TL;DR: Seq 2023.3 is now available from datalust.co and by pulling
datalust/seqfrom Docker Hub. It adds support for SQL-styleunnest()over JSON array data, and introduces secure internal auditing for the Seq Datacenter tier.
Today's release reflects our continued efforts to reduce cycle times and make new Seq features available as they are completed. In case you missed Seq 2023.1 or 2023.2, the new 2023.3 build rolls up all of the fixes and improvements in those versions, too.
Lateral cross joins and the unnest() set function
Lateral cross joins and the unnest() function serve a simple but frequent need when working with fully-structured log data: unnest(x) produces one output row for every element in the array x.
select count(*)
from stream
lateral unnest Tags as Tag
group by Tag
If log events in a stream carry an array-valued property like "Tags": ["first", "second"], lateral unnest Tags as Tag will join each event with each value in its tags array. The query above uses this to count occurrences of different tag values.
lateral and unnest() may be a little perplexing if you haven't encountered anything similar before, but trust us, unnest() is an incredibly flexible tool in all kinds of collection processing scenarios. We'll write more about this feature here next week.
Internal auditing
For compliance or incident management purposes, it can be necessary to record who accesses the data in Seq, as well as configuration changes and security-related events occurring on the Seq server.
Seq 2023.3 Datacenter supports extensive built-in auditing to external storage. Audit events use Seq's fully-structured data format, so querying and reporting on audit logs is easy and efficient.
Get in touch with us if you'd like to discuss how Seq can meet your auditing requirements.
Other changes
Also in 2023.3:
- #1877 — the Data > Ingestion page now performs much better in the presence of many hundreds of API keys
- #1808 — users with
Writepermission can once again edit shared workspaces - #1890 — we've fixed a bug whereby invalid signal filters could cause indexing to fail
- #1869 — memory-mapped storage files are now released immediately after use, improving stability and avoiding very slow service shut-down on Windows
- #1892 — first-sync of DR followers has been made more robust and easier to troubleshoot
Upgrading
Seq 2023.3 is a highly-compatible in-place upgrade from earlier Seq 202x versions. Most users should simply run through the MSI/setup wizard, or pull the datalust/seq:latest container image and restart.
If you run into difficulties, need help with the upgrade process, or have questions about the new features, please reach out via the Seq discussion forum or by emailing the Seq support team.