May 6, 2026 - v1.100.0

Features

Sources & Destinations

• Added two new parameters to the File source:

  • top_n (int, default 5) — controls how many files are considered when regex-based sorting is enabled. Addresses an upstream behavior where this defaulted to 1, limiting file selection to a single file per poll. Hidden when the sorting method is "date modified".

  • exclude_older_than (duration, default empty) — excludes files whose last modification time exceeds the specified duration (e.g. 24h). Prevents unbounded accumulation of tracked files from daily rotation patterns.

• Added new parameters to the Azure Event Hub source:

  • Max Poll Events — maximum number of events to retrieve per poll.

  • Poll Rate — how frequently the receiver polls for new events.

  • Enable Distributed Consumption — enables distributed consumption across multiple consumers, with supporting fields:

    • Checkpoint Store Connection String

    • Checkpoint Store Container Name

• Added new parameters to the REST API source:

  • Time-bound parameters — universal start and end time fields available for all pagination modes. Replaces the previous timestamp pagination start time and format settings, which are now hidden but preserved for existing configurations.

  • account_key — Akamai EdgeGrid authentication key.

• Added start_from to the AWS CloudWatch source. Accepts an RFC3339 timestamp to control where log reading begins, preventing agents from attempting to ingest years of historical CloudWatch logs on first connection.

• Added extra_metadata_labels to the Kubelet source. Enabling this option surfaces container.id and k8s.volume.type as resource attributes on volume metrics.

• Added an option to the MongoDB source to disable the flushes.rate metric. This is needed for collector versions prior to v1.94.2 where this metric causes scraper errors.

• Deprecated the Kafka OTLP source (v1) and introduced a v2 that supports specifying separate topics for metrics, logs, and traces.

  • The deprecated source will remain visible for current users

  • New users will only be able to configure the v2 source type.

• Added the Dynatrace detector to the Resource Detection v2 processor. The detector reads host metadata from the Dynatrace OneAgent (dt_host_metadata.properties) and emits dt.entity.host, host.name, and dt.smartscape.host resource attributes. Requires collector contrib >= 0.120.0; silently no-ops on older versions.

• The Custom source type is now available for Google Edition licenses.

Processors

• Introduced parse_timestamp_v2

  • Auto (new default) — automatically tries all ISO8601 and Epoch variants.

  • RFC3339 — correctly handles both colon-separated (+00:00) and Z-style timezone offsets, with or without fractional seconds.

  • ISO8601 — adds support for timestamps without timezone info.

  • Epoch (auto layout) — automatically detects granularity (seconds, milliseconds, microseconds, nanoseconds) via digit count; specific layouts (s, ms, us, ns, etc.) remain available.

  • Location/Locale fields are now shown for Auto, ISO8601, and Manual formats where timezone information may be absent.

• OCSF Standardization processors now support prebuilt field mapping presets (e.g., Windows Security Logs), allowing users to apply a standard set of field mappings with one click.

Configuration & UI

• Added an edge animation display option to the configuration graph:

  • Auto (default) — disables animations when 50 or more edges are present.

  • Enabled — always show animations.

  • Disabled — never show animations.

• AI-assisted features (Parse Field, Generate Processors, Parse Regex, Standardize Log Types for SecOps) now stream live progress summaries during generation, collapsing to "Thought for X seconds" when complete.

• The Active Directory source now defaults Parse to false for new configurations, reducing friction when sending data to SecOps which expects raw, unparsed data. Existing configurations are unaffected.

• Added a delete confirmation dialog for processor nodes in the pipeline editor.

Authentication & Identity

• OIDC login now supports custom claims for role and project provisioning. Identity providers can supply bindplane_org_admin, bindplane_projects, and bindplane_role claims to control access on login.

• Added a disableInvitations parameter to the OIDC configuration. When enabled, the invitation UI is hidden and invitation-based login is rejected; users are expected to be provisioned just-in-time via IdP claims.

• Auth0 SSO is now available for Growth and GrowthTrial plan types.

• bindplane init client now prompts for an authentication method (Basic Auth or API Key). Selecting one clears any stale credentials from the other method.

Secret Key Management

• Secret keys can now be assigned human-readable names at creation time (bindplane secret add --name <name>) and retrieved by name (bindplane secret get --name <name>). The secret get command output now includes the name and default status, and supports --output table|json|yaml.

Chronicle Forwarder Migration

• Added a bindplane migrate-configuration chronicle CLI command for importing Chronicle Forwarder .conf files as Bindplane configurations. Supports single file, directory, and stdin input. Each config file produces a configuration and destination resources named after the source file.

• The Chronicle Forwarder config importer now supports all Chronicle Forwarder collector types:

  • Splunk → Splunk Search API

  • Syslog → TCP and/or UDP (with _tcp/_udp name suffixes when both addresses are configured)

  • File → File v2

  • Packet capture / Web proxy → Packet Capture

  • Kafka → Kafka OTLP v2 with raw log encoding

• Two-file Chronicle Forwarder configs are now supported; credentials from the auth file are merged into the main config automatically.

Platform & Operations

• Linux packages now install /etc/bindplane/.bindplane.env. This file is loaded by systemd at startup and provides an alternative to systemd drop-in overrides for setting Bindplane environment variables.

• Bindplane now starts only the latest locally-installed transform agent binary when multiple versions are present. Previously, all discovered binaries were started simultaneously, which could cause incorrect agent selection for Live Preview.

• On-prem administrators can now apply and delete AvailableComponents resources via the REST API. Previously this was restricted to the SaaS public account context. SaaS behavior is unchanged.

• Configurations now record created_by (the authenticated user) and created_date at creation time. These fields are never overwritten on update and are preserved correctly when configurations are versioned.

• Added usage-based alerting to Project Settings (Growth plans). Administrators can configure thresholds and receive email notifications when data usage limits are approached.

• Added the following APM metrics for operators monitoring Bindplane:

  • server.cpu.utilization — CPU utilization of the Bindplane process.

  • agent.message_size histogram — size of OpAMP messages, with a direction attribute (receive or transmit).

  • cache.redis.connections — count of active and idle Redis connections.

Duration Parameters

Multiple source and destination parameters that previously accepted plain integer or string values now use Go duration format (e.g., 5m, 1h30m) with validation. Affected components: Batch, Bindplane Audit Logs, Bindplane Gateway Source, ClickHouse, ClickStack, Chronicle Forwarder, File v2, Google Cloud, Google Cloud Pub/Sub v2, IIS, Okta, OTLP gRPC, Prometheus, Resource Detection v2, SQL Query v2, Sumo Logic v2, SUSE Observability OTLP, Span Metrics, and Windows Events v2.

Bug Fixes

• Destination port field now validates the range 1–65535, rejecting port=0 on save.

• Splunk HEC source: the ack extension is no longer required and can be disabled.

• Kubelet source: the resource processor default value was missing and is now correctly set.

• google_filter_regex processor: single quotes in regex expressions are now escaped for YAML output.

• google_filter_regex processor: nested fields using bracket notation (e.g., attributes["key"]) are now correctly supported.

• Renamed the google_cloud_logentry_encoding extension and updated matching component labels for compatibility with the upstream rename.

• Fixed "Field is required" error appearing when removing the only condition from a condition block.

• Fixed nested condition blocks erroring when deleted and re-added.

• Fixed "Generate with AI" button appearing on processors other than Parse Regex.

• Fixed Google SecOps Standardization processor template rendering.

• Fixed event bus health metrics reporting.

• Fixed URL construction to omit default ports (80 for HTTP, 443 for HTTPS) per RFC 3986/7230.

• Fixed Honeycomb license check in the assisted configuration wizard.

• Fixed retrieval of sub-processors from bundle nodes in the middle of a pipeline.

• Fixed "Select All" exclusion behavior on the agents grid so the delete button appears as expected.

• Fixed configuration type filter returning no results in search.

• Org admins are now automatically added as project admins when a new project is created.

• Fixed a PostgreSQL foreign key constraint violation during identity migration.

• Linux packages: .bindplane.env is now owned by root.

• Fixed the layout of Number parameter help text.

• Added retry with backoff for connection registry bulk releases.

• Improved the snapshot message when an agent configuration has not yet been rolled out.

• Fixed InfluxDB destination: token field is now conditionally rendered based on auth type.

• Fixed REST API source match block behavior.

Misc

• Added snake_case aliases for OTel v0.148.0 component renames and updated names for v0.150.0 renames. The file_log receiver name is preserved alongside filelog for backward compatibility.

• Fixed post-account-seeding migrations after a change to seeding logic order.

• Reduced an excessively noisy "available components" warning from info to debug level.