v1.2.0

Visit the Brim Data download page page to find the package for your platform.

---

Improved Tabs

This change is relevant for users that have have additional Zed lake connections besides just the one to the default lake that starts behind Zui. You'll notice that now each time you switch connections Zui updates the tabs so only the ones for the current-selected lake are shown.

Generalized Stacked Bar Chart

If you're familiar with Zui's history, you may know that its stacked bar chart was based on Zeek-style data such that it was hard-coded to expect a time field called ts that would provide data for its X-axis and a field called _path that was subject to count() by to make the colored segments in the bars. With this release the chart is now generalized so that:

• Any time field can be specified (and if you've configured a pool key other than ts, it will start out using that)
• count() by typeof(this) now populates the stacked bars by default, but you can change this to use any other field
• If a pool is created from an imported pcap, ts and _path are used by default as before
• You can also now toggle the chart off/on and resize it

For an example of the new behavior in action, this video uses the prs.zng GitHub test data from the zq tutorial. This has a time field called created_at so we use it as our pool key, then after observing the bars with the default count() by typeof(this) we change the Color Field setting to login.user so we can see stacked bars based on who opened Pull Requests. Try it yourself!

Other Changes

• Update Zed to v1.9.0
• Update Brimcap to v1.5.1
• The stacked bar chart is now generalized for any time-based data (not just Zeek-like with _path & ts fields) (#2785, #2794, #2805)
• The stacked bar chart is now resizable and can be toggled off/on (#2806, #2810)
• A single Zui window now shows tabs only for the currently selected Zed lake connection (#2797)
• Fix an issue where attempting to save a Zed query that contained a parse error caused a stack dump (#2803)
• Fix an issue where a table of results was sometimes rendered with blank rows (#2813)
• Fix an issue where comments at the end of a Zed program caused the queries that populate the stacked bar chart to fail (#2822)

v1.1.0

Visit the Brim Data download page page to find the package for your platform.

---

• Update Zed to v1.8.0
• Update Brimcap to v1.5.0
• Restore "alert" tiles for Suricata events (#2740)
• Fix an issue where use of Chinese and other wide characters caused errors during data import (#2744)
• Fix an issue where Zui would sometimes launch without a main window (#2743)
• Shift+Enter now also runs queries when the Run Query on Enter preference is unchecked (#2764)
• Fix an issue where selecting Reset State from the pull-down menu was having no effect (#2767)

v1.0.1

Visit the Brim Data download page page to find the package for your platform.

---

• Update Zed to v1.7.0
• Update Brimcap to v1.4.1, which fixes issue #2715 with per-machine installs on Windows

v1.0.0

The Brim app is now named Zui!

Pronounced: “zoo-ee”

Visit the Brim Data download page page to find the package for your platform.

Where are my pools?

If you've upgraded to Zui from Brim, the pools you had in Brim are still present but you'll need to run a migration script to convert them to a new Zed lake storage format. See the Brim/Zui Transition guide for details.

Other Changes

• Zui docs now are available at zui.brimdata.io/docs rather than the wiki on GitHub (#2531, #2692)
• Update Zed to v1.6.0
• Update Brimcap to v1.4.0
• Introduce a multi-line editor (#2286)
• Redesign query pins (#2334, #2530)
• Add a tab in the right panel that stores query history (#2326)
• Security-related queries are no longer bundled by default, but can be downloaded from the Brimcap repo (#2415)
• Correlations are now part of the plugin system (#2455)
• The app workflow is now organized around Query Sessions (#2439)
• Single objects can be recursively expanded/collapsed in Inspector via Alt-click (on Windows/Linux) and Option-click (on macOS) (#2469)
• Migrate user data from Brim to Zui (#2428, #2680)
• App state is now auto-saved throughout a session rather than just when quitting (#2496)
• Allow export in ZSON format (#2509)
• Allow export in Zeek TSV and ZJSON formats (#2608)
• Allow load/export of Arrow IPC Stream format (#2625, #2630)
• Redesign the stacked bar chart with a pin for the selected time range (#2472)
• Redesign the left panel pools/queries views to use React Arborist (#2568)
• Allow organization of pools into folders using a configurable delimiter ("/" by default) (#2572)
• A new user preference toggles whether queries are run when Enter is pressed (#2573)
• Allow loading of additional data into an existing pool (#2584)
• Redesign the default Table view (#2626)
• Per-machine install option is now available on Windows (#2686)

v0.31.0

The Brim app will be renamed to Zui!

Pronounced: “zoo-ee”

This is the last release under the name Brim. In the next version, the app will be renamed to Zui. The changes in this release improve the auto-update messaging for the name change in the next release.

Behind the Name Change

When Brim began as a company, we intended to build a security-focused desktop application powered by our backend called Zed. The company's main product was the app, so we called it the Brim app.

As we developed Zed, we started to realize we had something big on our hands. Zed's data model, language, query engine, and storage formats provide revolutionary new ways to work with all kinds of data. In April 2021, we decided to pivot, making Zed the company's flagship technology. Brim Security became Brim Data.

This change made us reevaluate the purpose of the app. We were now leading with the Zed lake, so we decided the app would support the lake. Users would be able to explore a lake's data and manage its configuration with the app. It would be a GUI for Zed.

At this point, having the app named after the company was confusing. We needed a name that clearly tied the app to Zed. After many fun naming sessions, we played off the word "GUI" and landed on "Zui": The Zed user interface.

Get Zui Today

If you are excited about the next version and want to try it out today, download the Zui - Insiders app. It can run side-by-side with Brim, stores data in a different location, and runs Zed on a different port. It receives automatic updates every weekday built from the tip of our main branch. This is our take on a beta program. If you find bugs or think of improvements, please chime in on the #zui-insiders Slack channel.

v0.30.0

In this small release, we've fixed bugs and upgraded some core dependencies like Electron and React.

• Upgrade to Electron 15, Node 16 (#2342)
• Upgrade to React 18 (#2327)
• Fix "Pivot to Logs" corner cases (#2354) (#2346)
• Fix zed -version and brimcap -version output (#2349)
• Fix rendering of big arrays that would previously crash the app (#2348)
• Fix bug causing the "About" window to appear blank (#2347)

v0.29.0

Where are my pools?

Your pools are still here! But you need to run a migration script to convert them to the new Zed lake data format.

How to migrate

If you don't care to keep the old data, no need to run the migration. The app will work fine. Click the link above to learn how to remove the old pools if you desire.

New Features

This release includes exciting new features we hope you'll find very useful. However, most of the work for this release was focused on the Zed backend that powers Brim. Zed 1.0 is here! Check out the release notes for Zed 1.0

Inspector View

The largest new feature you'll notice is the addition of the inspector view. The inspector lets you clearly see the shape of nested data structures. You can expand or collapse data containers like records and arrays.

You can toggle back and forth between this view and the familiar table view.

The buttons on the right of the results header will expand and collapse all the nested data structures.

New Font

Brim now uses the excellent, open source Recursive font family to display your data.

What's next?

The next release will be Brim 1.0. It includes a much awaited re-design of the main app components. Stay tuned!

Other Changes

• Update Zed to v1.0.0
• Save the scroll position when switching between table and inspector (#2271)
• Add a JSON export format (#2269)
• Use Recursive Mono as our data font (#2259)
• Allow the default Brim query folder to be moved (#2178)
• Always show queries section in the sidebar (#2177)
• Move to a new Zed Root Directory (#2158)
• Big upgrade to Zealot, the JavaScript Zed client (#2124, #1983)
• Use yarn instead of npm (#2059)
• Add ability to save queries in the lake (#2036)
• Set BRIM_SURICATA_USER_DIR in the brimcap plugin (#1964)
• Introduce the Zed Inspector (#1981)
• Make our type checking stricter (#1984)
• Upgrade Electron to v14 and replace Spectron with Playwright (#1985)
• New Zealot (zed, zjson) (#1983)
• Autofocus the query name when saving a query (#1979)

v0.28.0

Visit the Brim Data download page page to find the package for your platform.

---

• Update Zed to v0.33.0
• Update Auth0 authentication (#1956)
• Add Query Library folder export (#1958)
• Rename "workspace" to "lake" (#1957)
• Fix an issue where array values sometimes overlapped in the search results (#1953)
• Add file drag and drop to the Pools section (creates a new pool and imports data) and the Query Library (imports queries) (#1938)
• Fix some issues with read-only folder drag and drop in the Query Library (#1936)
• Windows releases are signed, but you may see a warning popup when you run the installer (unlike our macOS and Linux releases). See Microsoft Windows beta limitations for details.

v0.27.0

Visit the Brim Data download page page to find the package for your platform.

---

• Update Zed to v0.32.0
• Fix an issue where entering relative dates in the time range caused a crash (#1932)
• Fix an issue where selecting a large pool made the app unresponsive (#1919)
• Fix an issue where exporting data failed (#1909)
• Highlight Zed error values (#1903)
• Fix an issue where the bar chart did not stay in sync with the search results (#1897)
• Fix an issue where switching to a tab reissued its search (#1891)
• Add nested folders, library importing, and inline renaming to the Query Library (#1887)
• Improve search bar responsiveness (#1877)
• Update Brimcap to v1.1.2 (#1889)
• Fix an issue where records containing a type alias were not displayed properly (#1882)
• Maintain sidebar layout when switching tabs (#1873)
• Windows releases are signed, but you may see a warning popup when you run the installer (unlike our macOS and Linux releases). See Microsoft Windows beta limitations for details.

v0.26.0

Visit the Brim Download page to find the package for your OS platform.

---

• Update Zed to v0.31.0
• Brim now uses the Zed API /query endpoint, which allows for full use of Zed lake language features (e.g., referencing branches and pools using from) (#1792, #1836)
• Add a Troubleshooting wiki entry regarding the false flagging of Brim as potentially malicious by some antivirus software (#1840)
• The keyboard shortcut for "zoom in" (Cmd+ on macOS, Ctrl+ on Windows/Linux) no longer requires holding down the Shift key (#1842)
• Fix an issue where selecting Delete All in the Pools list caused a crash (#1845)
• The right-click filter option has been updated to Filter == value to reflect current Zed syntax (#1849)
• Fix an issue where some errors from a Brimcap analyzer failure were not being surfaced (#1850)
• Fix an issue where primitive type values were not being shown (#1852)
• Fields of the same name may now be presented under the same column header, regardless of type (#1853)
• Fix an issue where a record was incorrectly displayed twice after data import (#1854)
• Fix an issue where clicking a field of type union caused a crash (#1861)
• For field names that require quoting (e.g., containing spaces or dots), ensure they're correctly presented and that their names are quoted when added to a query via right-click operations (#1856)
• Windows releases are signed, but you may see a warning popup when you run the installer (unlike our macOS and Linux releases). See Microsoft Windows beta limitations for details.