugin.

Graylog Operations 3.3.3

Released: 2020-07-29

Added

• Add office365 input plugin.
• Add reliable output framework and TCP and TCP Syslog outputs.

Graylog Operations 3.3.2

Released: 2020-06-24

Fixed

• Fix message table headers in reports.

Graylog Operations 3.3.1

Released: 2020-06-10

Fixed

• Fix issue with reports database migration when widgets are missing.
• Add a cluster resource for the archiving API and use it in the UI. All endpoints in the cluster resource are routed to the regular endpoints on the master node to avoid the need for custom proxy configuration.

Graylog Operations 3.3.0

Released: 2020-05-20

Added

• Input for Okta log events.
• Create detailed audit log messages for search jobs.
• Create detailed audit log messages for message exports.
• Automatically install trial licenses requested from the UI.
• Add 1 day mute option to trial license reminders.

Changed

• Implement message list limit in reports.

Fixed

• Fix archive catalog response with different backends having the same archive.
• Improve keyboard input for search/dashboard parameter fields.
• Improve error messages with missing parameters in reports.
• Fix problem with non-ascii characters in correlation field names.
• Fix unintended selection of multiple widgets in report widget selection.
• Fix detection of value-less parameters in reports.
• Hide license warning on search/dashboard page if no license is installed.
• Use user defined chart colors in reports.

Graylog Operations 3.2.6

Released: 2020-06-10

No changes since 3.2.5.

Graylog Operations 3.2.5

Released: 2020-05-19

No changes since 3.2.4.

Graylog Operations 3.2.4

Released: 2020-03-19

Fixed

• Fix issue with search parameter input fields.
• Fix error exporting a correlation event definition in content packs.

Graylog Operations 3.2.3

Released: 2020-03-11

Fixed

• Fix issue with custom fields and correlation event definitions.

Graylog Operations 3.2.2

Released: 2020-02-20

Fixed

• Fix missing rows in message table widget in reports. Graylog2/graylog2-server#7349Graylog2/graylog2-server#7492
• Don’t try to archive indices which have already been archived.

Graylog Operations 3.2.1

Released: 2020-02-04

Fixed

• Gracefully handle missing dashboards and widgets when collecting parameters for reports. Graylog2/graylog2-server#7347

Graylog Operations 3.2.0

Released: 2020-01-14

Added

• Dynamic list support for events and alert definition queries.
• Search parameter support for reports.
• MongoDB lookup data adapter.

Fixed

• Remove incomplete archive directory when archiving process fails.
• Fix race condition with archive catalog writing.

Graylog Operations 3.1.4

Released: 2020-01-14

Fixed

• Only write archive metadata if the archiving process succeeded.
• Improve resiliency of widgets in reports.

Graylog Operations 3.1.3

Released: 2019-11-06

Fixed

• Fix problem with correlating events created by aggregation event definitions.
• Remove incomplete archive directory when archive job fails or is stopped.

Graylog Operations 3.1.2

Released: 2019-09-12

No changes since 3.1.1.

Graylog Operations 3.1.1

Released: 2019-09-04

No changes since 3.1.0.

Graylog Operations 3.1.0

Released: 2019-08-16

Added

• Add correlation engine and UI for new alerts and events system.
• Add Operations job scheduler implementation.

Removed

• Moved views feature to open-source. (except parameter support)

Fixed

• Fix report service memory leak.
• Fix auto-completion in drop-down fields.
• Fix rendering of archive configuration page

Graylog Operations 3.0.2

Released: 2019-05-03

Integrations Plugin

• Improve Graylog Forwarder configuration defaults.
• Improve Graylog Forwarder error handling.
• Update Graylog Forwarder dependencies.

Graylog Operations 3.0.1

Released: 2019-04-01

• Fix missing authorization checks in the license management.
• Fix view sharing issue for regular users.
• Fix memory leak in the reporting system.

Integrations Plugin

• Add Graylog Forwarder feature.

Graylog Operations 3.0.0

Released: 2019-02-14

• Announcement blog post: https://www.graylog.org/post/announcing-graylog-v3-0-ga
• Upgrade notes: Upgrading to Graylog 3.0.x

A detailed changelog is following soon!

Integrations Plugin

• Add Script Alert Notification

Graylog Operations 2.5.2

Released: 2019-03-15

Plugin: License

• Add missing permissions to license API resources.
• Only show upcoming license expiration warning to admin users.

Graylog Operations 2.5.1

Released: 2018-12-19

No changes since 2.5.0.

Graylog Operations 2.5.0

Released: 2018-11-30

No changes since 2.4.6.

Graylog Operations 2.4.7

Released: 2019-03-01

Plugin: License

• Add missing authorization checks to license resources.

Graylog Operations 2.4.6

Released: 2018-07-16

No changes since 2.4.5.

Graylog Operations 2.4.5

Released: 2018-05-28

No changes since 2.4.4.

Graylog Operations 2.4.4

Released: 2018-05-02

No changes since 2.4.3.

Graylog Operations 2.4.3

Released: 2018-01-24

No changes since 2.4.2.

Graylog Operations 2.4.2

Released: 2018-01-24

No changes since 2.4.1.

Graylog Operations 2.4.1

Released: 2018-01-19

No changes since 2.4.0.

Graylog Operations 2.4.0

Released: 2017-12-22

No changes since 2.4.0-rc.2.

Graylog Operations 2.4.0-rc.2

Released: 2017-12-20

No changes since 2.4.0-rc.1.

Graylog Operations 2.4.0-rc.1

Released: 2017-12-19

No changes since 2.4.0-beta.4.

Graylog Operations 2.4.0-beta.4

Released: 2017-12-15

Plugin: License

• The license page now shows more details about the installed licenses.

Graylog Operations 2.4.0-beta.3

Released: 2017-12-04

No changes since 2.4.0-beta.2.

Graylog Operations 2.4.0-beta.2

Released: 2017-11-07

No changes since 2.4.0-beta.1.

Graylog Operations 2.4.0-beta.1

Released: 2017-10-20

Plugin: Archive

• Add support for Zstandard compression codec.

Graylog Operations 2.3.2

Released: 2017-10-19

Plugin: Archive

• Fix archive creation for indices with lots of shards.

Graylog Operations 2.3.1

Released: 2017-08-25

Plugin: Archive

• Lots of performance improvements (up to 7 times faster)
• Do not delete an index if not all of its documents have been archived

Graylog Operations 2.3.0

Released: 2017-07-26

Plugin: Archive

• Record checksums for archive segment files
• Add two archive permission roles “admin” and “viewer”
• Allow export of filenames from catalog search

Graylog Operations 2.2.3

Released: 2017-04-04

Plugin: Archive

• Metadata is now stored in MongoDB
• Preparation for storage backend support

Graylog Operations 2.2.2

Released: 2017-03-02

Plugin: Audit Log

• Extend integration with the Archive plugin

Graylog Operations 2.2.1

Released: 2017-02-20

Plugin: Archive

• Improve stability and smaller UI fixes

Graylog Operations 2.2.0

Released: 2017-02-09

Plugin: Archive

• Improve index set support

Graylog Operations 1.2.1

Released: 2017-01-26

Plugin: Archive

• Prepare the plugin to be compatible with the new default stream.

Plugin: Audit Log

• Add support for index sets and fix potential NPEs.
• Smaller UI improvements.

Graylog Operations 1.2.0

Released: 2016-09-14

https://www.graylog.org/blog/70-announcing-graylog-enterprise-v1-2

Plugin: Archive

• Add support for selecting which streams should be included in your archives.

Plugin: Audit Log

New plugin to keep track of changes made by users to a Graylog system by automatically saving them in MongoDB.

Graylog Operations 1.1

Released: 2016-09-01

• Added support for Graylog 2.1.0.

Graylog Operations 1.0.1

Released: 2016-06-08

Bugfix release for the archive plugin.

Plugin: Archive

Fixed problem when writing multiple archive segments

There was a problem when exceeding the max segment size so that multiple archive segments are written. The problem has been fixed and wrongly written segments can be read again.

Graylog Operations 1.0.0

Released: 2016-05-27

Initial Release including the Archive plugin.

Plugin: Archive

New features since the last beta plugin:

• Support for multiple compression strategies. (Snappy, LZ4, Gzip, None)