Upgrading from auditbeat 7.13.0 -> 8.15.0.
What differences are expected to be seen in the logs? Does 8.15.0 provide the same information as 7.13.0? Does the format change? Is it backward compatible?
Thanks.
Hello and welcome,
Between 7.13.0 and 8.15.0 there are more than 3 years of changes, you will need to check the release notes from each version between them to really know what has changed.
You can start here.
But to resume, the output from 8.15 should be basically the same from 7.13 with some improvements regarding parsing and things like that.
Also, it is not clear what you mean with backward compatible. What is compatible with what?
Auditbeat and Elasticsearch? Or Auditbeat and audit logs?
Thank you for responding.
By backwards compatible, I meant that we are relying on the structured data the logs from 7.13.0 are giving us. If we upgrade to 8.15.0, the concern is it'll break our systems by giving us a different formatting of the logs than expected from 7.13.0.
You will need to test it.
It is not possible to guarantee compatibility with any system that is not from Elastic.
In overall the log didn't change, but some new fields may be added.