diff --git a/_static/versions.json b/_static/versions.json
index c6068d19..fbdd479b 100644
--- a/_static/versions.json
+++ b/_static/versions.json
@@ -1,10 +1,14 @@
[
{
- "name": "v5.4.8 (latest)",
- "version": "v5.4.8",
+ "name": "v5.4.9 (latest)",
+ "version": "v5.4.9",
"url": "https://docs.gravwell.io/",
"preferred": true
},
+ {
+ "version": "v5.4.8",
+ "url": "https://docs.gravwell.io/v5.4.8/"
+ },
{
"version": "v5.4.7",
"url": "https://docs.gravwell.io/v5.4.7/"
diff --git a/changelog/5.4.9.md b/changelog/5.4.9.md
new file mode 100644
index 00000000..99c0a80e
--- /dev/null
+++ b/changelog/5.4.9.md
@@ -0,0 +1,14 @@
+# Changelog for version 5.4.9
+
+## Released 24 May 2024
+
+## Gravwell
+
+### Bug Fixes
+
+* Fixed an issue where scratch directories would not be cleaned up during initialization.
+* Fixed an issue where the webserver would crash if a module with optimized collapsing was invoked manually.
+* Fixed an issue where a large number of scheduled searches would cause the browser to hang.
+* Fixed an issue with TLS certificate validation that occurred when a port number was appended in the dial string.
+* Fixed an issue with cached assets that could cause failure to load resources such as font icons immediately after an upgrade.
+* Fixed an issue with a text input that failed to display the full text during kit deployment.
\ No newline at end of file
diff --git a/changelog/list.md b/changelog/list.md
index e43d20b3..d226763c 100644
--- a/changelog/list.md
+++ b/changelog/list.md
@@ -7,7 +7,7 @@
maxdepth: 1
caption: Current Release
---
-5.4.8 <5.4.8>
+5.4.9 <5.4.9>
```
## Previous Versions
@@ -18,6 +18,7 @@ maxdepth: 1
caption: Previous Releases
---
+5.4.8 <5.4.8>
5.4.7 <5.4.7>
5.4.6 <5.4.6>
5.4.5 <5.4.5>
diff --git a/conf.py b/conf.py
index 26470dbe..8be712b0 100644
--- a/conf.py
+++ b/conf.py
@@ -21,7 +21,7 @@
project = "Gravwell"
copyright = f"Gravwell, Inc. {date.today().year}"
author = "Gravwell, Inc."
-release = "v5.4.8"
+release = "v5.4.9"
# -- General configuration ---------------------------------------------------
# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration
diff --git a/configuration/sso-hash-algo.png b/configuration/sso-hash-algo.png
new file mode 100644
index 00000000..28f7d9ee
Binary files /dev/null and b/configuration/sso-hash-algo.png differ
diff --git a/configuration/sso.md b/configuration/sso.md
index 1a354065..6be7026a 100644
--- a/configuration/sso.md
+++ b/configuration/sso.md
@@ -91,6 +91,14 @@ If, however, Gravwell is using self-signed certificates, you must manually downl
On the next page of the wizard, you will be prompted to set a display name. "Gravwell" or something similar would be fine. In the further pages of the wizard, you should be able to leave the defaults.
+#### Change Hash Algorithm
+
+At this time, Gravwell's SAML implementation requires SHA-1 signatures, but Windows AD FS defaults to SHA-256. Open the properties dialog for the newly-created relying party, select the Advanced tab, and change the hash algorithm to SHA-1:
+
+
+
+If you forget to make this change, upon attempting to log in you will see a "Forbidden" page. The Gravwell webserver stderr file at `/dev/shm/gravwell_webserver.service` will contain an error message from the SAML library with the status `urn:oasis:names:tc:SAML:2.0:status:Responder` indicating that the responder (AD FS) experienced a problem. If you see these symptoms, double-check the hash algorithm in AD FS.
+
### Edit Claims Issuance Policy for Relying Party
You must now add a few claims issuance transform rules to the relying policy. Select "Edit Claim Issuance Policy" for the newly-created relying party:
diff --git a/ingesters/win_file_follow.md b/ingesters/win_file_follow.md
index a1044573..a0883017 100644
--- a/ingesters/win_file_follow.md
+++ b/ingesters/win_file_follow.md
@@ -14,7 +14,7 @@ Download the Gravwell Windows File Follower installer:
| Ingester Name | Installer | More Info |
| :------------ | :----------- | :-------- |
-| Windows File Follower | Download (SHA256) | [Documentation](/ingesters/win_file_follow) |
+| Windows File Follower | Download (SHA256) | [Documentation](/ingesters/win_file_follow) |
The Gravwell Windows file follower is installed using a signed MSI package. Gravwell signs both the Windows executable and MSI installer with our private key pairs, but depending on download volumes, you may see a warning about the MSI being untrusted. This is due to the way Microsoft "weighs" files. Basically, as they see more people download and install a given package, it becomes more trustworthy. Don't worry though, we have a well audited build pipeline and we sign every package.
diff --git a/ingesters/winevent.md b/ingesters/winevent.md
index 4d6b828e..0634cee7 100644
--- a/ingesters/winevent.md
+++ b/ingesters/winevent.md
@@ -49,7 +49,7 @@ Download the Gravwell Windows Events installer:
| Ingester Name | Installer | More Info |
| :------------ | :----------- | :-------- |
-| Windows Events | Download (SHA256) | [Documentation](/ingesters/winevent) |
+| Windows Events | Download (SHA256) | [Documentation](/ingesters/winevent) |
Run the .msi installation wizard to install the Gravwell events service. On first installation the installation wizard will prompt to configure the indexer endpoint and ingest secret. Subsequent installations and/or upgrades will identify a resident configuration file and will not prompt.
diff --git a/quickstart/downloads.md b/quickstart/downloads.md
index c42c9ea5..46223909 100644
--- a/quickstart/downloads.md
+++ b/quickstart/downloads.md
@@ -4,14 +4,14 @@
| Ingester Name | Installer | More Info |
| :------------ | :----------- | :-------- |
-| Windows Events | Download (SHA256) | [Documentation](/ingesters/winevent) |
-| Windows File Follower | Download (SHA256) | [Documentation](/ingesters/win_file_follow) |
+| Windows Events | Download (SHA256) | [Documentation](/ingesters/winevent) |
+| Windows File Follower | Download (SHA256) | [Documentation](/ingesters/win_file_follow) |
## macOS Ingesters
| Ingester Name | Installer | More Info |
| :------------ | :----------- | :-------- |
-| File Follower | Download (SHA256) | [Documentation](/ingesters/file_follow) |
+| File Follower | Download (SHA256) | [Documentation](/ingesters/file_follow) |
## Other Installers
@@ -23,7 +23,7 @@ The Debian and RHEL repositories are more easily maintained than these standalon
The Gravwell core installer contains the indexer and webserver frontend. You'll need a license; either get a Community Edition free license, or contact info@gravwell.io for commercial options.
-Download Gravwell Core Installer Download (SHA256)
+Download Gravwell Core Installer Download (SHA256)
### Ingesters
@@ -32,24 +32,24 @@ The core suite of ingesters are available for download as installable packages.
#### Current Ingester Releases
| Ingester Name | Installer | More Info |
| :------------ | :----------- | :-------- |
-| Amazon Kinesis | Download (SHA256) | [Documentation](/ingesters/kinesis)|
-| Amazon S3 | Download (SHA256) | [Documentation](/ingesters/s3)|
-| Amazon SQS | Download (SHA256) | [Documentation](/ingesters/sqs)|
-| Apache Kafka | Download (SHA256) | [Documentation](/ingesters/kafka)|
-| Apache Kafka Federator | Download (SHA256) | [Documentation](/ingesters/federators/kafkafederator)|
-| Collectd Collector | Download (SHA256) | [Documentation](/ingesters/collectd) |
-| File Follower | Download (SHA256) | [Documentation](/ingesters/file_follow) |
-| Google PubSub | Download (SHA256) | [Documentation](/ingesters/pubsub)|
-| HTTP Ingester | Download (SHA256) | [Documentation](/ingesters/http) |
-| Ingest Federator | Download (SHA256) | [Documentation](/ingesters/federators/federator) |
-| IPMI Ingester | Download (SHA256) | [Documentation](/ingesters/ipmi)|
-| Microsoft Azure EventHub | Download (SHA256) | [Documentation](/ingesters/eventhubs)|
-| Microsoft Graph API | Download (SHA256) | [Documentation](/ingesters/msg)|
-| Netflow Capture | Download (SHA256) | [Documentation](/ingesters/netflow) |
-| Network Capture | Download (SHA256) | [Documentation](/ingesters/pcap) |
-| Office 365 Logs | Download (SHA256) | [Documentation](/ingesters/o365)|
-| Simple Relay | Download (SHA256) | [Documentation](/ingesters/simple_relay)|
-| SNMP Traps | Download (SHA256) | [Documentation](/ingesters/snmp)|
+| Amazon Kinesis | Download (SHA256) | [Documentation](/ingesters/kinesis)|
+| Amazon S3 | Download (SHA256) | [Documentation](/ingesters/s3)|
+| Amazon SQS | Download (SHA256) | [Documentation](/ingesters/sqs)|
+| Apache Kafka | Download (SHA256) | [Documentation](/ingesters/kafka)|
+| Apache Kafka Federator | Download (SHA256) | [Documentation](/ingesters/federators/kafkafederator)|
+| Collectd Collector | Download (SHA256) | [Documentation](/ingesters/collectd) |
+| File Follower | Download (SHA256) | [Documentation](/ingesters/file_follow) |
+| Google PubSub | Download (SHA256) | [Documentation](/ingesters/pubsub)|
+| HTTP Ingester | Download (SHA256) | [Documentation](/ingesters/http) |
+| Ingest Federator | Download (SHA256) | [Documentation](/ingesters/federators/federator) |
+| IPMI Ingester | Download (SHA256) | [Documentation](/ingesters/ipmi)|
+| Microsoft Azure EventHub | Download (SHA256) | [Documentation](/ingesters/eventhubs)|
+| Microsoft Graph API | Download (SHA256) | [Documentation](/ingesters/msg)|
+| Netflow Capture | Download (SHA256) | [Documentation](/ingesters/netflow) |
+| Network Capture | Download (SHA256) | [Documentation](/ingesters/pcap) |
+| Office 365 Logs | Download (SHA256) | [Documentation](/ingesters/o365)|
+| Simple Relay | Download (SHA256) | [Documentation](/ingesters/simple_relay)|
+| SNMP Traps | Download (SHA256) | [Documentation](/ingesters/snmp)|
### Other downloads
@@ -57,8 +57,8 @@ Some Gravwell components are distributed as optional additional installers, such
| Component Name | Installer | More Info |
| :------------- | :----------- | :-------- |
-| Datastore | Download (SHA256) | [Documentation](/distributed/frontend) |
-| Cloud Archive Server | Download (SHA256) | [Documentation](/configuration/archive) |
-| Offline Replicator | Download (SHA256) | [Documentation](/configuration/replication) |
-| Load Balancer | Download (SHA256) | [Documentation](/distributed/loadbalancer) |
-| Gravwell Tools | Download (SHA256) | [Documentation](/tools/tools)|
+| Datastore | Download (SHA256) | [Documentation](/distributed/frontend) |
+| Cloud Archive Server | Download (SHA256) | [Documentation](/configuration/archive) |
+| Offline Replicator | Download (SHA256) | [Documentation](/configuration/replication) |
+| Load Balancer | Download (SHA256) | [Documentation](/distributed/loadbalancer) |
+| Gravwell Tools | Download (SHA256) | [Documentation](/tools/tools)|
diff --git a/quickstart/quickstart.md b/quickstart/quickstart.md
index e40a257c..d5084862 100644
--- a/quickstart/quickstart.md
+++ b/quickstart/quickstart.md
@@ -19,7 +19,7 @@ This guide is suitable for Community Edition users as well as users with a paid
You may find the [installation checklist](checklist) and the [glossary](/glossary/glossary) useful companions to this document.
-If you are interested in a complete training package, please see the [complete training PDF](https://github.com/gravwell/training/releases/download/v5.4.8/gravwell_training_v5.4.8.pdf). The Gravwell training PDF is the complete training manual which is paired with labs and exercises. The exercises are built from the open source [Gravwell Training](https://github.com/gravwell/training) repository.
+If you are interested in a complete training package, please see the [complete training PDF](https://github.com/gravwell/training/releases/download/v5.4.9/gravwell_training_v5.4.9.pdf). The Gravwell training PDF is the complete training manual which is paired with labs and exercises. The exercises are built from the open source [Gravwell Training](https://github.com/gravwell/training) repository.
```{note}
Community Edition users will need to obtain their own license from [https://www.gravwell.io/download](https://www.gravwell.io/download) before beginning installation. Paid users should already have received a license file via email.
diff --git a/search/eval/eval.md b/search/eval/eval.md
index d82a6c49..c87e6268 100644
--- a/search/eval/eval.md
+++ b/search/eval/eval.md
@@ -436,6 +436,35 @@ Returns the input with all leading and trailing whitespace removed.
Returns the input with the trailing suffix removed.
+#### pretty_size
+
+ function pretty_size(input string) string
+
+Converts a number to an abreviated pretty printed size, 1234567 becomes "1.18 MB".
+
+#### pretty_count
+
+ function pretty_count(input string) string
+
+Converts a number to an abreviated pretty printed magnitude, 1234567 becomes "1.24 M".
+
+#### pretty_count
+
+ function pretty_count(input string) string
+
+Converts a number to an abreviated pretty printed magnitude, 1234567 becomes "1.24 M".
+
+#### pretty_rate
+
+ function pretty_rate(number, duration) string
+
+Converts a number to an abreviated pretty printed rate in bytes, kilobytes, or megabytes per second given a magnitude and duration; "pretty_rate(1234567, "2s")" becomes "588.87 KB/s".
+
+#### pretty_line_rate
+
+ function pretty_line_rate(number, duration) string
+
+Converts a number to an abreviated pretty printed line rate in bits, kilobits, and megabits per second given a magnitude and duration; "pretty_line_rate(1234567, "2s")" becomes "4.71 Mb/s".
### Hash
@@ -624,7 +653,7 @@ Returns a JSON object of the given key/value pair. The value's type is evaluated
#### json_pretty
- function json_pretty(input string) string {
+ function json_pretty(input string) string
Pretty prints the given JSON input.
@@ -634,7 +663,67 @@ Pretty prints the given JSON input.
Sets a key/value pair in the given object. The value's type is evaluated at runtime and will map to the corresponding JSON type (object, array, bool, number, string), or a string if the type doesn't map to a JSON type.
+### Math
+
+```{note}
+Some math functions retain their legacy function names for backwards compatability.
+```
+
+#### ceil
+
+ function ceil(x float) float
+
+Returns the least integer value greater than or equal to x.
+
+#### floor
+
+ function floor(x float) float
+
+Returns the greatest integer value less than or equal to x.
+
+#### math_abs
+
+ function math_abs(x float) float
+
+Returns the absolut value of x.
+
+#### math_ceil
+
+ function math_ceil(x float) float
+
+Same as ceil(). Returns the least integer value greater than or equal to x.
+
+#### math_floor
+
+ function math_floor(x float) float
+Same as floor(). Returns the greatest integer value less than or equal to x.
+
+#### math_log
+
+ function math_log(x float) float
+
+Returns the natural logarithm of x.
+
+#### math_log10
+
+ function math_log10(x float) float
+
+Returns the decimal logarithm of x.
+
+#### math_log2
+
+ function math_log2(x float) float
+
+Returns the binary logarithm of x.
+
+#### math_max
+
+ function math_max(x float, y float) float
+
+Returns the larger of x or y.
+
+#### math_min
### Math
```{note}
@@ -806,4 +895,4 @@ Cast = "int" | "float" | "string" | "mac" | "ip" | "time" |
## Legacy Eval
-There is a legacy version of eval that you may still see in older queries. For more details, see the [Legacy eval page](legacy-eval) for reference.
\ No newline at end of file
+There is a legacy version of eval that you may still see in older queries. For more details, see the [Legacy eval page](legacy-eval) for reference.