What Changed
Updated README and CHANGELOG for the Microsoft Sentinel Logstash output plugin to correct version information and reflect significant architectural changes from v1.2.1 to v2.1.0.
Documentation Corrections
The documentation previously showed version 1.2.1 (released 2026-03-06) but has been updated to reflect the current version 2.1.0 (released 2026-04-14). The changelog now includes previously missing version history showing major changes implemented in version 2.0.0.
Plugin Evolution Summary
Version 2.0.0 introduced substantial changes:
- Complete refactoring from Ruby to Java implementation
- Added managed identity authentication support for Azure VMs/VMSS
- Codebase migration from GitHub to Azure DevOps
- Transition to closed-source model (removed open source contribution language)
Version 2.1.0 addressed event normalization issues that were present in the Java refactor.
Operational Impact
Organizations using this plugin should verify they are running the current version 2.1.0 to ensure proper event normalization. The managed identity authentication feature provides enhanced security for Azure-hosted Logstash deployments, eliminating the need for API key management.
Affected Files
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/CHANGELOG.md
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/README.md