Vector v0.26.0 release notes

The Vector team is pleased to announce version 0.26.0!

Be sure to check out the upgrade guide for breaking changes in this release.

This is a smaller release primarily including bug fixes and small enhancements.

Upgrading Vector
When upgrading, we recommend stepping through minor versions as these can each contain breaking changes while Vector is pre-1.0. These breaking changes are noted in their respective upgrade guides.

Highlights

Known issues

  • Annotating namespace labels in the kubernetes_logs source cannot be disabled by setting namespace_labels to "". Fixed in v0.27.0.

Changelog

2 enhancements

  • Vector’s internal telemetry for bytes processed by components was updated to be an estimate of the number of bytes in each event’s JSON representation. This is expected to give a more accurate and consistent measure of bytes flowing across components. This affects:

    • component_received_event_bytes_total
    • component_sent_event_bytes_total

    These used to measure the number of bytes of the in-memory representation of the event, but we found that this measure was not particularly useful for users.

  • Vector now validates field paths specified in configuration (for example in templates) at compile time, to return an error if the path is invalid. Previously invalid field paths would be silently ignored at runtime.

3 new features

  • The elasticsearch sink now supports an api_version option to specify the API version the targeted Elasticsearch instance exposes. This replaces and deprecates the suppress_type_name option which was previously used for controlling Elasticsearch version compatibility.

    It can be set to auto to attempt to automatically determine the Elasticsearch version by querying the Elasticsearch version endpoint.

    Thanks to ktff for contributing this change!
  • A new decode_mime_q function was added to VRL to decode data in encoded-word format. Thanks to ktff for contributing this change!
  • The splunk_hec_logs sink has a new auto_extract_timestamp option to tell Splunk to parse the timestamp out of the message rather than Vector sending a timestamp.

11 bug fixes

  • The mongodb_metrics sink now uses 64 bit integers rather than 32 bit integers for all integer metric values to avoid overflow issues. Thanks to KernelErr for contributing this change!
  • The VRL parse_key_value function now allows tabs to be used as the delimiter.
  • The kafka source now flushes commits when a rebalance event occurs. This avoids issues with commiting offsets to partitions the Vector instance no longer is consuming.
  • Template support was added for the aws_s3 ssekms_key_id parameter to template this value based an event field. Thanks to fluetm for contributing this change!
  • The file source now fails to start if include option is not specified. The option was always required by the source, but no warnings or errors were being emitted if the option was not specified.
  • The performance of VRL programs that use regular expression matching was improved.
  • The file source no longer repeats source lines across restarts when line aggregation is being used. Thanks to jches for contributing this change!
  • The parse_cef VRL function now correctly handles UTF-8 escape characters. Thanks to ktff for contributing this change!
  • Vector now outputs an error message when starting with an invalid thread count (0) rather than just exiting silently. Thanks to zamazan4ik for contributing this change!
  • The blackhole sink now emits the component_sent_bytes_total metric. Thanks to zamazan4ik for contributing this change!
  • The aws_s3 source now correctly ignores s3:TestEvent messages. This was meant to be included in v0.25.0 but there was an issue in the deserialization implementation. Thanks to nrhtr for contributing this change!

Download Version 0.26.0

Linux (deb)
deb
Linux (rpm)
rpm
macOS
tar.gz
Windows
zip
Windows (MSI)
msi