Elasticsearch Version Compatibility
| GRAYLOG VERSION | MINIMUM ES VERSION | MAXIMUM ES VERSION |
|---|---|---|
| 4.2.X | 6.8, 7 | 7.10.2 |
MongoDB Version Compatibility
| GRAYLOG VERSION | MINIMUM MONGO VERSION | MAXIMUM MONGO VERSION |
|---|---|---|
| 4.2.X | 3.6 | 4.4 |
Breaking Changes
Search From/To by Keyword
Prior to this version, if the time was inferred from the keyword string (e.g. "last week" or "last monday"), the interval did not make much sense, because the hour/minute/sec part of the interval was taken from the moment in time, the query was submitted. So, the intervals were not aligned to something that made sense.
This has been changed so that. e.g. "last monday" is indeed aligned to start at 00:00:00 and ends on the next day at 00:00:00.
Also, ending on the next day at 00:00:00 is a breaking change. This was chosen so that millis/nanos etc. until the very end of the interval are included in the search (and not because of different messages with handling of millis, nanos etc. some messages get omitted).
API Changes
/system/pipelines/pipeline
The stages structure in the pipeline source response changed due to the introduction of a new pipeline match parameter.
The match_all field was replaced with the match field. The field value may be ALL, EITHER, or PASS.
This mainly affects the response. Since the stages field is not used for pipeline creation or modification and can be omitted for those kind of requests. (only the source field is used)
Example response:
{
"id": "61a095074f21422df947a9b5",
"title": "Test Pipeline",
"description": "",
"source": "pipeline \"Test Pipeline\"\nstage 0 match either\nend",
"created_at": "2021-06-26T08:04:23.995Z",
"modified_at": "2021-06-26T08:04:23.995Z",
"stages": [
{
"stage": 0,
"match": "EITHER",
"rules": []
}
],
"errors": null
}
