This patch release fixes the following bugs in Tenzir Node v4.24.0:

• We fixed a bug introduced with v4.24.0 causing crashes on startup when some of the files in the node's state directory were smaller than 12 bytes.
• We fixed a rare crash on startup that would occur when starting the tenzir-node process was so slow that it would try to emit metrics before the component handling metrics was ready.
• We fixed the last aggregation function to return the last element.
• The TQL2 nics operator had a bug causing the operator name to be nic. This has now been fixed and works as documented.

Working with lists is easier than ever with Tenzir Node v4.24 and its new functions for list manipulation. Also, contexts are now first-class citizens in TQL2.

Discover Tenzir Node v4.24

📣 Dive into the details of Tenzir Node v4.24 from our announcement blog post.
🎯 Check out the new features on app.tenzir.com.
🚀 Follow the quickstart guide, get your fingers dirty and explore the demo node with just a few clicks and a guided tour. Security data has never been easier.
🎓 Learn the basics of pipelines and get familiar with the Tenzir Query Language (TQL). You'll master security data in no time.
📝 Read all the details in our changelog.

This patch release contains the following bug-fixes in comparison to v4.23.0:

• The where operator now behaves correctly when predicates evaluate to null.
• The syslog parser no longer blocks on infinite streams.
• Expressions that are pushed into export no longer cause crashes.
• The kafka plugin now picks up configuration options from the environment and the config files.
• The parquet plugin is now available in the official Docker images.
• The RPM package now installes without error on CentOS.
• The automatic cache cleanup is now more robust.
• We re-enabled the s3 and from_velociraptor plugins in the DEB and RPM packages.

Tenzir Node v4.23 comes with a new load_balance operator, a dedicated to_splunk sink, Universal Function Call Syntax and much more!

Discover Tenzir Node v4.23

📣 Dive into the details of Tenzir Node v4.23 from our announcement blog post.
🎯 Check out the new features on app.tenzir.com.
🚀 Follow the quickstart guide, get your fingers dirty and explore the demo node with just a few clicks and a guided tour. Security data has never been easier.
🎓 Learn the basics of pipelines and get familiar with the Tenzir Query Language (TQL). You'll master security data in no time.
📝 Read all the details in our changelog.

This patch release contains the following bug fixes and improvements over Tenzir Node v4.22.1:

Tenzir Node v4.22.2

• We fixed a bug that sometimes prevented incoming connections from load_tcp from closing properly.
• The google-cloud-pubsub connector and TQL2 operators load_google_cloud_pubsub save_google_cloud_pubsub operators are now available in the Docker image.
• We fixed a bug that caused the mode aggregation function to sometimes ignore some input values.
• We fixed a bug in the buffer operator that caused it to break when restarting a pipeline or using multiple buffers in a "parallel" context, such as in load_tcp's pipeline argument.
• The new value_counts aggregation function returns a list of values and their frequency.
• The new sort method sorts fields in records by name and lists by values.

This patch release contains the following bug fixes and improvements over Tenzir Node v4.22:

Tenzir Node v4.22.1

• The /serve endpoint now returns instantly when its pipeline fails before the endpoint is used for the first time. In the Tenzir Platform this causes the load more button in the Explorer to correctly stop showing for pipelines that fail shortly after starting.
• The boolean operators and/or now work correctly for the type null. Previously, null and false evaluated to null, and a warning was emitted. Now, it evaluates to false without a warning.
• Using the tenzir process from multiple users on the same host sometimes failed because the cache directory was not writable for all users. This no longer happens.
• We added three new, TQL2-exclusive aggregation functions: first, last, and mode. The functions return the first, last, and most common non-null value per group, respectively.

Tenzir Node v4.22 comes with documentation for the new version of the Tenzir Query Language, connectors for Google Cloud Pub/Sub and various bug fixes.

Discover Tenzir Node v4.22

📣 Dive into the details of Tenzir Node v4.22 from our announcement blog post.
🎯 Check out the new features on app.tenzir.com.
🚀 Follow the quickstart guide, get your fingers dirty and explore the demo node with just a few clicks and a guided tour. Security data has never been easier.
🎓 Learn the basics of pipelines and get familiar with the Tenzir Query Language (TQL). You'll master security data in no time.
💭 Understand why Tenzir was developed and how it measures up against the competition.
📝 Read all the details in our changelog.

This patch release contains the following bug fixes and improvements over Tenzir Node v4.21:

Tenzir Node v4.21.1

• We fixed a bug that sometimes caused the tenzir-node process to hang on shutdown. This was most likely to happen when the node shut down immediately after starting up, e.g., because of an invalid configuration file.
• Fixed a bug in the python operator that could lead to random valid file descriptors in the parent process being closed prematurely.
• The azure-blob-storage connector is now also available in the static linux binary distributions.
• We fixed a bug that caused the context_updates field in metrics lookup to be reported once per field specified in the corresponding lookup operator instead of being reported once per operator in total.
• A new sample operator now provides the ability to dynamically sample input data based on the frequency of the receiving events allowing relative sampling in situations of varying load.
• The grok parser now allows better control over the schema inference.
• The grok parser can now be directly used when reading input, allowing for read grok.

Parsing is now easier, faster, and better than before with Tenzir Node v4.21. Also: introducing an all-new integration with Azure Blob Storage.

Discover Tenzir Node v4.21

📣 Dive into the details of Tenzir Node v4.21 from our announcement blog post.
🎯 Check out the new features on app.tenzir.com.
🚀 Follow the quickstart guide, get your fingers dirty and explore the demo node with just a few clicks and a guided tour. Security data has never been easier.
🎓 Learn the basics of pipelines and get familiar with the Tenzir Query Language (TQL). You'll master security data in no time.
💭 Understand why Tenzir was developed and how it measures up against the competition.
📝 Read all the details in our changelog.

This patch release contains the following bug fixes and improvements over Tenzir Node v4.20:

Tenzir Node v4.20.3

• We fixed a bug where the export, metrics, and diagnostics operators were sometimes missing events from up to the last 30 seconds. In the Tenzir Platform, this showed itself as a gap in activity sparkbars upon loading the page.
• The /serve endpoint now gracefully handles retried requests with the same continuation token, returning the same result for each request.

Tenzir Node v4.20.2

• The empty record type is no longer rejected in schema definitions.
• We fixed a bug that caused the Demo Node package not to be pre-installed correctly when using the tenzir/tenzir-demo Docker image.
• We fixed a potential crash in the csv, ssv, and tsv parsers for slowly arriving inputs.
• The azure-log-analytics operator sometimes errored on startup complaining about an unknown window option. This no longer occurs.
• Restarting pipelines with the udp connector no longer fails to bind to the socket.
• The systemd unit now allows binding to privileged ports by default via the ambient capability CAP_NET_BIND_SERVICE.

Tenzir Node v4.20.1

• We fixed a regression introduced with Tenzir v4.20 that sometimes caused the Tenzir Platform to fail to fetch results from pipelines.