Full Release Notes Index
This section contains a single page with all release notes on the same page.
Falcon LogScale 1.75.0 Preview (2023-01-31)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.75.0 | Preview | 2023-01-31 | 2024-01-31 | 1.44 | No | No |
Bug fixes and updates.
Deprecation
These items have been deprecated and may be removed in a future release:
The
REST
endpoint for testing actions has been deprecated. api/v1/repositories/repoId
/alertnotifiers/actionId
/test has been deprecated. The new GraphQL mutations should be used instead.
Upgrades
Changes that may occur or be required during an upgrade.
Other
Upgrade Java to 17.0.6 in Docker containers
Upgrade Kafka to 3.3.2 for KAFKA-14379
Upgrade Kafka client to 3.3.2
Upgrade Kafka Docker container to 3.3.2
Improvements, new features and functionality
UI Changes
Suggestions in The Search Box will show for certains function parameters like time formats.
Known field names are now shown as completion suggestions in The Search Box while you type.
The Search page and Dashboards URLs support links with timezones, to sharing links ensure the same timezone. E.g.
?tz=Europe/Copenhagen
Introduced Search Interactions to add custom event list options for all users in a repository.
For more information, see Event List Interactions.
You can now set your preferred timezone under Manage your Account.
The Search page now supports timezone picking. The timezone will be set on the users' session and remembered between pages.
GraphQL API
GraphQL API mutations have been added for testing actions without having to save them first. The added mutations are:
testEmailAction
testHumioRepoAction
testOpsGenieAction
testPagerDutyAction
testSlackAction
testSlackPostMessageAction
testUploadFileAction
testVictorOpsAction
testWebhookAction
The previous testAction mutation has been removed.
The new GraphQL API mutations' signature is almost the same as the create mutation for the same action, except that test actions require event data and a trigger name, as the previous testAction mutation did.
As a consequence, the
button is now always enabled in the UI.
Dashboards and Widgets
Introduced Dashboards Interactions to add interactive elements to your dashboards.
For more information, see Managing Dashboard Interactions.
Functions
default()
now supports assigning the same value to multiple fields, by passing multiple field names to thefield
parameter.selectLast()
andgroupBy()
now use less state size, allowing for larger result sets.The performance of
in()
is improved when matching with values that do not use the*
wildcard.
Bug Fixes
UI Changes
Fixed the UI as it were not showing an error when a query gets blocked due to query quota settings.
Fixed an issue that made switching UI theme report an error and only take effect for the current session.
Automation and Alerts
Functions
Queries ending with
tail()
will no longer be rendered with infinite scroll.
Other
Fixed a failing require from
MiniSegmentsAsTargetSegmentReader
, causing queries to fail in very rare cases.Unlimited waits for nodes to get in sync has been fixed. This caused digest coordination to fail, to limit the time allowed for a node to get "in sync" on a partition before leadership was assigned to it, in cases where the previous digest leader shut down gracefully.
Falcon LogScale 1.74.0 Preview (2023-01-24)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.74.0 | Preview | 2023-01-24 | 2024-01-24 | 1.44 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
Changes have been made for the three-dot menu (⋮) used for Field Interactions:
It is now available from the Fields Panel and the Inspection Panel, see Searching for Data.
Keyboard navigation has been improved.
For field interactions with live queries, the Fields Panel flyout will now display a fixed list of top values, keeping the values from the point in time when the menu was opened.
Automation and Alerts
The list of Message Templates and Variables is no longer shown in the User Interface when editing Actions, instead a link to the documentation has been added.
Configuration
A new environment configuration variable
GLOB_ALLOW_LIST_EMAIL_ACTIONS
is introduced. It enables cluster-wide blocking of recipients of Email actions that are not in the provided allow list.
Other
When creating a new group you now have to add the group and add permissions for it in the same multi step dialog.
Bug Fixes
UI Changes
Fixed an issue where the dashboard page would freeze when the value of a dashboard parameter was changed.
We have fixed tooltips in the query editor, which were hidden by other elements in the UI.
Configuration
Fixed an issue where the environment variable
OIDC_USE_HTTP_PROXY
was not respected. It means that LogScale will now call all OIDC endpoints directly without going through the HTTP Proxy, whenOIDC_USE_HTTP_PROXY
is set tofalse
.This fixes the known issue previously reported in Falcon LogScale 1.63.1 Stable (2022-11-14), Falcon LogScale 1.63.2 Stable (2022-11-30), Falcon LogScale 1.63.3 Stable (2022-12-21) and Falcon LogScale 1.70.0 Stable (2023-01-16).
Some restrictions have been introduced when running with
single-user
asAUTHENTICATION_METHOD
:Starting on a machine that already has multiple users will not delete them, but you will be unable to create additional users.
Running
AUTHENTICATION_METHOD=single-user
with multiple users will pick the best candidate based on username and privilege.
Other
We have set a maximum number of events that we will parse under a single timeout so large batches are allowed to take longer. If you've seen parsers time out not because the parser is actually slow but because you were processing many events in a single batch, this change should cause that stop happening. Only parsers that are genuinely slow should now time out.
Falcon LogScale 1.73.0 Preview (2023-01-17)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.73.0 | Preview | 2023-01-17 | 2024-01-17 | 1.44 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Functions
Using
ioc:lookup()
in a query while the IOC service is disabled will now result in a failed query instead of a warning, stating that there are partial results.The query function
holtwinters()
has been removed from the product.
Bug Fixes
Other
We have reduced the noise from
MiniSegmentMergeLatencyLoggerJob
by being more conservative about when we log mini segments that are unexpectedly not being merged. We have madeMiniSegmentMergeLatencyLoggerJob
take datasource idleness into account.
Falcon LogScale 1.72.0 Preview (2023-01-10)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.72.0 | Preview | 2023-01-10 | 2024-01-10 | 1.44 | No | No |
Bug fixes and updates.
Bug Fixes
Configuration
Removed compression type
extreme
for configurationCOMPRESSION_TYPE
. Specifyingextreme
will now select the default value ofhigh
in order not to cause configuration errors for clusters that specifyextreme
. The suggestion is to removeCOMPRESSION_TYPE
from your configurations unless you specify the only other non-default value offast
.
Other
Fixed an issue where the query scheduling could hit races with the background recompression of files in a way that resulted in the query missing the file and ending up adding warnings about segment files being missed by the query.
Falcon LogScale 1.71.0 Preview (2023-01-03)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.71.0 | Preview | 2023-01-03 | 2024-01-03 | 1.44 | No | No |
Bug fixes and updates.
Upgrades
Changes that may occur or be required during an upgrade.
Packages
Made some internal optimizations to package handling, which requires migration of data. This migration is performed automatically. Please notice:
While the upgrade of cluster nodes are ongoing, we recommend you do not install or update any packages, as they may end up in an inconsistent state.
If a package ends up in a bad state during migration, it can be fixed simply by reinstalling the package.
You will potentially experience that accessing the list of installed packages will fail, and creating new dashboards, alerts, parsers, etc. based on package templates will not work as intended.
This should only happen during the cluster upgrade, and should resolve itself once the cluster is fully upgraded.
If the cluster nodes are downgraded, any packages installed or updated while running the new version will not work, and we therefore recommend uninstalling or downgrading those packages prior to downgrading the cluster nodes.
Improvements, new features and functionality
UI Changes
Tabs on the Users page are renamed: former Groups and Permissions tab is now renamed to Permissions; former Details tab is now renamed to Information. In addition, the Permissions tab is now displayed first — it is also the tab that will be opened by default when navigating to a user from other places in the product.
Configuration
The ability to keep the same merge target across digest changes is reintroduced. This feature was reverted in an earlier release due to a discovered issue where mini segments for an active merge target could end up spread across hosts. As that issue has been fixed, mini segments should now be stored on the hosts running digest for the target.
New dynamic configuration FlushSegmentsAndGlobalOnShutdown. When set, and when
USING_EPHEMERAL_DISKS
is set to truetrue
, forces all in-progress segments to be closed and uploaded to bucket, and also forces a write (and upload) of global snapshot during shutdown. When not set, this avoids the extra work and thus time shutting down from flushing very recent segments, as those can then be resumed on next boot, assuming that next boot continues on the same Kafka epoch. The default isfalse
, which allows faster shutdown.
Bug Fixes
Configuration
Fixed an issue where the IOC database could get out of sync.
Falcon LogScale 1.70.1 Stable (2023-02-01)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.70.1 | Stable | 2023-02-01 | 2024-02-01 | 1.44 | No | No |
TAR Checksum | Value |
---|---|
MD5 | e0aa0e799d3f5b3009ef9a636ad96c78 |
SHA1 | 06710b69230c442dc67ba137bd02613cb29b5224 |
SHA256 | 5ada1e5a56d73d1e2532378035c1eccf9fa476b5226ae6bdc9d7e29dc8b2ddc3 |
SHA512 | e1768b9e41ef5940e2defbf10cc908b454ef6f67358b340fbcb648c5e91a98031b385cfcc242ee40ed33d4d17fb5e1eb7418abb287adbfe83e3827ae8e11a54f |
Docker Image | SHA256 Checksum |
---|---|
humio | 72a45d92e868e101a8bd2a7f20f83b37946761bfead3bce3bbb28a9ebf318a50 |
humio-core | f4c2cc95de7ad66e6800fbceb1a22caee567b482dcf6b1181b7369c9aa7c86eb |
kafka | c8500740a3ead1d9e6b48df608b225ffd9c221263a9bcd5f2134b3ade89260ac |
zookeeper | 0b1155a324d0940f6c4aa3e3f2088cec5d8cd77e6883454c59a111028b7cfe82 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.70.1/server-1.70.1.tar.gz
Bug fixes and updates.
Bug Fixes
Configuration
Fixed an issue where the environment variable
OIDC_USE_HTTP_PROXY
was not respected. It means that LogScale will now call all OIDC endpoints directly without going through the HTTP Proxy, whenOIDC_USE_HTTP_PROXY
is set tofalse
.This fixes the known issue previously reported in Falcon LogScale 1.63.1 Stable (2022-11-14), Falcon LogScale 1.63.2 Stable (2022-11-30), Falcon LogScale 1.63.3 Stable (2022-12-21) and Falcon LogScale 1.70.0 Stable (2023-01-16).
Some restrictions have been introduced when running with
single-user
asAUTHENTICATION_METHOD
:Starting on a machine that already has multiple users will not delete them, but you will be unable to create additional users.
Running
AUTHENTICATION_METHOD=single-user
with multiple users will pick the best candidate based on username and privilege.
Other
Unlimited waits for nodes to get in sync has been fixed. This caused digest coordination to fail, to limit the time allowed for a node to get "in sync" on a partition before leadership was assigned to it, in cases where the previous digest leader shut down gracefully.
Falcon LogScale 1.70.0 Stable (2023-01-16)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.70.0 | Stable | 2023-01-16 | 2024-01-16 | 1.44 | No | No |
TAR Checksum | Value |
---|---|
MD5 | d9bb7d6cbb0ca0bda19849432c379edf |
SHA1 | b6c06ea11e89db8f31c68b1aa2ad278aad0fe433 |
SHA256 | aaae7b77d39c82f5b6931f7be9da2e03ac7cb68bc7f246529562f3900bf23b02 |
SHA512 | 6370a6f003a2f2ac6f59fdbaa8d7578e2eae7658645bc97cc4ed5f3c75489c914cb09a35e8ca5a6b6203f8a084aac769bc6d9d9b7fd9547fa2cfe9cef6639f40 |
Docker Image | SHA256 Checksum |
---|---|
humio | 9bdd95bb499feb635b2fa10e2ccc8d3738173998679e0b59852b61e9f9072b07 |
humio-core | 8693b1c4fe80d51907f4b706e5f464ed990e365b50099ad8b6a8eb33d370b6cb |
kafka | f22f369876933b93084f34d73014697b6cbae24c3d915e8fb590f2289f4361ce |
zookeeper | b4bb9f58e8a519db4850e395824142fe62fe52f8fcf024de1001fd76481e63c7 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.70.0/server-1.70.0.tar.gz
Bug fixes and updates.
Deprecation
These items have been deprecated and may be removed in a future release:
The following environment variables are deprecated as of this release. Their removal will be announced in a future version.
The recommended steps for migrating off of Zookeeper are described in Falcon LogScale 1.70.0 Stable (2023-01-16).
Upgrades
Changes that may occur or be required during an upgrade.
Installation and Deployment
We have enabled a new vhost selection method by default. The way hosts select their vhost number when joining the cluster has changed, the new logic is described at Node Identifiers documentation page.
The new logic does not depend on Zookeeper, even for clusters where nodes occasionally lose disk contents, such as Kubernetes. In order to smooth migration for clusters using Zookeeper, the new logic will still interact with Zookeeper to avoid nodes using a mix of new and old vhost code from fighting over the vhost numbers. This is only necessary while migrating.
The recommended steps for migrating off of Zookeeper are as follows:
Deploy the new LogScale version to all nodes.
Remove
ZOOKEEPER_URL_FOR_NODE_UUID
,ZOOKEEPER_URL
,ZOOKEEPER_PREFIX_FOR_NODE_UUID
,ZOOKEEPER_SESSIONTIMEOUT_FOR_NODE_UUID
from the configuration for all nodes.Reboot
Once rebooted, LogScale should no longer need Zookeeper directly, except as an indirect dependency of Kafka. Due to this, the 4 Zookeeper-related variables are deprecated as of this release and will be removed in a future version.
Since vhost numbers now change when a disk is wiped, cluster administrators for clusters using nodes where
USING_EPHEMERAL_DISKS
is set totrue
will need to ensure that the storage and digest partitioning tables are up to date as hosts join and leave the cluster. Updating the tables is handled automatically if using the Logscale Kubernetes operator, but for clusters that do not use this operator, cluster administrators should run scripts periodically to keep the storage and digest tables up to date. This is not a new requirement for ephemeral clusters, but we're providing a reminder here since it may be needed more frequently now.The cluster GraphQL query can provide updated tables (the
suggestedIngestPartitions
andsuggestedStoragePartitions
fields), which can then be applied via the updateIngestPartitionScheme and updateStoragePartitionScheme GraphQL mutations.Should you experience any issue in using this feature, you may opt out by setting
NEW_VHOST_SELECTION_ENABLED=false
. If you do this, please reach out to support with feedback, as we otherwise intend to remove the old vhost selection logic in the coming months.
Improvements, new features and functionality
Dashboards and Widgets
Added support for export and import of dashboards with query based widgets which use a fixed time window.
Other
New background task
TagGroupingSuggestionsJob
that reports on flow rate in repositories with many datasources on what it considers slow ones, controlled by configuration of segment sizes and flush intervals. The output in the log can be input to decision on addTag Grouping
to a repository to reduce the number of slow datasources.Add code to ensure all minisegments for the same target end up located on the same hosts. A change in 1.63 could create a situation where minisegments for the same merge target wound up on different nodes, which the query code currently assumes can't happen. This could cause
Result is partial
responses to user queries.
Bug Fixes
Security
Update Netty to address CVE-2022-41915.
Automation and Alerts
Fixed a bug where a link in the notification for a failed alert would link to a non-existing page.
Dashboards and Widgets
Scatter Chart
has been updated:The x-axis would not update correctly with updated query results
The trend line toggle in the style panel was invisible.
Fixed three bugs in the
Bar Chart
— where the sorting would be wrong with updating query results in the stacked version, flickering would occur when deselecting all series in the legend, and deselecting renamed series in the legend would not have any effect.Fixed an issue with parameters in dashboards, where the values of a fixed list parameter would not have their order maintained when exporting and importing templates.
Other
Fixed a bug where very long string literals in a regex could cause a query/parser to fail with a stack overflow.
Known Issues
Other
OIDC known issue preventing login:
if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.
Falcon LogScale 1.69.0 Preview (2022-12-13)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.69.0 | Preview | 2022-12-13 | 2023-01-16 | 1.44 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Other
Add bounds to maximum number of active notifications per user.
Added option to filter by group and role permission types in
groupsPage
androlesPage
queries.Reduced CPU usage of background tasks for the case of high partition count and high datasource count.
Add support for GET+DELETE requests for queries by external Query ID without including the repository name in the URL. The new URL is
/api/v1/queryjobs/QUERYID
. Note that shared dashboard token authentication is not supported on this API. (The existing API on/api/v1/repositories/REPONAM/queryjobs/QUERYID
remains unmodified and support POST requests for submit of queries.)Throttle publish to global-events topic internally based on time spent in recent transactions of the same type (digest-related writes are not throttled). See details at new configuration variable
GLOBAL_THROTTLE_PERCENTAGE
page. Also see the metricglobal-operation-time
for measurements of the time spent.
Bug Fixes
Other
Allow creating Kafka topics even if a broker is down.
LogScale no longer considers every host to be alive for a period after rebooting. Only hosts marked as
running
in global will be considered alive. This fixes an issue where a query coordinator might pointlessly direct queries to dead nodes because the coordinator had recently booted.
Falcon LogScale 1.68.0 Preview (2022-12-06)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.68.0 | Preview | 2022-12-06 | 2023-01-16 | 1.44 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Deprecation
The query function
holtwinters()
is now deprecated and will be removed along with the release of future version 1.73; therefore, its usage in alerts is not recommended.
Falcon Data Replicator
Enforcing S3 file size limits (30MB) in FDR feeds. Files will not be ingested if they are above the limit.
UI Changes
Introduced the Social Login Settings feature: all customers with access to the organization identity providers page can now change social login settings in the UI. See Identity Providers for details.
No longer possible to add a color to roles. Existing role colors removed from the UI.
Automation and Alerts
Improved performance when storing alert errors and trigger times in global.
Configuration
Changed the default value for
AUTHENTICATION_METHOD
fromnone
tosingle-user
.To set username and password, use the environment variables:
SINGLE_USER_USERNAME
— if not set, default isuser
.SINGLE_USER_PASSWORD
— if not set, a random password is generated.
See
SINGLE_USER_USERNAME
andSINGLE_USER_PASSWORD
documentation for more details on these variables.Set minimum version for the cluster to be 1.44.0.
Set dynamic configuration
BucketStorageWriteVersion
to3
. This sets the format for files written to bucket storage to use a format that allows files larger than 2GB and incurs less memory pressure when decrypting files during download from the bucket. The new format is supported since 1.44.0 only.
Other
Audit logging has been improved.
New metric
global-operation-time
: tracks local time spent processing each kind of message received on the global events topic.
Bug Fixes
UI Changes
The warning about unsaved changes being lost on an edited dashboard will now only show when actual changes have been made.
Other
Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.
Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when
version-for-bucket-writes=3
. The bug did not allow to decrypt files larger than 2GB.
Falcon LogScale 1.67.0 Preview (2022-11-29)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.67.0 | Preview | 2022-11-29 | 2023-01-16 | 1.30 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Functions
A new query function named
createEvents()
has been released. This function creates events from strings and is used for testing queries.
Bug Fixes
UI Changes
URL paths with repository name and no trailing /search resolved to
Not Found
. The URL /repoName will now again show the search page for therepoName
repository.IP Location drilldowns now correctly use lat and lon field names instead of latitude and longitude .
Functions
Falcon LogScale 1.66.0 Preview (2022-11-22)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.66.0 | Preview | 2022-11-22 | 2023-01-16 | 1.30 | No | Yes |
Bug fixes and updates.
Improvements, new features and functionality
Configuration
Added a new configuration to control when digest coordination will permit a node that is not "in sync" and to set a time limit. See
MAX_SECS_WAIT_FOR_SYNC_WHEN_CHANGING_DIGEST_LEADER
for all the details.
Other
Make adjustments to the HostsCleanerJob. It will now remove references to missing hosts in fewer writes, and will stop immediately if a host rejoins the cluster.
Bug Fixes
Functions
Fixed a bug seen in version 1.65 where
groupBy()
on multiple fields would sometimes produce multiple rows for the same combination of keys.
Other
Fixed a race where unavailable segments, due to nodes going away, would not become available again after nodes returning.
Fixed an issue that could cause the error message
Object is missing required member 'replicationFactor'
when downgrading from current versions to older versions. The error message is only a nuisance, since the object failing deserialization isn't in use in released code yet.Fixed an issue that could cause repeated unnecessary updates of currentHosts for some segments.
Packages
Fixed an issue where deleting a parser through an update or uninstall of a package could fail in an unexpected way if the parser was used by an ingest listener or an Fdr feed. Now, a proper error message will be shown.
Falcon LogScale 1.65.0 Preview (2022-11-15)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.65.0 | Preview | 2022-11-15 | 2023-01-16 | 1.30 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Security
The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.
UI Changes
A new UI for
event forwarders
located under Organisation Settings now allows you to configure your event forwarders. See Event Forwarders for details.The
Repository
icon has been changed to match the new look and feel.
Automation and Alerts
Added a query editor warning (yellow wavy lines) for joins in alerts.
Configuration
Added a new dynamic configuration
UndersizedMergingRetentionPercentage
, with a default value of 20. This configuration value is used when selecting undersized segments to merge, this setting controls how wide a time span can be merged together.The setting is interpreted as a percentage of the repository's
retention by time
setting. A reasonable range is 0 through to 90.
Other
Increased the limits for
bucket
. The maximum number of series has been raised from 50 to 500 and the maximum number of output events has been raised from 10,000 to 100,000.Docker images have been upgraded to Java 17.0.5.
Reduce the scope of a precondition for a particular write to global. This should reduce unnecessary transaction rejections when such writes are bulked together.
Audit logging for s3 archiving which tracks when it is enabled, disabled, configured, and restarted.
Avoid writing some messages to global if we can tell up-front that the message is unnecessary.
Bug Fixes
Configuration
Fix some issues with the workings of the
BUCKET_STORAGE_MULTIPLE_ENDPOINTS
andS3_STORAGE_ENDPOINT_BASE
configurations.The intent of this configuration is to allow users to configure buckets in multiple bucket services, for instance to allow migrating from AWS bucket storage to a local S3 service. When
true
, each bucket in global can have a separate endpoint configuration, as defined inS3_STORAGE_ENDPOINT_BASE
and similar configurations. This allows an existing cluster running against AWS S3 to begin uploading segments to an on-prem S3 by switching the endpoint base, while still keeping access to existing segments in AWS.When
false
(default), the endpoint base configuration is applied to all existing buckets on boot. This is intended for cases where the base URL needs to be changed for all bucket, for instance due to the introduction of a proxy.The issue was that we were not consistently looking up endpoint urls in global for the relevant bucket, but instead simply used whichever endpoint url happened to be defined in configuration at the time. This has been fixed.
Other
Fixed a minor desynchronization issue related to idle datasources.
The SAML login to
Humio
using deeplinks now works correctly.When a host is removed from global, a job tries to clean up any references to it from other places in global, such as segments. Fixed a bug in this job that meant it didn't clean up references on segments that were tombstoned but not yet gone from global. This issue could block cleanup of those segments.
Fixed a bug where interaction context menus did not update the query editor in Safari.
Falcon LogScale 1.64.0 Preview (2022-11-01)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.64.0 | Preview | 2022-11-01 | 2023-01-16 | 1.30 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Configuration
Added new dynamic configuration for
MaxIngestRequestSize
to allow limiting size of ingest requests after content-encoding has been applied. The default can be set using the new configuration variableMAX_INGEST_REQUEST_SIZE
, or applied via the dynamic configuration.
Dashboards and Widgets
It is now possible to specify a dashboard by name in the URL. It is also possible to have dashboard ID as a parameter in order to have permanent links.
Functions
Removed the restriction that
case
andmatch
expressions cannot be used in subqueries.The query function
split()
now allows splitting arrays that contain arrays. For example, the eventa[0][0]=1, a[1][0]=2
can now be split usingsplit(a)
produces two events:_index=0, a[0]=1' and '_index=1, a[0]=2
.The query function
in()
has been improved w.r.t. performance when searching in tag fields.Improved memory allocation for the query function
split()
.The query function
join()
now provides information to optimize the query.
Other
In the internal request log, include decoded size of the request body after content-encoding has been applied in new field
decodedContentLength
. This allows inspecting compression ratio of incoming requests and range of values seen. Requests without compression havecontentLength
in this new field too.
Bug Fixes
UI Changes
Fixed a bug where a disabled item in the main menu could be clicked on and which would redirect to the homepage.
The Inspection Panel now copies text correctly again.
menu in the event
Functions
The query functions
bucket()
,holtwinters()
,beta:repeating()
,series()
,session()
, andwindow()
wrongly acceptednow
as a duration. This error has been fixed.Fixed an issue where
percentile()
would crash on invalid input.
Other
Fixed an issue that could cause merged segments to appear to be missing after a restart, due to the datasource going idle.
Falcon LogScale 1.63.4 Stable (2023-02-01)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.63.4 | Stable | 2023-02-01 | 2024-02-01 | 1.30.0 | No | No |
TAR Checksum | Value |
---|---|
MD5 | b8b3067213532194d2510cc1b12b1ed8 |
SHA1 | 5418f0926f51fafb413500fbdbb41df496a7fb0d |
SHA256 | 994882158ac89800a9418fe8d2b51426dc794ec1fbc5dc1d365530c8449fefca |
SHA512 | 262f662af3647d77352e1abe990be003f98a2abf50be0350b538ca8cc13ff56ec6414f3a045758d64bbf4e137918877fe56d70a1b3ef01e1405da4514742d66e |
Docker Image | SHA256 Checksum |
---|---|
humio | 8861250649894e744ecb070db48a50c5ffdf071f7bc26a3b1bc41970262da77e |
humio-core | b310155c2958037385eb20527dad3bd10a0854c0761ef9991ca4c48d01074a42 |
kafka | 4d9fb7715fd851192005c1cf8180e9ff9a27b84f58e720b36f4d4f3baa5a4449 |
zookeeper | d00d8999eb2880d7d0ef307210b7c5aa3949b2c16ec1d471af36d9344a8501c9 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.4/server-1.63.4.tar.gz
Bug fixes and updates.
Bug Fixes
Configuration
Fixed an issue where the environment variable
OIDC_USE_HTTP_PROXY
was not respected. It means that LogScale will now call all OIDC endpoints directly without going through the HTTP Proxy, whenOIDC_USE_HTTP_PROXY
is set tofalse
.This fixes the known issue previously reported in Falcon LogScale 1.63.1 Stable (2022-11-14), Falcon LogScale 1.63.2 Stable (2022-11-30), Falcon LogScale 1.63.3 Stable (2022-12-21) and Falcon LogScale 1.70.0 Stable (2023-01-16).
Other
Unlimited waits for nodes to get in sync has been fixed. This caused digest coordination to fail, to limit the time allowed for a node to get "in sync" on a partition before leadership was assigned to it, in cases where the previous digest leader shut down gracefully.
Falcon LogScale 1.63.3 Stable (2022-12-21)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.63.3 | Stable | 2022-12-21 | 2023-12-21 | 1.30.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 74b7a4bc3143245a361537e572c5afb2 |
SHA1 | ef312b1b71d041d1b9a4ebfd7ef5108c6fff24b3 |
SHA256 | c7fe720697a9c624db9cc26268883b7389092c3c0dbc5541b643ff12cf62226d |
SHA512 | 5fb5b6dee09abafc1f45b2cce0889e315cd1aa6fc79dd393bfb78eac5bd51047ada7670d65fe4bbc7908b0791c17048552eb03abf675fb70b74778b5142db523 |
Docker Image | SHA256 Checksum |
---|---|
humio | ba99848f525941344e972b9fddc437042aaaa851bbba6a10f3e54aebccafbe62 |
humio-core | ef99f9f84bfd3258f4abc92e6b3f1ec300003caaf93cb330a1a52f419e9e6e76 |
kafka | d96ae0f7043c57f0f1b0ae79a03d27fdb38854232f63dc341987158b6703b09f |
zookeeper | 357e3e93a78cc19e7d8aad157e6b1416c36fbf31153897d40adc9aa02b9b9b61 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.3/server-1.63.3.tar.gz
Bug fixes and updates.
Improvements, new features and functionality
Other
Add code to ensure all minisegments for the same target end up located on the same hosts. A change in 1.63 could create a situation where minisegments for the same merge target wound up on different nodes, which the query code currently assumes can't happen. This could cause
Result is partial
responses to user queries.
Bug Fixes
Security
Update Netty to address CVE-2022-41915.
Automation and Alerts
Fixed a bug where a link in the notification for a failed alert would link to a non-existing page.
Other
Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.
Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when
version-for-bucket-writes=3
. The bug did not allow to decrypt files larger than 2GB.
Known Issues
Other
OIDC known issue preventing login:
if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.
Falcon LogScale 1.63.2 Stable (2022-11-30)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.63.2 | Stable | 2022-11-30 | 2023-11-30 | 1.30.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 4b6142d1443af26cbe05f794f8fb65ec |
SHA1 | 2d21db39a7d4de74df05aea99baab1ad5d5def35 |
SHA256 | fe66c9be4aab6b027a5ebc5711fedaeee0aea088c7a20981dfdca07739325f1a |
SHA512 | efb7e6aaa4dbbfd1662552fb3f07b6895bcb2220b69da34a6deb228bd13b286a38ac470f436a0378fa24701d13094da3d3524ebd0f9580a9a599ca5c |
Docker Image | SHA256 Checksum |
---|---|
humio | dd063817c4b302708422213deaa45ac8c799dfc199ae9dc8e80c18a12f882c28 |
humio-core | 2f52662a0191e3723c65ac344b8aedb8a0b4a31f324823857fc2dcd13262c5e4 |
kafka | cfc1d3f130db496dff29c8c8bf3897253615b03521584bd1f3e17da7a398b67f |
zookeeper | 3d485ef41d36cbc71b583bee7153f75d660c2d1bf42c88fa6dbc21557eac0123 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.2/server-1.63.2.tar.gz
Bug fixes and updates.
Bug Fixes
UI Changes
URL paths with repository name and no trailing /search resolved to
Not Found
. The URL /repoName will now again show the search page for therepoName
repository.
Known Issues
Other
OIDC known issue preventing login:
if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.
Falcon LogScale 1.63.1 Stable (2022-11-14)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.63.1 | Stable | 2022-11-14 | 2023-11-14 | 1.30 | No | No |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.1/server-1.63.1.tar.gz
Bug fixes and updates.
Deprecation
These items have been deprecated and may be removed in a future release:
Deprecated feature removal: the file-based backup feature was deprecated in 1.42.0 and is now removed from Humio. The following configs are no longer supported and will do nothing if set:
BACKUP_NAME
BACKUP_DIR
BACKUP_KEY
TheDELETE_BACKUP_AFTER_MILLIS
config is still supported, as it is used for configuring the delay between a file being marked for deletion in Humio, and that file being removed from bucket storage.
Improvements, new features and functionality
Security
The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.
Falcon Data Replicator
Added the new
fileDownloadParallelism
setting for FDR feeds to download files from the same SQS message in parallel. See Adjust Polling Nodes Per Feed for all the details.
UI Changes
Add Falcon LogScale announcement on login and signup pages.
The
Single Value
widget has updated properties:New design for the toggle switch: it is now bigger and has a green/gray color profile instead of blue/gray.
The color profile of the displayed value by trend is now customizable.
Parsing JSON arrays in drill-down context menus no longer adds a trailing dot to the prefix field name.
Following its name change, mentions of Humio have been changed to Falcon LogScale.
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
Contextual drill-down menus for field interactions have been introduced, see Field Interactions. In particular:
Fields in the Inspection Panel are now provided with and context menu items, replacing the former buttons, see updates at Inspecting Events.
The Fields Panel on the left-hand side of the User Interface is now provided with and context menu items, replacing the former drill-down buttons in the field details flyout (when clicking a field in the fields menu). See updates at Displaying Fields.
Fields that have JSON, URL and Timestamps content will have a
drill-down option which will parse the field as a LogScale field.Parsing JSON will automatically use the field name as prefix for the new field name.
Fields containing numbers (currently JSON only) will have
, , , , and drill-down options.
Interactions on JSON data now enabled for JSON arrays in the Event List.
Change Humio logo to Falcon LogScale on login and signup pages.
Automation and Alerts
Self-hosted only: the old implementation of how alert queries are run has been removed. As a consequence, the dynamic configuration
UseLegacyAlertJob
has also been removed.Added two new message templates to actions,
{query_start_s}
and{query_end_s}
. See Message Templates and Variables for details.
GraphQL API
Added new createDashboardFromTemplateV2 mutation with input parameters aligned with the rest of the create from template mutations.
Dashboards and Widgets
JSON in
and formats columns inEvent List
widgets now have fields underlined on hover and are clickable. This allows drill-downs and copying values easily.
Functions
Improved the
format()
:Fixed an issue where the
format()
function would output the wrong amount of left padded zeros for decimal conversions.Formatting large positive numbers as hex no longer causes a loss of bits for integers less than 2^63.
Formatting negative numbers as hex no longer produces unintelligible strings.
Fixed an issue where adding the
#
flag would not display the correct formatting string.Fixed an issue where specifying the time/date modifier
N
would fail to parse.Fixed an issue where supplying multiple fields required you to specify the index of the last field as an argument specifier.
Added a length specifier to allow for outputting fields as 32-bit integers instead of 64-bits.
Using the type specifier
%F
now tries to format the specified field as a floating point.
See the
format()
reference documentation page for all the above mentioned updates on the supported formatting syntax.Introduced new valid array syntax in
array:contains()
andarray:regex()
functions:Changed the expected format of the
array
parameter.Changed these functions to no longer be experimental.
QueryAPI —
executionModeHint
renamed toexecutionMode
.QueryAPI — Added
staticMetaData
property toQueryJobStartedResult
. At the moment it only contains the propertyexecutionMode
, which can be used to communicate hints about the way the backend executes the query to the front-end.
Other
New background task that runs at startup. It verifies the checksums present in local segment files, traversing the most recently updated segment files on the local disk, using the timestamps they have when Humio status. If a file has invalid checksum it will be renamed to
crc-error.X
whereX
is the ID of the segment. An error will be logged as well.Added a new ingest endpoint for receiving metrics and traces via OpenTelemetry OTLP/http. See OpenTelemetry for all the details.
Added a new dynamic config
UndersizedMergingRetentionPercentage
, with a default value of 20. This configuration value is used when selecting undersized segments to merge, this setting controls how wide a time span can be merged together.The setting is interpreted as a percentage of the repository's
retention by time
setting. A reasonable range is 0 through to 90.Created new test function for event forwarders, which takes as input an event forwarder configuration and tests whether it is possible to connect to the Kafka server. The current test function which takes an ID as input and tests an existing event forwarder by ID, is now marked as deprecated.
When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
Use latest version of Java 17 in Docker images.
It's now possible to expand multiple bell notifications.
Add a script in the tarball distribution's bin directory to check the execution environment, checking common permission issues and other requirements for an environment suitable for running Logscale.
Added use of the HTTP Proxy Setup, if configured, in a lot of places.
Empty datasource directories will be now removed from the local file system while starting the server.
Add an additional validation check when uploading files to S3-like bucket storage. Humio will now perform a HEAD request for the file's final location in the bucket to verify that the upload succeeded.
Bug Fixes
UI Changes
Change missing
@timestamp
field to give a warning instead of an error in functionstail()
,head()
,bucket()
, andtimeChart()
.
Dashboards and Widgets
Bug fixed in
Scatter Chart
widget tooltip, so that the description of the actual point only is shown in the tooltip when hovering the mouse over one point, instead of multiple points.Fixed a bug where query result containing no valid results was handled incorrectly in visualisation.
Functions
Fixed an issue where
NaN
values could causegroupBy()
queries to fail.Fixed a bug where the
selfJoin()
function would not apply thepostfilter
parameter.Fixed an issue where
match()
would sometimes give errors whenignoreCase=true
and events contained latin1 encoded characters.
Other
Fix an issue that could cause event redaction tasks to fail to complete, if a segment having events redacted was deleted due to retention.
Fixed an issue where nothing was displayed on the average ingest chart in case only one datapoint is present.
Fix an issue causing a content-length check for bucket uploads to fail when encryption was enabled. The content-length check is not normally enabled, so this should only affect clusters that have disabled ETag-based validation.
Fixed a regression causing a reflective method lookup to fail when Humio is running on a Java prior to 13.
When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
When a host is removed from global, a job tries to clean up any references to it from other places in global, such as segments. Fixed a bug in this job that meant it didn't clean up references on segments that were tombstoned but not yet gone from global. This could block cleanup of those segments.
It is now possible for a user to use the same personal invite token after the user has been transferred to another organization.
Known Issues
Other
OIDC known issue preventing login:
if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.
Falcon LogScale 1.63.0 Preview (2022-10-25)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.63.0 | Preview | 2022-10-25 | 2022-11-14 | 1.30 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
GraphQL API
Added enableEventForwarder and disableEventForwarder mutations to enable/disable event forwarders.
Log Collector
LogScale Collector download page has moved into the new top level tab Log Collector Fleet Management (Cloud-only).
New FleetOverview functionality for the LogScale Collector 1.2.0 is available.
Humio Log Collector is now Falcon LogScale Collector.
Functions
The
holtwinters()
query function will be deprecated with the release of future version 1.68. From then, it cannot be expected to work in alerts, and it will be removed entirely with the release of version 1.72.The
base64Decode()
query function now accepts non-canonical encodings.The
parseCsv()
function has improved its performance, in particular in terms of memory pressure.
Other
Close all segments a node is working on when shutting down. This should help start later in Kafka after reboots.
Bug Fixes
Other
Fixed a race condition where the segment top offset wasn't removed when a datasource went idle due to a race. This could result in event redaction not running for such segments.
Fixed an issue with validations when creating a new Ingest Listener as Netflow/UDP.
The form validation for Ingest Listener will now clearly tell the user that the parser needs to be selected when you change between different protocols.
Humio Server 1.62.0 Preview (2022-10-18)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.62.0 | Preview | 2022-10-18 | 2022-11-14 | 1.30 | No | No |
Updates.
Improvements, new features and functionality
UI Changes
Add Falcon LogScale announcement on login and signup pages.
Parsing JSON arrays in drill-down context menus no longer adds a trailing dot to the prefix field name.
Following its name change, mentions of Humio have been changed to Falcon LogScale.
Change Humio logo to Falcon LogScale on login and signup pages.
Functions
Introduced new valid array syntax in
array:contains()
andarray:regex()
functions:Changed the expected format of the
array
parameter.Changed these functions to no longer be experimental.
Other
Added a new ingest endpoint for receiving metrics and traces via OpenTelemetry OTLP/http. See OpenTelemetry for all the details.
Add a script in the tarball distribution's bin directory to check the execution environment, checking common permission issues and other requirements for an environment suitable for running Logscale.
Humio Server 1.61.0 Preview (2022-10-11)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.61.0 | Preview | 2022-10-11 | 2022-11-14 | 1.30 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Falcon Data Replicator
Added the new
fileDownloadParallelism
setting for FDR feeds to download files from the same SQS message in parallel. See Adjust Polling Nodes Per Feed for all the details.
UI Changes
Interactions on JSON data now enabled for JSON arrays in the Event List.
Functions
QueryAPI —
executionModeHint
renamed toexecutionMode
.QueryAPI — Added
staticMetaData
property toQueryJobStartedResult
. At the moment it only contains the propertyexecutionMode
, which can be used to communicate hints about the way the backend executes the query to the front-end.
Bug Fixes
Functions
Fixed a bug where the
selfJoin()
function would not apply thepostfilter
parameter.
Other
Fix an issue that could cause event redaction tasks to fail to complete, if a segment having events redacted was deleted due to retention.
Fixed an issue where nothing was displayed on the average ingest chart in case only one datapoint is present.
Fixed a regression causing a reflective method lookup to fail when Humio is running on a Java prior to 13.
Humio Server 1.60.0 Preview (2022-10-04)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.60.0 | Preview | 2022-10-04 | 2022-11-14 | 1.30 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
Contextual drill-down menus for field interactions have been introduced, see Field Interactions. In particular:
Fields in the Inspection Panel are now provided with and context menu items, replacing the former buttons, see updates at Inspecting Events.
The Fields Panel on the left-hand side of the User Interface is now provided with and context menu items, replacing the former drill-down buttons in the field details flyout (when clicking a field in the fields menu). See updates at Displaying Fields.
Fields that have JSON, URL and Timestamps content will have a
drill-down option which will parse the field as a LogScale field.Parsing JSON will automatically use the field name as prefix for the new field name.
Fields containing numbers (currently JSON only) will have
, , , , and drill-down options.
GraphQL API
Added new createDashboardFromTemplateV2 mutation with input parameters aligned with the rest of the create from template mutations.
Dashboards and Widgets
JSON in
and formats columns inEvent List
widgets now have fields underlined on hover and are clickable. This allows drill-downs and copying values easily.
Other
New background task that runs at startup. It verifies the checksums present in local segment files, traversing the most recently updated segment files on the local disk, using the timestamps they have when Humio status. If a file has invalid checksum it will be renamed to
crc-error.X
whereX
is the ID of the segment. An error will be logged as well.Use latest version of Java 17 in Docker images.
It's now possible to expand multiple bell notifications.
Bug Fixes
Dashboards and Widgets
Fixed a bug where query result containing no valid results was handled incorrectly in visualisation.
Functions
Fixed an issue where
NaN
values could causegroupBy()
queries to fail.
Humio Server 1.59.0 Preview (2022-09-27)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.59.0 | Preview | 2022-09-27 | 2022-11-14 | 1.30 | No | No |
Updates.
Improvements, new features and functionality
UI Changes
The
Single Value
widget has updated properties:New design for the toggle switch: it is now bigger and has a green/gray color profile instead of blue/gray.
The color profile of the displayed value by trend is now customizable.
Automation and Alerts
Added two new message templates to actions,
{query_start_s}
and{query_end_s}
. See Message Templates and Variables for details.
Humio Server 1.58.0 Preview (2022-09-20)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.58.0 | Preview | 2022-09-20 | 2022-11-14 | 1.30 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
Functions
Improved the
format()
:Fixed an issue where the
format()
function would output the wrong amount of left padded zeros for decimal conversions.Formatting large positive numbers as hex no longer causes a loss of bits for integers less than 2^63.
Formatting negative numbers as hex no longer produces unintelligible strings.
Fixed an issue where adding the
#
flag would not display the correct formatting string.Fixed an issue where specifying the time/date modifier
N
would fail to parse.Fixed an issue where supplying multiple fields required you to specify the index of the last field as an argument specifier.
Added a length specifier to allow for outputting fields as 32-bit integers instead of 64-bits.
Using the type specifier
%F
now tries to format the specified field as a floating point.
See the
format()
reference documentation page for all the above mentioned updates on the supported formatting syntax.
Other
Empty datasource directories will be now removed from the local file system while starting the server.
Add an additional validation check when uploading files to S3-like bucket storage. Humio will now perform a HEAD request for the file's final location in the bucket to verify that the upload succeeded.
Bug Fixes
UI Changes
Change missing
@timestamp
field to give a warning instead of an error in functionstail()
,head()
,bucket()
, andtimeChart()
.
Other
Fix an issue causing a content-length check for bucket uploads to fail when encryption was enabled. The content-length check is not normally enabled, so this should only affect clusters that have disabled ETag-based validation.
Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.
Humio Server 1.57.0 Preview (2022-09-13)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.57.0 | Preview | 2022-09-13 | 2022-11-14 | 1.30 | No | No |
Bug fixes and updates.
Deprecation
These items have been deprecated and may be removed in a future release:
Deprecated feature removal: the file-based backup feature was deprecated in 1.42.0 and is now removed from Humio. The following configs are no longer supported and will do nothing if set:
BACKUP_NAME
BACKUP_DIR
BACKUP_KEY
TheDELETE_BACKUP_AFTER_MILLIS
config is still supported, as it is used for configuring the delay between a file being marked for deletion in Humio, and that file being removed from bucket storage.
Improvements, new features and functionality
UI Changes
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
Other
Created new test function for event forwarders, which takes as input an event forwarder configuration and tests whether it is possible to connect to the Kafka server. The current test function which takes an ID as input and tests an existing event forwarder by ID, is now marked as deprecated.
When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
Added use of the HTTP Proxy Setup, if configured, in a lot of places.
Bug Fixes
Dashboards and Widgets
Bug fixed in
Scatter Chart
widget tooltip, so that the description of the actual point only is shown in the tooltip when hovering the mouse over one point, instead of multiple points.
Functions
Fixed an issue where
match()
would sometimes give errors whenignoreCase=true
and events contained latin1 encoded characters.
Other
Fixed an issue where the HTTP threads (Akka pool) could get blocked while sending ingest requests to Kafka, which could result in Humio HTTP endpoints not responding.
When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
It is now possible for a user to use the same personal invite token after the user has been transferred to another organization.
Humio Server 1.56.4 Stable (2022-12-21)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.56.4 | Stable | 2022-12-21 | 2023-12-21 | 1.30.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 2afb7131fc25ec5161869b348421a51d |
SHA1 | 5c93d5bd0b065b2de49571f9285ab087c2b7b6fd |
SHA256 | ca1b48a745b492dd2a580ff2efcd37a20440787dc150c65ae51ad3547bbc5528 |
SHA512 | c24ff5be15fd46b712de76d574d4b9e49464e3679cd8b5fe707442337fac6fc828cc9173663a3e2f3271a3ad6545c4b87c849ce75db27cfb5ed05795f998011f |
Docker Image | SHA256 Checksum |
---|---|
humio | c44efa344016b1e3750fbaa0c48aaf82a1a70400c7e5f84c230396143523fc94 |
humio-core | 0c5cc7251f855759999c61a259fc3b3dae5180b43f97296fe4ff0709c872af6b |
kafka | 270d083cd4a0e1947e9f151396404bd77c3e6581dd3615e04814b9b4e0108743 |
zookeeper | 116ef60d3affef2415dfb3b25b6460b67bceebedc4b11070039aa3ba2dbcbb31 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.4/server-1.56.4.tar.gz
Bug fixes and updates.
Improvements, new features and functionality
Security
The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.
Bug Fixes
Security
Update Netty to address CVE-2022-41915.
Other
Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.
Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when
version-for-bucket-writes=3
. The bug did not allow to decrypt files larger than 2GB.
Humio Server 1.56.3 Stable (2022-10-05)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.56.3 | Stable | 2022-10-05 | 2023-10-05 | 1.30.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | f58e3b5944609cb3331a54277b4bf9d6 |
SHA1 | 48c6bf3339693489e073cbac67ba799fbe48661f |
SHA256 | 0273a18b354b2844a48175b16fd88f02b1522281a94850a3cc6815430d9efea5 |
SHA512 | 9ba1ef1ffc2f9d5d1a366b11f724bf24489e9f97c456104399b31d02b4da2903b6c1ac3903ecab862b305e530c19d12400748657cf096f35838ebab978b045e2 |
Docker Image | SHA256 Checksum |
---|---|
humio | 6de3bd848774503be64bc0ff6301afa5544bf379e58a8f485703d139ff13c2e1 |
humio-core | 7a15c633a82db8246a9d4a2e51bd3f802f11f7e08c53d88cb0f79a4886fd12ab |
kafka | e12d028592c8f92fc23413fc5c9eef903690d3f164b571d05cba3f6319101ceb |
zookeeper | f2e3390dd8552af9830c711f39c409f2ef668a457d377b38610e77d03f42cb2c |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.3/server-1.56.3.tar.gz
Bug fixes and updates.
Bug Fixes
Security
Update Scala to address CVE-2022-36944.
Humio Server 1.56.2 Stable (2022-09-26)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.56.2 | Stable | 2022-09-26 | 2023-09-26 | 1.30 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 954f0d64fe9405b757c522a34c28c1cc |
SHA1 | 14a5afe64517155bc6f7dd1da5d8a94ed42155a0 |
SHA256 | cd02dbf3ced3c551e13b1a39d621949770f4ade27b1c5c7f233791b339fd5aa5 |
SHA512 | a26172900cb29b89702bf2b61020850d6a24e739de046fc486e5b49b2b06296757086f00984a22d3950d70a0967105408acf8ce003bf5b8e7e2db9f8a0ba3b64 |
Docker Image | SHA256 Checksum |
---|---|
humio | 3d47b95b292f61d31e491ed7682d540675b62dda8693ed0a23b39a6dd55fdbba |
humio-core | b13a27d6d39436469033fb8f69f5a6945283a71468ea2248c2902cb38c842501 |
kafka | eecc82f9fb8ad2cb7e890650ff8e20538905a33fa53da4272c0582b68d11937e |
zookeeper | 0ab597706043240b1591e412a0b85b03737f583254148cd33bf5443039b368ad |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.2/server-1.56.2.tar.gz
Bug fixes and updates.
Improvements, new features and functionality
Falcon Data Replicator
The feature flag for FDR feeds has been removed. FDR feeds are now generally available.
UI Changes
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
It is now possible to scroll to the selected event on the Search page.
It is now possible to interact directly with the JSON properties and values in the EventList.
The Log line format type in the Event List will now render fully expanded JSON when a JSON structure starts with a square bracket or curly bracket followed by a newline.
The event lists column header menus have been redesigned to be simpler:
You can now click the border between columns header in the event to fit the column to the content.
The Event List column Format Panel has been updated to make it easier to manage columns.
See Formatting Columns.
In the Event List you can assign data types to a column field. You can now make the setting the default for a fields and the setting is remembered when even the field is added to the Event List, e.g. from the fields panel on the Search page. The button for assigning default data type to a field can be found in the Data type dropdown menu in the column headers of the event list widget. See Field Data Types.
Documentation
Fixed a broken link to the documentation for Message Templates and Variables when editing alerts and scheduled searches.
Automation and Alerts
A major change has been made to how alert queries are run in order to better reuse live queries when nodes are restarted in a Humio cluster. Find more details at Alerts.
When you create or edit an action it will now show a warning dialog if you have unsaved changes.
When creating new Actions, the new name will now stay when you change the Action Type without getting cleared. This also works when you want to change the New Action name while creating a New Action.
GraphQL API
Deprecates the
defaultSharedTimeIsLive
input field on the updateDashboard GraphQL mutation, in favor ofupdateFrequency
.
Configuration
Added environment variable
ENABLE_SANDBOXES
to make it possible to enable and disable sandbox repositories.On cloud: added a configuration on dynamic identity providers to configure if users are allowed to be lazily created.
New dynamic configuration
MinimumHumioVersion
, default value is0.0.0
, that allows setting a minimum Humio version that this cluster will accept starting on. This allows protecting against inadvertently later rolling back too far for some other feature to be turned on, that has an implied minimum version for support of that feature.
Dashboards and Widgets
Implemented support for widgets with a fixed time interval on dashboards.
Functions
Query functions
selectFromMin()
andselectFromMax()
are now generally available for use.BREAKING CHANGE: Changes to the serialization format of the Intermediate Language representation of queries.
Description: The serialization format used to serialize the intermediate language representation of queries has changed to a JSON format. This has multiple consequences for on-prem customers. During upgrades to this version and rollbacks from this version you can expect the following:
Queries can be slower than usual initially as the query cache clears itself.
Queries may cause deserialization errors if they are run during upgrade and two or more nodes have different versions. It is recommended to block all queries upon upgrade and downgrade to and from this version and have all nodes upgrade at the same time.
Improved warning message when using
groupBy()
withlimit=max
and the limit is exceeded.
Other
Reduced memory usage for queries that include
noResultUntilDone: true
in their inputs. This reduces memory usage in queries that do "export" of an aggregate result via the Query API, as well as the "inner" queries in joins, and queries from scheduled searches.Added support for writing
H
in place of minutes in the cron schedule of scheduled searches — see Cron Schedule Templates for details.It is now possible to select an entire permissions group when configuring permissions for a role.
Added an option to make token hashing output in json format. See tokenhashing usage described at Hashed Root Access Token.
Add UI for enabling and disabling social logins on the identity providers page.
Added the possibility of creating a role that grants permissions on the system and organization levels from the UI.
Updated the flow of creating and editing roles in the Organization Settings pages.
In case view is not found we will try to fixup the cache on all cluster nodes.
When configuring SAML and OIDC for an organization, for users with the
ManageOrganizations
permission to enable/disable whether the IDP is Default and Humio managed.Added new system permission, PatchGlobal, enabling access to the global patch API.
Allow any root user and any user with the PatchGlobal permission to use the global patch API. Previously required using the server-local special bootstraps root token, that would be valid only on the local node, thus hard to use via a load balancer.
In the dialog for entering a name, when creating a new entity (Alerts, Actions, Scheduled Searches, Parsers), hitting Enter without filling out the name field will now show an error and will not let you go on to the next page.
Permit the first character in the field name of a field being turned into a tag to be anything. If the first character does not match
[a-zA-Z]
then strip that from the resulting tag name. This does not alter the set of allowed names for tags, but allows the field names being turned into tags to have any character as the leading one, e.g. permitting examples such as&path
and*path
as field names to turn into the tag#path
.When searching for queries using the
Query Monitor
in Cluster Administration you can now filter queries based on internal and external query IDs.With the new implementation for running alerts, alerts will now start faster after a node has been restarted, making it easier for alerts with a small search interval to be able to alert on events during the downtime.
When saving a parser, validate that the fields designated as tag fields have names that are valid as tag field names. Since packages with invalid parsers cannot be installed, if you have an invalid parser in a package, you will need to edit it to keep being able to install it.
Bug Fixes
Falcon Data Replicator
Fixed a bug where a dropdown for choosing a parser was not visible in a dialog when creating a new FDR feed.
Removed the deprecated feature flag `FdrFeeds`
UI Changes
GraphQL API
Fixed an error when querying for actions in GraphQL on a deleted view.
Marked all feature flags as preview in GraphQL, which means that once they are no longer needed, they will be removed without being deprecated first.
Dashboards and Widgets
Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.
Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.
Fixed an issue where wordwrap did not work in the Inspect Panel.
The Single Value color threshold list could get into a state where you could not type threshold values into the four text fields.
The
button on the dashboard correctly applies the typed filter again.
Functions
Other
Fixed an issue with tags in Event Forwarding, so that it is now possible to filter on tags using event forwarding rules, and the tags are present in the forwarded events.
Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with
topOffset
attribute being-1
, andMiniSegmentMergeLatencyLoggerJob
logging that some segments are not being merged.Fixed an issue where the HTTP threads (Akka pool) could get blocked while sending ingest requests to Kafka, which could result in Humio HTTP endpoints not responding.
We have removed the
@host
field from thehumio-activity
logs and the#host
tag from thehumio-audit
log, as we can no longer provide meaningful values for these. The@host
field in thehumio-metrics
logs will remain, but its value will be changed to thevhost id
(an integer number).Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.
It is no longer possible to have an upload file action with a path in the file name. This would result in an unusable file being created.
Fixing an issue, where the sessions of a user wasn't revoked when the user was deleted.
Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.
Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.
Fixes a bug where a placeholder would appear for the region selector on the login pages, even though it itself wouldn't be shown since it has no configured regions.
Packages
Previously parsing packages was very strict, falling when detecting unsupported files. This is no longer the case, unsupported files will now be ignored and won't stop the package from installing.
Humio Server 1.56.1 Preview (2022-09-20)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.56.1 | Preview | 2022-09-20 | 2022-09-26 | 1.30 | No | No |
Update.
Improvements, new features and functionality
UI Changes
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
Humio Server 1.56.0 Preview (2022-09-06)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.56.0 | Preview | 2022-09-06 | 2022-09-26 | 1.30 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
It is now possible to interact directly with the JSON properties and values in the EventList.
The event lists column header menus have been redesigned to be simpler:
You can now click the border between columns header in the event to fit the column to the content.
The Event List column Format Panel has been updated to make it easier to manage columns.
See Formatting Columns.
In the Event List you can assign data types to a column field. You can now make the setting the default for a fields and the setting is remembered when even the field is added to the Event List, e.g. from the fields panel on the Search page. The button for assigning default data type to a field can be found in the Data type dropdown menu in the column headers of the event list widget. See Field Data Types.
Dashboards and Widgets
Implemented support for widgets with a fixed time interval on dashboards.
Functions
BREAKING CHANGE: Changes to the serialization format of the Intermediate Language representation of queries.
Description: The serialization format used to serialize the intermediate language representation of queries has changed to a JSON format. This has multiple consequences for on-prem customers. During upgrades to this version and rollbacks from this version you can expect the following:
Queries can be slower than usual initially as the query cache clears itself.
Queries may cause deserialization errors if they are run during upgrade and two or more nodes have different versions. It is recommended to block all queries upon upgrade and downgrade to and from this version and have all nodes upgrade at the same time.
Other
Added the possibility of creating a role that grants permissions on the system and organization levels from the UI.
Updated the flow of creating and editing roles in the Organization Settings pages.
Bug Fixes
Falcon Data Replicator
Removed the deprecated feature flag `FdrFeeds`
GraphQL API
Marked all feature flags as preview in GraphQL, which means that once they are no longer needed, they will be removed without being deprecated first.
Dashboards and Widgets
Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.
Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.
Other
Fixed an issue with tags in Event Forwarding, so that it is now possible to filter on tags using event forwarding rules, and the tags are present in the forwarded events.
Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with
topOffset
attribute being-1
, andMiniSegmentMergeLatencyLoggerJob
logging that some segments are not being merged.It is no longer possible to have an upload file action with a path in the file name. This would result in an unusable file being created.
Humio Server 1.55.0 Preview (2022-08-30)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.55.0 | Preview | 2022-08-30 | 2022-09-26 | 1.30 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
It is now possible to scroll to the selected event on the Search page.
Automation and Alerts
When you create or edit an action it will now show a warning dialog if you have unsaved changes.
When creating new Actions, the new name will now stay when you change the Action Type without getting cleared. This also works when you want to change the New Action name while creating a New Action.
Functions
Query functions
selectFromMin()
andselectFromMax()
are now generally available for use.
Other
It is now possible to select an entire permissions group when configuring permissions for a role.
In the dialog for entering a name, when creating a new entity (Alerts, Actions, Scheduled Searches, Parsers), hitting Enter without filling out the name field will now show an error and will not let you go on to the next page.
Bug Fixes
Other
Fixing an issue, where the sessions of a user wasn't revoked when the user was deleted.
Humio Server 1.54.0 Preview (2022-08-23)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.54.0 | Preview | 2022-08-23 | 2022-09-26 | 1.30 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
The Log line format type in the Event List will now render fully expanded JSON when a JSON structure starts with a square bracket or curly bracket followed by a newline.
Configuration
Added environment variable
ENABLE_SANDBOXES
to make it possible to enable and disable sandbox repositories.
Other
Added an option to make token hashing output in json format. See tokenhashing usage described at Hashed Root Access Token.
When configuring SAML and OIDC for an organization, for users with the
ManageOrganizations
permission to enable/disable whether the IDP is Default and Humio managed.
Bug Fixes
Functions
Other
Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.
Packages
Previously parsing packages was very strict, falling when detecting unsupported files. This is no longer the case, unsupported files will now be ignored and won't stop the package from installing.
Humio Server 1.53.0 Preview (2022-08-16)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.53.0 | Preview | 2022-08-16 | 2022-09-26 | 1.30.0 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Other
Reduced memory usage for queries that include
noResultUntilDone: true
in their inputs. This reduces memory usage in queries that do "export" of an aggregate result via the Query API, as well as the "inner" queries in joins, and queries from scheduled searches.Add UI for enabling and disabling social logins on the identity providers page.
When searching for queries using the
Query Monitor
in Cluster Administration you can now filter queries based on internal and external query IDs.
Bug Fixes
Dashboards and Widgets
Fixed an issue where wordwrap did not work in the Inspect Panel.
The Single Value color threshold list could get into a state where you could not type threshold values into the four text fields.
The
button on the dashboard correctly applies the typed filter again.
Other
We have removed the
@host
field from thehumio-activity
logs and the#host
tag from thehumio-audit
log, as we can no longer provide meaningful values for these. The@host
field in thehumio-metrics
logs will remain, but its value will be changed to thevhost id
(an integer number).Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.
Humio Server 1.52.0 Preview (2022-08-09)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.52.0 | Preview | 2022-08-09 | 2022-09-26 | 1.30 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Falcon Data Replicator
The feature flag for FDR feeds has been removed. FDR feeds are now generally available.
Documentation
Fixed a broken link to the documentation for Message Templates and Variables when editing alerts and scheduled searches.
Automation and Alerts
A major change has been made to how alert queries are run in order to better reuse live queries when nodes are restarted in a Humio cluster. Find more details at Alerts.
GraphQL API
Deprecates the
defaultSharedTimeIsLive
input field on the updateDashboard GraphQL mutation, in favor ofupdateFrequency
.
Configuration
On cloud: added a configuration on dynamic identity providers to configure if users are allowed to be lazily created.
New dynamic configuration
MinimumHumioVersion
, default value is0.0.0
, that allows setting a minimum Humio version that this cluster will accept starting on. This allows protecting against inadvertently later rolling back too far for some other feature to be turned on, that has an implied minimum version for support of that feature.
Functions
Improved warning message when using
groupBy()
withlimit=max
and the limit is exceeded.
Other
Added support for writing
H
in place of minutes in the cron schedule of scheduled searches — see Cron Schedule Templates for details.In case view is not found we will try to fixup the cache on all cluster nodes.
Added new system permission, PatchGlobal, enabling access to the global patch API.
Allow any root user and any user with the PatchGlobal permission to use the global patch API. Previously required using the server-local special bootstraps root token, that would be valid only on the local node, thus hard to use via a load balancer.
Permit the first character in the field name of a field being turned into a tag to be anything. If the first character does not match
[a-zA-Z]
then strip that from the resulting tag name. This does not alter the set of allowed names for tags, but allows the field names being turned into tags to have any character as the leading one, e.g. permitting examples such as&path
and*path
as field names to turn into the tag#path
.With the new implementation for running alerts, alerts will now start faster after a node has been restarted, making it easier for alerts with a small search interval to be able to alert on events during the downtime.
When saving a parser, validate that the fields designated as tag fields have names that are valid as tag field names. Since packages with invalid parsers cannot be installed, if you have an invalid parser in a package, you will need to edit it to keep being able to install it.
Bug Fixes
Falcon Data Replicator
Fixed a bug where a dropdown for choosing a parser was not visible in a dialog when creating a new FDR feed.
UI Changes
GraphQL API
Fixed an error when querying for actions in GraphQL on a deleted view.
Other
Fixes a bug where a placeholder would appear for the region selector on the login pages, even though it itself wouldn't be shown since it has no configured regions.
Humio Server 1.51.3 Stable (2022-12-21)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.51.3 | Stable | 2022-12-21 | 2023-12-21 | 1.30.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 905f743a0266a5a5263dab94b23bbbb5 |
SHA1 | e4e32ca0fe460e7d708418d8b42bf30939298706 |
SHA256 | d81ad776a869a90b199e405e51f71ba0861a5034045d0b17611564a689370af5 |
SHA512 | 78f53b9ed42816638064fe3dc03d86e1667f13a60b45a13e32d55428ca1ecdcf88966d536224a999d95583c61390141b0d14fcb9643db80329f8a839da570e41 |
Docker Image | SHA256 Checksum |
---|---|
humio | 3400bf4a1e7304b5e904406d3c0ef8baa7d3feeb4a25d8b5607fc8a7fbdb2c60 |
humio-core | 7604f6e444a43be68d510023e34e2ebda393c48516f29baafd561876a5fa3c72 |
kafka | 1528fc8436b88d07d81e232ac9631a49e8d86ebe1911bf80477911262a3fe6fe |
zookeeper | 55f5e094f8da5d9b4767b1b342b78dce32c67dc6e9112b049415dea79aa98444 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.3/server-1.51.3.tar.gz
Bug fixes and updates.
Improvements, new features and functionality
Security
The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.
Bug Fixes
Security
Update Netty to address CVE-2022-41915.
Other
Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.
Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when
version-for-bucket-writes=3
. The bug did not allow to decrypt files larger than 2GB.
Humio Server 1.51.2 Stable (2022-10-05)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.51.2 | Stable | 2022-10-05 | 2023-10-05 | 1.30.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | e21bc8fda9250669b15d7d61521501f7 |
SHA1 | 50669930b6f27b097221b7e9a12cc9b061d70e52 |
SHA256 | aec3efe7a376ada047e813aad87cd68c43a8ea0de1cfb863190b77265b3f8d32 |
SHA512 | 1b9cec3f814d207bcc49ce9c43bcfcd139f7ddfaedd293c9a20fdfee2898aa0ff5fb5c82374eef2371e31753e331e15f8a6646a0e23b326885a1105fbd6081d4 |
Docker Image | SHA256 Checksum |
---|---|
humio | a63f552480e3e1ccaa22a095ff7b98efcbfc01d9e66fa7f1b40b45242226fc4en |
humio-core | af30f2076612b8e04a8c55172b3ff6cbd41d09b9be64b0267d9f8bd6d3b9efdc |
kafka | 723d25e8ba4bfb7247c4d39021155681aefab20f584c2d7db786941aa9d1522d |
zookeeper | 5878dbf9e32a0913da59d0b2e8dd13c5c7ba6043ba933a8b23d368f0d1241315 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.2/server-1.51.2.tar.gz
Bug fixes and updates.
Bug Fixes
Security
Update Scala to address CVE-2022-36944.
Dashboards and Widgets
Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.
Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.
Other
Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with
topOffset
attribute being-1
, andMiniSegmentMergeLatencyLoggerJob
logging that some segments are not being merged.Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.
Humio Server 1.51.1 Stable (2022-08-29)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.51.1 | Stable | 2022-08-29 | 2023-08-29 | 1.30.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 6410ab777ec6d98066a3492f4a6b68af |
SHA1 | 2b55844a4c4d5d613f091a7a753977e6b51477f4 |
SHA256 | a8beb23cfa0b00aebbd4a4a95665deedcce868c0be1de5c5383601fd55ba60f9 |
SHA512 | c37d2ee75d3b7ac4259fd453c24fa8ada18de360837ba475cf552747ac1b0b07dfce618ced2708e51ee9d66c5ff1a36081bb57a2531922930c385846ac80d73c |
Docker Image | SHA256 Checksum |
---|---|
humio | 10c21dbc2eba33d4e401b0559ae0ecacfd1f80e9184b946164e674068380d286 |
humio-core | f232ce1b182b74bb534249fbf8eba1ab41544242353e1fe4d21f69a0e6a7c190 |
kafka | 98fe1b8f3c6caadb6efb6de3e5be3215e9987f235c1134ac0e14eb8705d1d2d8 |
zookeeper | 97c571a338e94b9ecaf66c6e9625c593dff68fe62c04c1b2a1ffd44bf10d39ba |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.1/server-1.51.1.tar.gz
Bug fix.
Bug Fixes
Dashboards and Widgets
The
button on the dashboard correctly applies the typed filter again.
Functions
Fixed a recent bug which caused the category links from
groupBy()
-groups to be lost when a subsequentsort()
was used, and also made grouping-based charts (bar, pie, heat map) unusable in such cases.Fixed a bug related to query result metadata for some functions when used as the last aggegate function in a query.
Other
Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.
Fixed an issue for ephemeral disk based installs where segment files could stay longer on local disks than they were required to, in cases where some nodes listed in the cluster were not alive for extended periods of time.
Humio Server 1.51.0 Stable (2022-08-15)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.51.0 | Stable | 2022-08-15 | 2023-08-15 | 1.30.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | af0041ec27647291086073dc83628bc2 |
SHA1 | 210e924a2863c3b28d08659241c0a283482c12b8 |
SHA256 | fddcb2184d76d5cfefb2f6a02705f66764d8972fb2e664ef7115353344d05680 |
SHA512 | 2b230a836e18d13a282ea28be23130897876e6cbe0bfa30a71a3795a7704255cbdf1c19eadc094cd970e58e0234c540a6b469266765d736fc6435c0a01bbda1e |
Docker Image | SHA256 Checksum |
---|---|
humio | c5db5fac0b03adf9039c31ef4ba69c49356b230b01e0eab0b16c477768dd52af |
humio-core | 36dbe1d90534d2ca72bdadb4992397aa60d2315565ce7a3c7c272a48617cf759 |
kafka | 92de8c0d092fe5c04cc10e076a9bb183c8f3136b9813f3ae74b423ae090cb0d8 |
zookeeper | 85620182a8c5f91426e0d138ca21947975c99a16fbb00f9e7d0c0ca7a8e94d2a |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.0/server-1.51.0.tar.gz
Bug fixes and updates.
Deprecation
These items have been deprecated and may be removed in a future release:
Deprecated
enabledFeatures
query. Use newfeatureFlags
query instead.The deprecated REST API for parsers has been removed.
The deprecated REST API for actions has been removed, except for the endpoint for testing an action.
Improvements, new features and functionality
Falcon Data Replicator
Added environment variable
FDR_USE_PROXY
which makes the fdr job use the proxy settings specified with:HTTP_PROXY_*
environment variables.FDR polling is now turned on by default. Whether FDR polling should be turned on or off on a node can be configured using the
ENABLE_FDR_POLLING_ON_NODE
configuration variable.If an S3 file is found to be incorrectly formatted during FDR ingest, it will not be ingested completely, but an attempt is made to ingest the remaining S3 files of the SQS message.
If an S3 file cannot be found during FDR ingest, it will not be ingested, but an attempt is made to ingest the remaining S3 files of the SQS message.
UI Changes
If Humio fails to start because the cluster is being upgraded, a dedicated message will show when launching the UI.
When editing an email action in the UI and adding multiple recipients, it is now possible to add a space after the comma in the comma-separated list of recipients.
Toggle switches anywhere in the UI are now tabbable and can be accessed using the keyboard.
Adds an icon and a hint to a disabled side navigation menu item that tells the user the reason for it being disabled.
In lists of users, with user avatars containing user initials, the current user would sometimes appear to have an opening parenthesis as their last initial.
The design of the Time Selector has been updated, and it now features an button on the dashboard page. See Time Interval Settings.
New styling of errors on search and dashboard pages.
Field columns now support multiple formatting options. See Formatting Columns for details.
Improved keyboard accessibility for creating repositories and views.
The Save As... button is now always displayed on the Search page, see it described at Saving a Search.
Add missing accessibility features to the login page.
The Live checkbox is now no longer checked automatically when changing the value of the time window in the Time Selector. See Expanding Time Frame for details.
Documentation
All documentation links have been updated after the documentation site has been restructured. Please contact support, if you experience any broken links.
Automation and Alerts
Fixed a bug where an alert with name longer than 50 characters could not be edited.
GraphQL API
Introduced new dynamic configuration
LiveQueryMemoryLimit
. It can be set using graphQL. See Limits for details.Improved error messaging of GraphQL queries and mutations for alerts, scheduled searches and actions in cases where a given repository or view cannot be found.
Added a GraphQL mutation for testing an action. It is still in preview, but it will replace the equivalent REST endpoint soon.
Expose a new GraphQL type with feature flag descriptions and whether they are experimental.
The GQL API mutation updateDashboard has been updated to take a new argument updateFrequency which can currently only be
NEVER
orREALTIME
, which correspond respectively to "dashboard where queries are never updated after first completion" and "dashboard where query results are updated indefinitely".Added preview fields
isClusterBeingUpdated
andminimumNodeVersion
to the GraphQL Cluster object type.Added a new dynamic configuration flag
QueryResultRowCountLimit
that globally limits how many results (events) a query can return. This flag can be set by administrators through graphQL. See Limits for more details.Introduced new dynamic configuration
StateRowLimit
. It can be set using graphQL. See Limits for details.Added a new dynamic configuration
GroupDefaultLimit
. This can be done through GraphQL. See Limits for details. If you've changed the value ofMAX_STATE_LIMIT
, we recommend that you also changeGroupDefaultLimit
andGroupMaxLimit
to the same value for a seamless upgrade, seegroupBy()
for details.Introduced new dynamic configuration
QueryMemoryLimit
. It can be set using graphQL. See alsoLiveQueryMemoryLimit
for live queries. For more details, see Limits.Introduced new dynamic configuration
JoinRowLimit
. It can be set using graphQL and can be used as an alternative to the environment variableMAX_JOIN_LIMIT
. If theJoinRowLimit
is set, then its value will be used instead ofMAX_JOIN_LIMIT
. If it is not set, thenMAX_JOIN_LIMIT
will be used.Introduced new dynamic configuration
GroupMaxLimit
. It can be set using graphQL. See Limits for details.
Configuration
Improve the error message if Humio is configured to use bucket storage, but the credentials for the bucket are not configured.
Detect need for higher autoshard count by monitoring ingest request flow in the cluster. Dynamically increase the number of autoshards for each datasource to keep flow on each resulting shard below approximately 2MB/s. New DynamicConfig for this that sets the target maximum rate of ingest for each shard of a datasource:
TargetMaxRateForDatasource
. Default value is 2000000 (2 MB).Bucket storage now has support for a new format for the keys (file names) for the files placed in the bucket. When the new format is applied, listing of files only happens for the prefixes "tmp/" and "globalsnapshots/". This help products such a "HCP". The new format is applied only to buckets created after the DynamicConfig
BucketStorageKeySchemeVersion
has been set to "2". Existing cluster can start using the new format for new files by setting the DynamicConfig. The change will take effect after restarting the cluster. When creating a new Humio clusters, the new format is the default. The new format is supported only on Humio version 1.41+.Add environment variable
EULA_URL
to specificy url for terms and conditions.New file format for files uploaded to bucket storage that allows files larger than 2GB to be written to bucket storage. This may be turned on by setting the DynamicConfig BucketStorageWriteVersion to "3". When creating a new Humio clusters, the new format is the default. The new format is supported only on Humio version 1.41+.
New configurations
BUCKET_STORAGE_SSE_COMPATIBLE
that makes bucket storage not verify checksums of raw objects after uploading to an S3. This option is turned on automatically is KMS is enabled (seeS3_STORAGE_KMS_KEY_ARN
) but is available directly here for use with other S3 compatible providers where verfying even content length does not work.Mini segments usually get merged if their event timestamps span more than
MAX_HOURS_SEGMENT_OPEN
. Mini segments created as part of backfilling did not follow this rule, but will now get merged if their ingest timestamps span more thanMAX_HOURS_SEGMENT_OPEN
.Added a link to humio-activity repository for debugging IDP configurations to the page for setting up the same.
Adds a new metric for measuring the merge latency, which is defined as the latency between the last minisegment being written in a sequence with the same merge target, and those minisegments being merged. The metric name is
segment-merge-latency-ms
.Change default value for configuration
AUTOSHARDING_MAX
from 16 to 128.Default value of configuration variable
S3_ARCHIVING_WORKERCOUNT
raised from1
to(vCPU/4)
.Adds a new logger job that logs the age of an unmerged miniSegment if the age exceeds the threshold set by the env variable
MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING
. The default value ofMINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING
is 2 xMAX_HOURS_SEGMENT_OPEN
.MAX_HOURS_SEGMENT_OPEN
defaults to 24 hours. The error log produced looks like:Oldest unmerged miniSegment is older than the threshold thresholdMs={value} miniSegmentAgeMs={value} segment={value}
.Added a new environment variable
GLOB_MATCH_LIMIT
which sets the maximum number of rows for csv_file inmatch(..., file=csv_file, glob=true)
function. PreviouslyMAX_STATE_SIZE
was used to determine this limit. The default value of this variable is 20000. If you've changed the value ofMAX_STATE_SIZE
, we recommend that you also changeGLOB_MATCH_LIMIT
to the same value for a seamless upgrade.Support for KMS on S3 bucket for Bucket Storage. Specify full ARN of the key. The
key_id
is persisted in the internalBucketEntity
so that a later change of the ID of the key to use for uploads will make Humio still refer the old keyID when downloading files uploaded using the previous key. Setting a new value for the target key results in a fresh internal bucket entity to track which files used kms and which did not. For simplicity it is recommended to not mix KMS and non-KMS configurations on the same S3 bucket.New configuration variable
S3_STORAGE_KMS_KEY_ARN
that specifies the KMS key to use.New configuration variable
S3_STORAGE_2_KMS_KEY_ARN
for 2nd bucket key.New configuration variable
S3_RECOVER_FROM_KMS_KEY_ARN
for recovery bucket key.
Dashboards and Widgets
The widget legend column width is now based on the custom series title (if specified) instead of the original series name.
Added empty states for all widget types that will be rendered when there are no results.
Dashboards can now be configured to not update after the initial search has completed. This mode is mainly meant to be used when a dashboard is interactive and not for wall-mounted monitors that should update continually. The feature can be accessed from the Dashboard properties panel when a dashboard is put in edit-mode. See Working in Edit Mode.
The
Normalize
option for theWorld Map
widget has been replaced by a third magnitude mode namedNone
, which results in fixed size and opacity for all marks.Single Value
widget new configuration: deprecated fielduse-colorised-thresholds
in favor ofcolor-method
.Single Value
widget Editor: the configuration optionEnable Thresholds
is being replaced by an option calledMethod
under the Colors section.Pie Chart
widget now uses the first column for the series as a fall back option.Note
widget:Default background color is now
Auto
.Introduced the text color configuration option.
Introducing the
Heatmap
widget that visualizes aggregated data as a colorised grid.Applied stylistic changes for the Inspect Panel used in Widget Editor.
Sorting of
Pie Chart
widget categories, descending by value. Categories grouped asOthers
will always be last.Table
widgets will now break lines for newline characters in columns.The Dashboard page now displays the current cluster status.
Single Value
widget:Missing buckets are now shown as gaps on the sparkline.
Isolated data points are now visualised as dots on the sparkline.
Bar Chart
widget:The Y-axis can now start at smaller values than 1 for logarithmic scales, when the data contain small enough values.
It now has an
Auto
setting for the Input Data Format property, see Wide or Long Input Format for details.Now works with bucket query results.
Better handling of dashboard connections issues during restarts and upgrades.
When importing existing dashboard with a static Shared time, recent changes in the time selection would make those dashboards live.
The
Pie Chart
widget now uses the first column for the series as a fall back option.
Log Collector
The Log Collector download page has been enabled for on-prem deployments.
Functions
Added validation to the
field
andkey
parameters of thejoin()
function, so empty lists will be rejected with a meaningful error message.Added validation to the
field
parameter of thekvParse()
function, so empty lists will be rejected with a meaningful error message.Improved the phrasing of the warning shown when
groupBy()
exceeds the max or default limit.The
groupBy()
function now acceptsmax
as value for thelimit
parameter, which sets the limit to the largest allowed value (as configured by the dynamic configurationGroupMaxLimit
).
Other
Fix a bug that could cause Humio to spuriously log errors warning about segments not being merged for datasources doing backfilling.
Improved performance of NDJSON format in S3 Archiving.
All feature flags now contains a textual description about what features are hidden behind the flag.
Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.
Add warning when a multitenancy user is changing data retention on an unlimited repository.
Added a log line for when a query exceeds its allotted memory quota.
Added a new action type that creates a CSV file from the query result and uploads it to Humio to be used with the
match()
query function. See Upload File.The referrer meta tag for Humio has been changed from no-referrer to same-origin.
Bump the version of the Monaco code editor.
Fix a bug causing Humio's digest coordinator to allow nodes to take over digest without catching up to the current leader. This could cause the new leader to replay more data from Kafka than necessary.
Adds a logger job for cluster management stats it log the stats every 2 minutes, which makes them searchable in Humio.
The logs belong to the class
c.h.c.ClusterManagementStatsLoggerJob
, logs for all segments containsglobalSegmentStats
log about singular segments starts withsegmentStats
.Fixed an issue where query auto-completion sometimes wouldn't show the documentation for the suggested functions.
Adds a new metric for the temp disk usage. The metric name is
temp-disk-usage-bytes
and denotes how many bytes are used.Make a number of improvements to the digest partition coordinator. The coordinator now tries harder to avoid assigning digest to nodes that are not caught up on fetching segments from the other nodes. It also does a better job unassigning digest from dead nodes in edge cases.
Humio now logs digest partition assignments regularly. The logs can be found using the query
class=*DigestLeadershipLoggerJob*
.Added a log message with the maximum state size seen by the live part of live queries.
All users will not have access to the audit log or search all view by default anymore. Access can be granted with permissions.
Added detection and handling of all queries being blocked during Humio upgrades.
Added a log of the approximate query result size before transmission to the frontend, captured by the
approximateResultBeforeSerialization
key.Remove remains of default groups and roles. The concept was replaced with UserRoles.
Fix an unhandled IO exception from
TempDirUsageJob
. The consequence of the uncaught exception was only noise in the error log.Streaming queries that fail to validate now return a message of why validation failed.
The audit log system repository on Cloud has been replaced with a view, so that dashboards etc. can be created on top of audit log data.
Make
BucketStorageUploadJob
only log at info level rather than error if a segment upload fails because the segment has been removed from the host. This can happen if node X tries to upload a segment, but node Y beats it to the punch. Node X may then choose to remove its copy before the upload completes.When unregistering a node from a cluster, return a validation error if it is still alive. Hosts should be shut down before attempting to remove them from the cluster. This validation can be skipped using the same
accept-data-loss
parameter that also disables other validations for the unregistration endpoint.Include the requester in logs from QuerySessions when a live query is restarted or cancelled.
Java in the docker images no longer has the
cap_net_bind_service
capability and thus Humio cannot bind directly to privileged ports when running as a non-root user.Add flag whether a feature is experimental.
Bug Fixes
Security
Bump javax.el to address CVE-2021-28170.
Update Netty to address CVE-2022-24823.
Falcon Data Replicator
FDR Ingest will no longer fail on events that are larger than the maximum allowed event size. Instead, such messages will be truncated.
UI Changes
Fix the dropdown menus closing too early on the home page.
When viewing the events behind e.g. a Time Chart, the events will now only display with the
@timestamp
and@rawstring
columns.Fixed a bug where the "=" and "/=" buttons did not appear on cells in the event list where they should.
Prevent the UI showing errors for smaller connection issues while restarting.
Intermediate network issues are not reported immediately as an error in the UI.
Websocket connections are now kept open when transitioning pages, and are used more efficiently for syntax highlighting.
Fixed an issue where some warnings would show twice.
Cloud: Updated the layout for license key page.
GraphQL API
Fix the
assets
GraphQL query in organizations with views that are not 1-to-1 linked.
Configuration
Fixed an issue where event forwarding still showed as beta.
Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.
Index in block needs reading from blockwriter before adding each item.
Fixed a bug where the @id field of events in live query were off by one.
Fixed a bug that could result in merging small ("undersized") segments even if the resulting segment would then have a wider than desired time span. The goal it to not produce segments that span more than the 10% of the retention setting for time for the repository. If no time-based retention is configured on the repository, then 3 times the value of configuration variable
MAX_HOURS_SEGMENT_OPEN
is applied as limit. For default settings, that results in 72 hours.
Dashboards and Widgets
The theme toggle on a shared dashboard was moved to the header panel and no longer overlaps with any widgets.
The
Time Chart
widget regression line is no longer affected by the interpolation setting.
Functions
Fixed a bug where using
eval
as an argument to a function would result in a confusing error message.Revised some of the error messages and warnings regarding
join()
andselfJoin()
.Fixed a bug where the
writeJson()
function would write any field starting with a case-insensitiveinf
orinfinity
prefix as a null value in the resulting JSON.Fixed a bug where
ioc:lookup()
would sometimes give incorrect results when negated.
Other
Bump woodstox to address SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754.
Fix a bug that could cause a
NumberFormatException
to be thrown fromZookeeperStatsClient
.Fix type in
Unregisters node
text on cluster admin UI.Fix an issue causing Humio to create a large number of temporary directories in the data directory.
Fixed an issue where JSON parsing on ingest and in the query language was inefficient for large JSON objects.
Fix an issue that could rarely cause exceptions to be thrown from
Segments.originalBytesWritten
, causing noise in the log.Fixed an issue where query auto-completion would sometimes delete existing parentheses.
Centralise decision for names of files in bucket, allow more than one variant.
Improved hover messages for strings.
Fix a bug causing digesters to continue digesting even if the local disk is full. The digester will now pause digesting and error log if this occurs.
Fix a bug where changing a role for a user under a repository would trigger infinite network requests.
If a segment is deleted or otherwise disappears from global while Humio is attempting to upload it to bucket storage, the upload will now be dropped with an info-level log, rather than requeued with an error log.
Upgrade Kafka to 3.2.0 in the docker images, and in the Humio dependencies.
Fixed an issue where event forwarder properties were not properly validated.
Reduced the timeout used when testing event forwarders in order to get a better error when timeouts happen.
Fixed a bug where multiline comments weren't always highlighted correctly.
Fix an issue causing the event forwarding feature to incorrectly reject topic names that contained a dash
(-)
.Fix response entities not being discarded in error cases for the
proxyqueryjobs
endpoint, which could cause warnings in the log.Make streaming queries search segments newest-to-oldest rather than oldest-to-newest. Streaming queries do not ensure the order of exported events anyway, and searching newest-to-oldest is more efficient.
Improve file path handling in DiskSpaceJob to eliminate edge cases where the job might not have been able to tell if a file was on primary or secondary storage.
Fix performance issue for users with access to many views.
Some errors messages wrongly pointed to the beginning of the query.
Fixed an issue where strings like
Nana
andInformation
could be interpreted asNaN
(not-a-number) andinfinity
, respectively.Humio will now clean up its tmp directories by deleting all "humiotmp" directories in the data directory when terminating gracefully.
Fix a regression in the launcher script causing
JVM_LOG_DIR
to not be evaluated relative to the Humio base install path. All paths in the launcher script should now be relative to the base install path, which is the directory containing the bin folder.Fix a bug that could cause merge targets to be cached indefinitely if the associated minis had their mergeTarget unset. The effect was a minor memory leak.
Fix a bug that could cause Humio to attempt to merge minisegments from one datasource into a segment in another datasource, causing an error to be thrown.
When configuring thread priorities, Humio will no longer attempt to call the native setpriority function. It will instead only call the Java API for setting thread priority.
Fixes the placement of a confirmation dialog when attempting to change retention.
Update
org.json:json
to address a vulnerability that could cause stack overflows.
Humio Server 1.50.0 Preview (2022-08-02)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.50.0 | Preview | 2022-08-02 | 2022-08-15 | 1.30.0 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Improvements, new features and functionality
UI Changes
When editing an email action in the UI and adding multiple recipients, it is now possible to add a space after the comma in the comma-separated list of recipients.
Adds an icon and a hint to a disabled side navigation menu item that tells the user the reason for it being disabled.
The design of the Time Selector has been updated, and it now features an button on the dashboard page. See Time Interval Settings.
Documentation
All documentation links have been updated after the documentation site has been restructured. Please contact support, if you experience any broken links.
GraphQL API
The GQL API mutation updateDashboard has been updated to take a new argument updateFrequency which can currently only be
NEVER
orREALTIME
, which correspond respectively to "dashboard where queries are never updated after first completion" and "dashboard where query results are updated indefinitely".
Dashboards and Widgets
Dashboards can now be configured to not update after the initial search has completed. This mode is mainly meant to be used when a dashboard is interactive and not for wall-mounted monitors that should update continually. The feature can be accessed from the Dashboard properties panel when a dashboard is put in edit-mode. See Working in Edit Mode.
Functions
Added validation to the
field
andkey
parameters of thejoin()
function, so empty lists will be rejected with a meaningful error message.Added validation to the
field
parameter of thekvParse()
function, so empty lists will be rejected with a meaningful error message.Improved the phrasing of the warning shown when
groupBy()
exceeds the max or default limit.Added validation to the
field
parameter of thetop()
function, so empty lists will be rejected with a meaningful error message.
Other
Added a new action type that creates a CSV file from the query result and uploads it to Humio to be used with the
match()
query function. See Upload File.Fixed an issue where query auto-completion sometimes wouldn't show the documentation for the suggested functions.
Humio now logs digest partition assignments regularly. The logs can be found using the query
class=*DigestLeadershipLoggerJob*
.Streaming queries that fail to validate now return a message of why validation failed.
Bug Fixes
GraphQL API
Fix the
assets
GraphQL query in organizations with views that are not 1-to-1 linked.
Configuration
Fixed an issue where validation of
+/- Infinity
as integer arguments would crash.Fixed an issue where event forwarding still showed as beta.
Functions
Fixed an issue where
join()
would not produce the correct results whenmode=left
was set.
Other
Fix an issue causing Humio to create a large number of temporary directories in the data directory.
Fixed an issue where JSON parsing on ingest and in the query language was inefficient for large JSON objects.
Fix an issue that could rarely cause exceptions to be thrown from
Segments.originalBytesWritten
, causing noise in the log.Fixed an issue where query auto-completion would sometimes delete existing parentheses.
Fix performance issue for users with access to many views.
Humio Server 1.49.1 Preview (2022-07-26)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.49.1 | Preview | 2022-07-26 | 2022-08-15 | 1.30.0 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Deprecation
These items have been deprecated and may be removed in a future release:
The deprecated REST API for parsers has been removed.
Improvements, new features and functionality
UI Changes
The Save As... button is now always displayed on the Search page, see it described at Saving a Search.
Automation and Alerts
Fixed a bug where an alert with name longer than 50 characters could not be edited.
Functions
The
groupBy()
function now acceptsmax
as value for thelimit
parameter, which sets the limit to the largest allowed value (as configured by the dynamic configurationGroupMaxLimit
).
Other
Parser installation will now be ignored when installing a package into a system repository.
Fix an unhandled IO exception from
TempDirUsageJob
. The consequence of the uncaught exception was only noise in the error log.Make
BucketStorageUploadJob
only log at info level rather than error if a segment upload fails because the segment has been removed from the host. This can happen if node X tries to upload a segment, but node Y beats it to the punch. Node X may then choose to remove its copy before the upload completes.Java in the docker images no longer has the
cap_net_bind_service
capability and thus Humio cannot bind directly to privileged ports when running as a non-root user.
Bug Fixes
UI Changes
Fixed an issue where some warnings would show twice.
Functions
Revised some of the error messages and warnings regarding
join()
andselfJoin()
.
Other
Fix a bug that could cause a
NumberFormatException
to be thrown fromZookeeperStatsClient
.Fixed an issue where strings like
Nana
andInformation
could be interpreted asNaN
(not-a-number) andinfinity
, respectively.
Humio Server 1.49.0 Not Released (2022-07-26)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.49.0 | Not Released | 2022-07-26 | 2022-08-15 | 1.30.0 | No | No |
Not released.
Humio Server 1.48.1 Preview (2022-07-19)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.48.1 | Preview | 2022-07-19 | 2022-08-15 | 1.30.0 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Deprecation
These items have been deprecated and may be removed in a future release:
Deprecated
enabledFeatures
query. Use newfeatureFlags
query instead.Remove the following feature flags and their usage:
EnterpriseLogin
,OidcDynamicIdpProviders
,UsagePage
,RequestToActivity
,CommunityNewDemoData
.
Improvements, new features and functionality
UI Changes
Updated styling on the log in pages.
Add missing accessibility features to the login page.
The Live checkbox is now no longer checked automatically when changing the value of the time window in the Time Selector. See Expanding Time Frame for details.
GraphQL API
Expose a new GraphQL type with feature flag descriptions and whether they are experimental.
Other
All feature flags now contains a textual description about what features are hidden behind the flag.
Added detection and handling of all queries being blocked during Humio upgrades.
Include the requester in logs from QuerySessions when a live query is restarted or cancelled.
Add flag whether a feature is experimental.
Bug Fixes
UI Changes
When viewing the events behind e.g. a Time Chart, the events will now only display with the
@timestamp
and@rawstring
columns.
Dashboards and Widgets
The theme toggle on a shared dashboard was moved to the header panel and no longer overlaps with any widgets.
Other
Fix response entities not being discarded in error cases for the
proxyqueryjobs
endpoint, which could cause warnings in the log.Fixes the placement of a confirmation dialog when attempting to change retention.
Humio Server 1.48.0 Not Released (2022-07-19)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.48.0 | Not Released | 2022-07-19 | 2022-08-15 | 1.30.0 | No | No |
Not released.
Humio Server 1.47.1 Preview (2022-07-12)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.47.1 | Preview | 2022-07-12 | 2022-08-15 | 1.30.0 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Improvements, new features and functionality
Falcon Data Replicator
FDR polling is now turned on by default. Whether FDR polling should be turned on or off on a node can be configured using the
ENABLE_FDR_POLLING_ON_NODE
configuration variable.
UI Changes
If Humio fails to start because the cluster is being upgraded, a dedicated message will show when launching the UI.
GraphQL API
Introduced new dynamic configuration
LiveQueryMemoryLimit
. It can be set using graphQL. See Limits for details.Added preview fields
isClusterBeingUpdated
andminimumNodeVersion
to the GraphQL Cluster object type.Added a new dynamic configuration flag
QueryResultRowCountLimit
that globally limits how many results (events) a query can return. This flag can be set by administrators through graphQL. See Limits for more details.Introduced new dynamic configuration
StateRowLimit
. It can be set using graphQL. See Limits for details.Added a new dynamic configuration
GroupDefaultLimit
. This can be done through GraphQL. See Limits for details. If you've changed the value ofMAX_STATE_LIMIT
, we recommend that you also changeGroupDefaultLimit
andGroupMaxLimit
to the same value for a seamless upgrade, seegroupBy()
for details.Introduced new dynamic configuration
QueryMemoryLimit
. It can be set using graphQL. See alsoLiveQueryMemoryLimit
for live queries. For more details, see Limits.Introduced new dynamic configuration
JoinRowLimit
. It can be set using graphQL and can be used as an alternative to the environment variableMAX_JOIN_LIMIT
. If theJoinRowLimit
is set, then its value will be used instead ofMAX_JOIN_LIMIT
. If it is not set, thenMAX_JOIN_LIMIT
will be used.Introduced new dynamic configuration
GroupMaxLimit
. It can be set using graphQL. See Limits for details.
Configuration
New configurations
BUCKET_STORAGE_SSE_COMPATIBLE
that makes bucket storage not verify checksums of raw objects after uploading to an S3. This option is turned on automatically is KMS is enabled (seeS3_STORAGE_KMS_KEY_ARN
) but is available directly here for use with other S3 compatible providers where verfying even content length does not work.Mini segments usually get merged if their event timestamps span more than
MAX_HOURS_SEGMENT_OPEN
. Mini segments created as part of backfilling did not follow this rule, but will now get merged if their ingest timestamps span more thanMAX_HOURS_SEGMENT_OPEN
.Support for KMS on S3 bucket for Bucket Storage. Specify full ARN of the key. The
key_id
is persisted in the internalBucketEntity
so that a later change of the ID of the key to use for uploads will make Humio still refer the old keyID when downloading files uploaded using the previous key. Setting a new value for the target key results in a fresh internal bucket entity to track which files used kms and which did not. For simplicity it is recommended to not mix KMS and non-KMS configurations on the same S3 bucket.New configuration variable
S3_STORAGE_KMS_KEY_ARN
that specifies the KMS key to use.New configuration variable
S3_STORAGE_2_KMS_KEY_ARN
for 2nd bucket key.New configuration variable
S3_RECOVER_FROM_KMS_KEY_ARN
for recovery bucket key.
Dashboards and Widgets
Applied stylistic changes for the Inspect Panel used in Widget Editor.
Table
widgets will now break lines for newline characters in columns.
Other
Fix a bug that could cause Humio to spuriously log errors warning about segments not being merged for datasources doing backfilling.
Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.
The referrer meta tag for Humio has been changed from no-referrer to same-origin.
Improved performance of validation of keys in tags.
All users will not have access to the audit log or search all view by default anymore. Access can be granted with permissions.
The audit log system repository on Cloud has been replaced with a view, so that dashboards etc. can be created on top of audit log data.
Bug Fixes
Functions
Fixed a bug where using
eval
as an argument to a function would result in a confusing error message.
Other
Fix type in
Unregisters node
text on cluster admin UI.
Humio Server 1.47.0 Not Released (2022-07-12)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.47.0 | Not Released | 2022-07-12 | 2022-08-15 | 1.30.0 | No | No |
Not released.
Humio Server 1.46.0 Preview (2022-07-05)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.46.0 | Preview | 2022-07-05 | 2022-08-15 | 1.30.0 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Improvements, new features and functionality
UI Changes
In lists of users, with user avatars containing user initials, the current user would sometimes appear to have an opening parenthesis as their last initial.
New styling of errors on search and dashboard pages.
GraphQL API
Improved error messaging of GraphQL queries and mutations for alerts, scheduled searches and actions in cases where a given repository or view cannot be found.
Dashboards and Widgets
The widget legend column width is now based on the custom series title (if specified) instead of the original series name.
Added empty states for all widget types that will be rendered when there are no results.
Introducing the
Heatmap
widget that visualizes aggregated data as a colorised grid.Sorting of
Pie Chart
widget categories, descending by value. Categories grouped asOthers
will always be last.Better handling of dashboard connections issues during restarts and upgrades.
Other
Fix a bug causing Humio's digest coordinator to allow nodes to take over digest without catching up to the current leader. This could cause the new leader to replay more data from Kafka than necessary.
Make a number of improvements to the digest partition coordinator. The coordinator now tries harder to avoid assigning digest to nodes that are not caught up on fetching segments from the other nodes. It also does a better job unassigning digest from dead nodes in edge cases.
Remove remains of default groups and roles. The concept was replaced with UserRoles.
When unregistering a node from a cluster, return a validation error if it is still alive. Hosts should be shut down before attempting to remove them from the cluster. This validation can be skipped using the same
accept-data-loss
parameter that also disables other validations for the unregistration endpoint.
Bug Fixes
Falcon Data Replicator
FDR Ingest will no longer fail on events that are larger than the maximum allowed event size. Instead, such messages will be truncated.
UI Changes
Intermediate network issues are not reported immediately as an error in the UI.
Configuration
Fixed a bug that could result in merging small ("undersized") segments even if the resulting segment would then have a wider than desired time span. The goal it to not produce segments that span more than the 10% of the retention setting for time for the repository. If no time-based retention is configured on the repository, then 3 times the value of configuration variable
MAX_HOURS_SEGMENT_OPEN
is applied as limit. For default settings, that results in 72 hours.
Functions
Fixed a bug where the
writeJson()
function would write any field starting with a case-insensitiveinf
orinfinity
prefix as a null value in the resulting JSON.
Other
Upgrade Kafka to 3.2.0 in the docker images, and in the Humio dependencies.
Humio Server 1.45.0 Preview (2022-06-28)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.45.0 | Preview | 2022-06-28 | 2022-08-15 | 1.30.0 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Improvements, new features and functionality
Configuration
Adds a new metric for measuring the merge latency, which is defined as the latency between the last minisegment being written in a sequence with the same merge target, and those minisegments being merged. The metric name is
segment-merge-latency-ms
.Adds a new logger job that logs the age of an unmerged miniSegment if the age exceeds the threshold set by the env variable
MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING
. The default value ofMINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING
is 2 xMAX_HOURS_SEGMENT_OPEN
.MAX_HOURS_SEGMENT_OPEN
defaults to 24 hours. The error log produced looks like:Oldest unmerged miniSegment is older than the threshold thresholdMs={value} miniSegmentAgeMs={value} segment={value}
.
Dashboards and Widgets
Other
Bump the version of the Monaco code editor.
Added a log message with the maximum state size seen by the live part of live queries.
Bug Fixes
UI Changes
Fix the dropdown menus closing too early on the home page.
Websocket connections are now kept open when transitioning pages, and are used more efficiently for syntax highlighting.
Dashboards and Widgets
The
Time Chart
widget regression line is no longer affected by the interpolation setting.
Other
Bump woodstox to address SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754.
Fix a bug causing digesters to continue digesting even if the local disk is full. The digester will now pause digesting and error log if this occurs.
Make streaming queries search segments newest-to-oldest rather than oldest-to-newest. Streaming queries do not ensure the order of exported events anyway, and searching newest-to-oldest is more efficient.
Some errors messages wrongly pointed to the beginning of the query.
Humio Server 1.44.0 Preview (2022-06-21)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.44.0 | Preview | 2022-06-21 | 2022-08-15 | 1.30.0 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Deprecation
These items have been deprecated and may be removed in a future release:
The deprecated REST API for actions has been removed, except for the endpoint for testing an action.
Improvements, new features and functionality
UI Changes
Toggle switches anywhere in the UI are now tabbable and can be accessed using the keyboard.
Improved keyboard accessibility for creating repositories and views.
GraphQL API
Introduced new dynamic configuration flags
query-memory-limit
. It can be set using graphQL. The flag replaces the environment variableMAX_MEMORY_FOR_REDUCE
, so if you have changed the value ofMAX_MEMORY_FOR_REDUCE
, please usequery-memory-limit
now instead. See Limits for more details.Introduced new dynamic configuration flag
state-row-limit
. It can be set using graphQL. The flag can be used as an alternative to the environment variableMAX_STATE_LIMIT
. Ifstate-row-limit
is set, then its value will be used instead ofMAX_STATE_LIMIT
. If it is not set, thenMAX_STATE_LIMIT
will be used.Introduced new dynamic configuration flag
join-row-limit
. It can be set using graphQL. The flag can be used as an alternative to the environment variableMAX_JOIN_LIMIT
. If thejoin-row-limit
flag is set, then its value will be used instead ofMAX_JOIN_LIMIT
. If it is not set, thenMAX_JOIN_LIMIT
will be used.
Configuration
Added a link to humio-activity repository for debugging IDP configurations to the page for setting up the same.
Added a new environment variable
GROUPBY_DEFAULT_LIMIT
which sets the default value for thelimit
parameter ofgroupBy()
. SeegroupBy()
documentation for details.Default value of configuration variable
S3_ARCHIVING_WORKERCOUNT
raised from1
to(vCPU/4)
.
Dashboards and Widgets
The
Normalize
option for theWorld Map
widget has been replaced by a third magnitude mode namedNone
, which results in fixed size and opacity for all marks.The dashboards page now displays the current cluster status.
Single Value
widget:Missing buckets are now shown as gaps on the sparkline.
Isolated data points are now visualised as dots on the sparkline.
Bar Chart
widget:The Y-axis can now start at smaller values than 1 for logarithmic scales, when the data contain small enough values.
It now has an
Auto
setting for the Input Data Format property, see Wide or Long Input Format for details.Now works with bucket query results.
Log Collector
The Log Collector download page has been enabled for on-prem deployments.
Other
Improved performance of NDJSON format in S3 Archiving.
Add warning when a multitenancy user is changing data retention on an unlimited repository.
Adds a logger job for cluster management stats it log the stats every 2 minutes, which makes them searchable in Humio.
The logs belong to the class
c.h.c.ClusterManagementStatsLoggerJob
, logs for all segments containsglobalSegmentStats
log about singular segments starts withsegmentStats
.Adds a new metric for the temp disk usage. The metric name is
temp-disk-usage-bytes
and denotes how many bytes are used.Added a log of the approximate query result size before transmission to the frontend, captured by the
approximateResultBeforeSerialization
key.
Bug Fixes
Security
Bump javax.el to address CVE-2021-28170.
Update Netty to address CVE-2022-24823.
Other
Fix a bug where changing a role for a user under a repository would trigger infinite network requests.
If a segment is deleted or otherwise disappears from global while Humio is attempting to upload it to bucket storage, the upload will now be dropped with an info-level log, rather than requeued with an error log.
Fixed a bug where multiline comments weren't always highlighted correctly.
Fix an issue causing the event forwarding feature to incorrectly reject topic names that contained a dash
(-)
.Improve file path handling in DiskSpaceJob to eliminate edge cases where the job might not have been able to tell if a file was on primary or secondary storage.
Update
org.json:json
to address a vulnerability that could cause stack overflows.
Humio Server 1.42.2 Stable (2022-10-05)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.42.2 | Stable | 2022-10-05 | 2023-10-05 | 1.30.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | c129f5c1d5d5cf469abdfd604267b6d6 |
SHA1 | 737393d0e02fc6a3e5599a20d3b7f640d0ce3347 |
SHA256 | e283e268d4d268a21f0e7fe2f6ff08582a96cb6d37dd28b020670eb3600a8e86 |
SHA512 | 6cc3f4ad41b46d71ff67db7a4720e1a027583938ec1158b1fa45de8943030caf70e4b7b50dea9c42c92b3bb6d9ab335783a9b5f12dd9b79e240e4eadceac17ba |
Docker Image | SHA256 Checksum |
---|---|
humio | 4a5399bb43705c9e2f95d745fd87766552d9f1ef74d459feb3e10244b958d37e |
humio-core | 070dff4cd2a472994ad4999d36b98c1592fb6be703c9f2ae590f278dc47339e4 |
kafka | a5447202b222b70d6569e03668056e6059621894d3287f6d92f0e4ecbfb50a34 |
zookeeper | 6487f4600d004f1ea797a86bef307781ac8840b438c28c8405ffdfd334205f99 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.2/server-1.42.2.tar.gz
Bug fixes and updates.
Bug Fixes
Security
Update Scala to address CVE-2022-36944.
Other
Fix performance issue for users with access to many views.
Humio Server 1.42.1 Stable (2022-07-18)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.42.1 | Stable | 2022-07-18 | 2023-07-18 | 1.30.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 0d84ae2bac065c74f033b3f510812cf6 |
SHA1 | aa21f410e29c6189b56526c42d4414398544f3e3 |
SHA256 | 6b59d546a2f271d499b857b290f6c283b90282a5d9a213bc037652367f258c4d |
SHA512 | 688242a795f9526828841faabc34e59e048439a1c748842d0a0fdf8eb8dffa99ce2f5281fa1c067dbbbac3db0494af006f46d3917de4f85c73372d536a102d97 |
Docker Image | SHA256 Checksum |
---|---|
humio | d83d0ea9247637ce91d2b84123659858624fe329583e1c6fe6900bd4eaa4acae |
humio-core | 14ec97ed7bf950b0e0669627babebfb3e5ca67b38cc40d116254567ee4e9199d |
kafka | e9a4ee28381265a1b80071257996003a9bea0e29234a6394477d8859cb546e68 |
zookeeper | b377e734d662fe80b4dbc6b355965694464e437a2e0855272b9652ac9225b050 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.1/server-1.42.1.tar.gz
Bug fixes and an updated dependency.
Improvements, new features and functionality
UI Changes
The Search page.
button is now always displayed on the
Bug Fixes
Other
Updated dependencies to woodstox to fix a vulnerability.
Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.
Humio Server 1.42.0 Stable (2022-06-17)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.42.0 | Stable | 2022-06-17 | 2023-06-17 | 1.30.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 6f0306d98c1f4931a083fe9211841ea1 |
SHA1 | afee8f0c7c705b0c6b54c5a3321cf7ed6bbfc6f2 |
SHA256 | 0167bd6ae46368db74434133b9881380fd6c389c9ea35ac5612d9a643366d3ac |
SHA512 | e66acd012641e19d6c8c7613a56302c66138902912eb3aaa2157fef4199b6e77b20367be49bd90f2b430573b6317bd7214600436edfaf52cbffc108c0c414fd6 |
Docker Image | SHA256 Checksum |
---|---|
humio | 37cb34cccd8e0b749308f96bc49cd67c92ca6af537e5c01cec0ecf4d26d2712f |
humio-core | 958fc373d5cf0da75861981cbf6fb3cead3c41388480d72b4bb7ad85734bc0cd |
kafka | aea9942f9b789b058984dc348fa91657c8be210ad9d6f85ed8e0fdd6f09e408d |
zookeeper | d52cd8f48f55cf09db7426a746b536face085b8b919ed1cdc1ce57f7e74d450e |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.0/server-1.42.0.tar.gz
Bug fixes and updates.
Deprecation
These items have been deprecated and may be removed in a future release:
The Feature Flag, CookieAuthServerSide, has been deprecated as cookie authentication is now enabled by default. Instead, the configuration field
ENABLE_BEARER_TOKEN_AUTHORIZATION
has been introduced.The local disk based backup feature described at Making Back-Ups is deprecated, and is planned for removal in September 2022. We have found that restoring backups using this feature is difficult in practice, it is not commonly used, and the backup/restore functionality is covered by the bucket storage feature as well. For these reasons, we are deprecating this feature in favour of bucket storage.
The
DELETE_BACKUP_AFTER_MILLIS
configuration parameter, which controls the delay between data being deleted in Humio and removed from backup, will be retained, since it controls a similar delay for bucket storage. Customers using local disk based backups should migrate to using bucket storage instead. Systems not wishing to use a cloud bucket storage solution can keep backup support by instead installing an on-prem S3- or GCS-compatible solution, such as MinIO.
Improvements, new features and functionality
Falcon Data Replicator
Improved error logging, when an FDR feed fails to download data from an S3 bucket. It now clearly states when a download failed because the S3 bucket is located in a different region than the SQS queue.
Added the
fdr-message-count
metric, which contains the approximate number of messages on an FDR feed's SQS queue.Added the
fdr-invisible-message-count
metric, which contains the approximate number of invisible messages on an FDR feed's SQS queue.
UI Changes
The Format Panel is now available for changing the style of the data displayed in the Event list — see Changing the Data Display.
Both the
Scatter Chart
and theBar Chart
widgets now support automatically adding/toggling axis and legend titles based on the mapped data.The Fields Panel now enables you to fetch fields beyond those from the last 200 events — see Adding and Removing Fields.
Configuration
Improve the error message if Humio is configured to use bucket storage, but the credentials for the bucket are not configured.
Dashboards and Widgets
The
Gauge
widget is being deprecated in favour of theSingle Value
widget. Configurations of the former widget are compatible with the latter. This means that persisted configurations of the Gauge widget (url / dashboard widgets / saved queries / recent queries) are still valid, but are visualised using the Single Value widget instead.The
Single Value
widget is now available. Construct a query which returns any single value, or use thetimeChart()
query function to create a single-value widget instance with sparkline and trend indicators.
Log Collector
The Humio Log Collector can now be downloaded from the Organizational Settings page, see the Log Collector Documentation for a complete list of the supported logs formats and operating systems.
Functions
ioc:lookup()
would sometimes give incorrect results when negated.worldMap()
accepts more magnitude functions, anonymous functions and thepercentile()
function.worldMap()
will warn about licensing issues with IP database.sankey()
now accepts more weight functions such as anonymous functions and thepercentile()
function.
Other
When cleaning up a deleted data space, don't error log if two nodes race to delete the data space metadata from global.
Fixed an issue where a scheduled search could trigger actions multiple times for the same time period if actions took a long time to finish.
Ensured that errors during view tombstone removal are logged and don't prevent the RetentionJob from performing other cleanup tasks.
Logging to the humio-activity repository is now also done for events in sandbox repositories.
Fixed an underlying bug causing
addToExistingJob did not find the existing job
to be error logged unnecessarily. Humio may decide to fetch a segment from bucket storage for querying. If this decision is made right as the query is cancelled, Humio could log the message above. With this fix, Humio will instead skip downloading the segment, and not log the error.Email actions can now add the result set as a
CSV
attachment.Fixed an issue where Humio's Zookeeper monitoring page would show X/0 followers in sync.
Specifying a versionless packageId will load the newest version of that package.
Fixed an issue that if download of IOCs took more than an hour, Humio would indefinitely start a new download every hour which would eventually fail.
Humio Server 1.40.0 Stable (2022-05-12)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.40.0 | Stable | 2022-05-12 | 2023-05-12 | 1.30.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 8a733e1201103eeef32e63b0bf4c8977 |
SHA1 | 5b217fb48f1b5684330ec70fc5d20d322b0a75f8 |
SHA256 | 8838d422459feb6a56d1f15578c581fec7983165635fb4e74f312c2cc4da8046 |
SHA512 | 94bb617a37475918313decc3bf56696890c90d3e3f91de78dccb9431fee0b1bba8d90f60f0d591f5acbea7c6e09c5cb57ddf95fba088a34efc92a0899ac4aef9 |
Docker Image | SHA256 Checksum |
---|---|
humio | 7c9b77b32fc84e31ecc57461ae3e8bfac9b584fb6fb3af0b909bd7e05903d0d8 |
humio-core | 9326081840d3f852df54702c9d5e72ea492d49c55aab51ed83b1b234439c4ec7 |
kafka | 344a06f56ada7ea9af2c7c5d146fa07f6fda87be750a7283e6f753189b42a0b5 |
zookeeper | 42cdbca9d0ce73516a27beda618390a40db3e086580ce3d6ab2779c1952980ee |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.40.0/server-1.40.0.tar.gz
1.40 REQUIRES minimum version 1.30.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.30.0+ first. After running 1.40.0 or later, you cannot run versions prior to 1.30.0.
Behavior Changes
Scripts or environment which make use of these tools should be checked and update for the new configuration:
The
selfJoin()
query function was observed to cause memory problems, so we have set a limit of .0.0 output events (there was previously no bound). This limit can be adjusted with the GraphQL mutation setDynamicConfig with config flag SelfJoinLimit. A value of-1
returnsselfJoin
to its old, unbounded version.
Improvements, new features and functionality
Falcon Data Replicator
Using the dynamic configuration option
FdrExcludedNodes
, administrators can now exclude specific nodes from polling from FDR. Defaults to the empty list, so all nodes will be used for polling.Using the dynamic configuration option
FdrMaxNodes
, administrators can put a cap on how many nodes should at most simultaneously poll data from the same FDR feed. Defaults to 5 nodes.The static configuration variable
ENABLE_FDR_POLLING_ON_NODE
is no longer supported, as its functionality has been replaced with the dynamic configurations listed above.It is now possible to test an FDR feed in the UI, which will test that Humio can connect to the SQS queue and the S3 bucket.
Introduced dynamic configuration options for changing FDR polling behaviour at runtime. FDR polling is not enabled by default, so you should take care to set up these new configurations after upgrading, or you will risk that your FDR data isn't ingested into Humio before it is deleted from Falcon.
Fixed an issue where exceptions in FDR were not properly logged.
Using the dynamic configuration option
FdrEnable
, administrators can now turn FDR polling on/off on the entire cluster with a single update. Defaults tofalse
.
UI Changes
Events with JSON data can now be collapsed and expanded in the Json panel.
Added style options to either truncate or show full legend labels in widgets.
Keep empty lines in queries when exporting assets as templates or to packages.
Improvements to the
Pie Chart
widget, it now has a max series setting similar to theTime Chart
widget.The
@timestamp
column is now allowed to be moved amongst the other columns in the event list.Syntax highlighting for XML, JSON and accesslog data now uses more distinguishable colors.
The widget dropdown can now be navigated with the keyboard.
When using a widget that is not compatible with the current data, the
button now works again.Added support in
fieldstats()
query function for skipping events. This is used by the UI, but only in situations where we know an approximate result is acceptable and where processing all events would be too costly.Improvements to the
Sankey Diagram
widget, it now has multiple style options; show/hide the y-axis, sorting type, label position, and colors plus labels for series.Introducing the new
Scatter Chart
widget (previously known as XY):It supports long data format (one field for the series name and one field for the y values) as well as wide format (one field per series value).
You can now visualize data in the
Scatter Chart
when queried with thetimeChart()
,bucket()
andgroupBy()
functions, as well as thetable()
function like before.
GraphQL API
It is now possible to refer a parser by name when creating or updating an ingest listener using the GraphQL API mutations createIngestListenerV3 and updateIngestListenerV3. It is now also possible to change the repository on an ingest listener using updateIngestListenerV3. The old mutations createIngestListenerV2 and updateIngestListenerV2 have been deprecated.
Changed permission token related GraphQL endpoints to use enumerations instead of strings.
Marked experimental language features as preview in GraphQL API.
Added two new organization level permissions:
DeleteAllRepositories
andDeleteAllViews
that allow repository and view deletion, respectively, inside an organization.It is now possible to refer a parser by name when creating an ingest token or assigning a parser to an existing ingest token using the GraphQL API mutations addIngestTokenV3 and assignParserToIngestTokenV2. The old mutations addIngestTokenV2 and assignParserToIngestToken have been deprecated.
Added a new GraphQL mutation to rename views or repositories by ID.
Removed the following deprecated GraphQL fields:
UserSettings.settings
,UserSettings.isEventListOrderChangedMessageDismissed
, andUserSettings.isNewRepoHelpDismissed
.The GraphQL queries and mutations for FDR feeds are no longer in preview.
Removed the deprecated clientMutationId argument from the GraphQL mutation updateSettings.
Added a GraphQL mutation deleteSearchDomainById that deletes views or repositories by ID.
Configuration
Validate block CRCs before uploading segment files to bucket storage. Can be disabled by setting
VALIDATE_BLOCK_CRCS_BEFORE_UPLOAD
tofalse
.Require that
{S3/GCS}_STORAGE
config must be set before{S3/GCS}_STORAGE_2
is set.Amended how Humio chooses segments to download from bucket storage when prefetching. If
S3_STORAGE_PREFERRED_COPY_SOURCE
isfalse
, the prefetcher will only download segments that are not already on another host. Otherwise, it will download as many hosts as necessary to follow the configured replication factor. This should help avoid excessive bucket downloads when nodes in the cluster have lots of empty disk space.Added a new config
NATIVE_FALLOCATE_SUPPORT
(defaulttrue
) to allow turning off the use offallocate
andftruncate
internally.Added a new config
NATIVE_FADVICE_SUPPORT
(defaulttrue
) to allow turning off the use offadvice
internally.Added a new configuration variable
BUCKET_STORAGE_TRUST_POLICY
for the dual-bucket use case. This setting configures which bucket is considered the "trusted" bucket when two buckets are configured, which impacts when Humio considers data to be safely replicated. Supported values arePrimary
for trusting the primary bucket,Secondary
for trusting the secondary bucket,TrustEither
for considering data safely replicated if it is in either bucket, andRequireBoth
for considering data safely replicated only if it is in both buckets. This config replaces theBUCKET_STORAGE_2_TRUSTED
configuration,true
in the old configuration equates toSecondary
in the new configuration. The default value of the new configuration isSecondary
.
Dashboards and Widgets
Improvements to the
Time Chart
widget:It now has an option to show the underlying data points, which makes it possible to inspect the behaviour of the different interpolation methods.
Trend lines can now be added in the chart.
Introducing the
Single Value
widget. Construct a query which returns any single value, or use thetimeChart()
query function to create a single-value widget instance with sparkline and trend indicators.Improvements to the
Bar Chart
widget:Added style options to name the x and y axis.
Added option for interpreting the resulting query data as either wide or long format data.
Added option to set a max label length for the x-axis, instead of the bottom padding option. With auto-padding and this style option, it is easier to fit the wanted information in the view.
It is now possible to configure bar charts to have a logarithmic y axis.
Introduced the stacked bar charts option.
It no longer has an artificial minimum height for bars, as this may distort at a glance interpretations of the chart.
It no longer has sorting by default, which means that the order will be identical to the query result. You can now sort the x axis of the bar chart by using the
sort()
query function, if sort by series in the style options is not set.It now has a max series setting similar to the
Time Chart
widget.
Functions
The
findTimestamp()
function now supports date formats like23FEB2022
, that is date, literal month and year without any separators in between. Other formats still require separators between the parts.
Other
Renamed the Humio tarball distribution to
humio-1.39.0.tar.gz
instead ofhumio-release-1.39.0.tar.gz
. The file now contains a directory namedhumio-1.39.0
instead ofhumio-release-1.39.0
.Fixed an issue where query cancellation could in rare cases cause the query scheduler to throw exceptions.
Humio is now more strict during a Kafka reset to avoid global desyncs. Only one node will be allowed to boot on the new epoch, remaining nodes won't be allowed to use their snapshots, and will need to fetch a fresh global snapshot from that node.
Fixed an ingest bug where we might discard
@timezone
and@error
fields in events with too many fields. Now we always retain those and only discard other fields.Improved distribution of new autosharded datasources.
Fixed an issue that could cause creation of two datasources for the same tag set if messages with the same tags happened to arrive on different Kafka partitions.
When calculating the starting offset in Kafka for digest, Humio will now trust that if a segment in global is listed as being in bucket storage, that segment is actually present in bucket storage. Humio no longer double checks by asking bucket storage directly.
It is no longer possible to use experimental functions in Alerts, Parsers, and Event Forwarding. They are now only available on the search page.
Fixed an issue where audit logging of alerts, scheduled searches and actions residing on views would yield incomplete or missing audit logs.
Create, update and delete operations on ingest listeners are now always audit logged. Previously, they were only logged when performed through the REST API. Also, the audit log format has been updated to be similar to the format of other assets. Look for events with the
type
field set toingestlistener.create
,ingestlistener.update
, andingestlistener.delete
.Adding and removing queries from the query blocklist is now audit logged as two separate audit log event types,
query-blocklist-add
andquery-blocklist-remove
, rather than the single event typeblocklist
.Fixed an ingest bug where, under some circumstances, we would reverse the order of events in a batch.
The query scheduler improperly handled regex limits being hit, it should result in a warning on the query. In some cases it was handled by retrying the segment read.
Added support for restoring deleted repositories and views when using bucket storage. See Delete a Repository or View.
Fixed an issue when using bucket storage alongside secondary storage, where Humio would download files to the secondary storage but register them as present in the primary. It will now download and register them as present on the secondary storage.
Fixed how relative time is displayed.
Fixed an issue where
OrganizationStatsUpdaterJob
would repeatedly post the errorcom.humio.entities.organization.OrganizationSingleModeNotSupported: Not supported when using organizations in single mode
when the cluster was configured for only one organization.It is no longer possible to delete a parser that is used by an ingest listener. You must first assign another parser to the ingest listener.
Fixed a caching-related issue with
groupBy()
in live queries that would briefly cause inconsistent results.Fixed an issue where Filebeat 8.1 would not be compatible unless
output.elasticsearch.allow_older_versions
was set totrue
.Reduced the amount of time Humio will spend during shutdown waiting for in-progress data to flush to disk to 60 seconds from 150 seconds.
If the query scheduler attempts to read a broken segment file, it may be able to fetch a new copy from bucket storage in some cases. Humio will now only allow this if it can be guaranteed that no events from the broken segment have been added to the query result. Otherwise the query will receive a warning.
When Humio detects multiple datasources for the same set of tags, it will not deduplicate them by selecting one source to keep and marking the others replaced.
Updating alert labels using the addAlertLabel and removeAlertLabel mutations now requires the
ChangeTriggersAndActions
permission.Added
humio-decrypt-bucket-file.sh
to the Humio bin directory. This invokes a utility for decrypting files downloaded from bucket storage.Fixed a race condition between nodes creating the merge result for the same target segment, and also transferring it among the nodes concurrently. If a query read the file during that race, an in-memory cache of the file header might hold contents that did not match the local file, resulting in
Broken segment
warnings in queries.It is now validated, that the parser supplied when creating or updating an ingest listener, exists.
Improved the phrasing of some error messages.
Improved the flow of creating a blocked query.
When logging Kafka consumer and producer metrics, Humio will now log repeated metrics like
records-lag-max
once per partition, with the partition specified in thepartition
field.Fixed duplicate
Change triggers and actions
entry in view permission token page.It is no longer possible to create ingest listeners on system repositories using the APIs. Previously, it was only prohibited in the UI.
When shared dashboards are disabled or become inaccessible because of IP filters, they will now be completely unreachable, and any dashboards already open will show an informative error message.
Humio will now periodically log node configs to the debug log, in addition to the existing log of config on node boot. These logs will come from
com.humio.jobs.ConfigLoggerJob
.Webhook action now includes the 'Message Body Template' for
PATCH
andDELETE
requests as well if it is not empty.During ingest, if an event has too many fields we now sort the fields lexicographically and remove fields from the end. Before, there was no system to which fields were retained, it was effectively random.
It is now possible to create a view with the same name as a deleted view.
Fixed a bug where accessing a
csv
file with records spanning multiple lines would fail with an exception.Webhook action has been updated to only allow the following HTTP verbs:
GET
,HEAD
,POST
,PUT
,PATCH
,DELETE
andOPTIONS
.Fixed an issue that links in alerts from OpsGenie actions were not clickable.
Fixed bugs related to repository deletes.
Fixed an ingest bug where if multiple types of errors occurred for an event we would only add error fields describing one of them. Now we always report all errors.
Fixed an ingest bug where sometimes we wouldn't turn event fields into tags if we fell back to using the key-value parser. Now we always turn fields into tags.
Fixed an issue that could cause the query scheduler to erroneously retry searching a bucketed segment.
Added more visibility on organization limits when changing the retention settings on a repository.
Fixed an issue where an exception in rare cases could cause ingest requests to fail intermittently.
Fixed an ingest bug where, when truncating an event with too many fields, we wouldn't count error fields, leading to the event still being larger than the maximum size.
Added a feature that allows deletion of repositories and views on cloud.
Fixed an issue where download of IOCs from another node in the cluster could start before the previous download had finished, resulting in too many open connections between nodes in the cluster.
Fixed a bug with UTF-8 serialization of 4-byte codepoints (emojis etc.).
Improved distribution onto partitions of tag combinations (datasources) that are affected by auto sharding, resulting in less collisions.
Made changes to Humio's tracking of bucket storage downloads. This should avoid some rare cases where downloads could get stuck.
Automatic system removals of queries expired from the blocklist are now audit logged as well.
Added a feature that allows regular users with delete permissions on cloud to rename views and repositories.
Fixed an issue where non-default log formats such as
log4j2-json-stdout.xml
that logs toSTDOUT
were not fully in control of their output stream, as log entries of levelERROR
were also printed directly tostderr
from within the code. The default log4j2 configuration now includes a Console appender that prints errors tostdout
, achieving the same result, while allowing the other formats to fully control their output stream.Fixed an issue where Filebeat 8.0 would not be compatible unless
setup.ilm.enabled
was set tofalse
.Added
humio-token-hashing.sh
to the Humio bin directory. This invokes a utility for generating root tokens.The REST API for ingest listeners has been deprecated.
Fixed an issue where the UI would not detect parameters in a query when using saved queries from a package.
Ingest listeners are now only stopped, not deleted, when a user deletes a repository. If the repository is restored, the ingest listener will be restarted automatically. When it is no longer possible to restore the repository, the ingest listener will be deleted.
Fixed an issue that could cause an exception to be thrown in the ingest code if digest assignment changed while a local segment file being written was still empty.
Fixed an issue where
NetFlow
parsing would crash if it received an options data record.Fixed an issue where the
set-replication-defaults config endpoint
could attempt to assign storage to nodes configured not to store segments.Improved performance of formatting action messages, when the query result for an alert or scheduled search contains large events.
Added a new system-level permission allowing changing the user name of a user.
Fixed an issue where some errors showed wrong positions in the search page query field.
Humio Server 1.38.2 Stable (2022-06-13)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.38.2 | Stable | 2022-06-13 | 2023-06-13 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | c00de7af24633422654b3d16a764d753 |
SHA1 | 6c3043c27e5c7b3c7353f0f0e5e3e5b876319314 |
SHA256 | 6770856e5dcf19eee5384eecc40617fed15d92e2c2872ff7432f63bf43867c4a |
SHA512 | 7660d46ca1700336ce6fd2390e4b6de5b15963693499a6313513ff63ee9cedb6f99e1f595465ae3b1c420d0ba9b4626abe0ba81450f3bd7e92d528b0b1f51c6d |
Docker Image | SHA256 Checksum |
---|---|
humio | 1290b8e98ae3553b092879867a433077a1eb7ff626c989d01d14f71218644072 |
humio-core | 4a9c5aa23b7842034e34dda4aaffcb12f6f23a8e1c2cf04933b44a8cdafbe74d |
kafka | 04d14b84378ac9f6787af1b8477a0d2cbd6979da283bde177470d1af85a01637 |
zookeeper | 46aa8bbcaa2c64cfa7afdb6e07df0783658b4983a6727ca6670989364e687477 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.2/server-1.38.2.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Security
Updated dependencies to fix vulnerabilities to CVE-2021-22573.
Summary
Updated java script dependencies to fix vulnerabilities.
Humio Server 1.38.1 Stable (2022-04-27)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.38.1 | Stable | 2022-04-27 | 2023-04-27 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | fcaf2c288bd1f7c0fbc63deca59aa53d |
SHA1 | aec8d78eb49ee4954f2e542f614c89595da0ec39 |
SHA256 | d31c13fcecfd380562faddb7ba4662484aa2254f1f0f54591241341870c7ae83 |
SHA512 | 98134b241d67029255018c24032897623e91a3f54627c53e1c801bd4528b9ea13ab48abe328f2b76f40048bf4cb7dd45480a9398f6bd8dea4edb5db1d296b3da |
Docker Image | SHA256 Checksum |
---|---|
humio | 2d33f1706e053414996c9ac5d3533a15b637d3b321ad91362ac1a2fb4e54d722 |
humio-core | 7c1a2c853c4d7c348cfe948340a0f4101eb92a9ce365943897bf6c34cf393312 |
kafka | e3fc06aca9f5df2e628fb6a2b78c39aaf1c1b682728eb74bbd87d018aa83b49a |
zookeeper | 73746eff47c136fc01bf5898c4fecf43d459d3f103ccd29e10edf2ce7c79255d |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.1/server-1.38.1.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Summary
Updated dependencies to Jackson to fix a vulnerability.
Updated java script dependencies to fix vulnerabilities.
Other
Use latest version of Alpine on Docker image.
Use latest version of Java 1.13 on Docker image.
Humio Server 1.38.0 Stable (2022-03-15)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.38.0 | Stable | 2022-03-15 | 2023-03-15 | 1.26.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 83afa7f6d2c55efbb88387474efd1264 |
SHA1 | 5587c3365fcfb22e1a45ea96b9503497b705125e |
SHA256 | 357591952ed12d0d9f93b084cff4b0ff6848d7a464071ff27edee9f921e23174 |
SHA512 | 7a88658b07d69f6a2fe151da8fe94ebfe0a1259ffa48c45df6154dcce4f6453fac8f78087cefdf869fb6322fa4e31a01f830d9db998293ebeabb0f2c8e3e5cfb |
Docker Image | SHA256 Checksum |
---|---|
humio | 9cd0f6a91b150bb51f9407451bd70c40dc49f730f76840e061a6570008d88453 |
humio-core | cff83e3a3ea8c455040ca31d4e8071a0f1c80be894fdde4cad768e69e1c449e5 |
kafka | d960ac292f781baa54c1388f4bbc94c77c1ae06b94a082a214777844f1435120 |
zookeeper | b2ab322170bfab4d221f6f5e4a4cca5751b2d97bcf75d451de4d24a00c775206 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.0/server-1.38.0.tar.gz
Humio can now poll and ingest data from the Falcon platform's Falcon Data Replicator(FDR) service. This feature can be used as an alternative to the standalone fdr2humio project. See the Ingesting FDR Data for more information.
Improvements, new features and functionality
Falcon Data Replicator
Improved performance of FDRJob.
UI Changes
Better accessibility for queries panel. You can now tab to focus individual queries, and open a details panel. From here you can also access all actions in the details panel by tabbing.
Hover information in the search field is shown despite an overlapping warning.
First row entry in the statistics table on the repo page is now a table header and added hidden content to the empty table header in the new view page.
Visually hidden clipboard field is now hidden for assistive technologies/keyboard users.
On the time, bar and pie charts you can hold the
ALT
/OPTION
key to display long legend titles.Added a quick-fix for unknown escape sequences in the search field.
Minor UX improvements (ie. accessibility) on the queries panel.
Fixed a bug where the Package Marketplace would redirect to unsupported package versions on older Humio instances.
The Cluster Nodes table has been redesigned to allow for easier overview and copying the version-number.
When using the table visualisation in dark mode, empty table cells are now clearly discernible.
Added a quick-fix to convert non-ASCII quotes to ASCII quotes in the search field.
Pop-ups and drop-downs will now close automatically when focus leaves them.
Hover over parameter names and arguments in the search field now includes the default value.
Reworked the hover message layout and changed the hover information on text (in the search field).
Added a warning for unknown escape sequences in the search field.
The search page now has focus states on the Language Syntax, Event List Widget and buttons.
Fixed an issue where queries with
tail()
would behave in an unexpected manner when an event is focused.When changing focus inside a dialog with the keyboard, the focus will no longer move outside the dialog while it is open.
The bar and pie charts now support holding the SHIFT key to display unformatted numeric values.
GraphQL API
The
PERMISSION_MODEL_MODE
config option has been removed. All graphql related schema has also been removed.Deprecates the ReadContents view action, in favor of ReadEvents. This also means ReadEvents has been undeprecated, as we have slightly changed how we consider read rights, and want the action names to match this.
Fixed a bug in the response from calling the installPackageFromZip graphql mutation. Previously the response type exposed a deprecated clientmutationid that could not be selected. Also now if form fields are missing they are properly reported in the response.
Configuration
Added new configuration
NATIVE_FADVICE_SUPPORT
(defaulttrue
) to allow turning off the use of fadvice internally.Added config
RDNS_DEFAULT_SERVER
for specifying what DNS server is the default for therdns
query function.Added new configuration
NATIVE_FALLOCATE_SUPPORT
(defaulttrue
) to allow turning off the use of fallocate and ftruncate internally.Added the config
CORS_ALLOWED_ORIGINS
a comma separated list for CORS allowed origins, default allows all origins.Added new settings for how uploads to bucket storage are validated. In the case that validation with etags are not available, content length can be used instead.
Reduce default value of
INGESTQUEUE_COMPRESSION_LEVEL
, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.When Kafka topic configuration is managed by Humio (default true) set
max.message.bytes
on the topics to the value of ConfigTOPIC_MAX_MESSAGE_BYTES
, default is 8388608 (8 MB). Minimum value is 2 MB.Added config
IP_FILTER_RDNS
for specifying what IP addresses can be queried using therdns
query function.Added config
IP_FILTER_RDNS_SERVER
for specifying what DNS servers can be allowed in therdns()
query function.Fixed a bug where
TLS_KEYSTORE_TYPE
andTLS_TRUSTSTORE_TYPE
would only recognize lower-case values.The Property
inter.broker.protocol.version
inkafka.properties
now defaults to 2.4 if not specified. Users upgrading Kafka can either setinter.broker.protocol.version
manually inkafka.properties
, or passDEFAULT_INTER_BROKER_PROTOCOL_VERSION
as an environment variable to Docker when launching the container. Please follow Kafka's upgrade guidelines when upgrading a Kafka cluster to avoid data loss https://kafka.apache.org/documentation/#upgrade_3_1_0.
Functions
Fixed an issue where
tail()
could produce results inconsistent with other query functions, when used in a live query.
Other
Fixed a bug where providing a bad view/repository name when blocking queries would block the query in all views and repositories.
Allow cluster managers access to settings for personal sandboxes and to block and kill queries in them.
Ensure only a cluster leader that still holds cluster leadership can force digesters to release partition leadership. This could cause spurious reboots in clusters where leadership was under contention.
During identity provider configuration, it's possible to fetch SAML configuration from an endpoint.
Upgrades the Kafka client to 3.1.0 from 2.8.1. 3.1.0 enables the idempotent producer by default, which implies acks=all. Clusters that set acks to a different number via
EXTRA_KAFKA_CONFIGS_FILE
should update their config to also specify enable.idempotence=falseImproved the performance of deletes from global.
Fixed an ingest bug where under some circumstances we would reverse the order of events in a batch.
Fixed an issue where
percentile()
would crash on inputs larger than ~1.76e308.During Digest startup, abort fetching segments from other nodes if the assigned partition set changes while fetching.
Fixed a bug in the Sankey chart such that it now updates on updated query results.
Ensure a digester can only acquire or release partition leadership if no other digester has leadership of that partition. This could cause spurious reboots if digester leadership became contended.
Fixed an issue where top(max) could throw an exception when given values large enough to be represented as positive infinity.
Fixed a compatibility issue with FileBeat 8.0.0.
Fixed several issues where users could add invalid query filters via the
context button after selecting text in the Event List.Fixed an issue with epoch and offsets not always being stripped from segments.
Warn at startup if CORES > AvailableProcessorCount as seen by the JVM.
Fixed an issue where live queries would sometimes double-count parts of the historic data.
Published new versions of the Humio Kafka Docker containers for Kafka 3.1.0.
Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
LSP warnings don't crash queries any more.
Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.
Added tombstoning to uploaded files, which helps with avoiding data loss.
For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.
Fixed an issue where users could be shown in-development feature on the client when running a local installation of Humio.
Do not run the Global snapshot consistency check on stateless ingest nodes.
Added a new system-level permission that allows changing usernames of users.
Previously a package could be updated with another package with the same name and version, but with different content. This is no longer allowed, and any attempt do so will be rejected and fail.
Fixed an issue where negated functions could lose their negation.
Fixed a compatibility issue with LogStash 7.16+ and 8.0.0 when using the Elasticsearch output plugin.
Fixed a bug where the
button on the Fields panel would do nothing
Humio Server 1.37.1 Preview (2022-02-25)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.37.1 | Preview | 2022-02-25 | 2022-03-15 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | e46117f38ef25afde602a458e5266b4b |
SHA1 | 3b0f5a30a7918a5f08ae8492bf855fadfc36fb90 |
SHA256 | 014420dfb22f8521a687eac1179c528afe0477fbb9284dc5381d9f91fd5329d1 |
SHA512 | ee13258be363f1b2103b864517ea4b9de9d6a78dcee0c4fcba95af2ea873dacebb298f6410f12cf68ecde3d17210256f85713ada7f5988726dc4440f5fbeee21 |
Docker Image | SHA256 Checksum |
---|---|
humio | e131f664f67e5ce98a397431b1f1a9d3c134d47dd24a24ed8ad76ae9e6d79eb0 |
humio-core | e0de42791dd3e83c2aa9bea871cb6e7a62bf51c835de2142adfd51aa863625a3 |
kafka | 9ab50e070047406cd6316fa2017d15ca24caa6e7a9b20ba741114b9cc1c3feec |
zookeeper | 47aa1a18a57652f156406021dc61f8bb1042bc2bd23c89e715e14a8be4fb07f9 |
Minor fixes and improvements.
Improvements, new features and functionality
Falcon Data Replicator
Improved performance of FDRJob.
Other
Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.
Added a new system-level permission that allows changing usernames of users.
Bug Fixes
Other
Fixed an issue where
QueryFunctionValidator
failed giving the errorscala.MatchError
.Fixed an issue where some queries using regex would use an unbounded regex engine.
Fixed an issue where users could be shown in-development feature on the client when running a local installation of Humio.
Humio Server 1.37.0 Preview (2022-02-14)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.37.0 | Preview | 2022-02-14 | 2022-03-15 | 1.26.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | f5c25eee6d9efb0ddf9d86ca74c84a3c |
SHA1 | 6026cc511279e9089bc49d8e5a0dd320e5397712 |
SHA256 | 097886ea8a6d2eece7980c46ba0b1002b7f7edf6d68109f91374b002a61e4975 |
SHA512 | 7c8fb7d2c53c5aab60ddf54250e47d41289cd9635005d3a765742298a20eb7f35426955a7388caf48fbc044747e917cfdd93003ce252c42358d947a504f73c29 |
Docker Image | SHA256 Checksum |
---|---|
humio | c27d93d4fd87d253117b1442a7391ea3cd28366a960727482b27b58706211435 |
humio-core | f43d4a206d9386d601798029df5c02d9b1e1b35bb6ae0f666aa6d8d36bcc60e3 |
kafka | 291d25337324ab70a3490f9b06ed2860215f37b84ced203b26cfa5d10877ce42 |
zookeeper | 606ebc2ffcd28bc36d7d091ad649743f22de21b891f7a75c9048343e019372ef |
Humio can now poll and ingest data from the Falcon platform's Falcon Data Replicator (FDR) service. This feature can be used as an alternative to the standalone fdr2humio project. See the Ingesting FDR Data for more information.
Improvements, new features and functionality
UI Changes
Visually hidden clipboard field is now hidden for assistive technologies/keyboard users.
Added a quick-fix for unknown escape sequences in the search field.
First row entry in the statistics table on the repo page is now a table header and added hidden content to the empty table header in the new view page.
Added a quick-fix to convert non-ASCII quotes to ASCII quotes in the search field.
When changing focus inside a dialog with the keyboard, the focus will no longer move outside the dialog while it is open.
The bar and pie charts now support holding the SHIFT key to display unformatted numeric values.
Reworked the hover message layout and changed the hover information on text (in the search field).
Added a warning for unknown escape sequences in the search field.
The Cluster Nodes table has been redesigned to allow for easier overview and copying the version-number.
Hover over parameter names and arguments in the search field now includes the default value.
Hover information in the search field is shown despite an overlapping warning.
When using the table visualisation in dark mode, empty table cells are now clearly discernible.
The search page now has focus states on the Language Syntax, Event List Widget and buttons.
Pop-ups and drop-downs will now close automatically when focus leaves them.
On the time, bar and pie charts you can hold the
ALT
/OPTION
key to display long legend titles.Minor UX improvements (ie. accessibility) on the queries panel.
Better accessibility for queries panel. You can now tab to focus individual queries, and open a details panel. From here you can also access all actions in the details panel by tabbing.
GraphQL API
Deprecates the ReadContents view action, in favor of ReadEvents. This also means ReadEvents has been undeprecated, as we have slightly changed how we consider read rights, and want the action names to match this.
Fixed a bug in the response from calling the installPackageFromZip graphql mutation. Previously the response type exposed a deprecated clientmutationid that could not be selected. Also now if form fields are missing they are properly reported in the response.
Configuration
When Kafka topic configuration is managed by Humio (default true) set
max.message.bytes
on the topics to the value of ConfigTOPIC_MAX_MESSAGE_BYTES
, default is 8388608 (8 MB). Minimum value is 2 MB.Added config
RDNS_DEFAULT_SERVER
for specifying what DNS server is the default for therdns()
query function.Added the config
CORS_ALLOWED_ORIGINS
a comma separated list for CORS allowed origins, default allows all origins.Added new settings for how uploads to bucket storage are validated. In the case that validation with etags are not available, content length can be used instead.
Reduce default value of
INGESTQUEUE_COMPRESSION_LEVEL
, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.Added config
IP_FILTER_RDNS_SERVER
for specifying what DNS servers can be allowed in therdns()
query function.The
PERMISSION_MODEL_MODE
configuration option has been removed. All graphql related schema has also been removed.Added config
IP_FILTER_RDNS
for specifying what IP addresses can be queried using therdns()
query function.The Property
inter.broker.protocol.version
inkafka.properties
now defaults to 2.4 if not specified. Users upgrading Kafka can either setinter.broker.protocol.version
manually inkafka.properties
, or passDEFAULT_INTER_BROKER_PROTOCOL_VERSION
as an environment variable to Docker when launching the container. Please follow Kafka's upgrade guidelines when upgrading a Kafka cluster to avoid data loss https://kafka.apache.org/documentation/#upgrade_3_1_0.Fixed a bug where
TLS_KEYSTORE_TYPE
andTLS_TRUSTSTORE_TYPE
would only recognize lower-case values.
Other
Ensure a digester can only acquire or release partition leadership if no other digester has leadership of that partition. This could cause spurious reboots if digester leadership became contended.
Ensure only a cluster leader that still holds cluster leadership can force digesters to release partition leadership. This could cause spurious reboots in clusters where leadership was under contention.
Added tombstoning to uploaded files, which helps with avoiding data loss.
Upgrades the Kafka client to 3.1.0 from 2.8.1. 3.1.0 enables the idempotent producer by default, which implies acks=all. Clusters that set acks to a different number via
EXTRA_KAFKA_CONFIGS_FILE
should update their config to also specify enable.idempotence=falsePublished new versions of the Humio Kafka Docker containers for Kafka 3.1.0.
Allow cluster managers access to settings for personal sandboxes and to block and kill queries in them.
Improve the performance of deletes from global.
During Digest startup, abort fetching segments from other nodes if the assigned partition set changes while fetching.
Do not run the Global snapshot consistency check on stateless ingest nodes.
During identity provider configuration, it's possible to fetch SAML configuration from an endpoint.
Bug Fixes
UI Changes
Warn at startup if CORES > AvailableProcessorCount as seen by the JVM.
Fixed a bug where providing a bad view/repository name when blocking queries would block the query in all views and repositories.
Fixed an issue where live queries would sometimes double-count parts of the historic data.
Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
Fixed an issue where
percentile()
would crash on inputs larger than ~1.76e308.Fixes an issue with epoch and offsets not always being stripped from segments.
Fixed an issue where queries with
tail()
would behave in an unexpected manner when an event is focused.For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.
Fixed a bug in the Sankey chart such that it now updates on updated query results.
Fixed an issue where
tail()
could produce results inconsistent with other query functions, when used in a live query.Fixed a compatibility issue with FileBeat 8.0.0.
Previously a package could be updated with another package with the same name and version, but with different content. This is no longer allowed, and any attempt do so will be rejected and fail.
Fixed several issues where users could add invalid query filters via the
context button after selecting text in the Event List.Fixed a compatibility issue with LogStash 7.16+ and 8.0.0 when using the Elasticsearch output plugin.
Fixed a bug where the
button on the Fields panel would do nothingLSP warnings don't crash queries any more.
Fixed a bug where the Package Marketplace would redirect to unsupported package versions on older Humio instances.
Fixed an issue where negated functions could lose their negation.
Fixed an issue where top(max) could throw an exception when given values large enough to be represented as positive infinity.
Humio Server 1.36.4 Stable (2022-06-13)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.36.4 | Stable | 2022-06-13 | 2023-06-13 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | ec11e6c40052ff89c3f7a2a2b1fddc95 |
SHA1 | fafb29f0c7fe9638ad0b136ae0e7d1402a750912 |
SHA256 | 3b8496c25ac0704d8e42f9261ec93877c7c9148f1f85d8bf0b5a6eaaf83e1820 |
SHA512 | 205f646e1a700d38c95916a69830ab2b4f14b7839d8eaefa61cbdaf4404759e3ed8f6b9279b0050008cdaacddad6222cb8a91f730753b84a1fc029e4a5207ab4 |
Docker Image | SHA256 Checksum |
---|---|
humio | 5c7189dfae8441322eea8eddbd25962dfc7e68f26eae3c7516e5a46f5b6313f0 |
humio-core | 57ab8aaa9ce90575fd037da08f2be15df18286e74480594f08dd3c5ae81f39fa |
kafka | 4a03a4e0cb9aab9a0c3f626c8b49daa64dafb54eafb8ae67298dd86b45624c33 |
zookeeper | 24ba0f7cdcaca8d841dba4ba2cdc7348e82c6c44c1ffff5537ba13d066c7c180 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.4/server-1.36.4.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Security
Updated java script dependencies to fix vulnerabilities to CVE-2021-22573.
Humio Server 1.36.3 Stable (2022-04-27)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.36.3 | Stable | 2022-04-27 | 2023-04-27 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 868ce151355a55e1793513eee4af54e2 |
SHA1 | a3e57e2fdbadcbfde4625d46084f25d84c5c2514 |
SHA256 | 59792217be1bf5d12ba47e1049df45778c6cefcabbc57d6f7126b5bc98f093c0 |
SHA512 | a93f931491b8c77050adde3c1aa983d3c949ad6708f8be932cfb901ea6e69a03cdd06a62394627f80e593afaa354f2f30edf596a23300f5c3b16faee80afb09c |
Docker Image | SHA256 Checksum |
---|---|
humio | be443af484a4131b93cdee2e7a5449fcfa8320a344d2f81f7b432dea89365a65 |
humio-core | 1f3a36d2f6a0d97bc9d4462072e3fafa2355c5bc8352e1bc47a526332c1ec01c |
kafka | ef6819d75f850b26a886b67e4e80f2d623eab268c4d2b4f85f7f47aa8daf9ecb |
zookeeper | a0edb279463029310c1f43555045297f54882082a70753916394a38b56c3e5be |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.3/server-1.36.3.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Summary
Use latest version of Alpine on Docker image.
Updated dependencies to Jackson to fix a vulnerability.
Use latest version of Java 1.13 on Docker image.
Updated java script dependencies to fix vulnerabilities.
Configuration
Added new config
NATIVE_FALLOCATE_SUPPORT
(default true) to allow turning off the use of fallocate and ftruncate internally.Added new configuration
NATIVE_FADVICE_SUPPORT
(default true) to allow turning off the use of fadvice internally.
Other
Fix ingest bug where under some circumstances we would reverse the order of events in a batch.
Humio Server 1.36.2 Stable (2022-03-01)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.36.2 | Stable | 2022-03-01 | 2023-03-01 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 4949fefd4012efb53b92595c364a4c7a |
SHA1 | 5350c5df3d0d43a5c08c2766003b28c959c912b1 |
SHA256 | 2fac7cb6e1216790893ec0759f697736a9ca2605313bcef53b7af54ee72257d5 |
SHA512 | 31fcdae45f52a263d5340b961a6e0feb98ea1fbb4ced0388216add576db9747995150112dee88d9ec3ea49cfc1367da1ca57bff13399d8d665fe9cdb80e9a1d8 |
Docker Image | SHA256 Checksum |
---|---|
humio | 4a80cd68778a6d5ccd734982c46e0355f0acf5c68ad564dd67cdb6e949750970 |
humio-core | 7a3e262871585d8a43df8c4c4dbcf706327cade2f683ffaa9a543afccc3e8687 |
kafka | 6e362a4827f9a41d37b19bdfa63f3cad7f77d2786f6b0366e410474de99113ce |
zookeeper | deac05cfaa4762eaf079afa3063cf9271eff7080157d0e785a4c345d280f5d24 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.2/server-1.36.2.tar.gz
Performance and stability improvements.
Bug Fixes
Summary
Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.
Other
Fixed a race condition between nodes creating the merge result for the same target segment, and also transferring it among the nodes concurrently. If a query read the file during that race condition, an in-memory cache of the file header might hold contents that did not match the local file, resulting in "Broken segment" warnings in queries.
Humio Server 1.36.1 Stable (2022-02-14)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.36.1 | Stable | 2022-02-14 | 2023-02-14 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 0aee460ed84a4acda917ce6cd61c433d |
SHA1 | 9ea746229c3f1f0f780d356b7ce4b6f6e1bbb78d |
SHA256 | 56a3a2e7ba88e1f5a019184a0d68e83f25b319d54e3aaee3eba4a37f0ef8950c |
SHA512 | aa3117230e866ae621c3f72e1517a9629f45520ea2fa00b6dc8c2ad3a6a1589ffbde36f38b3b1ec0ad927f89da4a9df7f3e6b59f1e844796553b5675608304e9 |
Docker Image | SHA256 Checksum |
---|---|
humio | 2671bacddfe88f34eaba196332b08659e79eab40c2ce26a0e6c2f7e58a78a213 |
humio-core | ecfa5dd303d12725f754b4afabc44196ba37df739f04c30432401eb3149874ee |
kafka | 0d50f27e33bf61f8b76f482fa7b2c4237227af7e429b1080e65daa877c65b457 |
zookeeper | 62a511127a0eaa4ba0f5a29c421063d4c6822371ba6ee16e96ae1b930ca0e7ce |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.1/server-1.36.1.tar.gz
Performance and stability improvements.
Bug Fixes
Summary
Reading hashfilter in chunks to avoid having huge off heap buffers.
Improve the performance of deletes from global.
Downgrade to Java 1.13 on Docker image to fix rare cases of JVM crashes.
Performance improvements of IngestPartitionCoordinator.
Humio Server 1.36.0 Stable (2022-01-31)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.36.0 | Stable | 2022-01-31 | 2023-01-31 | 1.26.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 87cdf81b183bf1a065596181b873d813 |
SHA1 | 8425487e7e3b566ed2eae42cac4cbb6010eb1825 |
SHA256 | 76af04b53a689411f4048e743e0491cb437b99503630a87cf5aba2eb0281231f |
SHA512 | 9dca89bf4097b1c4949c458b9010fff12edd25248c2f0f2e18835466e852d6c5fa6981c8763125b769c5a6673bd00a1a385bfb22f7241aeeadf9e826ef208c99 |
Docker Image | SHA256 Checksum |
---|---|
humio-core | 2641650964190056ac10ad0225b712c3a01d844bf2c5f517663187d45adf846c |
kafka | 99e3a00c93308aa92a8363c65644748d6ace602c1c6e425dcfc32be12432dee7 |
zookeeper | 45c911346e3b58501e1a1b264c178debd33edd692cd901dd9e87cbcd2f93e60a |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.0/server-1.36.0.tar.gz
Beta: Bucket storage support for dual targets
Support for dual targets to allow using one as the preferred
download and the other to trust for durability. One example of
this is to save on cost (on traffic) by using a local bucket
implementation, such as
MinIO, in the local
datacenter as the preferred bucket storage target, while using a
remote Amazon S3
bucket as the trusted bucket for durability. If the local
MinIO bucket is lost (or just
not responding for a while) the Humio cluster still works using
the AWS S3 bucket with no
reconfiguration or restart required. Configuration of the second
bucket is via configuration entries similar to the existing
STORAGE
keys, but using
the prefix STORAGE_2
for
the extra bucket.
When using dual targets, bucket storage backends may need
different proxy configurations for each backend - or not. The
new configuration
BUCKET_STORAGE_MULTIPLE_ENDPOINTS
(default
false
) controls whether
the proxy configuration in the environment is applied to all
bucket storage backends. When set to
true
, each bucket
preserves the active proxy/endpoint configuration and a change
to those will trigger creation of a fresh internally persisted
bucket storage access configuration.
Improvements, new features and functionality
UI Changes
Hovering over text within a query now shows the result of interpreting escape characters.
Allow more dialogs in the UI to be closed with the
Esc
key.Added ability to resize search page query field by dragging or fitting to query.
Improved accessibility when choosing a theme.
New feature to select text in the search page event list and include/exclude that in the search query.
Disable the option to creating a view if the user does not have Connect a view permission on any repository. This is more intuitive than getting an empty dropdown of repositories to choose from.
Improved dark mode toggle button's accessibility.
New dialogs for creation of parsers and dashboards.
Time Selector is now accessible by keyboard.
GraphQL API
Improved the error messages when the GraphQL queries SearchDomain.alert, SearchDomain.action, and SearchDomain.savedQuery do not find the entity with the given ID.
Configuration
Reduce default value of
INGESTQUEUE_COMPRESSION_LEVEL
, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.Added
INITIAL_FEATURE_FLAGS
which lets you enable/disable feature flags on startup. For instance, setting INITIAL_FEATURE_FLAGS=+UserRoles,-UsagePage enablesUserRoles
and disablesUsagePage
.Added the config
CORS_ALLOWED_ORIGINS
a comma separated list for CORS allowed origins, default allows all origins.New configuration
BUCKET_STORAGE_MULTIPLE_ENDPOINTS
and many configurations usingSTORAGE_2
as prefix. See Bucket Storage.Make
ZOOKEEPER_URL
optional. When not set, the zookeeper-status-logger job does not run, and the cluster administration page does not display information about a Zookeeper cluster.When using
ZOOKEEPER_URL_FOR_NODE_UUID
for assignment of node ID to Humio nodes, and value ofZOOKEEPER_PREFIX_FOR_NODE_UUID
(default/humio_autouuid
) does not match contents of localUUID
file, acquire a fresh nodeuuid
.
Functions
Added a limit parameter to the
fieldstats()
function. This parameter limits the number of fields to include in the result.Added job which will periodically run a query and record how long it took. By default the query is
count()
.
Other
Added warning logs when errors are rendered to browser during oAuth flows.
Remove caching of API calls to prevent caching of potential sensitive data.
Added a job that scans segments which are waiting to be archived, this value is recorded in the metric:
s3-archiving-latency-max
.Improved the error message when an ingest request times out.
Added option to specify an IP Filter for which addresses hostname verification should not be made.
Added exceptions to the Humio logs from
AlertJob
andScheduledSearchJob
.Improved usability of the groups page.
Improved caching of UI static assets.
Allow the same view name across organizations.
Improved Humio's detection of Kafka resets. We now load the Kafka cluster id once on boot. If it changes after that, the node will crash.
Allow the query scheduler to enqueue segments and
aux
files for download from bucket storage more regularly. This should ensure that queries fetching smallaux
files can more reliably keep the download job busy.Added analytics on query language feature use to the audit-log under the fields
queryParserMetrics
.Added granular IP Filter support for shared dashboards (BETA - API only).
Improved the default permissions on the group page by leaving their view expanded once the user cancels update.
Added ability to override max auto shard count for a specific repository.
Bug Fixes
UI Changes
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
Make writes to Kafka's chatter topic block in a similar manner as writes to global.
Fixed an issue where the
SegmentMoverJob
could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.Humio now tries to avoid interrupting threads during shutdown, instead allowing them to finish their work. This should reduce log noise when shutting down.
The action message templates
{events_str}
and{query_result_summary}
always evaluate to the same string. To reflect this, the UI has been updated so that these templates are combined into the same item in the template overview for Email, Slack and Webhook actions.Removed a spurious warning log when requesting a non-existent
hash
file from S3.No longer allow requests to
/hec
to specify organizations by name. We now only accept IDs.The query endpoint API now supports languageVersion for specifying Humio query language versions.
When creating ingest and chatter topic, reduce desired max.message.bytes to what Kafka cluster allows, if that is lower than our desired values.
Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
Fixed an issue where live queries would sometimes double-count parts of the historic data.
The
AlertJob
andScheduledSearchJob
now only log validation errors from running the queries as warnings, previously, some of these were logged as errors.SAML and OIDC only - During signout, Humio background tabs will be redirected to a signout landing page instead of to the login page.
Fixed an issue where repeating queries could cause other queries to fail.
Queries on views no longer restart when the ordering of the view's connections is changed.
From the alerts overview and the scheduled searches overview, it is now possible to clear the error status on an alert or a scheduled search.
When starting ingest, Humio checks that the computed starting position in Kafka is below the Kafka end offset. Ensure that the end offset is requested after the starting position is computed, not before. This might prevent a very rare spurious boot failure.
Remove
script-src: unsafe-eval
from content security policy.Reenable a feature to make Humio fetch and check
hash
files from bucket storage before fetching the segments.Errors on alerts are now cleared more granularly. Errors when starting the alert query are cleared as soon as the query is successfully started, errors from polling the query are cleared when the query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
Bumped the Humio Docker containers to Java 17. If you manually set any
--add-opens
flags in your JVM config, you should remove them. The container should set the right flags automatically.Code completion in the query editor now also works on the right hand side of
:=
.When bootstrapping a new cluster, set the cluster version in global right away. Since nodes will not boot on a snapshot that doesn't specify a cluster version, it is important that this field exists in all snapshots.
Reenable a feature to make Humio delete local copies of bucketed segments, even if they are involved in a query.
Fixed an issue where the digest coordinator could consider a host to be alive if the coordinator hadn't seen any timestamps from that host.
Fixed a number of instability issues in the query scheduler. The scheduler should now more reliably ensure that each query either completes, or is cancelled.
Errors on scheduled searches are now cleared more granularly. Errors when starting a query are cleared as soon as another query is successfully started, errors from polling a query are cleared when a query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
Make Humio handle missing
aux
files a little faster when downloading segments from bucket storage.The
repository/.../query
endpoint now returns a status code of.0 (BadRequest)
when given an invalid query in some cases where previously it returned503 (ServiceUnavailable)
.Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
When interacting with the REST API for files, errors now have detailed error messages.
Fixed an issue where, if a custom parser was overriding a built-in parser, then the custom parser could accidentally be overwritten by creating a new parser with the same name.
Fixed a compatibility issue with Filebeat 7.16.0.
For HTTP Event Collector (HEC) the input field
sourcetype
is now also stored in@sourcetype
.Reduce noise in the log when the bucket storage upload job attempts to upload a file that is deleted concurrently.
Fixed a race condition that could cause digesters to calculate two different offsets during startup when determining where to start consuming, and which partially written segments to discard, which could lead to data loss when partially written segments were replayed from Kafka.
Fixed an issue in the
Table
widget. It will no longer insert 0-values for missing fields in integer columns. Empty fields will be shown consistently, independent of the column data type.Fixed an issue where
top
would fail if the sum of the values exceeded 2^63-1. Exceeding sums are now pegged to 2^63-1.The
/hec
endpoint no longer responds toOPTIONS
requests saying it supportsGET
requests. It doesn't and never has.Fixed an issue where MaxMind databases would only update if a license was present at startup and not if it was added later.
Query partition tables updates are now rejected if written by a node that is no longer the cluster leader.
Fixed an issue in the Export to file dialog on the search page. It is now possible to export fields with spaces.
Fixed an issue where nodes could request partitions from the query partitioning table that were not present.
Fixed an issue that repeatedly tried to restart live queries from a given user upon the deletion of the user.
No longer allow organization- and system-level ingest tokens to ingest into sandbox and system repos.
Fixed an issue where the Humio query URLs sent by actions would land users on the search page in editing mode for the alert or scheduled search that had triggered. Now, they still land on the search page, but not in editing mode.
Fixed Humio always reading and discarding an already processed message from the ingest queue on boot.
Fixed
session()
such that it works when events arrive out of time order.
Humio Server 1.35.0 Preview (2022-01-17)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.35.0 | Preview | 2022-01-17 | 2022-01-31 | 1.26.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 83b164ea22cbc8a347ee22a4e49d87fb |
SHA1 | cde673dc3026cf8455e980a7f1ffc17de2a92072 |
SHA256 | a43b1f86fe2f610eadaacfcff50264de578be56959125d24d27e51e1eacc403d |
SHA512 | a0897d2b8acb1ad888c1f0128bc46a9f3a425cc87adc40192ea3089533f247ce0ddff23971b1298d58cdb9f0e93f1bb24ae3392587de3a313fa4bbd89a32747b |
Docker Image | SHA256 Checksum |
---|---|
humio | 2f6d1b42b5d2d519bd0152bf6e28952a8f5d9e711bfc6c8c50fb58d917d033f0 |
humio-core | 56193b2add6ece05561e058ffcd1706989b9633cb1da857b26582df7d7bf210a |
kafka | 149bce1bfa2e9c3e8eb6ff3d8c9416fad058b392134cab5958bf405f2553d264 |
zookeeper | 9393097554e28403372ef38f87eab200292a41f75d8d38a8d102f926e7919eae |
Beta: Bucket storage support for dual targets
Support for dual targets to allow using one as the preferred
download and the other to trust for durability. One example of
this is to save on cost (on traffic) by using a local bucket
implementation, such as
MinIO, in the local
datacenter as the preferred bucket storage target, while using a
remote Amazon S3
bucket as the trusted bucket for durability. If the local
MinIO bucket is lost (or just
not responding for a while) the Humio cluster still works using
the AWS S3 bucket with no
reconfiguration or restart required. Configuration of the second
bucket is via configuration entries similar to the existing
STORAGE
keys, but using
the prefix STORAGE_2
for
the extra bucket.
When using dual targets, bucket storage backends may need
different proxy configurations for each backend - or not. The
new configuration
BUCKET_STORAGE_MULTIPLE_ENDPOINTS
(default
false
) controls whether
the proxy configuration in the environment is applied to all
bucket storage backends. When set to
true
, each bucket
preserves the active proxy/endpoint configuration and a change
to those will trigger creation of a fresh internally persisted
bucket storage access configuration.
Improvements, new features and functionality
UI Changes
New dialogs for creation of parsers and dashboards.
Hovering over text within a query now shows the result of interpreting escape characters.
Time Selector is now accessible by keyboard.
Disable the option to creating a view if the user does not have Connect a view permission on any repository. This is more intuitive than getting an empty dropdown of repositories to choose from.
Improved dark mode toggle button's accessibility.
New feature to select text in the search page event list and include/exclude that in the search query.
Allow more dialogs in the UI to be closed with the
Esc
key.Added ability to resize search page query field by dragging or fitting to query.
Improved accessibility when choosing a theme.
GraphQL API
Improved the error messages when the GraphQL queries SearchDomain.alert, SearchDomain.action, and SearchDomain.savedQuery do not find the entity with the given ID.
Configuration
Make
ZOOKEEPER_URL
optional. When not set, the zookeeper-status-logger job does not run, and the cluster administration page does not display information about a Zookeeper cluster.Reduce default value of
INGESTQUEUE_COMPRESSION_LEVEL
, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.Added
INITIAL_FEATURE_FLAGS
which lets you enable/disable feature flags on startup. For instance, setting INITIAL_FEATURE_FLAGS=+UserRoles,-UsagePage enablesUserRoles
and disablesUsagePage
.When using
ZOOKEEPER_URL_FOR_NODE_UUID
for assignment of node ID to Humio nodes, and value ofZOOKEEPER_PREFIX_FOR_NODE_UUID
(default/humio_autouuid
) does not match contents of localUUID
file, acquire a fresh nodeuuid
.New configuration
BUCKET_STORAGE_MULTIPLE_ENDPOINTS
and many configurations usingSTORAGE_2
as prefix. See Bucket Storage
Functions
Added a
limit
parameter to thefieldstats()
function. This parameter limits the number of fields to include in the result.
Other
Added granular IP Filter support for shared dashboards (BETA - API only).
Added exceptions to the Humio logs from
AlertJob
andScheduledSearchJob
.Allow the query scheduler to enqueue segments and
aux
files for download from bucket storage more regularly. This should ensure that queries fetching smallaux
files can more reliably keep the download job busy.Added ability to override max auto shard count for a specific repository.
Added warning logs when errors are rendered to browser during oAuth flows.
Improved the error message when an ingest request times out.
Added option to specify an IP Filter for which addresses hostname verification should not be made.
Improved the default permissions on the group page by leaving their view expanded once the user cancels update.
Allow the same view name across organizations.
Added analytics on query language feature use to the audit-log under the fields
queryParserMetrics
.Improved usability of the groups page.
Added job which will periodically run a query and record how long it took. By default the query is
count()
.Added a job that scans segments which are waiting to be archived, this value is recorded in the metric:
s3-archiving-latency-max
.Improved Humio's detection of Kafka resets. We now load the Kafka cluster id once on boot. If it changes after that, the node will crash.
Bug Fixes
UI Changes
Fixed an issue where repeating queries could cause other queries to fail.
Errors on alerts are now cleared more granularly. Errors when starting the alert query are cleared as soon as the query is successfully started, errors from polling the query are cleared when the query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
When starting ingest, Humio checks that the computed starting position in Kafka is below the Kafka end offset. Ensure that the end offset is requested after the starting position is computed, not before. This might prevent a very rare spurious boot failure.
Fixed an issue where nodes could request partitions from the query partitioning table that were not present.
Fixed an issue where the
SegmentMoverJob
could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.The action message templates
{events_str}
and{query_result_summary}
always evaluate to the same string. To reflect this, the UI has been updated so that these templates are combined into the same item in the template overview for Email, Slack and Webhook actions.Query partition tables updates are now rejected if written by a node that is no longer the cluster leader.
Reenable a feature to make Humio fetch and check
hash
files from bucket storage before fetching the segments.From the alerts overview and the scheduled searches overview, it is now possible to clear the error status on an alert or a scheduled search.
Humio now tries to avoid interrupting threads during shutdown, instead allowing them to finish their work. This should reduce log noise when shutting down.
Queries on views no longer restart when the ordering of the view's connections is changed.
The
repository/.../query
endpoint now returns a status code of.0 (BadRequest)
when given an invalid query in some cases where previously it returned503 (ServiceUnavailable)
.For HTTP Event Collector (HEC) the input field
sourcetype
is now also stored in@sourcetype
.Fixed an issue where the Humio query URLs sent by actions would land users on the search page in editing mode for the alert or scheduled search that had triggered. Now, they still land on the search page, but not in editing mode.
Reduce noise in the log when the bucket storage upload job attempts to upload a file that is deleted concurrently.
When creating ingest and chatter topic, reduce desired max.message.bytes to what Kafka cluster allows, if that is lower than our desired values.
Bumped the Humio Docker containers to Java 17. If you manually set any
--add-opens
flags in your JVM config, you should remove them. The container should set the right flags automatically.Fixed a compatibility issue with Filebeat 7.16.0.
Reenable a feature to make Humio delete local copies of bucketed segments, even if they are involved in a query.
No longer allow organization- and system-level ingest tokens to ingest into sandbox and system repos.
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
Errors on scheduled searches are now cleared more granularly. Errors when starting a query are cleared as soon as another query is successfully started, errors from polling a query are cleared when a query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
The
/hec
endpoint no longer responds toOPTIONS
requests saying it supportsGET
requests. It doesn't and never has.Remove
script-src: unsafe-eval
from content security policy.Make writes to Kafka's chatter topic block in a similar manner as writes to global.
Make Humio handle missing
aux
files a little faster when downloading segments from bucket storage.Fixed an issue where
top
would fail if the sum of the values exceeded 2^63-1. Exceeding sums are now pegged to 2^63-1.The query endpoint API now supports languageVersion for specifying Humio query language versions.
Fixed a number of instability issues in the query scheduler. The scheduler should now more reliably ensure that each query either completes, or is cancelled.
Fixed a race condition that could cause digesters to calculate two different offsets during startup when determining where to start consuming, and which partially written segments to discard, which could lead to data loss when partially written segments were replayed from Kafka.
Removed a spurious warning log when requesting a non-existent
hash
file from S3.Fixed
session()
function such that it works when events arrive out of time order.The
AlertJob
andScheduledSearchJob
now only log validation errors from running the queries as warnings, previously, some of these were logged as errors.Fixed an issue where MaxMind databases would only update if a license was present at startup and not if it was added later.
Fixed an issue where the digest coordinator could consider a host to be alive if the coordinator hadn't seen any timestamps from that host.
Fixed an issue in the Export to file dialog on the search page. It is now possible to export fields with spaces.
Fixed an issue where, if a custom parser was overriding a built-in parser, then the custom parser could accidentally be overwritten by creating a new parser with the same name.
Fixed an issue in the Table widget. It will no longer insert 0-values for missing fields in integer columns. Empty fields will be shown consistently, independent of the column data type.
Code completion in the query editor now also works on the right hand side of
:=
.Fixed an issue that repeatedly tried to restart live queries from a given user upon the deletion of the user.
Fixed Humio always reading and discarding an already processed message from the ingest queue on boot.
SAML and OIDC only - During signout, Humio background tabs will be redirected to a signout landing page instead of to the login page.
No longer allow requests to
/hec
to specify organizations by name. We now only accept IDs.Fixed an issue where live queries would sometimes double-count parts of the historic data.
When bootstrapping a new cluster, set the cluster version in global right away. Since nodes will not boot on a snapshot that doesn't specify a cluster version, it is important that this field exists in all snapshots.
Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
Humio Server 1.34.3 Stable (2022-03-09)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.34.3 | Stable | 2022-03-09 | 2023-03-09 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 7184f2582bed56c0b29ffb2d39f508a5 |
SHA1 | 9d7beb007f9ec9e7603bcbf164b3006dce0932ef |
SHA256 | ac95c6538dc88b6af31f0c55aaa46740503860ea90ad41d330593402915d885b |
SHA512 | d4738190dfd9b100ac896969e70a541f1d0242fb822f312142636cb5055009f13f0dbca6193f6cb8ce89d36d9f3f8b9ebec5a684570a4f9500bd8ffc3379ee6a |
Docker Image | SHA256 Checksum |
---|---|
humio | 955acd05d628a4da69a546ea58134a786c77349bfc21e10631b3f5b2934140ab |
humio-core | 64547f071a29e5df7eb945f369b28cf6d365b1590f577163fd18fe8b76ce63ce |
kafka | b3318e88aa3aaaae09d88fae2bd37882d1a41738983a1ef783f9f07c30c73101 |
zookeeper | 049489e9fcda7ca0ea11d96e45d8dde8d9a6582e0b9740b6865a952ec13332e5 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.3/server-1.34.3.tar.gz
Performance improvements of Ingest and internal caching.
Bug Fixes
Summary
Performance improvements of Ingest and internal caching.
Humio Server 1.34.2 Stable (2022-02-01)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.34.2 | Stable | 2022-02-01 | 2023-02-01 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | ebca829a100a92c4b96f05f421c9e5d2 |
SHA1 | f9d21990e4ae6f64eac6bd6aa6d65899583d1311 |
SHA256 | 2141bd8fb2537f0242b30998938d780bd53cedbf2b04622b956923f677a56350 |
SHA512 | 02d33bdfb65bf5ab949da8ae0a1bb9f04a509564c8d4a74cc08f5033040987152abd42743b0720290304f4bd5c4e50550327117efb6eda01d3b0ed8ef357938e |
Docker Image | SHA256 Checksum |
---|---|
humio | 426715cb9faedce379d6a6add003cfcaa3fe9ce5b5ce706fab202b89eb5c8c45 |
humio-core | a927eb85f709561b659e3a566a5b0fd3e6b3be84b19db2832d70722897265cbb |
kafka | f181a5a1668d6c3f1ebe5e5216a00b393ee20eb0f1845d1a93309fdbfac8406d |
zookeeper | 361063a0a2eb0361209781f7dff9d5f0067b33806f14882fc4a0a0ff9f434b66 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.2/server-1.34.2.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Security
Updated dependencies to follow-redirects for CVE-2022-0155.
Updated dependencies to nanoid for CVE-2021-23566.
Updated dependencies to node-fetch for CVE-2022-0235.
Updated dependencies to Akka for CVE-2021-42697.
Updated dependencies to Jawn for CVE-2022-21653.
Summary
Fixes an issue with epoch and offsets not always being stripped from segments.
Fixed an issue where live queries would sometimes double-count parts of the historic data.
Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
Humio Server 1.34.1 Stable (2022-01-06)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.34.1 | Stable | 2022-01-06 | 2023-01-06 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 1d6b54fc6b4f52abff6c1106a904e4d1 |
SHA1 | 67e6e0cd4e6eb59a0d88f85dc0f511aefacef1dc |
SHA256 | 23f50f620fd5e51755521aba8185b76e4ca0187206fd55e8ed5fbbe14e42578b |
SHA512 | 6ad8fe4040b7c2e80643071e05b1d305f6d66e74c4041d3a4ac56f84ec6fd3f2b63c04c421029c436f081b8ab22e8a60bf17c5330f7fe117d178c596526a344f |
Docker Image | SHA256 Checksum |
---|---|
humio | e66c6b3fcf45bd36502c877e8a4a617f9f662c5cf672e6c6c73b45445d41ad20 |
humio-core | fa7e9355cd4f41e64b404e65e33166c28fdc6c2ce5ceeea382007778f9ff64ce |
kafka | 459b3a6df8a678493bfb3266d243b867ed3ae4251464276c854afa0b2f784dac |
zookeeper | 748cfc151533e1e2efc870299bc5c2b10fda97ec0c6f522dd8c8576d9aea315e |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.1/server-1.34.1.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Security
Updated dependencies to Netty to fix CVE-2021-43797
Updated dependencies to log4j 2.17.1 to fix CVE-2021-44832 and CVE-2021-45105
Summary
Updated dependencies to Jackson to fix a weakness
Humio Server 1.34.0 Stable (2021-12-15)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.34.0 | Stable | 2021-12-15 | 2022-12-15 | 1.26.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 4dc3b67c42b44e59e0ad6cc02a220f12 |
SHA1 | 099a9ae07d5595fb06c145aaa80b46ba9f74dd10 |
SHA256 | 22cd6f60f030d56bcae159b853efe6dcd76f7add127e64c37bcca58c66d1a155 |
SHA512 | 2645369a9ec989c1b40b190993ecbd4eca8be63b60318a1b1259124819446c06c3bbba92a9c22f1e194133b9da5d05b6c0346369c33e8c33a9777a2a168ae524 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.0/server-1.34.0.tar.gz
Humio Server 1.34 REQUIRES minimum previous version 1.26.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.26.0+ first. After running 1.34.0 or later, you cannot downgrade to versions prior to 1.26.0.
You can now use the mouse to resize columns in the event list. Previously you had to click the column header and use the
buttons.Improvements, new features and functionality
UI Changes
Allow resize of columns in the event list by mouse.
Dark mode is officially deemed stable enough to be out of beta.
Added buttons for stopping all queries, streaming queries, and historical queries from inside the query monitor.
Updated the links for Privacy Notice and Terms and Conditions.
Added autofocus to the first field when opening a dialog using the save as functionality from the Search page.
The overall look of message boxes in Humio has been updated.
Validation error messages are now more precise and have improved formatting.
Disable actions if permissions are handled externally.
Added maximum width to tabs on the Group page, so they do not keep expanding forever.
GraphQL API
Added three GraphQL mutations for stopping queries: stopAllQueries, stopStreamingQueries, and stopHistoricalQueries.
The GraphQL field isEventForwardingEnabled on the HumioMetadata type is deprecated, as it is no longer in use internally. If you rely on this, please let us know.
Changed old personal user token implementation to hash based.
Added GraphQL mutation clearRecentQueries which a user can run to clear their recent queries in a specific view or repository.
Renamed the deleteEvents related GraphQL mutations and queries to redactEvents. The redactEvents API is intended for redacting sensitive data from a repository, not for bulk deletion of events. We think the new name invites fewer misunderstandings.
Added 2-phase migration that will allow old user api tokens to be used and clean global from secrets after a 30 day period.
Configuration
When checking if the ViewAction.EventForwarding action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if the event forwarding is not enabled on the server.
Functions
Improved performance of the query functions
drop()
and rename() by quite a bit.Added the
communityId()
function for calculating hashes of network flow tuples according to the (Community ID Spec).Added query function
math:arctan2()
to the query language.The
kvParse()
query function can now parse unquoted empty values using the new parameter separatorPadding to specify if your data has whitespace around the key-value separator (typically =). The default is "Unknown", which will leave the functionality of the function unchanged.Refactored query functions
join()
,selfJoin()
, andselfJoinFilter()
into user-visible and internal implementations.Added a
minSpan
parameter totimeChart()
andbucket()
, which can be used to specify a minimum span when using a short time interval.
Other
Reword regular expression related error messages.
Retention based on compressed size will no longer account for segment replication.
Added new metric: bucket-storage-upload-latency-max. It shows the amount of time spent for the event that that has been pending for upload to bucket storage the longest.
New metric: ingest-request-delay. Histogram of ingest request time spent being delayed due to exceeding limit on concurrent processing of ingest (milliseconds).
Improved partition layout auto-balancing algorithm.
Minor optimization when using groupBy with a single field.
Added validation and a more clear error message for queries with a time span of 0.
Improved error messages when an invalid regular expression is used in replace.
Added metric for the number of currently running streaming queries.
It is now possible to create actions, alerts, scheduled searches, and parsers from Yaml template files.
Added management API to put hosts in maintenance mode.
Create, update, and delete of dashboards is now audit logged.
Added a precondition that ensures that the number of ingest partitions cannot be reduced.
Improved shutdown logic slightly, helping prevent thread pools from getting stuck or logging spurious errors during shutdown.
Node roles can now be assigned/removed at runtime.
Prepopulate email field when invited user is filling in a form with this information.
Added Australian states to the States dropdown.
Improved the error reporting when installing, updating or exporting a package fails.
It is now possible to ingest logs into Humio using LogStash v.7.13 and upwards.
Added checksum verification within hash filter files on read.
Improved handling of multiple nodes attempting to create views with the same names at the same time, as might happen when bootstrapping a cluster.
Reduce limit on number of datasources for sandbox repositories created when a user is created to .0 by default.
Added support in the humio event collector for organization- and system-wide ingest tokens and the ability to use a parser from a different repo than the one being ingested into.
Query validation has been improved to include several errors which used to first show up after submitting search.
Query editor: improved code completion of function names.
A compressed segment with a size of 1GB will now always count for retention as 1 GB. Previously, a compressed segment with a size of 1GB might count for more than 1GB when calculating retention, if that segment had more replicas than configured. The effect on the retention policy was that if you had configured retention of .0GB compressed bytes, Humio might retain less than .0GB of compressed data if any of those segments had too many replicas.
Made the transfer coordinator display more clear errors instead of an internal server error for multinode clusters.
Added "export as yaml" function to the list pages of parsers, actions and scheduled searches.
Bug Fixes
Security
Updated dependencies to log4j 2.16 to remove of message lookups (CVE-2021-44228 and CVE-2021-45046)
Automation and Alerts
Alerts and scheduled searches are no longer run on cloud for organizations with an expired trial license, and on-prem for any expired license.
Fixed an issue where an alert would not be throttled until after its actions had completed, which could make the alert trigger multiple times shortly after each other if an action was slow. Now, the alert is throttled as soon as it triggers.
Alerts and scheduled searches are now enabled per default when created. The check disabling these entities if no actions are attached has been replaced with a warning, which informs a user that even though the entity is enabled, nothing will trigger since no actions are attached.
Functions
Fixed a bug in the validation of the
bits
parameter ofhashMatch()
andhashRewrite()
.
Other
Changed field type for zip codes.
Fixed an issue where streaming (exporting) query results in JSON format could include extra "," characters within the output.
Fixed an issue where release notes would not close when a release is open.
Crash the node if any of a number of critical threads die. This should help prevent zombie nodes.
Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.
Fixed an issue on sandbox renaming, that would allow you to rename a sandbox and end up in a bad state.
Fixed an issue when adding a group to a repository or view than an error message is displayed when the user is not the organization owner or root.
Fixed an issue where the web client could start queries from the beginning of time when scrolling backwards through events in the UI.
Fixed an issue where clicking on the counters of parsed events on the Parsers page would open an empty search page, except for built-in parsers. Now, it correctly shows the latest parsed events for all parsers (except package parsers).
Fixed an issue in the interactive tutorial.
Prevent unauthorized analytics requests being sent.
Fixed an issue where a dashboard installed with a YAML file could be slightly different than what was specified in the file.
Removed error query param from URL when entering Humio.
Removed a spurious warning log when requesting a non-existent hash file from S3.
Fixed an issue causing Humio running on Java 16+ to return incorrect search results when the input query contains Unicode surrogate pairs (e.g. when searching for an emoji).
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
When checking if the ViewAction.ChangeRepoConnections action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a repository, as the action only makes sense on views.
Fixed a number of stability issues with the event redaction job.
Support Java 17.
Changed default package type to "application" on the export package wizard.
Fixed an issue on on-prem trial license that would use user count limits from cloud.
Fixed an issue where certain problems would highlight the first word in a query.
Fixed an issue where
sort()
would cause events to be read ina non-optimal order for the entire query.When an alert query encounters a warning and Humio is not configured to trigger alerts despite warnings
ALERT_DESPITE_WARNINGS=true
the warning text will now be shown as an error message on the alert in the UI.Changes to the state of IOC access on organizations are now reflected in the audit log.
The field vhost in internal Humio logging is now reserved for denoting the host logging the message. Other uses of vhost now uses the field hostId.
Temporary fix of issue with live queries not having first aggregator as
bucket()
ortimeChart()
, but then later in the query having those as a second aggregator. As a temporary fix, such queries will fail. In later releases, this will get fixed more properly.Fixed a bug where only part of the Users page was loading when navigating from the All organizations page.
Fixed an issue where missing undersized segments in a datasource might cause Humio to repeatedly transfer undersized segments between nodes.
Fixed an issue where
series()
failed to serialize its state properly.Fixed an issue that in rare cases would cause login errors.
Remove the ability to create ingest tokens and ingest listeners on system repositories.
When a digester fails to start, rather than restarting the JVM as previous releases did, keep retrying to start assuming that the issue is transient, such as data for a single ingest partition being unavailable for a short while. While in this situation the process reports the metric for ingest latency on the affected partitions as being uptime of the JVM process at this point. The idea is to signal that data is not flowing on those partitions, so that a monitored metric can raise an alarm somewhere. In lack of a proper latency in this situation, it's better to have a growing non-zero metrics than having the metrics being zero.
Fixed a bug with the cache not being populated between restarts on single node clusters.
Fixed an issue where the segment merger could mishandle errors during merge.
Fixed an issue where some regexes could not be used.
Fixed an edge case where Humio might create multiple copies of the same datasource when the number of Kafka partitions is changed. The fix ensures only one copy will be created.
Use a fresh (random) name for the tmp folder below the datadir to ensure that it is a proper subdir of the datadir and not a mount point.
Fixed an issue where a scheduled search failed and was retried, if it had multiple actions and at least one action was unknown to Humio. Now, the unknown action is logged, but the scheduled search completes successfully and continues to the next scheduled run.
Fixed an issue where OIDC without a discovery endpoint would fail to configure if
OIDC_TOKEN_ENDPOINT_AUTH_METHOD
was not set.Browser storage is now cleared when initiating while unauthenticated.
Fixed an issue where a failing event forwarder would be cached indefinitely and could negatively impact Humio performance.
Fixed a bug where shared lookup files could not be downloaded from the UI.
Fixed a compatibility issue with Filebeat 7.16.0
Fixed incorrect results when searching through saved queries and recent queries.
Changes to the state of backend feature flags are now reflected in the audit log.
Fixed a bug where query coordination partitions would not get updated.
When creating or updating an action, the backend now verifies that the host url associated with the action is prefixed with either 'http://' or 'https://'. This affects Actions of the type: Webhook, OpsGenie, Single-Channel Slack and VictorOps.
Fixed an issue where error messages would show wrong input.
When checking if the ViewAction.ChangeS3ArchivingSettings action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a view, as the action only makes sense on repositories.
Fixed an issue where a digest node could be unable to rejoin the cluster after being shut down if all other digest nodes were also down at the time.
Addressed an issue causing Humio to sometimes error log an ArrayIndexOutOfBoundsException during shutdown.
Fixed some widgets on dashboards reporting errors while waiting for data to load.
Fixed an issue where comments spanning multiple lines wouldn't be colored correctly.
No longer return the "Query Plan" in responses, but return a hash in the new field hashedQueryOnView instead. The plan could leak information not otherwise visible to the user, such as query prefixes being applied.
When performing jobs triggered via the Redact Events API, Humio could restart queries for unrelated views until the delete job completed. This has been improved, so only views affected by the delete will be impacted.
Include view+parser-name in thread dumps when time is spent inside a parser.
Fixed a bug where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there were too many datasources in the repo. This led to a crash loop when the affected node was restarted.
Fixed styling issue on the search page where long errors would overflow the screen.
Fixed an issue where the segment merger would write that the current node had a segment slightly before registering that segment in the local node.
Fixed a bug where invalid UTF-16 characters could not be ingested. They are now converted to 'ufffd'.
Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
Humio Server 1.33.3 Preview (2021-12-10)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.33.3 | Preview | 2021-12-10 | 2021-12-15 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 10d2ee69d0bcdc6313fb3529912007ba |
SHA1 | 5be098e4f3f6500704e85c0763c918763b90aa34 |
SHA256 | eaefa5ce2c162fbd9d0a57d3b7c47dee828848eabdd7e96d885a812208c20a46 |
SHA512 | a9268b87f416d9b857eccb506c304ba7ca552cd6408ac13791b160e0d17c3d82e67213025ec7bca820e970676e4a24d1a1f4d20ff27e3cbc5bc30edf874e58a0 |
More security fixes related to
log4j
logging.
Bug Fixes
Security
Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).
Humio Server 1.33.2 Preview (2021-12-10)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.33.2 | Preview | 2021-12-10 | 2021-12-15 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 393be03445adbf84f63ef93b522b85fa |
SHA1 | 36454936dfe7c3863656043a8ee1d8639c1c198e |
SHA256 | e03616ba1d8d92e80031231ad7e2b7666121e7ccf7eee10f7a816241a90706ac |
SHA512 | 5d0504538cfa1db51f7188d4f6fef03aeb5a69b466f2e8367e91208745c4bf9050f271ffdf52ed6027796487ac11106726fbf3d7c3d6e259efa49f369793aa96 |
Security fix related to
log4j
logging, and fix
compatibility with Filebeat.
Bug Fixes
Security
Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).
Summary
Fixed a compatibility issue with Filebeat 7.16.0
Humio Server 1.33.1 Preview (2021-11-23)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.33.1 | Preview | 2021-11-23 | 2021-12-15 | 1.26.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | d9f270df38f2ce472801c81a06fa67af |
SHA1 | c5740a06b4b86a8615767c388a7cf6d3e3a8ccf1 |
SHA256 | ed3c03b5dcb8fe2c7230bae2775346283d7cdc143854260672a5ba66f11d612b |
SHA512 | d2762a9fa648af32e85205b4d972ad15d47870fc030c111d31ca4d048ce9459ce6e50a3bce0063f0c7347a6640181b4e3c41d1273a4c82b297fd8d3c844c529a |
Critical bug fixes related to version dependencies, alert throttling, etc.; Improve Interactive Tutorial.
Bug Fixes
Summary
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
Fixed an issue in the interactive tutorial.
Fixed an issue that in rare cases would cause login errors.
Updated a dependency to a version fixing a critical bug.
Automation and Alerts
Reverted from 1.33.0 Errors on alerts, which are shown in the alert overview, are now only cleared when either the alert query is updated by a user or the alert triggers. Previously, errors that occurred when actions were triggered would be removed when the alert no longer triggered. Now, they will be displayed until the actions trigger successfully. Conversely, errors that occur when running the query may now remain until the next time the alert triggers, where they would previously be removed as soon as the query run again without errors.
Fixed an issue where an alert would not be throttled until after its actions had completed, which could make the alert trigger multiple times shortly after each other if an action was slow. Now, the alert is throttled as soon as it triggers.
Humio Server 1.33.0 Preview (2021-11-15)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.33.0 | Preview | 2021-11-15 | 2021-12-15 | 1.26.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 2964782694b82a39cc5b644d040fae68 |
SHA1 | b520dbabec0321b953c496b960710ba5fb6614a7 |
SHA256 | 8b8de633ca08c9592ee2441b0498de1a86aa4093a505821923be7e8501b62526 |
SHA512 | be827349bf450d51b4c42c55c13120ba735196f598eaec798a7eb11b8e1320a6ad86caefca3841a3560013311e30347dc595a96ed59d4cb5c0cf946e72208ac2 |
1.33 REQUIRES minimum version 1.26.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.26.0+ first. After running 1.33.0 or later, you cannot run versions prior to 1.26.0.
Once the release has been deployed, all existing personal api tokens will be hashed so they still can be used, but you will not be able to retrieve them again. If you want to preserve the tokens, be sure to copy it into a secrets vault before the release is deployed. The api-token field on the User type in GraphQL has been removed.
You can now use the mouse to resize columns in the event list. Previously you had to click the column header and use the "Increase / Decrease Width" buttons.
Improvements, new features and functionality
UI Changes
Updated the links for Privacy Notice and Terms and Conditions.
The overall look of message boxes in Humio has been updated.
Added autofocus to the first field when opening a dialog using the save as functionality from the Search page.
Dark mode is officially deemed stable enough to be out of beta.
Allow resize of columns in the event list by mouse.
Disable actions if permissions are handled externally.
Added buttons for stopping all queries, streaming queries, and historical queries from inside the query monitor.
Added maximum width to tabs on the Group page, so they do not keep expanding forever.
Validation error messages are now more precise and have improved formatting.
GraphQL API
The GraphQL field isEventForwardingEnabled on the HumioMetadata type is deprecated, as it is no longer in use internally. If you rely on this, please let us know.
Added 2-phase migration that will allow old user api tokens to be used and clean global from secrets after a 30 day period.
Added three GraphQL mutations for stopping queries: stopAllQueries, stopStreamingQueries, and stopHistoricalQueries.
Renamed the deleteEvents related GraphQL mutations and queries to redactEvents. The redactEvents API is intended for redacting sensitive data from a repository, not for bulk deletion of events. We think the new name invites fewer misunderstandings.
Changed old personal user token implementation to hash based.
Added GraphQL mutation clearRecentQueries which a user can run to clear their recent queries in a specific view or repository.
Configuration
When checking if the ViewAction.EventForwarding action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if the event forwarding is not enabled on the server.
Functions
The
kvParse()
query function can now parse unquoted empty values using the new parameter separatorPadding to specify if your data has whitespace around the key-value separator (typically =). The default is "Unknown", which will leave the functionality of the function unchanged.Added a
minSpan
parameter totimeChart()
andbucket()
, which can be used to specify a minimum span when using a short time interval.Added query function
math:arctan2()
to the query language.Added the
communityId()
function for calculating hashes of network flow tuples according to the Community ID Spec.Refactored query functions
join()
,selfJoin()
, andselfJoinFilter()
into user-visible and internal implementations.Improved performance of the query functions
drop()
andrename()
by quite a bit.
Other
Query validation has been improved to include several errors which used to first show up after submitting search.
Added validation and a more clear error message for queries with a time span of 0.
Retention based on compressed size will no longer account for segment replication.
Query editor: improved code completion of function names.
New metric: ingest-request-delay. Histogram of ingest request time spent being delayed due to exceeding limit on concurrent processing of ingest (milliseconds).
Improved the error reporting when installing, updating or exporting a package fails.
Added new metric: bucket-storage-upload-latency-max. It shows the amount of time spent for the event that that has been pending for upload to bucket storage the longest.
Made the transfer coordinator display more clear errors instead of an internal server error for multinode clusters.
Node roles can now be assigned/removed at runtime.
Create, update, and delete of dashboards is now audit logged.
Added a precondition that ensures that the number of ingest partitions cannot be reduced.
Added support in the humio event collector for organization- and system-wide ingest tokens and the ability to use a parser from a different repo than the one being ingested into.
Added metric for the number of currently running streaming queries.
Improved error messages when an invalid regular expression is used in replace.
Improved handling of multiple nodes attempting to create views with the same names at the same time, as might happen when bootstrapping a cluster.
Prepopulate email field when invited user is filling in a form with this information.
It is now possible to ingest logs into Humio using LogStash v.7.13 and upwards.
Added "export as yaml" function to the list pages of parsers, actions and scheduled searches.
Reduce limit on number of datasources for sandbox repositories created when a user is created to .0 by default.
Reword regular expression related error messages.
Added Australian states to the States dropdown.
Improved shutdown logic slightly, helping prevent thread pools from getting stuck or logging spurious errors during shutdown.
A compressed segment with a size of 1GB will now always count for retention as 1 GB. Previously, a compressed segment with a size of 1GB might count for more than 1GB when calculating retention, if that segment had more replicas than configured. The effect on the retention policy was that if you had configured retention of .0GB compressed bytes, Humio might retain less than .0GB of compressed data if any of those segments had too many replicas.
Added checksum verification within hash filter files on read.
Added management API to put hosts in maintenance mode.
Minor optimization when using groupBy with a single field.
It is now possible to create actions, alerts, scheduled searches, and parsers from Yaml template files.
Improved partition layout auto-balancing algorithm.
Bug Fixes
UI Changes
When an alert query encounters a warning and Humio is not configured to trigger alerts despite warnings
ALERT_DESPITE_WARNINGS
the warning text will now be shown as an error message on the alert in the UI.
Automation and Alerts
Alerts and scheduled searches are no longer run on cloud for organizations with an expired trial license, and on-prem for any expired license.
Alerts and scheduled searches are now enabled per default when created. The check disabling these entities if no actions are attached has been replaced with a warning, which informs a user that even though the entity is enabled, nothing will trigger since no actions are attached.
Functions
Fixed an issue where
sort()
would cause events to be read ina non-optimal order for the entire query.Fixed a bug in the validation of the
bits
parameter ofhashMatch()
andhashRewrite()
.Fixed an issue where
series()
failed to serialize its state properly.
Other
Fixed an issue on on-prem trial license that would use user count limits from cloud.
Fixed a bug where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there were too many datasources in the repo. This led to a crash loop when the affected node was restarted.
Errors on alerts, which are shown in the alert overview, are now only cleared when either the alert query is updated by a user or the alert triggers. Previously, errors that occurred when actions were triggered would be removed when the alert no longer triggered. Now, they will be displayed until the actions trigger successfully. On the other hand, errors that occur when running the query may now remain until the next time the alert triggers, where they would previously be removed as soon as the query run again without errors.
This change was reverted in 1.33.1.
Fixed an issue where the web client could start queries from the beginning of time when scrolling backwards through events in the UI.
Temporary fix of issue with live queries not having first aggregator as
bucket()
ortimeChart()
, but then later in the query having those as a second aggregator. As a temporary fix, such queries will fail. In later releases, this will get fixed more properly.Changed field type for zip codes.
No longer return the "Query Plan" in responses, but return a hash in the new field hashedQueryOnView instead. The plan could leak information not otherwise visible to the user, such as query prefixes being applied.
Fixed an issue where a failing event forwarder would be cached indefinitely and could negatively impact Humio performance.
Fixed an edge case where Humio might create multiple copies of the same datasource when the number of Kafka partitions is changed. The fix ensures only one copy will be created.
Fixed a number of stability issues with the event redaction job.
Fixed an issue where clicking on the counters of parsed events on the Parsers page would open an empty search page, except for built-in parsers. Now, it correctly shows the latest parsed events for all parsers (except package parsers).
Fixed styling issue on the search page where long errors would overflow the screen.
Fixed a bug with the cache not being populated between restarts on single node clusters.
Changes to the state of backend feature flags are now reflected in the audit log.
Fixed an issue where a dashboard installed with a YAML file could be slightly different than what was specified in the file.
Fixed an issue where certain problems would highlight the first word in a query.
Fixed an issue causing Humio running on Java 16+ to return incorrect search results when the input query contains Unicode surrogate pairs (e.g. when searching for an emoji).
Removed error query param from URL when entering Humio.
Fixed an issue where the segment merger would write that the current node had a segment slightly before registering that segment in the local node.
Addressed an issue causing Humio to sometimes error log an ArrayIndexOutOfBoundsException during shutdown.
Fixed a bug where invalid UTF-16 characters could not be ingested. They are now converted to 'ufffd'.
Crash the node if any of a number of critical threads die. This should help prevent zombie nodes.
When performing jobs triggered via the Redact Events API, Humio could restart queries for unrelated views until the delete job completed. This has been improved, so only views affected by the delete will be impacted.
Fixed a bug where only part of the Users page was loading when navigating from the All organizations page.
Include view+parser-name in thread dumps when time is spent inside a parser.
Fixed incorrect results when searching through saved queries and recent queries.
Support Java 17.
Fixed an issue where error messages would show wrong input.
Fixed an issue where comments spanning multiple lines wouldn't be colored correctly.
Fixed an issue when adding a group to a repository or view than an error message is displayed when the user is not the organization owner or root.
The field vhost in internal Humio logging is now reserved for denoting the host logging the message. Other uses of vhost now uses the field hostId.
Use a fresh (random) name for the tmp folder below the datadir to ensure that it is a proper subdir of the datadir and not a mount point.
Changed default package type to "application" on the export package wizard.
Fixed an issue where a digest node could be unable to rejoin the cluster after being shut down if all other digest nodes were also down at the time.
Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.
Removed a spurious warning log when requesting a non-existent hash file from S3.
Fixed a bug where query coordination partitions would not get updated.
When checking if the ViewAction.ChangeS3ArchivingSettings action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a view, as the action only makes sense on repositories.
Fixed a bug where shared lookup files could not be downloaded from the UI.
When checking if the ViewAction.ChangeRepoConnections action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a repository, as the action only makes sense on views.
Browser storage is now cleared when initiating while unauthenticated.
Fixed an issue where some regexes could not be used.
Fixed an issue where missing undersized segments in a datasource might cause Humio to repeatedly transfer undersized segments between nodes.
Fixed some widgets on dashboards reporting errors while waiting for data to load.
Prevent unauthorized analytics requests being sent.
Fixed an issue where the segment merger could mishandle errors during merge.
When a digester fails to start, rather than restarting the JVM as previous releases did, keep retrying to start assuming that the issue is transient, such as data for a single ingest partition being unavailable for a short while. While in this situation the process reports the metric for ingest latency on the affected partitions as being uptime of the JVM process at this point. The idea is to signal that data is not flowing on those partitions, so that a monitored metric can raise an alarm somewhere. In lack of a proper latency in this situation, it's better to have a growing non-zero metrics than having the metrics being zero.
When creating or updating an action, the backend now verifies that the host url associated with the action is prefixed with either 'http://' or 'https://'. This affects Actions of the type: Webhook, OpsGenie, Single-Channel Slack and VictorOps.
Fixed an issue where a scheduled search failed and was retried, if it had multiple actions and at least one action was unknown to Humio. Now, the unknown action is logged, but the scheduled search completes successfully and continues to the next scheduled run.
Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
Fixed an issue on sandbox renaming, that would allow you to rename a sandbox and end up in a bad state.
Remove the ability to create ingest tokens and ingest listeners on system repositories.
Fixed an issue where release notes would not close when a release is open.
Changes to the state of IOC access on organizations are now reflected in the audit log.
Fixed an issue where OIDC without a discovery endpoint would fail to configure if
OIDC_TOKEN_ENDPOINT_AUTH_METHOD
was not set.
Humio Server 1.32.8 Stable (2022-03-09)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.32.8 | Stable | 2022-03-09 | 2023-03-09 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 94782d07a7feda72ffc831747e6740f1 |
SHA1 | 8c1afb6e1b4fe6e5eabe30823e7705b7a03a7af5 |
SHA256 | 76eaa3581ad45443af93dd9e6f92f51142bdc082ba8af234b0ffc7f4346ef630 |
SHA512 | 6929950a72ee073402aea63a3acc016b15ae435ba5c9cf4c24b94fbf51af01c4ccfa4da223374527b597c154f0ca72a114feb0ec45bfae55fad8be17645bccf5 |
Docker Image | SHA256 Checksum |
---|---|
humio | d8f1892f444ab53d2e94419a096978da0eba8d7a995096d9b6f031162fd3bb3c |
humio-core | 49d2631113684a8fc8b3ad53e5545a661961607a3033357ee977ce50d0b49f0a |
kafka | 3bbbaec63eb2ca089800172d94e95f6bb84266dcbac3e76217f50c4169133546 |
zookeeper | 9830902ac961b08c778f38b8714dcfab6be076c1acc5366db459a8560cb6eb61 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.8/server-1.32.8.tar.gz
Updated dependencies with security fixes and weakness and improved performance.
Bug Fixes
Security
Updated dependencies to Akka to fix CVE-2021-42697.
Updated dependencies to jawn to fix CVE-2022-21653.
Summary
Performance improvements of Ingest and internal caching.
Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
Fixes issue with epoch and offsets not always being stripped from segments.
Humio Server 1.32.7 Stable (2022-01-06)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.32.7 | Stable | 2022-01-06 | 2023-01-06 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 30080b4b84bb4aba37eb11023019bd78 |
SHA1 | c53f4ac43beee249a68c90cae62d0b768b1284d7 |
SHA256 | 192b0554f6cbdfd5853cc90d8a418497df800da85bc0795238fc359aae8fa309 |
SHA512 | 0119341a2d041b0143a849881279274b7aef6589e8f90730907401562d03c631065bdb6f3e567b9cdffe31e572c570414f9386ef12e39ffaefdb4a8a5d70f479 |
Docker Image | SHA256 Checksum |
---|---|
humio | c286be555ee8e333acaa87ff010a8b6ecda18cd57c57b2925513b300792c021c |
humio-core | c1efbc9ae9dd76ccbaa674e63ff0029625724c1bb82f3b759cf692f65b3861fc |
kafka | e0d67223acc40bc46d9205286655b28e5c5adfdacbd86441e57e4939113805ee |
zookeeper | c5a7a9ab2dc6be82defe163499b943b727697a3e5d06fc8ead128240e596beb9 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.7/server-1.32.7.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Security
Updated dependencies to Netty to fix CVE-2021-43797
Updated dependencies to log4j 2.17.1 to fix CVE-2021-44832 and CVE-2021-45105
Summary
Updated dependencies to Jackson to fix a weakness
Humio Server 1.32.6 Stable (2021-12-15)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.32.6 | Stable | 2021-12-15 | 2022-12-15 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 7faf420472dbc06536e7478f9b62ab9b |
SHA1 | 77ab5617ec6a9ea24d5db93d82e44a6baa9b8bc2 |
SHA256 | f77c2758074e6ed3b0543531e8ad8ca8a62b934484ee2ac820eabcdd9c572b20 |
SHA512 | 777a8f6e1f2371aea2f9aaeed46633c5c0837e96b1a902433adb7ad8fd98efdaf0f1b21fbae5c8ddb9b5099c4f85e70a0d5a7e9ca00a47b2f2293c9b37c129fe |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.6/server-1.32.6.tar.gz
Security fix related to
log4j
logging, and fix
compatibility with Filebeat.
Bug Fixes
Security
Updated dependencies to log4j 2.16 to remove of message lookups (CVE-2021-45046)
Summary
Fixed issue where streaming (exporting) query results in JSON format could include extra "," characters within the output.
Humio Server 1.32.5 Stable (2021-12-10)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.32.5 | Stable | 2021-12-10 | 2022-12-10 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | e4475e8c2f6623ff22465ccd59bbfb8a |
SHA1 | 5affbdbd10674259ec178db75171d73eb2835f1d |
SHA256 | 92c0261e328c43f0ba46ffaa72fc5e8a1ef075438759286ab00ea5dbb5b5ca30 |
SHA512 | e698dd4a2aa8c85ca3d89cc596e05677106d509082f816e46b3dca6b4b3313690d4c41c3a5b5529d08d91e51ebbfb3f9217e7830d1f4ade54fd79b40f366f449 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.5/server-1.32.5.tar.gz
Security fix related to
log4j
logging.
Bug Fixes
Security
Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).
Humio Server 1.32.4 Stable (2021-12-10)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.32.4 | Stable | 2021-12-10 | 2022-12-10 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 237975851200cd2a21b749ea3994f307 |
SHA1 | 0e6acfcbc13150c83861af51798d8f4510de7bb4 |
SHA256 | 99a86034dc2e26f0779a64a11633563f59dbc94959b85f80f996e5c267053ae4 |
SHA512 | aba67fee43c26d832cc9fb0a5ce3af0faabb596bc33c597eaba83f8f7d3e7da1ec61f6554c257ca7063991a802fdd4149f90e25db856751ca538c1d2f5262a40 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.4/server-1.32.4.tar.gz
Security fix related to
log4j
logging, and fix
compatibility with Filebeat.
Bug Fixes
Security
Fixed a compatibility issue with Filebeat 7.16.0
Updated dependencies to address a critical security vulnerability for the
log4j
logging framework, "log4shell", (CVE-2021-44228).
Humio Server 1.32.3 Stable (2021-12-01)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.32.3 | Stable | 2021-12-01 | 2022-12-01 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | a930565c1e42104fcf6b963089db33ec |
SHA1 | b4818b51348ae64bf79104813d89fb34ec183a71 |
SHA256 | a100e4eb4161b0dc01ac745dffd5bb22839c557fd120f2ddb8359981558af5d5 |
SHA512 | fb2439171324b098a870bb143e4442bacd007c0f18c2fce9ead458e6f05d8672f3f4309e4c59c7b74a6c74763b6936707f67f36eb645847f0daaee75badd4f9a |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.3/server-1.32.3.tar.gz
Bug fix to resolve problem with clusters using bucket storage.
Bug Fixes
Summary
Fixed an issue that would result in a query not completing when one of the involved segments was deleted locally while the query was running. This could happen on clusters using bucket storage with more data than fits the local disks.
Humio Server 1.32.2 Stable (2021-11-19)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.32.2 | Stable | 2021-11-19 | 2022-11-19 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 098c372a532df86516d89e7d257f86b6 |
SHA1 | ea67955c0cad253a0278fe408fcce7d300491455 |
SHA256 | f2289d4bf0321e0dde905a8d4148d709e5ac846fdd055c7133172f5d33ef9fe0 |
SHA512 | 1bb52a2333339201a7c56f2d0d93997e60ea5b62d5b2ec1dc9f84d812b50c3e5ebca8039de029ecdb14e00885f9e9965532acc13dd339589a45a836a5548b849 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.2/server-1.32.2.tar.gz
Critical bug fix regarding version dependency, and race conditions.
Bug Fixes
Summary
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
Updated a dependency to a version fixing a critical bug.
Humio Server 1.32.1 Stable (2021-11-16)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.32.1 | Stable | 2021-11-16 | 2022-11-16 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 7717b075d0e60780caf64c8a70afdf57 |
SHA1 | 02e400753b475b1ba668399bc27126a12304e4a6 |
SHA256 | c5d36f6bbcd5c8bc90e5ba2a28ca15cf5f1c3657a56c40e9f46f7bfaf48149e1 |
SHA512 | 09d31840cd1442cfed31402bf52132a4c9960e3177b2c14e4b4da687333ae3995732a048c3b71ae7eb81ccfd40afee40e34085d6cc35da6b3cb826a57049f0a6 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.1/server-1.32.1.tar.gz
Bug fixes related to Amazon S3 log entries, saving a User Interface theme, Logtash, and general security.
Bug Fixes
Summary
Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
Removed a spurious warning log when requesting a non-existent hash file from S3.
It is now possible to ingest logs into Humio using LogStash v.7.13 and upwards.
Security fix.
Humio Server 1.32.0 Stable (2021-10-26)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.32.0 | Stable | 2021-10-26 | 2022-10-26 | 1.16.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 27311d8fb5172cc95aa7cb8d02f5c58c |
SHA1 | 0378ceb4d0ba9255dba6c213e1a728f7095e8ced |
SHA256 | 3dd0434039b1d8eaeb1d1242c860d51593ec222b3d09ae1d732503214edb6d06 |
SHA512 | b29267cd2e89cbbf88386a9c2e617c634ff05567388680b605804a0e3978fca4a55c483395d819ff27fbc53da6e29c09ff573c5f7ff00ab57dda45f5e20c1dd2 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.0/server-1.32.0.tar.gz
We now distribute Humio as a tarball in addition to the fat jar format we've previously used. We will continue to distribute the fat jar for the time being. The tarball includes a launcher script, which will set a number of JVM arguments for users automatically. We believe this will help users configure Humio for good performance out of the box. For more information, see Launcher Script.
Search performance via hashfilter-first on segments in buckets
Some searches, including regex and literal string matches, now allow searching without fetching the actual segment files from the bucket, in case the segment is only present in the bucket and not on any local disk. Humio now fetches the hash filter file and uses that to decide if the segment file may have a match before downloading the segment file in this case.
Humio packages can now carry scheduled searches, all types of actions, and files with lookup data (either CSV or JSON formatted). Additionally, we have improved the UI for managing packages, to make it easier to find the package you are looking for. This also marks the point where packages are brought out of beta.
Improvements, new features and functionality
Deprecation
Deprecates the copyFile GraphQL mutation, as it is no longer used. If you use this mutation, please let us know.
Deprecates the two GraphQL fields id and contentHash on the File type. The two fields are considered unused, so no alternatives are provided. If you rely on them, please let us know.
UI Changes
The signup path was removed, together with the corresponding pages.
Cluster management pages style updates.
Removed the pop-up link to edit an alert or scheduled search when on the form page. This link is only relevant when creating an entity from the search page via a dialog.
Fixed some styling issue on Query Quotas page.
Updated design for Package Marketplace and Installed Packages to make them easier to use and more consistent.
Identity provider pages style update.
Updated the style of the email action template and made the wording used dependent on whether an alert or scheduled search was triggered.
The left navigation menu hides, and can be opened again, for mobile devices, on organization settings pages and repository settings pages.
Breadcrumbs are aligned across all pages and show the package name with a link when viewing or editing an asset from a package.
GraphQL API
The name, displayName, and location GraphQL fields on the File type are deprecated in favor of the new nameAndPath field.
Added a GraphQL mutation cancelDeleteEvents that allows cancelling a previously submitted deletion. Cancellation is best-effort, and events that have already been deleted will not be restored.
Deprecates the package field on the SearchDomain GraphQL type, in favor of packageV2. The new field has a simpler and more correct return type.
Added information about the use of preview fields in the result from calling the GraphQL API. The information will be in the field extensions.preview and will be a list of objects with a name and reason field.
The GraphQL DateTime type now supports non-UTC time. Timestamps like 2021-07-18T14:13:09.517+02.0 are now legal, and will be converted to UTC time internally.
The fileName, displayName, and location GraphQL fields on the UploadedFileSnapshot type are deprecated in favor of the new nameAndPath field.
Extended 'Relative' field type for schema files to include support for the value 'now'.
Deprecates the installPackageFromRegistry and updatePackageFromRegistry GraphQL mutations in favor of installPackageFromRegistryV2 and updatePackageFromRegistryV2.
When using the GraphQL field allowedViewActions, the two previously deprecated actions ChangeAlertsAndNotifiers and ReadEvents are no longer returned. Look for their replacements ChangeTriggersAndActions and ReadContents instead.
Configuration
Added compatibility mode for using IBM Cloud Object Storage as bucket storage via S3_STORAGE_IBM_COMPAT
The Scheduled Searches feature is no longer in beta and can be used by all users without enabling it first
On a node configured as USING_EPHEMERAL_DISKS=true allow the local disk management deleting files even if a query may need them later, as the system is able to re-fetch the files from bucket storage when required. This improves the situation when there are active queries that in total have requested access to more segments than the local disk can hold.
Functions
Improved performance in IP database lookups for the functions
ipLocation()
,asn()
andworldMap()
.
Other
Improved error handling when running scheduled searches, so that a failed schedules search will be retried as long as it is within the Backfill Limit.
Added support for including dashboard and alert labels when exporting a package.
You can now export and import packages containing any of the action types: Webhook, Email, Humio Repo, Pager Duty, Slack, Slack multi channel, Ops Genie and Victor Ops.
When selecting actions for alerts or scheduled searches, the actions are now grouped by the package they were imported from.
Scheduled search "schedule" is explained using human readable text such as "At 9.30 on Tuesdays".
Package installation error messages are now much more readable.
Improved handling of local disk space relative to `LOCAL_STORAGE_MIN_AGE_DAYS`: When the local disk would overflow by respecting that config, Humio can now delete the oldest local segments that are present in bucket storage, even when they are within that time range.
Added Dark Mode for Query Monitor page.
Added focus states to text field, selection and text area components.
Limit pending ingest requests by rejecting excess invocations. Rejections are signalled as status 429 "Too many requests" and a Retry-After header suggesting to retry in 5 seconds. Limiting starts when queued requests exceed
INGEST_REQUEST_LIMIT_PCT
of the total heap size, default is 5.Warnings when running scheduled searches now show up as errors in the scheduled search overview page if
SCHEDULED_SEARCH_DESPITE_WARNINGS
is set tofalse
(the default).Fixed an issue with using the browser back button while "advanced editing" the query text of a scheduled search or an alert would hide the blue bar that allows saving the query.
Allow launching using JDK-16.
Scheduled search "schedule" field is now validated, showing accurate help for each part of the crontab expression.
Raise size limit on ingest requests from 8MB to 1 GB
Improved audit log for organization creation.
New metric: "ingest-request-delay". Histogram of ingest request time spent being delayed due to exceeding limit on concurrent processing of ingest.
The test action functionality no longer uses alert terminology, as actions can be invoked from both alerts and scheduled searches. Also, it is now possible to also test the scheduled search specific message templates using it.
Added support for importing packages with CSV and JSON files. Exporting packages with files is not fully supported yet, but will be in a future release.
Added loading and error states to the page where user selects to create a new repository or view.
Added a Data subprocessors page under account.
Added explicit distribution information for elastic bulk API for elasticsearch API compatibility.
Humio docker images is now based on the Alpine linux.
Improved search for users page.
Added maximum width to tabs on the Group page, so they do not keep expanding forever.
Bug Fixes
Documentation
Updated the examples on how to use the
match()
query function in the online documentation.
Automation and Alerts
Fixed a bug which potentially have caused alerts to not re-fire after the throttle period for field-based throttling had passed.
Functions
Other
The simple and advanced permission model has been merged, thus allowing users who were using the simple permission model to create their own permission roles and groups, create groups with default roles, and all other features that were previously only available in advanced permissions mode.
Updated the new asset dialog button text so that it will say 'Continue' when an asset will not be created directly.
Global snapshots are now uploaded to bucket storage more often when there are a lot of updates to it, leading to shorter replay times on startup.
Fixed an issue where Humio would retain segments acquired from read-only buckets if those segments were deleted. Humio will now properly delete the segments locally, and drop the reference to the copy in the read-only bucket.
Fixed an issue that caused some metrics of type gauge to be reported with a wrong value.
Fixed an issue where the job responsible for deleting segment files off nodes was not running as often as expected.
Fixed an issue where the global consistency check job would fail to perform the consistency check, instead logging lines like "Global dump requested but global had expired". This line can still occur, but only when the consistency check takes too long.
Updated dependencies with security fixes.
When a search is able to filter out segments based on the hash filter files, and a segment file is not present locally on any node, fetch only the hash filter at first, evaluate that, and only if required, fetch the segment file. This speeds up searches that target segments only present in bucket storage and that have search filters that generate hash filter checks, such as regex and literal text comparisons.
Fixed an issue where Humio would create auxiliary files (hash files) for segments unnecessarily when moving segments between nodes.
Fixed an issue - when creating a repository a user is automatically assigned a role but isn't able to see himself in the roles list. Also, when editing roles the assignment is not counted correctly under usage.
Fixed an issue where the DiskSpaceJob could mark segments accessed slightly out of order during boot.
Fixed a bug where a 404 Not Found status on an internal endpoint would be incorrectly reported as an 401 Unauthorized.
Fixed an issue where, looking at GraphiQL, the dropdown from the navigation menu was partially hidden.
Fixed an issue where Humio would create a broken hash file for the merge result when merging minisegments that did not originally have hash files.
Fixed an issue where metrics of type gauge with a double value were not reported to the humio-metricsrepository, but only to the humio repository.
Truncate long user names on the Users page.
Fixed a bug causing the disk space job to use an expensive code path even when a cheaper one was available.
Fixed a bug where a hidden field named "#humioAutoShard" would sometimes show up in the field list.
Amended an internal limit on how many segments can be fetched from bucket storage concurrently. The old limit was based on the number of running queries. The new limit is 32.
Creating a new dashboard now opens it after creation.
Updated Slack action for messaging multiple channels, so it propogates errors when triggered. Previously errors were ignored.
Updated Elastic ingest endpoint to accept 'create' operations in addition to 'index' operations. Both operation types result in the same ingest behavior. This update was added as Fluent-Bit v1.8.3 began using the 'create' operation rather than 'index' for ingest.
Fixed thread safety for a variable involved in fetching from bucket storage for queries.
When accessing Humio through a URL with either a repository or view name in it and using an ingest token, it is now checked that the view on the token matches the repository or view in the URL, and a 403 Forbidden status is returned, if not.
Fixed an issue that caused some errors to be hidden behind a message about "internal error".
Split package export page into dialog with multiple steps.
Fixed an issue where the query scheduler would spend too much time "shelving" queries, and not enough on getting them executed, leading to little progress on queries.
Fixed an issue where Shift+Enter would select the current completion rather than adding a newline.
Fixed an issue where it was possible to submit queries to the Delete Events API that were not valid for that API. Only pure filtering queries are allowed.
Fixed an issue where the DiskSpaceJob could continue tracking segments if they were deleted from global, but the files were still present locally.
The DiskSpaceJob now removes newly written backfilled segments off the local disk before it chooses to remove non-backfilled segments.
Fixed an issue that could cause cluster nodes to crash when growing the number of digest partitions.
Fixed an issue where certain problems highlighted the first word in a query, not the location of the problem.
Fixed an issue where Humio attempted to fetch global from other nodes before TLS was initialized.
The DiskSpaceJob no longer initializes based off of the segment last-modified timestamp, this only happens if no access order snapshot is stored locally. If a snapshot is present, we trust that.
Fixed an issue that could cause UploadedFileSyncJob to crash if an uploaded file went missing.
Introduced a check for compatibility for packages and humio versions.
Security when viewing installed packages and packages on the marketplace are now less strict. Permissions are still required for installing and uninstalling packages.
Fixed an issue where the {time_zone} Message Templates and Variables for actions would show a full description of the scheduled search instead of only the time zone.
Fixed a bug on queries that triggered an error while executing due to the input (such as a regex that exceeds limits on execution time) could result in the client getting 404 as status on poll, where it should get .0.
Reworded a confusing error message when using the
top()
function with a limit parameter exceeding the limits configured withTOP_K_MAX_MAP_SIZE_HISTORICAL
or TOP_K_MAX_MAP_SIZE_LIVE.Fixed an issue where new groups added to a repository got a query prefix that disallowed search. The default is now to allow search with the queryprefix *.
Fixed an issue where the job responsible for deleting segment files off nodes was not deleting as many segments as it should.
Cloning an asset now redirects you to the edit page for the asset for all assets.
Removed an old Cloud Signups page. The page is not necessary since organizations were implemented for the Cloud environments.
Humio Server 1.31.0 Preview (2021-09-27)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.31.0 | Preview | 2021-09-27 | 2021-10-26 | 1.16.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 4b4b4411d930d00275bc3a412c0c5c50 |
SHA1 | ca22652ca303a162f81711f43977e14e528f6e85 |
SHA256 | 908a907b5c1ffbdce667b932daea0aab46a8ece4e164072f5bae0eb77d3bdd6f |
SHA512 | bbc65ea8641ac3d9910da4a9dcda0c1817d2a8acc2e81491a389d2671af7e57c12f019ad71af7309d4ad68b67997a6cbd3b0fba3a2048f07b7c7567abd05b8ae |
We now distribute Humio as a tarball in addition to the fat jar format we've previously used. We will continue to distribute the fat jar for the time being. The tarball includes a launcher script, which will set a number of JVM arguments for users automatically. We believe this will help users configure Humio for good performance out of the box. For more information, see Launcher Script.
Search performance via hashfilter-first on segments in buckets
Some searches, including regex and literal string matches, now allow searching without fetching the actual segment files from the bucket, in case the segment is only present in the bucket and not on any local disk. Humio now fetches the hash filter file and uses that to decide if the segment file may have a match before downloading the segment file in this case.
Humio packages can now carry scheduled searches, all types of actions, and files with lookup data (either CSV or JSON formatted). Additionally, we have improved the UI for managing packages, to make it easier to find the package you are looking for. This also marks the point where packages are brought out of beta.
Improvements, new features and functionality
Deprecation
Deprecates the copyFile GraphQL mutation, as it is no longer used. If you use this mutation, please let us know.
UI Changes
Removed the pop-up link to edit an alert or scheduled search when on the form page. This link is only relevant when creating an entity from the search page via a dialog.
The left navigation menu hides, and can be opened again, for mobile devices, on organization settings pages and repository settings pages.
Cluster management pages style updates.
Updated design for Package Marketplace and Installed Packages to make them easier to use and more consistent.
The signup path was removed, together with the corresponding pages.
Breadcrumbs are aligned across all pages and show the package name with a link when viewing or editing an asset from a package.
Identity provider pages style update.
Updated the style of the email action template and made the wording used dependent on whether an alert or scheduled search was triggered.
Fixed some styling issue on Query Quotas page.
Automation and Alerts
When selecting actions for alerts or scheduled searches, the actions are now grouped by the package they were imported from.
GraphQL API
Deprecates the two GraphQL fields id and contentHash on the File type. The two fields are considered unused, so no alternatives are provided. If you rely on them, please let us know.
Added a GraphQL mutation cancelDeleteEvents that allows cancelling a previously submitted deletion. Cancellation is best-effort, and events that have already been deleted will not be restored.
Deprecates the package field on the SearchDomain GraphQL type, in favor of packageV2. The new field has a simpler and more correct return type.
When using the GraphQL field allowedViewActions, the two previously deprecated actions ChangeAlertsAndNotifiers and ReadEvents are no longer returned. Look for their replacements ChangeTriggersAndActions and ReadContents instead.
Deprecates the installPackageFromRegistry and updatePackageFromRegistry GraphQL mutations in favor of installPackageFromRegistryV2 and updatePackageFromRegistryV2.
The name, displayName, and location GraphQL fields on the File type are deprecated in favor of the new nameAndPath field.
The GraphQL DateTime type now supports non-UTC time. Timestamps like 2021-07-18T14:13:09.517+02.0 are now legal, and will be converted to UTC time internally.
Extended 'Relative' field type for schema files to include support for the value 'now'.
Added information about the use of preview fields in the result from calling the GraphQL API. The information will be in the field extensions.preview and will be a list of objects with a name and reason field.
The fileName, displayName, and location GraphQL fields on the UploadedFileSnapshot type are deprecated in favor of the new nameAndPath field.
Configuration
On a node configured as
USING_EPHEMERAL_DISKS=true
allow the local disk management deleting files even if a query may need them later, as the system is able to re-fetch the files from bucket storage when required. This improves the situation when there are active queries that in total have requested access to more segments than the local disk can hold.The Scheduled Searches feature is no longer in beta and can be used by all users without enabling it first
Added compatibility mode for using IBM Cloud Object Storage as bucket storage via S3_STORAGE_IBM_COMPAT
Functions
Improved performance in IP database lookups for the functions
ipLocation()
,asn()
andworldMap()
.
Other
Improved search for users page.
Improved handling of local disk space relative to `LOCAL_STORAGE_MIN_AGE_DAYS`: When the local disk would overflow by respecting that config, Humio can now delete the oldest local segments that are present in bucket storage, even when they are within that time range.
Improved audit log for organization creation.
Fixed an issue with using the browser back button while "advanced editing" the query text of a scheduled search or an alert would hide the blue bar that allows saving the query.
Added explicit distribution information for elastic bulk API for elasticsearch API compatibility.
Improved error handling when running scheduled searches, so that a failed schedules search will be retried as long as it is within the Backfill Limit. [backfill
You can now export and import packages containing any of the action types: Webhook, Email, Humio Repo, Pager Duty, Slack, Slack multi channel, Ops Genie and Victor Ops.
Added Dark Mode for Query Monitor page.
Added loading and error states to the page where user selects to create a new repository or view.
Allow launching using JDK-16.
Humio docker images is now based on the Alpine linux.
Scheduled search "schedule" field is now validated, showing accurate help for each part of the crontab expression.
Warnings when running scheduled searches now show up as errors in the scheduled search overview page if
SCHEDULED_SEARCH_DESPITE_WARNINGS
is set to 'false' (the default).The test action functionality no longer uses alert terminology, as actions can be invoked from both alerts and scheduled searches. Also, it is now possible to also test the scheduled search specific message templates using it.
Package installation error messages are now much more readable.
Scheduled search "schedule" is explained using human readable text such as "At 9.30 on Tuesdays".
Added focus states to text field, selection and text area components.
Added a Data subprocessors page under account.
Added maximum width to tabs on the Group page, so they do not keep expanding forever.
Added support for importing packages with CSV and JSON files. Exporting packages with files is not fully supported yet, but will be in a future release.
Added support for including dashboard and alert labels when exporting a package.
Bug Fixes
Documentation
Updated the examples on how to use the
match()
query function in the online documentation.
Functions
Other
Fixed an issue where the global consistency check job would fail to perform the consistency check, instead logging lines like "Global dump requested but global had expired". This line can still occur, but only when the consistency check takes too long.
Fixed a bug causing the disk space job to use an expensive code path even when a cheaper one was available.
Updated Slack action for messaging multiple channels, so it propogates errors when triggered. Previously errors were ignored.
Fixed an issue that could cause cluster nodes to crash when growing the number of digest partitions.
Removed an old Cloud Signups page. The page is not necessary since organizations were implemented for the Cloud environments.
Fixed an issue where Humio would create auxiliary files (hash files) for segments unnecessarily when moving segments between nodes.
Fixed an issue where the {time_zone} Message Templates and Variables for actions would show a full description of the scheduled search instead of only the time zone.
Security when viewing installed packages and packages on the marketplace are now less strict. Permissions are still required for installing and uninstalling packages.
Truncate long user names on the Users page.
Fixed an issue that caused some errors to be hidden behind a message about "internal error".
Split package export page into dialog with multiple steps.
Fixed an issue where the query scheduler would spend too much time "shelving" queries, and not enough on getting them executed, leading to little progress on queries.
Updated dependencies with security fixes.
Fixed a bug where a hidden field named "#humioAutoShard" would sometimes show up in the field list.
Fixed an issue where it was possible to submit queries to the Delete Events API that were not valid for that API. Only pure filtering queries are allowed.
The simple and advanced permission model has been merged, thus allowing users who were using the simple permission model to create their own permission roles and groups, create groups with default roles, and all other features that were previously only available in advanced permissions mode.
Fixed thread safety for a variable involved in fetching from bucket storage for queries.
Fixed an issue where certain problems highlighted the first word in a query, not the location of the problem.
Updated Elastic ingest endpoint to accept 'create' operations in addition to 'index' operations. Both operation types result in the same ingest behavior. This update was added as Fluent-Bit v1.8.3 began using the 'create' operation rather than 'index' for ingest.
Fixed an issue where Humio attempted to fetch global from other nodes before TLS was initialized.
Global snapshots are now uploaded to bucket storage more often when there are a lot of updates to it, leading to shorter replay times on startup.
Cloning an asset now redirects you to the edit page for the asset for all assets.
Fixed an issue where Humio would create a broken hash file for the merge result when merging minisegments that did not originally have hash files.
Fixed an issue where Shift+Enter would select the current completion rather than adding a newline.
Creating a new dashboard now opens it after creation.
Fixed a bug on queries that triggered an error while executing due to the input (such as a regex that exceeds limits on execution time) could result in the client getting 404 as status on poll, where it should get .0.
Fixed an issue where metrics of type gauge with a double value were not reported to the humio-metrics repository, but only to the humio repository.
When accessing Humio through a URL with either a repository or view name in it and using an ingest token, it is now checked that the view on the token matches the repository or view in the URL, and a 403 Forbidden status is returned, if not.
Fixed an issue where, looking at GraphiQL, the dropdown from the navigation menu was partially hidden.
Fixed an issue where the job responsible for deleting segment files off nodes was not deleting as many segments as it should.
Fixed an issue where new groups added to a repository got a query prefix that disallowed search. The default is now to allow search with the queryprefix *.
Reworded a confusing error message when using the
top()
function with a limit parameter exceeding the limits configured withTOP_K_MAX_MAP_SIZE_HISTORICAL
or TOP_K_MAX_MAP_SIZE_LIVE.Fixed an issue where the job responsible for deleting segment files off nodes was not running as often as expected.
Fixed an issue where the DiskSpaceJob could continue tracking segments if they were deleted from global, but the files were still present locally.
Fixed a bug where a 404 Not Found status on an internal endpoint would be incorrectly reported as an 401 Unauthorized.
Introduced a check for compatibility for packages and humio versions.
Fixed a bug which potentially have caused alerts to not re-fire after the throttle period for field-based throttling had passed.
Fixed an issue that caused some metrics of type gauge to be reported with a wrong value.
Updated the new asset dialog button text so that it will say 'Continue' when an asset will not be created directly.
Amended an internal limit on how many segments can be fetched from bucket storage concurrently. The old limit was based on the number of running queries. The new limit is 32.
When a search is able to filter out segments based on the hash filter files, and a segment file is not present locally on any node, fetch only the hash filter at first, evaluate that, and only if required, fetch the segment file. This speeds up searches that target segments only present in bucket storage and that have search filters that generate hash filter checks, such as regex and literal text comparisons.
Fixed an issue that could cause UploadedFileSyncJob to crash if an uploaded file went missing.
The DiskSpaceJob now removes newly written backfilled segments off the local disk before it chooses to remove non-backfilled segments.
Fixed an issue where the DiskSpaceJob could mark segments accessed slightly out of order during boot.
The DiskSpaceJob no longer initializes based off of the segment last-modified timestamp, this only happens if no access order snapshot is stored locally. If a snapshot is present, we trust that.
Humio Server 1.30.7 Stable (2022-01-06)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.30.7 | Stable | 2022-01-06 | 2023-01-06 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 9612de72bdd0275e39d6af23c51067c8 |
SHA1 | 4ecdf75a4deae2b2c75abcf1101d9b4711cacf31 |
SHA256 | 3ae7ba0f40043f10c7fad02ea471bb55373cf38afd31ddfa2f47bdc87528f475 |
SHA512 | 5d3cadcb47c1c792c2e643fbaffef5207a2d327a41142a337196863a1be39a5b39de1a527853bc08a285497b6f6791b592c9e0bf69f8aef3a2e16d9db6cee7de |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.30.7/server-1.30.7.tar.gz
Updated dependencies with security fixes.
Bug Fixes
Security
Updated dependencies to Netty to fix CVE-2021-43797
Updated dependencies to log4j 2.17.1 to fix CVE-2021-44832 and CVE-2021-45105
Humio Server 1.30.6 Stable (2021-12-15)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.30.6 | Stable | 2021-12-15 | 2022-12-15 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 00b0fbed6da70bb28c130be8bab2f573 |
SHA1 | 033f9cb06618af70ebf605534af3d97692b1279e |
SHA256 | f389991e007489d9f5a0d6ca8b4cd3905b072ff40efcff3284bef47cf65d4e86 |
SHA512 | 12fec5a5954f8ec49cbc30f1b206302bdb8d21fc34330cc5120d5af68a08e80c4fa53faad2d9c707535ced94e6134beaaca141212da7daa1d748b29b9df286ee |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.30.6/server-1.30.6.tar.gz
Fix log4j
dependencies.
Bug Fixes
Security
Updated dependencies to log4j 2.16 to remove of message lookups (CVE-2021-45046)
Humio Server 1.30.5 Stable (2021-12-10)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.30.5 | Stable | 2021-12-10 | 2022-12-10 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | e4475e8c2f6623ff22465ccd59bbfb8a |
SHA1 | 5affbdbd10674259ec178db75171d73eb2835f1d |
SHA256 | 92c0261e328c43f0ba46ffaa72fc5e8a1ef075438759286ab00ea5dbb5b5ca30 |
SHA512 | e698dd4a2aa8c85ca3d89cc596e05677106d509082f816e46b3dca6b4b3313690d4c41c3a5b5529d08d91e51ebbfb3f9217e7830d1f4ade54fd79b40f366f449 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.30.5/server-1.30.5.tar.gz
Fix log4j
dependencies.
Bug Fixes
Security
Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).
Humio Server 1.30.4 Stable (2021-12-10)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.30.4 | Stable | 2021-12-10 | 2022-12-10 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 815e193fd910b712d9be4420473101ec |
SHA1 | f909e62433a8ee4ff3ac2a4b78ab966c311eae54 |
SHA256 | bb2fcd20a21e9d8a7a8e2866ff579259f3f4b9975f31731bb4d57d879072d9ca |
SHA512 | 96f31a00f96e44bf64128b9c58b9007cef78ccd12a2abc7264b884415c62f44df7837f4540780aa5a75c04c64488a33a6977d256333e950a181b861d6966b686 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.30.4/server-1.30.4.tar.gz
Security fix related to
log4j
logging, and fix
compatibility with Filebeat.
Bug Fixes
Security
Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).
Summary
Fixed a compatibility issue with Filebeat 7.16.0
Humio Server 1.30.3 Stable (2021-11-25)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.30.3 | Stable | 2021-11-25 | 2022-11-25 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 1d3b908f6da95f2a02a69f220715b9ac |
SHA1 | 110fb83be1979070a55a6d9fc6662abcf8ef551a |
SHA256 | c87ae3a41303afa5d11750d2ae8fa36bb9892723cefb1ffcb19bf1d93e87dde0 |
SHA512 | 1c634b3401485aab33ca5ee6042d88596785f054c37933d37e5830a9b7817ec9dc995dda14bd1620f511f0cf685327b9c78f0e2d118f0b24ef04462c4d132136 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.30.3/server-1.30.3.tar.gz
Bug fix to resolve problem with race conditions.
Bug Fixes
Other
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
Humio Server 1.30.2 Stable (2021-11-19)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.30.2 | Stable | 2021-11-19 | 2022-11-19 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 2395ce5b8017a632b02372da3dc0159b |
SHA1 | 049f9a0ed9c4e9acafcefe1a65997b65ba57d3f7 |
SHA256 | 815bcce962ac9f43022424e2abdfa587f8377ba1ecf3b4c5ef423a43175fe424 |
SHA512 | bc93c9bbf9fe89eb0a279d265b775bc4b4590b897f7f08a31d2516cd767b4952c59e7a3bad9986b26592487246c8a54f2e29e85d9a2a248dc790418ec68627d7 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.30.2/server-1.30.2.tar.gz
Bug fixes related to version dependency, problems with incomplete URLS, as well as requiring organization level permissions in certain situations.
Bug Fixes
Other
Updated a dependency to a version fixing a critical bug.
Require organization level permission when changing role permissions that possibly affects all views and repositories.
Fixed an issue where a URL without content other than the protocol would break installing a package.
Humio Server 1.30.1 Stable (2021-10-01)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.30.1 | Stable | 2021-10-01 | 2022-10-01 | 1.16.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 790fc08715648deadf23b204f6e77cc9 |
SHA1 | 85ea236e0abbaf29740e7288d7cefeb2b1069260 |
SHA256 | e4f8dcc73fbeaa5dcc7d68aa6a972e3ab5ccbb66848c189743b2f50b8bcea832 |
SHA512 | 963ec5f550f5b496b08c9025e3fa9ed08c563e4270973092a4a1944a05bd79192316f3324d9a58e78dd014c2119ab389c1d6c566ef395b73c4df96f6d216e2c2 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.30.1/server-1.30.1.tar.gz
Fixes Humio ignoring MatchExceptions, the frequency of jobs
which delete segment files, problems with
USING_EPHEMERAL_DISKS
, and
upgrades Kafka and xmlsec addresses.
Bug Fixes
Security
Upgrade Kafka and xmlsec to address CVE-2021-38153 and CVE-2021-38153.
Other
Fixed an issue causing Humio to log MatchExceptions from the calculateStartPoint method.
On a node configured as
USING_EPHEMERAL_DISKS=true
allow the local disk management deleting files even if a query may need them later, as the system is able to re-fetch the files from bucket storage when required. This improves the situation when there are active queries that in total have requested access to more segments than the local disk can hold.Fixed an issue where the job responsible for deleting segment files off nodes was not running as often as expected.
Fixed an issue where the job responsible for deleting segment files off nodes was not deleting as many segments as it should.
Humio Server 1.30.0 Stable (2021-09-17)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.30.0 | Stable | 2021-09-17 | 2022-09-17 | 1.16.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | c8989abb219663a61ae54be021fcd367 |
SHA1 | 44e1d48d09ca3ae8fd59a185e77b3c9a55a6de8f |
SHA256 | 25a880f34a0fef72ab3cb4bf93f92eae2fdac0022d116485bed1013b3f6683b4 |
SHA512 | 53b8055035bfcdd7176fa4369e607874ca9d5ee84de4a3beb964e3f0caba9578b3c46c04c10cb68657be34d8a165fa1089f1679716ecd4896ff57822d0b1e851 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.30.0/server-1.30.0.tar.gz
As a new feature Humio now includes an IOC (indicator of
compromise) database from CrowdStrike to enable lookup of IP
addresses, URLs and domains for malicious activity. This
database is updated hourly. This is described in more detail at
ioc:lookup()
Bug Fixes
Other
Fixed an issue where the UI page for new parser could have overflow in some browsers.
Fixed an issue where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there are too many datasources in the repo. This led to a crash loop when the affected node was restarted.
Fixed an issue where the query scheduler would spend too much time "shelving" queries, and not enough on getting them executed, leading to little progress on queries.
Humio Server 1.30.0 Includes the following changes made in Humio Server 1.29.0
Version Type Release Date End of Support Upgrades From Data Migration Config. Changes 1.29.0 Preview 2021-07-09 2021-09-17 1.16.0 No Yes Warning
This release has been revoked as it contained a known bug fixed in 1.29.1.
As a new feature Humio now includes an IOC (indicator of compromise) database from CrowdStrike to enable lookup of IP addresses, URLs and domains for malicious activity. This database is updated hourly. This is described in more detail at
ioc:lookup()
Improvements, new features and functionality
Bug Fixes
Humio Server 1.30.0 Includes the following changes made in Humio Server 1.29.1
Version Type Release Date End of Support Upgrades From Data Migration Config. Changes 1.29.1 Preview 2021-07-12 2021-09-17 1.16.0 No Yes
JAR Checksum Value MD5 6cea304226bb9eb096785375bb8f834f SHA1 77d7b92df1884b8ec457246d602cc276e46ee032 SHA256 e48d6a5c80e6979621b817c1ac53f778eae170185180ab9e70c295692dd1a7bc SHA512 c9e8019067a9ae1bd0b62215ee458ecabcee2b3a971688c6f66c58dc1009d498cdd560d4733f64f31e6d4204bebb6c8bc0934354ab04aaa008b3e21ef8bc7dee Bug fixes.
Bug Fixes
Humio Server 1.30.0 Includes the following changes made in Humio Server 1.29.2
Version Type Release Date End of Support Upgrades From Data Migration Config. Changes 1.29.2 Preview 2021-09-02 2021-09-17 1.16.0 No No
JAR Checksum Value MD5 0b32f9520b7a5ec3f1af3321ce7f1dfe SHA1 4ae2567f9b3348d115819eefd5b9c078d6c2c6ad SHA256 0383277fd91b8933dfcdb94783e03d151975b01ee62dcc74515cbfb2d3299cdc SHA512 bbfb1f343f0567394128976ecddc6ad3b74f2996b0dc51e2fe0f9c5e0b60cbd7a935fc709b2ffc3b6a811a0e6a1c2fcc09e4e1552e5c7f87dd3670f07cf33b31 Minor bug fixes
Bug Fixes
Humio Server 1.30.0 Includes the following changes made in Humio Server 1.29.3
Version Type Release Date End of Support Upgrades From Data Migration Config. Changes 1.29.3 Preview 2021-09-07 2021-09-17 1.16.0 No No
JAR Checksum Value MD5 96b4a0ff0c02a2dce2bb5ee467bdb9dd SHA1 b2a1ef55259f6c49ee7bf7de6efecc0f743d1bfa SHA256 95d9b52d6213d0af43dfc43cb66c878f1f584f446e4ba890137c5fd9923db1a4 SHA512 392489e94b1e6f6799a6340df78e7bdb7d9547b97ba1844cfbf3c525e1e418fd2221543378f2b759acf46d5c02d99627f9b98650447d7c1c32ba599157718bf8 Minor bug fixes
Bug Fixes
Humio Server 1.30.0 Includes the following changes made in Humio Server 1.29.4
Version Type Release Date End of Support Upgrades From Data Migration Config. Changes 1.29.4 Preview 2021-09-09 2021-09-17 1.16.0 No No
JAR Checksum Value MD5 8145f9ddc7804a44efe1e46cd71f5c17 SHA1 8db4079f580357162891d0153a70668b4f29d642 SHA256 32adde840164668a96be651ede6052dbef3cf046ec9f83f39f62925d26e14104 SHA512 cadcd2eb07e949f052bd51ecc272d79f7decfec0f3b7613dfdf712aa1ff287471060d25443c5be1b06744aefa43194fb2e78e223c362005cea62a5917a93b62e Minor bug fixes
Bug Fixes
Humio Server 1.29.4 Preview (2021-09-09)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.29.4 | Preview | 2021-09-09 | 2021-09-17 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 8145f9ddc7804a44efe1e46cd71f5c17 |
SHA1 | 8db4079f580357162891d0153a70668b4f29d642 |
SHA256 | 32adde840164668a96be651ede6052dbef3cf046ec9f83f39f62925d26e14104 |
SHA512 | cadcd2eb07e949f052bd51ecc272d79f7decfec0f3b7613dfdf712aa1ff287471060d25443c5be1b06744aefa43194fb2e78e223c362005cea62a5917a93b62e |
Minor bug fixes
Bug Fixes
Other
Added a GraphQL mutation cancelDeleteEvents that allows cancelling a previously submitted deletion. Cancellation is best-effort, and events that have already been deleted will not be restored.
Fixed an issue where it was possible to submit queries to the Delete Events API that were not valid for that API. Only purely filtering queries are allowed.
Humio Server 1.29.3 Preview (2021-09-07)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.29.3 | Preview | 2021-09-07 | 2021-09-17 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 96b4a0ff0c02a2dce2bb5ee467bdb9dd |
SHA1 | b2a1ef55259f6c49ee7bf7de6efecc0f743d1bfa |
SHA256 | 95d9b52d6213d0af43dfc43cb66c878f1f584f446e4ba890137c5fd9923db1a4 |
SHA512 | 392489e94b1e6f6799a6340df78e7bdb7d9547b97ba1844cfbf3c525e1e418fd2221543378f2b759acf46d5c02d99627f9b98650447d7c1c32ba599157718bf8 |
Minor bug fixes
Bug Fixes
Other
Fixed an issue where the error TooManyTagValueCombination would prevent Humio from starting
Remove limit on search interval on cloud sandboxes
Humio Server 1.29.2 Preview (2021-09-02)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.29.2 | Preview | 2021-09-02 | 2021-09-17 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 0b32f9520b7a5ec3f1af3321ce7f1dfe |
SHA1 | 4ae2567f9b3348d115819eefd5b9c078d6c2c6ad |
SHA256 | 0383277fd91b8933dfcdb94783e03d151975b01ee62dcc74515cbfb2d3299cdc |
SHA512 | bbfb1f343f0567394128976ecddc6ad3b74f2996b0dc51e2fe0f9c5e0b60cbd7a935fc709b2ffc3b6a811a0e6a1c2fcc09e4e1552e5c7f87dd3670f07cf33b31 |
Minor bug fixes
Bug Fixes
Other
Fixed an issue that could cause UploadedFileSyncJob to crash, if an uploaded file went missing
Fixed an issue where, looking at GraphQL, the dropdown from the navigation menu was partially hidden.
Fixed an issue where new groups added to a repository got a query prefix that disallowed search. The default is now to allow search with the query prefix * (wildcard).
Fixed an issue where if a package failed to be installed, and it contained an action, the failed installation might not be cleaned up properly.
Humio Server 1.29.1 Preview (2021-07-12)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.29.1 | Preview | 2021-07-12 | 2021-09-17 | 1.16.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 6cea304226bb9eb096785375bb8f834f |
SHA1 | 77d7b92df1884b8ec457246d602cc276e46ee032 |
SHA256 | e48d6a5c80e6979621b817c1ac53f778eae170185180ab9e70c295692dd1a7bc |
SHA512 | c9e8019067a9ae1bd0b62215ee458ecabcee2b3a971688c6f66c58dc1009d498cdd560d4733f64f31e6d4204bebb6c8bc0934354ab04aaa008b3e21ef8bc7dee |
Bug fixes.
Bug Fixes
Other
Fixed an issue in the 1.29.0 release that made it appear as though ingest tokens had no associated parser.
Humio Server 1.29.0 Preview (2021-07-09)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.29.0 | Preview | 2021-07-09 | 2021-09-17 | 1.16.0 | No | Yes |
Warning
This release has been revoked as it contained a known bug fixed in 1.29.1.
As a new feature Humio now includes an IOC (indicator of
compromise) database from CrowdStrike to enable lookup of IP
addresses, URLs and domains for malicious activity. This
database is updated hourly. This is described in more detail at
ioc:lookup()
Improvements, new features and functionality
Deprecation
Field
addIngestToken
was deprecated inMutation
type, useaddIngestTokenV2
insteadField
assignIngestToken
was deprecated inMutation
type, useassignParserToIngestToken
instead.Deprecated argument name was removed from
Mutation.updateParser
field.Deprecated argument repositoryName was removed from
Mutation.updateParser
field.
Automation and Alerts
Packages now support Webhook actions and references between these and alerts in the Alert schema.
Integrates the editing of alert searches and scheduled searches better with the search page.
GraphQL API
Removed the Usage feature flag which is now always enabled. This breaks backwards compatibility for internal graphql feature flag mutations and queries.
Field
updateIngestListener
was deprecated inMutation
type, useupdateIngestListenerV2
insteadField
createIngestListener
was deprecated inMutation
type, usecreateIngestListenerV2
insteadField
copyParser
was deprecated inMutation
type, usecloneParser
insteadRemoved the argument includeUsageView from the graphql mutation createOrganizationsViews which breaks backwards compatibility for this internal utility method.
Configuration
Add a soft limit on the primary disk based on
PRIMARY_STORAGE_PERCENTAGE
andPRIMARY_STORAGE_MAX_FILL_PERCENTAGE
(roughly the average of the two values). When the soft limit is hit and secondary storage is configured, the segment mover will prefer moving segments to secondary storage right away, instead of fetching them to primary and waiting for the secondary storage transfer job to move them.Allow the internal profiler to be configured via an environment variable. See Environment Variables
Humio nodes will now pick a UUID for themselves using the
ZOOKEEPER_PREFIX_FOR_NODE_UUID
prefix, even if Zookeeper is not used. This should make it easier to enable Zookeeper id management in existing clusters going forward.
Other
Return the responder's vhost in the metadata json.
Improved global snapshot selection in cases where a Kafka reset has been performed
Enabled dark mode for cluster administration pages.
Make GlobalConsistencyCheckerJob shut down more cleanly, it could previously log some ugly exceptions during shutdown.
Added dark mode support to Identity provider pages.
Speed up the SecondaryStorageTransferJob. The job will now delete primary copies much earlier after moving them to the secondary volume.
The "Save Search as Dashboard" Widget dialog now gives user feedback about missing input in a manner consistent with other forms.
Previously, the server could report that a user was allowed to update parsers for a view, even though parsers cannot be used on views, only repositories. Now the server will always say the user cannot change parsers on views.
Created a new Dropdown component, and replaced some uses of the old component with the new.
Organization pages refactoring.
When editing a query, Enter no longer accepts a suggestion. Use Tab instead. The Enter key conflicted with the "Run" button for running the query.
In thread dumps include the job and query names in separate fields rather than as part of the thread name.
Scheduled searches are now allowed to run once every minute instead of only once every hour.
Internal change to parsers adding an id, where previously they only had a name as key.
Bug Fixes
Functions
Fixed a bug causing
match()
to let an empty key field match a table with no rows.
Other
Fixed an issue with "show in context" feature of the event list did not quote the field names in the produced query string.
Fixed race condition that could cause parsers to not update correctly in rare cases
Fixed a bug where word wrapping in the event list was not always working for log messages with syntax highlighting (e.g. JSON or XML messages)
Fixed a bug in the blocklist which caused "exact pattern" query patterns to be interpreted as glob patterns.
Fixed bugs in the test parser UI, so that it should now always produce a result and be able to handle parsers that either drop events or produce multiple events per input event.
Fixed an issue where the axis titles on the timechart were not showing up in dark mode
Avoiding a costly corner case in some uses of glob-patterns.
When testing a Parser and more events are returned in a test an info message is now displayed conveying that only the first event is shown.
Address edge cases where QueryScheduler could throw exceptions with messages similar to "Requirement failed on activeMapperCount=-36"
Fixed an issue where exporting a saved query did not include the options for the visualization, e.g. column layout on the event list.
Fixed a bug in the Search View. After editing and saving a saved query in the Search View, the notification message would disappear in an instant, making it impossible to read and to click the link therein.
Fixed an issue related to validation of integer arguments. Large integer arguments would be silently truncated and lower limits weren't checked, which led to unspecified behavior. Range errors are now reported in the following functions:
concatArray()
formatDuration()
Fixed race condition that could cause event forwarding rules to not update correctly in rare cases
Humio Server 1.28.2 Stable (2021-09-29)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.28.2 | Stable | 2021-09-29 | 2022-09-29 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 87f31a6c318d9383a944521ee34b572a |
SHA1 | fc185c9a2f5f7e6d5425778995f679c49d430105 |
SHA256 | 62f25f3fe69239e1615fb6cb2bffe6f16ae0fe8adc2a17a0a9fa03ba226f7b5f |
SHA512 | 6fb65258a9c21a4d681690a0dcc050cd5be96440cc2f1c6273707658504fc0f21fa5fd1ba9cdb664ab0a5f9aabede181dca5e1ff882305db30a0b95c57f6fba9 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.28.2/server-1.28.2.tar.gz
Bug fixes and updates.
Bug Fixes
Security
Upgrade Kafka and xmlsec to address CVE-2021-38153 and CVE-2021-38153.
Other
Fix a bug where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there are too many datasources in the repo. This led to a crash loop when the affected node was restarted.
Humio Server 1.28.1 Stable (2021-08-24)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.28.1 | Stable | 2021-08-24 | 2022-08-24 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 1a2b8d3acc15ac6789534f7624265ecb |
SHA1 | 3cf96a324147967c1bc7753a7f9d94cbed8cd843 |
SHA256 | 8a355f8bbab9a74422ee3456f9bfe93302734a69197b7e12c254f7c0fd9905de |
SHA512 | e572352be7e71403f52fe0767567232a198861a60f100b7e9e32475e8e2720285902daf6493b62b79052ca71aa6550abe173d5ae5246e14e5ac30bda0883667c |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.28.1/server-1.28.1.tar.gz
Bug fixes and updates.
Bug Fixes
Other
The signup path was removed, together with the corresponding pages. Before, anyone could sign up for the Humio SaaS solution. However, with stricter policies, this became obsolete and had to be removed. The new process redirecta a potential customer to Humio's official website, where they have to fill in a form in order to be vetted. Once the vetting process is complete, Humio support creates an organization for the customer.
Fixed an issue that could cause cluster nodes to crash when growing the number of digest partitions.
Fixed an issue that could cause UploadedFileSyncJob to crash if an uploaded file went missing
Humio Server 1.28.0 Stable (2021-06-15)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.28.0 | Stable | 2021-06-15 | 2022-06-15 | 1.16.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 1a2b8d3acc15ac6789534f7624265ecb |
SHA1 | 3cf96a324147967c1bc7753a7f9d94cbed8cd843 |
SHA256 | 8a355f8bbab9a74422ee3456f9bfe93302734a69197b7e12c254f7c0fd9905de |
SHA512 | e572352be7e71403f52fe0767567232a198861a60f100b7e9e32475e8e2720285902daf6493b62b79052ca71aa6550abe173d5ae5246e14e5ac30bda0883667c |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.28.0/server-1.28.0.tar.gz
Major changes, as well as requiring at least a trial license, require accepting privacy, terms, and conditions.
Bug Fixes
Summary
When searching through files in a dashboard parameter, users with CSV files greater than 50.0 records could see incomplete results.
Backfilled data gets lower priority on local disk when in over-commit mode using bucket storage.
Humio trial installations now require a trial license. To request a trial license go to Getting Started.
All users (including existing users) need to accept the privacy notice and terms and conditions before using Humio.
Humio will now try to upload more segments concurrently during a shutdown than during normal operation.
While waiting for the upload of files to bucket to complete during shutdown, the threaddumping will continue running, and the node will report as alive as seen from the other nodes.
Fixed a bug that caused previous 1.27.x but not earlier versions to add "host xyz is slow" warnings to query results also when that was not the case.
Humio Server 1.28.0 Includes the following changes made in Humio Server 1.27.0
Version Type Release Date End of Support Upgrades From Data Migration Config. Changes 1.27.0 Preview 2021-06-14 2021-06-15 1.16.0 No Yes
JAR Checksum Value MD5 cce0478c744d183db8491e338949bdfe SHA1 6dd0bf5c8e0d4ca1f74116e31f28f8cfa7b58323 SHA256 a3425e6141358cbc1115ab3c2691768c64d62f84cea3e018eb7b6debcb05f803 SHA512 ca63e89946e4a12422124adb052b59f8da30ca026b5c34b0bfe1ddcc35cf7546fedd4127d46def6c36b3e0f7278675cf4fe47362fe5070a6d7b29ffbcbd0bc49 Bug fixes and updates.
Improvements, new features and functionality
Bug Fixes
Humio Server 1.28.0 Includes the following changes made in Humio Server 1.27.1
Version Type Release Date End of Support Upgrades From Data Migration Config. Changes 1.27.1 Preview 2021-06-15 2021-06-15 1.16.0 No Yes
JAR Checksum Value MD5 d45c8b1dd900bfaaae7ab6d7173f122a SHA1 9602b62cab67ca3f1d35fd888303bc642c024518 SHA256 ec2db12be413b83e52fb2f1cefa04bc9634e7c17657349c4e6b9c71c26a804f9 SHA512 6179ff0307e3cd804cb4dfcf56a98d30b67cebf51eb2673accde437a308a2d16fd433db983e2948a06768dfac8fa71aa302a357524ed78b675ccbb8491844f6e Security fixes and some minor fixes.
Bug Fixes
Humio Server 1.27.1 Preview (2021-06-15)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.27.1 | Preview | 2021-06-15 | 2021-06-15 | 1.16.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | d45c8b1dd900bfaaae7ab6d7173f122a |
SHA1 | 9602b62cab67ca3f1d35fd888303bc642c024518 |
SHA256 | ec2db12be413b83e52fb2f1cefa04bc9634e7c17657349c4e6b9c71c26a804f9 |
SHA512 | 6179ff0307e3cd804cb4dfcf56a98d30b67cebf51eb2673accde437a308a2d16fd433db983e2948a06768dfac8fa71aa302a357524ed78b675ccbb8491844f6e |
Security fixes and some minor fixes.
Bug Fixes
Summary
Updated dependencies with security fixes.
Fixed an issue where Humio could prematurely clean up local copies of segments involved in queries, causing queries to fail with a "Did not query segment" warning.
Fixed issue where certain queries would cause
NullPointerException
inOneForOneStrategy
.
Humio Server 1.27.0 Preview (2021-06-14)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.27.0 | Preview | 2021-06-14 | 2021-06-15 | 1.16.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | cce0478c744d183db8491e338949bdfe |
SHA1 | 6dd0bf5c8e0d4ca1f74116e31f28f8cfa7b58323 |
SHA256 | a3425e6141358cbc1115ab3c2691768c64d62f84cea3e018eb7b6debcb05f803 |
SHA512 | ca63e89946e4a12422124adb052b59f8da30ca026b5c34b0bfe1ddcc35cf7546fedd4127d46def6c36b3e0f7278675cf4fe47362fe5070a6d7b29ffbcbd0bc49 |
Bug fixes and updates.
Improvements, new features and functionality
Deprecation
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.
Automation and Alerts
Fixed an issue where it was possible to create an alert with an empty time interval or a blank name or throttle field.
The Alert and Scheduled Search dialogs have gotten a makeover.
GraphQL API
Deprecated GraphQL field
SearchDomain.recentQueries
in favor ofSearchDomain.recentQueriesV2
.
Configuration
Limit how many times we'll repeat a repeating regexp. The default max number of repetitions is .0 but the value is configurable between 50 and .0 by setting the
MAX_REGEX_REPETITIONS
env variable.Removed the log4j2-stdout-json.xml configuration file. The replacement log4j2-json-stdout.xml has been available for a while, and we want everyone to move to the new configuration, as the old configuration produces logs incompatible with the Insights Package.
Functions
Fixed an issue in
timeChart()
where the horizontal line did not showing up.Reduced memory usage for
groupBy()
function, etc.; worst-case in particular but also average-case to some degree.With
worldMap()
function, you can now see the magnitude value by hovering marks on the map.
Other
Fixed an issue which caused queries to crash when "beta:repeating()" was used with a time interval ending before "now".
The New Action dialog validates user input in a more indulgent fashion and provides all validation errors consistently.
Added button to delete the organization from the Organization Overview page
When assigning a role, all the user which need a new role are choosen, and then the same role is assigned to them all.
In the time selector, you can now write "24" in the time-of-day field to denote the end of the day.
Added frontend validation on welcome page and invitation page fields
Add a label to the empty option for default queries on the repository settings page.
Fixed an issue with AuthenticationMethod.SetByProxy where the search page would constantly reload.
Add a bit more debug logging to DataSnapshotLoader, for visibility around choice of global snapshot during boot
Added ability to set organization usage limits manually for cases where automatic synchronization is not possible.
Added a quickfix feature for reserved keywords
When looking at the details of an event, long field values will now extend beyond the viewport by default. Word wrapping can be enabled to stop it from extending outside the viewport.
The UI now consistently marks required field with a red asterisk across a number of dialogs.
The event distribution chart would sometimes show a bucket span reported in milliseconds instead of a more appropriate unit, when those milliseconds did not add up cleanly (e.g. "1h"). Now the bucket span can be reported with multiple units (e.g. "1h 30m")
Fixed a rare issue that could fail to trigger a JVM shutdown if the Kafka digest leader loop thread became nonfunctional.
Fixed an issue where worldmap widgets would revert to event list widgets when changing styling options.
Removed requirement that SAML Id needs to be an URL (Now, only requirement is that the field is not empty)
Fixed an issue in the Query State Cache that could fail a query on time intervals with a fixed timestamp as start and now as end.
Improve thread safety of updates to global Hosts entities during bootup
Fixed various bugs for the worldmap widget. The bug fixes may cause your world map marks to look different that previously, but should now work as intended and correcting it should be as simple as tweeking the style parameters.
Changed implementation of cluster host alive stats to attempt to reduce thread contention when threads are checking for host liveness.
The Humio frontend no longer sends the
Humio-Query-Session
header to the backend, since it is no longer used.Debug logs which relate to the invocation of an action now contain an
actionInvocationId
. This trace id is the same for all logs generated by the same action invocation.Fixed an OIDC group synchronization issue where users where denied access even though their group membership gave them access.
The list of recent queries on the search page now has headers with the date the query was run.
Included both ws and wss in csp header
Started internal work on memory quotas on queries' aggregation states. This should not have any user-visible impact yet.
Updated the interactive tutorial with better descriptions
Fixed an issue where UI stalled on the "Data Sources" page
Automatically reduce the precision of world maps when they exceed a certain size limit
Changed implementation of cluster host alive stats to trigger updates in the in-memory state based on changes in global, rather than running periodic updates.
Fixed a problem where the global consistency check would report spurious inconsistencies because of trivial differences in the underlying JSON data
Users with read repository permissions can now access and see files.
Working on merging of advanced and simple permission models, so that the roles can be added directly to users.
Fixed a problem when some user-defined styles weren't being applied to a chart after a page refresh or when exported to a dashboard widget
Improved error messages when exporting invalid dashboards as templates
Slightly improve performance of id lookups in global
Fixed an issue for Firefox 78.10.1 ESR where the event list and event distribution chart would not be scrollable and resize incorrectly.
Reimplement several part of Humio to use a safer mechanism for listening to changes from global. This should eliminate a class of race condition that could cause nodes to ignore updates received during the boot process.
Inviting users on cloud now requires the invited user to accept the invitation before assigning permissions to him. Moreover, it is possible to invite users who are in another organization on cloud.
Improved styling of header on organization overview page
Fixed an issue where optimizeAndSaveQueryCoordinationPartitions could attempt to save a partitioning table to global with gaps in the partition list. This caused queries to fail, and repeated logging of a validation error.
Bug Fixes
Other
Humio trial installations now require a trial license. To request a trial license go to getting-started
All users (including existing users) need to accept the privacy notice and terms and conditions <https://www.crowdstrike.com/terms-conditions/humio-self-hosted> before using Humio.
Humio Server 1.26.3 Stable (2021-06-17)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.26.3 | Stable | 2021-06-17 | 2022-06-17 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 8c880514f42787b5e5f85607bca347de |
SHA1 | e97e3ea8ebc5de0076186e6daa7aa16d4ca48c8c |
SHA256 | d906d0938e8c2283ab91dc999cac4f6a966591e3ee0089e309378123d13cd637 |
SHA512 | 826aea0625a8daac1801f11f12429a6bcb3b8ee58f4b536172d4602fc5f09252fe0be0afd72a5300520980c962a9caa99aeb4ee6c9ada79544963b4c9687b972 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.26.3/server-1.26.3.tar.gz
Security fixes and some minor fixes related to Firefox, Worldmap widgets, and problems with local file clean-up.
Bug Fixes
Summary
Fixed an issue where Worldmap widgets would revert to event list widgets when changing styling options.
Fixed an issue for Firefox 78.10.1 ESR where the event list and event distribution chart would not be scrollable and resize incorrectly.
Fixed an issue where Humio could prematurely clean up local copies of segments involved in queries, causing queries to fail with a "Did not query segment" warning.
Updated dependencies with security fixes.
Humio Server 1.26.2 Stable (2021-06-07)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.26.2 | Stable | 2021-06-07 | 2022-06-07 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 1ebc3d89c531e0ea11be7378e2f1d27c |
SHA1 | 4ac77b9dd3532d6e1f3bce39a72a2f337c300ccc |
SHA256 | 6d06e3734f6a5f30715754d210092b31f4225a42d97495d8e0c8a3d6eea53bfa |
SHA512 | d5c6e9b1b08ed10b5549359306e35734a28557088d3efa98d30ccc0080700ba053a8f83d694790686a6333c54734392e8199127cbaf1719a841979e5e9188e27 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.26.2/server-1.26.2.tar.gz
Several fixes related to the WorldMap and TimeChart widgets, OIDC group syncronization, and requirements for Humio trial installations, as well as privacy notices and terms and conditions, and other bugs.
Bug Fixes
Summary
Fix a number of cases where Humio could attempt to write a message to global larger than permitted.
Fixes an OIDC group synchronization issue where users where denied access even though their group membership gave them access.
Fixes issue where the world map widget would misbehave in different ways.
All users (including existing users) need to accept the privacy notice and terms and conditions before using Humio.
Update the minimum Humio version for Hosts in global when downgrading a node
Humio trial installations requires a trial license from this version, to request a trial license go to getting-started <https://www.humio.com/getting-started/>
Fixes an issue in Timechart with horizontal line not showing up.
Humio Server 1.26.1 Stable (2021-05-31)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.26.1 | Stable | 2021-05-31 | 2022-05-31 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 8322d138b790cb9839e44c96e0cb4ba8 |
SHA1 | d4f47c97d3faa5ae5d014b5c47ec0221d24b4496 |
SHA256 | bb3fde18139e575a053709c042322604e8e01188f096a764bca9f4338286118e |
SHA512 | 44e699237aca10e0e3c5c219a06260e8715b16d8da6fa8a6e5e878f2c66ad9c639ba0d69ecc5aef8d2afb91c42b7a36fe0b7969d3b36d3b2ace21c6bb2c512c2 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.26.1/server-1.26.1.tar.gz
Several fixes related to WorldMap widget, applying user-defined styles to a dashboard chart, and partitions.
Bug Fixes
Summary
Fix an issue where data was not visible on the
World Map
until the opacity setting had been changed.Fix an issue where optimizeAndSaveQueryCoordinationPartitions could attempt to save a partitioning table to global with gaps in the partition list. This caused queries to fail, and repeated logging of a validation error.
Fix an issue when some user-defined styles weren't being applied to a chart after a page refresh or when exported to a dashboard widget.
Humio Server 1.26.0 Stable (2021-05-20)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.26.0 | Stable | 2021-05-20 | 2022-05-20 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 5f8abd037b3f73eaac8d5882fa58e4ec |
SHA1 | 85971d1f18228a81f46f6f6334196fd918647438 |
SHA256 | 4e0ad70a2c9275742aee8a0181eee2e20c6496ba16b8f6fb93490b84b5031b5e |
SHA512 | 425cacd3de3f54c2813dd3915ad35aed67de2f11a80d9c2fbf96055b030158b5d60c31686e121e613df855e6f0bdaad9d02f1c9e61a4df24b8f69cfd3193f56d |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.26.0/server-1.26.0.tar.gz
The HEC ingest endpoint will no longer implicitly parse logs
using the built-in kv
parser. Previously, a log ingested using this endpoint would
implicitly be parsed with the
kv
parser when the
supplied event
field was
given as a string. For instance, this log:
{
"time" : 1537537729.0,
"event" : "Fri, 21 Sep 2018 13:48:49 GMT - system started name=webserver",
"source" : "/var/log/application.log",
"sourcetype" : "applog",
"fields" : { "#env" : "prod" }
}
Would be parsed, so that the resulting Humio event would contain
the field name=webserver
.
If you don't wish this behavior to change, you will have to perform this parsing operation explicitly.
When ingesting into the HEC endpoint, you are using an ingest token to authenticate with Humio. If that token does not have an associated parser, all you need to do is assign the kv parser to the token.
If your ingest token already has an assigned parser, you will need to prepend the code of that parser with this code snippet:
kvParse(@rawstring) | findTimestamp(addErrors=false) |
Dark Mode is a new visual theme throughout Humio (except some settings pages) that is tailored to offer great readability in dark environments, to not brighten the entire room when used on dashboards, and offer a unique visual style that some users prefer simply for its aesthetics. In 1.25 users are going to see a modal dialogue that asks what mode users would like to have; dark mode, light mode or follow the OS theme. This setting can later be changed in the settings menu.
Bug Fixes
Other
Humio trial installations requires a trial license from this version, to request a trial license go to: https://www.humio.com/getting-started/
Update the minimum Humio version for Hosts in global when downgrading a node
Fixes issue where the world map widget would misbehave in different ways
All users (including existing users) needs to accept the privacy notice: https://www.crowdstrike.com/privacy-notice and terms and conditions https://www.crowdstrike.com/terms-conditions/humio-self-hosted before using Humio.
Fix a number of cases where Humio could attempt to write a message to global larger than permitted.
Known Issues
Other
A regression can cause 1.26.0 to repeatedly error log and fail to start queries in cases where the list of hosts in the cluster is not fixed. This is particularly likely to affect clusters running with ephemeral disks. The regression is fixed in 1.26.1.
Humio Server 1.25.3 Preview (2021-05-10)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.25.3 | Preview | 2021-05-10 | 2021-05-20 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 08d8b9bfd9692b992a0f564426041717 |
SHA1 | 463df975e2f50c3ae3de888b454a2d1a7285f148 |
SHA256 | 06167df8dabc6211a26edc4aede8d2461ded183e7bb6f1ef527f1b8a441f52b0 |
SHA512 | dbbed239b977af08889433e9f020bbdcb02b5f9496ab2a7eb410d967eb72ef7a4dcfde93374d36a3fe8c5798b35527f2594c025b6c68a3517c20e6f32e5d4ad9 |
Minor bug fixes, including removing error logs from alert jobs running in a Sandbox.
Bug Fixes
Summary
Minor bug fixes and improvements.
Other
Removes error logs from the alert job when running alerts on a sandbox repository.
Humio Server 1.25.2 Preview (2021-05-06)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.25.2 | Preview | 2021-05-06 | 2021-05-20 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 29b0554b42990118d22fb674e0f6b397 |
SHA1 | ce0ee5e134123fa5ccde8dc012fb1822722140ff |
SHA256 | 9374d762c00d5aa1884f163391fa13149e74f22e428ff849f15124ded001c033 |
SHA512 | 52b14b36db509515fb1d25e2e346b3a920493cdfd7f4862ebdee892014d14394d19e2324da60ec7d1f7137b1eef50c9716499e174e1f910f7a33f437aee1c053 |
Bug fix related to global consistency checks with nodes.
Bug Fixes
Summary
Fixes problem where having many nodes and a large global could lead to deadlocks in the global consistency check.
Humio Server 1.25.1 Preview (2021-05-04)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.25.1 | Preview | 2021-05-04 | 2021-05-20 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 7e4477532960f4662ee7f3c11681d640 |
SHA1 | 8f7d79294eb27af73333252b2177e3b1467fa01e |
SHA256 | 44b0be0f312c747f1b4f32ca34613bccdc47330100d3d74381731e556e2da999 |
SHA512 | b3624257bd69d0d0e123e7af5010da3d49680f0d286c1ad4daae50f75bfc8ea0cea35836c8e233c09c1f3ee4e5c02ecbc91850c0a0af30afb59e26206c0de125 |
There is a serious issue affecting larger clusters in this
release. The global inconsistency checker job can cause the
thread responsible for reading changes from global to hang. It
is possible to work around this by disabling the job using
RUN_GLOBAL_CONSISTENCY_CHECKER_JOB=false
.
This is fixed in 1.25.2.
Bug Fixes
Other
Makes disabled items in the main menu look disabled in dark mode
Humio Server 1.25.0 Preview (2021-04-29)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.25.0 | Preview | 2021-04-29 | 2021-05-20 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | aa7d71e3617d71ec800f1e5e898cb328 |
SHA1 | 8e815fd8c1d6a0bc1c22e096e8f82d08d40ea172 |
SHA256 | 7f26e858df2f1e16a64f44c6ac72948267eb317d884ad1db72b3799adcc95696 |
SHA512 | 1f447d204ecb3e60c80835e02a4fe8e6c7984728df5b31827b23f2278e00a0862a78dabe8ef01a2295f925a351693bdbb1d649c83465bf0951b040eab466fbad |
There is a serious issue affecting larger clusters in this
release. The global inconsistency checker job can cause the
thread responsible for reading changes from global to hang. It
is possible to work around this by disabling the job using
RUN_GLOBAL_CONSISTENCY_CHECKER_JOB=false
.
This is fixed in 1.25.2 (and 1.26.0).
The HEC ingest endpoint will no longer implicitly parse logs
using the built-in kv parser. Previously, a log ingested using
this endpoint would implicitly be parsed with the
kv
parser when the
supplied event
field was
given as a string. For instance, this log:
json{ "time" : 1537537729.0, "event" : "Fri, 21 Sep 2018 13:48:49 GMT - system started name=webserver", "source" : "/var/log/application.log", "sourcetype" : "applog", "fields" : { "#env" : "prod" } }
Would be parsed, so that the resulting Humio event would contain the field
name=webserver
.If you don't wish this behavior to change, you will have to perform this parsing operation explicitly.
When ingesting into the HEC endpoint, you are using an ingest token to authenticate with Humio. If that token does not have an associated parser, all you need to do is assign the
kv
parser to the token.If your ingest token already has an assigned parser, you will need to prepend the code of that parser with this code snippet:
kvParse(@rawstring) | findTimestamp(addErrors=false) |
Dark Mode is a new visual theme throughout Humio (except some settings pages) that is tailored to offer great readability in dark environments, to not brighten the entire room when used on dashboards, and offer a unique visual style that some users prefer simply for its aesthetics. In 1.25 users are going to see a modal dialogue that asks what mode users would like to have; dark mode, light mode or follow the OS theme. This setting can later be changed in the settings menu.
Improvements, new features and functionality
Other
The query scheduler now prioritizes new queries started by a user based on the cumulative cost of recent queries started by that user. Added new configuration
QUERY_SPENT_FACTOR
with the default value 0.5, which defines the weight of recent query costs when scheduling. Higher values mean that users with high recent query costs will see their queries penalized harder in the scheduling.
Bug Fixes
Automation and Alerts
When running alerts and scheduled searches, all logging related to a specific alert or scheduled search will now be logged to the The
humio-activity
Repository repository, instead of the humio repository. Error logs will still be logged to the humio repository as well.Refreshing actions while creating alerts and scheduled searches now happens automatically, but can also be triggered manually using a button.
GraphQL API
The
SearchDomain.queries
GraphQL field has been deprecated. UseSearchDomain.savedQueries
instead.The updateSettings GraphQL mutation has been marked as unstable, as it can control unstable and ephemeral settings.
Removes the deprecated
Repository.isFreemium
GraphQL field.The
SearchDomain.viewerCanChangeConnections
GraphQL field has been deprecated. UseSearchDomain.isActionAllowed
instead.Deprecates GraphQL fields
UserSettings.isEventListOrderChangedMessageDismissed
,UserSettings.isNewRepoHelpDismissed
, andUserSettings.settings
since they are not used for anything anymore, and will be removed in a future release.
Configuration
Removed the
QUERY_QUOTA_EXCEEDED_PENALTY
configuration.New config:
S3_ARCHIVING_IBM_COMPAT
for compatility with S3 archiving to IBM Cloud Object Storage.New config:
SEGMENTMOVER_EXECUTOR_CORES
allows tuning number of concurrent fetches of segments from other nodes to this node. Defaults to vCPU/8, must be at least 2.
Functions
Optimized the
splitString()
function.Make the
parseLEEF()
function more robust and optimize its memory usage.Fixed a bug which could cause
head()
,tail()
,sort()
within eitherbucket()
or a live query to return too few results in certain cases.Added a new query function:
base64Decode()
.Fixed a bug where
cidr()
did not respect theinclude
parameter.
Other
Fixed a bug where a scheduled search would be executed repeatedly, as long as at least one out of multiple actions was failing. Now, execution is only repeated if all actions are failing.
Allow user groups to be represented as a json string and not only as an array when logging in with oauth.
Query poll responses meta data now include Query Quota spent for current user across queries. The cost so far of the current query was there already.
Reworked initialization of Humio's async listener infrastructure, to ensure that listeners do not miss any updates. This fixes a number of flakiness issues that could arise when a node was rebooted.
Bumped minimum supported versions of Chrome and Chromium from 60 to 69 due to updated dependencies
Some minor performance improvements in the ingest pipeline
Rework how Humio caches data from global. This fixes a number of data races, where Humio nodes could temporarily get an incorrect view of global.
Fixed an issue where clicking the label of a parser rerouted erroneously
Added documentation link to autocomplete description in the Humio search field
Added IP ASN Database license information to the Cluster Administration page
Improved error logging for event forwarding
Fixed a bug that made it possible to rename a parser to an existing name and thereby overwriting the existing parser.
When installing an application package, you sometimes had to refresh the page to get the assets in the package linked to their installed counter parts.
Made it possible to delete a parser overriding a built-in parser, even though it is used in an ingest token.
Changed the built-in
audit-log
parser so that null values are stored as an empty string value. Previously, they were stored as the string "null". The defaults are consistent with the old behavior, so that null values become a "null" string and empty string values are kept.When a query is cancelled, a reason for canceling the query is now always logged. Previously, this was only done if the query was cancelled due to an internal exception. Look for log lines starting with query is cancelled.
Fixed a bug that made it impossible to copy a parser to override a built-in parser.
The HEC ingest endpoint is no longer implicitly running
kvParse
. This used to be the case when ingesting events of the form"event" : "Log line..."
. If the ingested data is to be key-value parsed, addkvParse()
to the relevant parser for the input data.Added audit logging when assigning a parser to an ingest token or unassigning a parser from an ingest token. Added the parser name to all audit logs for ingest tokens.
Added new parameters
handleNull
andexcludeEmpty
toparseJson()
to control how null and empty string values are handled.Added a warning to the Cluster Nodes page that warns you if not all Humio servers are running the same Humio version.
Humio Server 1.24.4 Stable (2021-05-31)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.24.4 | Stable | 2021-05-31 | 2022-05-31 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 83588b8570c97dc8a89b46524ea8d92a |
SHA1 | 15958a097eaba9689a43c557e1d6d14e2d566d6d |
SHA256 | cafca561035aec00f5971a15cf283b757794c8a2706829518a05ce089f92ea88 |
SHA512 | 15352a96bb6b4ed27ef1c7b238cf97142c36cfefe17be25bf671a706bd6afcf0c8ad8951a325838e259eeb52e643f3950b8f47f3186ecea049f34fc81e066eed |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.24.4/server-1.24.4.tar.gz
Minor bug fixes, as well as fix a stackoverflow bug in large clusters.
Bug Fixes
Summary
Minor bug fixes and improvements.
Fix a stackoverflow that could occur during startup in larger clusters.
Humio Server 1.24.3 Stable (2021-05-10)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.24.3 | Stable | 2021-05-10 | 2022-05-10 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | adb3c4827d86d476d104ab2ba8ec3171 |
SHA1 | 06a25ba15bf28659900807a8505860f5b32a65d6 |
SHA256 | bae28e700dc6806496fd351ffb865a80420f0757613546076b4a2e9aae719d8d |
SHA512 | aff4adf71e1140ffdbeebfef7eae451d0bbff41f5af1753dee13d1287635644228336da0de300208fe1e667ae151198c74b74fdf10d830d37ae9b072f136a7a4 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.24.3/server-1.24.3.tar.gz
Minor bug fixes.
Bug Fixes
Summary
Minor bug fixes and improvements.
Humio Server 1.24.2 Stable (2021-04-19)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.24.2 | Stable | 2021-04-19 | 2022-04-19 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 69a6ef22d7f295f807ceef46c8c0c6d1 |
SHA1 | 6284ee05bd7c583044f6620f385864a3be3bab84 |
SHA256 | cc648f1c4efe01d20e9f93a77b1892291077ae76339d1b5dcbc0e504f9975e25 |
SHA512 | 54c60624a5c0ef19c12fcda05b4fecbe8ddf626246c3160d90f29cc76143dfbe4b07f7d884616699486848f0e7b8c519c0e1d5f5dd3e2be3e8b0a6f49fe960c5 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.24.2/server-1.24.2.tar.gz
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.24.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.24.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Other
Reduced off-heap memory usage
Fixed an issue where cost spent in a long-running query got accounted as spent "now" when the query ended in terms of Query Quota
Fixed an issue where a repository with very high number of datasources could trigger an error writing an oversized message to kafka from the ingest-reader-leader thread
Humio Server 1.24.1 Stable (2021-04-12)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.24.1 | Stable | 2021-04-12 | 2022-04-12 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | b7fec8d3a5c0b521a371dbeb6e56d8b2 |
SHA1 | fbabef325eaaf1bd0a3052f51497f00779efad5f |
SHA256 | 223e48fe647fc681456b47cad81d0fca5936d6283791b2a41fa4c8dc199c1c76 |
SHA512 | 51663220d67bb25f67b7e44837e84c87c36c3f24da69918b1a6978fc751543a2f1f25f49f166681def7a0276881907b284a52bb302fa6d745d7b16859d3f7d96 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.24.1/server-1.24.1.tar.gz
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.24.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.24.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Other
Allow reverse proxies using 10s as timeout to work also for a query that takes longer than that to initialize
Ensure that if the Kafka leader loop thread dies, it kills the Humio process. In rare cases it was possible for this thread to die, leaving the node incapable of performing digest work
Fixes an issue where the user would get stuck in infinite loading after having been invited into an organization
Fixed a bug where ingestOnly nodes could not start on a more recent version that the statefull nodes in the cluster
Humio Server 1.24.0 Stable (2021-04-06)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.24.0 | Stable | 2021-04-06 | 2022-04-06 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | cbee15b1c1af8d13984fbd938e9f9488 |
SHA1 | 8562af8753aca033d6b4966311787c2a681116dc |
SHA256 | 7cda1dd2188ec2ed5899c5a4c26cf45c2f2d4199439342da64819194475b5cf2 |
SHA512 | ad9e05ed84cd08f8774b5bbec44b8075ebb9e2cd7898f7d6f88fc445a5e1476284b86b1d3d5536ecdf1609b7c8b4e05d3ad27302dd79e41f95094140c12ce002 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.24.0/server-1.24.0.tar.gz
Important Information about Upgrading
This release promotes the latest 1.23 release from preview to stable.
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.24.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.24.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Humio will make some internal logs available in a new repository called humio-activity. This is meant for logs that are relevant to users of Humio, as compared to logs that are only relevant for operators. The latter logs are still put into the humio repository. For this release, only new log events will be put into humio-activity, but in later releases, some existing log events that are relevant for users, will be put into the humio-activity repository instead of the humio repository.
For cloud users, the logs for your organization can be accessed
through the
humio-organization-activity
view.
For on-prem users, the logs can be accessed directly through the
humio-activity repository. They are also output
into a new log file named
humio-activity.log
which can be ingested
into the humio repository, if you want it available
there as well. If you do and you are using the
Insights Package, you should upgrade that to
version 0.0.4. For more information, see the
LogScale's Internal Logging.
Humio has decided to adopt an evolutionary approach to its GraphQL API, meaning that we will strive to do only backwards compatible changes. Instead of making non-backwards compatible changes to existing fields, we will instead add new fields alongside the existing fields. The existing fields will be deprecated and might be removed in some later release. We reserve the right to still do non-backwards compatible changes, for instance to fix security issues.
For new experimental features, we will mark the corresponding
GraphQL fields as PREVIEW
.
There will be no guarantees on backwards compatibility on fields
marked as PREVIEW
.
Deprecated and preview fields and enum values will be marked as
such in the GraphQL schema and will be shown as deprecated or
preview in the API Explorer. Apart from that, the result of
running a GraphQL query using a deprecated or preview field will
contain a new field
extensions
, which contains
a field deprecated
with a
list of all deprecated fields used in the query and a field
preview
with a list of all
preview fields used in the query.
Example:
{ "data": ... "extensions": { "deprecated": [ { "name": "alert", "reason": "[DEPRECATED: Since 2020-11-26. Deprecated since 1.19.0. Will be removed March 2021. Use 'searchDomain.alert' instead]" } ] } }
Deprecated fields and enum values will also be noted in the
release note, when they are first deprecated. All use of
deprecated fields and enum values will also be logged in the
Humio repository humio-activity. They will have
#category=GraphQL
,
subCategory=Deprecation
and #severity=Warning
. If
you are using the API, consider creating an alert for such logs.
Removed Support for CIDR Shorthand
Previous version of Humio supported a shorthand for IPv4 CIDR
expressions. For example
127.1/16
would be
equivalent to
127.1.0.0/16
. This was
contrary to other implementations like the Linux function
inet_aton
, where
127.1
expands to
127.0.0.1
. Support for
this shorthand has been removed and the complete address must
now be written instead.
Bug Fixes
Other
Removed the
QUERY_QUOTA_EXCEEDED_PENALTY
config (introduced in 1.19.0).Fixed an issue which prevented Safari users from seeing alert actions
The query scheduler now prioritizes new queries started by a user based on the cumulative cost of recent queries started by that user. Added new config
QUERY_SPENT_FACTOR
with the default value 0.5, which defines the weight of recent query costs when scheduling. Higher values mean that users with high recent query costs will see their queries penalized harder in the scheduling.Fixed an issue which caused problems with forward/backward compatibility of LanguageVersion in GraphQL
Fixed a scrolling issues on the Kafka cluster admin page
Fixed an issue on the search page that prevented the event list from scrolling correctly.
Major changes: 1.23.0 and 1.23.1.
Humio Server 1.23.1 Stable (2021-03-24)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.23.1 | Stable | 2021-03-24 | 2022-03-24 | 1.16.0 | No | No |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.23.1/server-1.23.1.tar.gz
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.23.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.23.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Other
New config:
S3_ARCHIVING_IBM_COMPAT
for compatibility with S3 archiving to IBM Cloud Object Storage.Allow users group to be represented as a json string and not only array when logging in with oauth.
Humio Server 1.23.0 Preview (2021-03-18)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.23.0 | Preview | 2021-03-18 | 2021-03-24 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 882c77cb19e867084fbb26dc80c079d8 |
SHA1 | 053d49648f03fd49f0766aa9df64f66921c72638 |
SHA256 | 898f1670010d25866f9fb27e054509a2ade615dbae612cdc70ce34371e03ac59 |
SHA512 | eba333bfec11983f6140ca4e64ec725c91c0d724f245c0250f2264a9221036a7d9e89aace2bf096ce7b5ecca72b4c24659348feba7098d89a5a4035359d8b8d3 |
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.23.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.23.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Humio will make some internal logs available in a new repository called humio-activity. This is meant for logs that are relevant to users of Humio, as compared to logs that are only relevant for operators. The latter logs are still put into the humio repository. For this release, only new log events will be put into humio-activity, but in later releases, some existing log events that are relevant for users, will be put into the humio-activity repository instead of the humio repository.
For cloud users, the logs for your organization can be accessed
through the
humio-organization-activity
view.
For on-prem users, the logs can be accessed directly through the
humio-activity repository. They are also output
into a new log file named
humio-activity.log
which can be ingested
into the humio repository, if you want it available
there as well. If you do and you are using the
Insights Package, you should upgrade that to
version 0.0.4. For more information, see
LogScale's Internal Logging.
Humio has decided to adopt an evolutionary approach to its GraphQL API, meaning that we will strive to do only backwards compatible changes. Instead of making non-backwards compatible changes to existing fields, we will instead add new fields alongside the existing fields. The existing fields will be deprecated and might be removed in some later release. We reserve the right to still do non-backwards compatible changes, for instance to fix security issues.
For new experimental features, we will mark the corresponding GraphQL fields as PREVIEW. There will be no guarantees on backwards compatibility on fields marked as PREVIEW.
Deprecated and preview fields and enum values will be marked as
such in the GraphQL schema and will be shown as deprecated or
preview in the API Explorer. Apart from that, the result of
running a GraphQL query using a deprecated or preview field will
contain a new field
extensions
, which contains
a field deprecated
with a
list of all deprecated fields used in the query and a field
preview
with a list of all
preview fields used in the query.
Example:
{
"data": ...
"extensions": {
"deprecated": [
{
"name": "alert",
"reason": "[DEPRECATED: Since 2020-11-26. Deprecated since 1.19.0. Will be removed March 2021. Use 'searchDomain.alert' instead]"
}
]
}
}
Deprecated fields and enum values will also be noted in the
release note, when they are first deprecated. All use of
deprecated fields and enum values will also be logged in the
Humio repository humio-activity. They will have
#category=GraphQL
,
subCategory=Deprecation
and #severity=Warning
. If
you are using the API, consider creating an alert for such logs.
Removed Support for CIDR Shorthand
Previous version of Humio supported a shorthand for IPv4 CIDR
expressions. For example
127.1/16
would be
equivalent to
127.1.0.0/16
. This was
contrary to other implementations like the Linux function
inet_aton
, where
127.1
expands to
127.0.0.1
. Support for
this shorthand has been removed and the complete address must
now be written instead.
Improvements, new features and functionality
Summary
Added GraphQL queries and mutations for alerts and actions, which correspond to the deprecated REST endpoints for those entities.
GraphQL API
Added GraphQL mutations addAlertLabelV2, removeAlertLabelV2, addStarToAlertV2 and removeStarFromAlertV2.
Bug Fixes
Deprecation
Deprecated GraphQL mutations addAlertLabel, removeAlertLabel, addStarToAlert and removeStarFromAlert as they did not follow the standard for mutation input.
Automation and Alerts
Deprecated the REST endpoints for alerts and actions.
Restyled the alert dialogue.
Functions
Added support for CIDR matching on
match()
usingmode=cidr
.Fixed a bug in event forwarding that made
start()
,end()
andnow()
return the time at which the event forwarding rule was cached. Instead,now()
will return the time at which the event forwarding rule was run.start()
andend()
were never meant to be used in an event forwarding rule and will return 0, which means Unix Epoch.Negated, non-strict
match()
orlookup()
is no longer allowed.Deprecated
file
andcolumn
parameter oncidr()
. Usematch()
withmode=cidr
instead.Fixed a bug which caused
in()
with values=[] to give incorrect results.Improved performance when using
match()
withmode=cidr
compared to usingcidr()
withfile()
.Deprecated
glob
parameter onmatch()
, usemode=glob
instead.Fixed a bug which caused glob-patterns in
match()
to not match newline characters.Removed support for shorthand IPv4 CIDR notation in
cidr()
. See section "Removed support for CIDR shorthand".Added
mode
parameter tomatch()
, allowing different ways to match the key.Fixed a bug which caused tag-filters in anonymous functions to not work in certain cases (causing to many events to be let through).
Other
Fixed an issue with the Missing Segments API that caused missing segments to not appear in the missing segments list if they had a replacement segment.
Fixed an issue where changes to files would not propagate to parsers or event forwarders.
Fixed an issue where Prometheus metrics always reported 0.0 for humio_primary_disk_usage
The
SearchDomain.queries
GraphQL field has been deprecated, and will be removed in a future release. UseSearchDomain.savedQueries
instead.Changed the URL of the Kafka cluster page in the settings.
Fixed the requirement condition for the time retention on a repository.
Added IP Filter for readonly dashboard links, and started to audit log readonly dashboard access. In this initial version. The readonly ip filter can be configured with the graphql mutation:
graphqlmutation { updateReadonlyDashboardIPFilter(ipFilter: "FILTER") }
The FILTER is expected in this format: IP Filter. From Humio 1.25 this can be configured in the configuration UI.
Fixed an issue causing undersized segment merging to repeatedly fetch the same segments, in cases where the merger job took too long to finish.
Added an option to make it easier to diagnose problems by detecting inconsistencies between globals in different Humio instances. Each Humio instance has its own copy of the global state which must all be identical. It has happened that they were not, so now we check and if there is a difference we report an error and dump the global state into a file.
Made the S3 archiving save button work again.
Enforce permissions to enter creating new repository page.
Removed the deprecated
Repository.isFreemium
GraphQL field.Allow turning encryption of files stored in bucket storage off by explicitly setting
S3_STORAGE_ENCRYPTION_KEY=off
(similar forGCP_
)Fixes a bug where events deleted with the delete-event API would appear deleted at first, but then resurface again after 24h. If user applying delete did not have permission to search the events being deleted.
The GraphQL API Explorer is now available from inside Humio. You can access it using the Help->API Explorer menu.
Fixed a bug where the same regex pattern occurring multiple times in a query could cause incorrect results
Added a new introduction message to empty repositories.
Improved memory use for certain numerical aggregrating functions
Enforce permissions to enter Organization Settings page.
Fixed an issue where regular expressions too large to handle would sometimes cause the query to hang. Now we report an error.
Improved performance of free-text search using regular expressions.
Refactor how the width of the repository name in the main navigation bar is calculated.
Enforce accepting terms and conditions.
Mark required fields on the Accept Terms and Conditions page.
Refactor All Organizations page.
Deprecated the
ReadEvents
enum variant from theViewAction
enum in GraphQL. Use theReadContents
variant instead, which has the same semantics, but a more accurate name.ReadEvents
will be removed in a future release.Fixed an issue which caused Ingesting Data to Multiple Repositories to break, when the parser used copyEvent to duplicate the input events into multiple repositories
The GraphQL API Explorer has been upgraded to a newer version. The new version includes a history of the queries that have been run.
Implemented toggle button for dark mode.
UI enhancements for the new repository Access Permissions page.
It is again possible to sort the events on the test parser page.
Refactor client side action cache of allowed permissions.
Fixed a bug which caused
match()
to give incorrect results in certain cases due to incorrect cachingThe
SearchDomain.viewerCanChangeConnections
GraphQL field has been deprecated, and will be removed in a future release. UseSearchDomain.isActionAllowed
instead.Refactor Organization Overview page.
Humio Server 1.22.1 Stable (2021-03-02)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.22.1 | Stable | 2021-03-02 | 2022-03-02 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 7d2fb4c0736d1c7f03197fba78a33c13 |
SHA1 | 36c3c2b7ffe3485fb9f87a75b515cb7b9efc5efc |
SHA256 | bc3122c71e8c1bdf57fc044912c660b86933c871758818fb93a8d609c9bc340d |
SHA512 | 54e1da57da87480a2b1b0cc577eb731b734b8fe7af0e2ac3afcd406d28f29ffa5b834d836b283dc5e730b10bba43d55484cd8579746c800bd26a26280a088200 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.22.1/server-1.22.1.tar.gz
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.22.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.22.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Other
Fixes parserlist having no height on Safari.
Fixes overflowing editor bug.
Fixes problem where alertpages have no height in Safari.
Humio Server 1.22.0 Stable (2021-03-02)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.22.0 | Stable | 2021-03-02 | 2022-03-02 | 1.16.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 115532e6c7c321a1fe737bdde5731f4b |
SHA1 | 8a42ec6f7ba168939c60d521d30eba202479173e |
SHA256 | 4cff315346b9edb1ba625f48fe36105666dc9b95e711190578ff62752fa763e4 |
SHA512 | 0173d8b48f8612198cb4a20146b15d23769cacee4fac12a7c710a93ef2f17a30140ccee8e09c8f7c5262815cbb2e03876fe30986f276a9d36155832c4e03a233 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.22.0/server-1.22.0.tar.gz
Important Information about Upgrading
This release promotes the latest 1.21 release from preview to stable.
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.22.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.22.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
## UI revamp In this version the UI has been given a complete makeover. ## Details To see more details, go through the individual 1.21.x release notes (links in the changelog).
Bug Fixes
Other
Change log lines creating a 'kind' field. Kind is used as a tag for the different humio logs
Restrict concurrency when mirroring uploaded files within the cluster
Fixed issue where local segment files would not get deleted in time, potentially filling the disk
Fixed issue where root users were not allowed to set unlimited time in retention settings
Increase HTTP chunk size from 16MB to 128MB
Add the "ProxyOrganization" header to the list of general auth headers used on REST calls
Major changes: (see version 1.21.0 and 1.21.1 release notes)
Fixed issue where tag filters in anonymous parts within an aggregate did not get applied
Fix issue where updating account settings would present the user with an error even though the update was successful
Humio Server 1.21.1 Preview (2021-02-23)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.21.1 | Preview | 2021-02-23 | 2021-03-02 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 3f2b7ae5265ab8e81d339ebbd260b802 |
SHA1 | e406e539b9d3474a25accc82d49efdbcc94c7f4d |
SHA256 | 0ec0db6bfaa232c30d1e0056442f58e5d2c20d9b7716ba136b8350d2c5c05bdd |
SHA512 | 01383adbe54ceb73679aece980b0a7752b07478a40ac3f811a3aadbf9fb55077ebf08842cb2442628af1200e677d0db289a6007b3706794c79377787ef56e898 |
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.21.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.21.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Other
New "prefetch from bucket" job. When a node starts with an empty disk it will download a relevant subset of segment files from the bucket in order to have them present locally for queries.
Improve performance of "decrypt step" in downloads from bucket storage
Server:
header in responses from from Humio HTTP server now includes (Vhost, NodeRole) after the version string.
Humio Server 1.21.0 Preview (2021-02-22)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.21.0 | Preview | 2021-02-22 | 2021-03-02 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 3175d041a4c0a6948d5e23993b7a3bcd |
SHA1 | 1356a57098602623b5cab8511f530aab3b04a080 |
SHA256 | 8f576aca2a00533180ed3710971bd9c4c419e275d618c4c745d004b9a5ad9987 |
SHA512 | 475c72b5655744be0a900269478d930942cd7aae9ec8acf0e38c1eff2a4c7ec243c91293996ad8288ec2ed9c72b896436bb8e12b67f44b999fc03d1f43db4a2d |
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.21.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.21.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Automation and Alerts
Create, update and delete of an alert, scheduled search or action is now recorded in the audit log.
Functions
Fixed bugs in
format()
which caused output from%e
and%g
to be incorrect in certain cases.The
split()
function no longer adds a@display
field to the event it outputs.Fixed a performance and a robustness problem with the function
unit:convert()
. The formatting of the numbers in its output may in some cases be different now.Fixed a bug which caused validation to miss rejecting window() inside
window()
andsession()
.The
findTimestamp()
function has been changed, so that it no longer has a default value for thetimezone
parameter. Previously, the default wasUTC
. If no timezone argument is supplied to the function, it will not parse timestamps that do not contain a timezone. To get the old functionality, simply addtimezone=UTC
to the function. This can be done before upgrading to this release.The experimental function
moment()
has been removed.Change handling of
groupBy()
in live-queries which should in many cases reduce memory cost.Fixed a bug in
lowercase()
which caused the caselowercase(field="\*", include="values")
to not process all fields but only the field named"\*"
.subnet()
now reports an error if its argumentbits
is outside the range 0 to 32.The
replace()
function now reports an error if an unsupported flag is provided in theflags
argument.The
replace()
function now reports an error if the argumentsreplacement
andwith
are provided at the same time.Fixed a memory leak in
rdns()
in cases where many different name servers are used.The
transpose()
function now reports an error if the argumentsheader
orcolumn
is provided together with the argumentpivot
.The functions
worldMap()
andgeohash()
now errors if requested precision is greater than 12.Fixed a bug which caused
eventInternals()
to crash if used late in the pipeline.
Other
The default parser
kv
has been changed from using theparseemacs vTimestamp()
function to use thefindTimestamp()
function. This will make it able to parse more timestamp formats. It will still only parse timestamps with a timezone. It also no longer adds atimezone
field with the extracted timestamp string. This was only done for parsing the timestamp and not meant for storing on the event. To keep the old functionality, clone thekv
parser in the relevant repositories and store the cloned parser with the namekv
. This can be done before upgrading to this release. See kv.Running test of a parser is no longer recorded in the audit log, and irrelevant fields are no longer recorded upon parser deletion.
Fixed a bug which could potentially cause a query state cache file to be read in an incomplete state.
Fixed an issue causing Humio to crash when attempting to delete an idle empty datasource right as the datasource receives new data.
Improve number formatting in certain places by being better at removing trailing zeros.
Fixed an issue where repeating queries would not validate in alerts.
Fixed an issue with the validation of the query prefix set on a view for each repository within the view: Invoking macros is not allowed and was correctly rejected when creating a view, but was not rejected when editing an existing connection.
Prevent Humio from booting when Zookeeper has been reset but Kafka has not.
When exporting a package, you now get a preview of the icon you've added for the package.
Improve hit rate of query state cache by allowing similar but not identical queries to share cache when the entry in the cache can form the basis for both. The cache format is incompatible with previous versions, this is handled internally by handling incompatible cache entries as cache misses.
Fixed an issue causing event redirection to break when using copyEvent to get the same events ingested into multiple repositories.
kvParse()
now only unescapes quotes and backslashes that are inside a quoted string.Fixed a bug where referenced saved queries were not referenced correctly after exporting them as part of a package.
Fixed an issue causing segment tombstones to potentially be deleted too early if bucket storage is enabled, causing an error log.
Fixed a bug which could cause saving of query state cache to take a rather long time.
The deprecated built-in parser
json-for-notifier
has been deleted. It has been replaced by the parserjson-for-action
.Improve performance of
writeJson()
a bit.kvParse()
now unescapes backslashes when they're inside ('
or"
) quotes.Fixed a number of potential concurrency issues.
Made loggings for running scheduled searches more consistent and more structured. All loggings regarding a specific alert will contain the keys
scheduledSearchId
,scheduledSearchName
andviewId
. Loggings regarding the alert query will always contain the keyexternalQueryId
and sometimes also the keysqueryId
with the internal id andquery
with the actual query string. If there are problems with the run-as-user, the id of that user is logged with the keyuser
.kvParse()
now also unescapes single quotes. ('
)Fixed an issue where cancelled queries could be cached.
Make the thread dump job run on a dedicated thread, rather than running on the thread pool shared with other jobs.
When using filters on dashboards, you can now easily reset the filter, either removing it completely, or using the default filter if one is present.
Made sure the humio view humio default parser is only installed when missing, instead of overwriting it every time humio starts.
Lowered the severity level for some loggings for running alerts.
Fixed a bug where analysis of a regex could consume extreme amounts of memory.
Fixed an issue with lack of escaping in filename when downloading.
Raised the parser test character length limit to .00.
Fixed an issue where the segment mover might schedule too many segments for transfer at a time.
Humio insights package installed if missing on the humio view when humio is started.
Fixed a bug in parseJson which resulted in failed JSON parsing if an object contained an empty key (
""
).Packages can now be updated with the same version but new content. This makes iterating over a package before finalizing it easier.
Made loggings for running alerts more consistent and more structured. All loggings regarding a specific alert will contain the keys
alertId
,alertName
andviewId
. Loggings regarding the alert query will always contain the keyexternalQueryId
and sometimes also the keysqueryId
with the internal id andquery
with the actual query string. If there are problems with the run-as-user, the id of that user is logged with the keyuser
.Raised the note widget text length limit to .00.
Added support for disaster recovery of a cluster where all nodes including Kafka has been lost, restoring the state present in bucket storage as a fresh cluster using the old bucket as read-only, and forming a fresh cluster from that. New Configs: S3_RECOVER_FROM_REPLACE_REGION and S3_RECOVER_FROM_REPLACE_BUCKET to allow modifying names of region/bucket while recovering to allow running on a replica, specifying read-only source using
S3_RECOVER_FROM
* for all the bucket storage target parameters otherwise namedS3_STORAGE
*Fixed a bug in
upper()
andlower()
which could cause its output to be corrupted (in cases where no characters had been changed).When on ephemeral disks, nodes being replaced with new ones on empty disks no longer download most of the segments they had before being replaced, but instead schedule downloads based on is being searched.
The Auth0 login page will no longer load a local version of the Auth-Lock library, but instead load a login script hosted on Auth0's CDN. This may require opening access to
https://cdn.auth0.com/
if hosting Humio behind a firewall.Fixed an issue where merge of segments were reported as failed due to input files being deleted while merging. This is not an error, and is no longer reported as such.
The deprecated built-in parser
bro-json
has been deleted. It has been replaced by the parserzeek-json
.
Humio Server 1.20.4 Stable (2021-02-22)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.20.4 | Stable | 2021-02-22 | 2022-02-22 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | e84da693a3ca628775ca56a33f27db91 |
SHA1 | fd2a37750456d861a92ee41840701c2040b71d79 |
SHA256 | 0fc7d2b010abbc263ef97ae4cb019994804133ff858f23de03e0bce69760011a |
SHA512 | 9af984c0a5896046cf0f3febd3b64aef7af501404df75a612c04452140aa9cd9c97f4ed2a5a95fe241ac227db3f3bbbe072ddaa2bed058053b6cfeafcbc388e5 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.20.4/server-1.20.4.tar.gz
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.20.4 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.20.4. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Functions
Other
Fixed an issue causing event redirection to break when using
copyEvent()
function to get the same events forwarded to multiple repositories.New "prefetch from bucket" job - When a node starts with an empty disk it will download a relevant subset of segment files from the bucket in order to have them present locally for queries.
Connecting to the Packages now respects the Humio proxy configuration
Humio Server 1.20.3 Stable (2021-02-11)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.20.3 | Stable | 2021-02-11 | 2022-02-11 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | eb0a1ddfb3bd3440206fc7ce95fedd74 |
SHA1 | 0eedbdc67554a9efbb0fcc5f667a99c899ae43bc |
SHA256 | ecdcb4a299eb3668ed6d5435c97469b4f7b1423f239f4e0a4b95a88d9b8fd566 |
SHA512 | 53dd06169c01eaccc6766f53f6a7c71910c131d7600bfdcdb3f9796d61e7ccdcfa801d8b2a2b9ed4b205fa7c3e567dc2a9a3b6879c94e10f408892cd0d57d77d |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.20.3/server-1.20.3.tar.gz
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.20.3 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.20.3. In case you need to do a rollback, this can also only happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Other
Improve auto completion suggestions.
Humio Server 1.20.2 Stable (2021-02-11)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.20.2 | Stable | 2021-02-11 | 2022-02-11 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | c8369fd679e4ef4fb1ddad2a632156e1 |
SHA1 | 7dc7214d24c3314fa9e60128106aed4078b2c7c9 |
SHA256 | e1c8188fd7e0dc92c648a675514627c4a9ae0f52658aac748d35a0105347c4ba |
SHA512 | fea474b22bebcbe7c5ad1e142fbf157f495b58726951e8b52820475fdda5eb48503a76bef7e2178ac3aeddcc6087d6bdd66c3ab5c67dbcf721da1ebc4bd671fa |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.20.2/server-1.20.2.tar.gz
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.20.2 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.20.2. In case you need to do a rollback, this can also only happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Functions
Other
Fixed a bug where fields panel was not scrollable in Safari.
Reduce triggering of auto completion in the query editor.
Fixed an issue where cloning a dashboard or parser would clone the wrong entity.
Improve query cache hit rate by not starting queries locally when the preferred nodes are down, if the local node has just started — as there is a fair chance the preferred nodes will show up shortly too.
Fixed a bug that exporting a package with dashboard parameters would not set the correct name space for a saved query called in a parameter.
Fixed a bug that exporting a package using a saved query with spaces in the name would not export the correct name.
Fixed a bug in parseJson which resulted in failed JSON parsing if an object contained an empty key (
""
).Query scheduling now tracks cost spent across queries for each user and tends to select next task so that users (rather than queries) each get a fair share of available CPU time.
Handle inconsistencies in the global entities file gracefully rather than crashing.
Fixed an issue where some parts of regexes did not shown in the parser editor.
Humio Server 1.20.1 Stable (2021-02-01)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.20.1 | Stable | 2021-02-01 | 2022-02-01 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 5f2ccaea9f97572ec047be936d7ff0de |
SHA1 | 5e434cc0df8b437a3974be645e80c3f2c56ec78a |
SHA256 | 74f2fcf3d5d2bc5b1e5830d98a03512395ac7beb6456bf754e69e48e89e1d7cf |
SHA512 | 16a58326069b3dd9e401688627e62e825249654501f63c939d245c6b501bd683c7682a634f9cb0265c17029ac8b7cdf038e57daa27a57478980115bce18c53ce |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.20.1/server-1.20.1.tar.gz
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.20.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.20.1. In case you need to do a rollback, this can also only happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Other
Minor fix to Humio internal JSON logging when using the configuration
HUMIO_LOG4J_CONFIGURATION=log4j2-json-stdout.xml
Humio Server 1.20.0 Stable (2021-01-28)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.20.0 | Stable | 2021-01-28 | 2022-01-28 | 1.16.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 095aa44f1cbaf9cdffc9753286206248 |
SHA1 | fd4eb8cc488d18e7fedff3af212a9919d399b256 |
SHA256 | 79868d79d893ebb3114208e5e7f64d20ded44b76f4342b3b2d932df6288c927e |
SHA512 | 9b91b51b21654ec1961ee9ba31193ad5511850cdb3623d82403356191535a74febeb51a49fb711438408898fe4222f2522f3c37b33c81c75091b6a415c2f0924 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.20.0/server-1.20.0.tar.gz
Important Information about Upgrading
This release promotes the latest 1.19 release from preview to stable.
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.20.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.20.0. In case you need to do a rollback, this can also only happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
This version introduces Humio packages - a way of bundling and sharing assets such as dashboards and parsers. You can create your own packages to keep your Humio assets in Git or create utility packages that can be installed in multiple repositories. All assets can be serialized to YAML files (like what has been possible for dashboards for a while). With tight integration with Humio's CLI humioctl you can install packages from local disk, URL, or directly from a Github repository. Packages are still in beta, but we encourage you do start creating packages yourself, and sharing them with the community. At Humio we are also very interested in talking with package authors about getting your packages on our upcoming marketplace.
Read more about packages on our Packages.
With the introduction of Humio packages we have created the application Insights Package. The application is a collection of dashboards and saved searches making it possible to monitor and observe a Humio cluster.
The new query editor has a much better integration with Humio's query language. It will give you suggestions as you type, and gives you inline errors if you make a mistake. We will continue to improve the capabilities of the query editor to be aware of fields, saved queries, and other contextual information.
A new function called test()
has been added
for convenience. What used to be done like:
tmp := <expression> |
tmp=true
can now be done using:
test( <expression>
)
. Inside
<expression>
field
names appearing on the right hand side of an equality test, such
as field1==field2
compares
the values of the two fields. When comparing using
=
at top-level
field1=field2
compares the
value of field1
against
the string "field2"
. This
distinction is a cause of confusion for some users, and using
test()
simplifies that.
We have made small changes to how Humio logs internally. We did this to better support the new Insights Package. We have tried to keep the changes as small and compatible as possible, but we have made some changes that can break existing searches in the humio repository (or other repositories receiving Humio logs). We made these changes as we think they are important in order to improve things moving forward. One of the benefits is the new Insights Package. Read more about the details LogScale's Internal Logging.
To see more details, go through the individual 1.19.x release notes.
Bug Fixes
Other
Fixed an issue causing the secondary storage transfer job to plan more segments for transfer than necessary.
Segment download timeout raised from 120s to 1.0s. Avoids situations where large segments could not be moved around a cluster.
Fixed a bug where merged segments could grow too large if the source events were large.
Enable Package marketplace (in beta)
Major changes (see version 1.19.0 release notes)
Humio Server 1.19.2 Preview (2021-01-25)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.19.2 | Preview | 2021-01-25 | 2021-01-28 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 01e72a42b56685f50111466e91475e9b |
SHA1 | 7d09c09579a2c00cb2cc0a38c421969861f9c6a0 |
SHA256 | 83e7efdf3bd38eb806b30c81603e4eefe5ee17f88fa9c6440fd56d11c86d2869 |
SHA512 | 3ccc62d52899ecad9fd7626bb15f90b05bcabaf761d997c4aa63849f93702c6caf32d1f6ed191c981054c1df853ec6fbcdbd07fba0e76e289d4f71d39b542d9b |
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.19.2 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded to minimum 1.16.0 before trying to upgrade to 1.19.2. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer, rolling directly back to an earlier release can result in data loss.
Bug Fixes
Other
Fixed an issue for on-prem users not on multitenant setup by reverted a metric change introduced in 1.18.0, jmx and Slf4j included an OrgId in all metrics for repositories.
Fixed automatic installation of Humio insights package to the humio repository.
Humio Server 1.19.1 Preview (2021-01-19)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.19.1 | Preview | 2021-01-19 | 2021-01-28 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 7ba0f9e286f6933cb19b49be72df8078 |
SHA1 | 489be0b931419cd128d5a03e2b2fbce819095257 |
SHA256 | 2f8a22da0e6f85c4cd4479367635ad9c0a0586f2fc69df55533e349e3ea29bab |
SHA512 | b306f424ae1425145a382be5847e46f6f56d91777202ef94117c755be5f713dab787ae6da2a4acd0091d04d07d75b3b4154185eab5327f8db558071d1b4d301f |
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.19.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded to minimum 1.16.0 before trying to upgrade to 1.19.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer, rolling directly back to an earlier release can result in data loss.
Bug Fixes
Functions
Fixed bug where the
format()
function produced wrong output for some floating-point numbers.
Other
Update dependencies with known vulnerabilities
Do not cache cancelled queries.
Do not retry a query when getting a HTTP .0 error
Fixed bug in a saved query in the Humio insights package.
Fixed an issue - Do not delete datasource before the segments have been deleted also in bucket storage if present there.
Humio Server 1.19.0 Preview (2021-01-14)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.19.0 | Preview | 2021-01-14 | 2021-01-28 | 1.16.0 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 63d03b5a7d362d1d9a5dfcb5a7d6fcea |
SHA1 | 7ed7776a690ff76afd4ff77ac585a28ef7ee1b2c |
SHA256 | 532dd54bc612b6f771a142899277430469a85c3a431a7824105c1ab69d21974e |
SHA512 | 9edc286d2409cdf36496cc9a7c69ab525ac3207006f1ce3aa194bd17e59e4601f676dbdec0c71cfecd197364b45d83398e5566cebbed82e0a10e1d19ae2e91eb |
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.19.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.19.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Functions
Make the query functions
window()
andseries()
be enabled by default. They can be disabled by setting the configuration optionsWINDOW_ENABLED
andSERIES_ENABLED
tofalse
, respectively.Fixed an issue causing queries using
kvParse()
to be executed incorrectly in certain circumstances whenkvParse()
assigned fields starting with a non-alphanumeric character.Added a new function for retrieving the ASN number for a given IP address, see
asn()
reference page.Fixed an issue causing queries using
kvParse()
to filter out too much in specific circumstances when filtering on a field assigned beforekvParse()
.Fixed an issue where unit-conversion (by timechart) did not take effect through
groupBy()
andwindow()
.New function
hash()
for computing hashes of fields. Seehash()
reference page.Fixed an issue with the
cidr()
function that would make some IPv4 subnets accept IPv6 addresses and some strings that were not valid IP addresses.
Other
Fixed a bug where fullscreen mode could end up blank
New feature: "stateless Ingest-only nodes": A node that the rest of the cluster does not know exists, but is capable of ingesting events into the ingest queue. Enable using NODE_ROLES=ingestonly.
Introduction of the new log file humio-requests.log. Also the log format for the files humio-metrics.log and humio-nonsensitive.log has changed as described above. See Log LogScale to LogScale.
Add an error message to the event if the user is trying to redirect it to another repo using #repo, and the target repo is invalid.
The function
parseCEF()
now deals with extension fields with labels, i.e.cs1=Value cs1Label=Key
becomescef.label.Key=Value
.New ingest endpoint
/api/v1/ingest/raw
for ingesting singular webcalls as events. See Ingest API - Raw Data documentation.Fixed an issue where the filter and groupBy buttons on the search page would not restart the search automatically
Notifiers have been renamed to Actions throughout the UI and in log statements. The REST APIs have not been changed and all message templates can still be used.
API Changes (Non-Documented API): Queries and Mutations for Parser now expects an
id
field in place of aname
field, when fetching and updating parsers.When a host dies and Humio reassigns digest, it will warn if a fallback host is picked that is in the same zone as existing replicas. Eliminate warning if falling back to a host in the null zone.
New config
QUERY_QUOTA_EXCEEDED_PENALTY
with value 50 by default. When set >= 1.0 then this throttles queries from users that are over their quota by this factor rather than stopping their queries. Set to 0 to disable and revert to stopping queries.Introduced humio insights package that is installed per default on startup on the humio repository.
The built-in
bro-json
parser is deprecated and will be removed in a later release. It has been replaced by an identical parser with the namezeek-json
, see zeek-json.Fixed timeout issue in S3 Archiving
Improved app loading logic.
API Changes (Non-Documented API):
getFileContent
has been moved to a field on the SearchDomain type.Fixed an issue causing the secondary storage transfer job to select and queue too many segments for transfer at once. The job will now stop and recalculate the bulk to transfer periodically.
The names of the metadata fields added by the Humio Repository action (formerly notifier) has been changed to accomodate that it can now also be used from scheduled searches. See Falcon LogScale Repository.
Fixed a rare issue where a node that was previously assigned digest could write a segment to global, even though it was no longer assigned the associated partition.
The built-in
json-for-notifier
parser used by the Humio Repository action (formerly notifier) is deprecated and will be removed in a later release. It has been replaced by an identical parser with the namejson-for-action
, see json-for-action.Added timeout for TCP ingest listeners. By default the connection is closed if no data is received after 5 minutes. This can be changed by setting TCP_INGEST_MAX_TIMEOUT_SECONDS. See Ingest Listeners.
Made cluster nodes log their own version as well as the versions of all other nodes. This makes it easier to tell which versions are running in the cluster.
Improve handling of broken local cache files
New feature "Custom ingest tokens" making it possible for root users to create ingest tokens with a custom string.
The transfer job will delete primary copies shortly after transferring the segments to secondary storage. The copies would previously only be deleted once a full bulk had been moved.
Fixed an issue where segment merge occasionally reported BrokenSegmentException when merging, while the segments where not broken.
New filter function
test()
.Reduce contention on the query scheduler input queue. It was previously possible for large queries to prevent each other from starting, leading to timeouts.
For ingest using a URL with a repository name in it, Humio now fails ingest if the repository in the URL does not match the repository of the ingest token. Previously, it would just use the repository of the ingest token.
Updated the permission checks when polling queries. This will results in dashboard links "created by users who are either deleted or lost permissions to the view" to get unauthorized. To list all dashboard links, run this graphql query as root: query { searchDomains {dashboards { readOnlyTokens { createdBy name token } } } }
Humio will only allow using Zookeeper for node id assignment (
ZOOKEEPER_URL_FOR_NODE_UUID
) when configured for ephemeral disks (USING_EPHEMERAL_DISKS
). When using persistent disks, there is no need for the extra complexity added by Zookeeper.New feature "Event forwarding" making it possible to forward events during ingest out of Humio to a Kafka server. See Event Forwarding documentation. Currently only available for on-prem customers.
Fixed an issue where canceling queries could produce a spurious error log.
Fixed an issue causing Humio to retain deleted minisegments in global for longer than expected.
Humio no longer deletes an existing humio-search-all view if the
CREATE_HUMIO_SEARCH_ALL
environment variable is false. The view instead becomes deleteable via the admin page.Removed config IDLE_POLL_TIME_BEFORE_DASHBOARD_QUERY_IS_CANCELLED_MINUTES. Queries on dashboards now have the same life cycle as other queries.
Fixed an issue where the segment rewrite job handling event deletion might rewrite segments sooner than configured.
Fixed an issue which caused free-text-search to not work correctly for large (>64KB) events.
Fixed an issue with updating user profile, in some situations save failed.
API Changes (Non-Documented API): Getting Alert by ID has been moved to a field on the SearchDomain type.
Fixed crash in CleanupDatasourceFilesJob when examining a file size fails due to that file being deleted concurrently.
The configuration option
HTTP_PROXY_ALLOW_NOTIFIERS_NOT_USE
has been renamed to HTTP_PROXY_ALLOW_ACTIONS_NOT_USE. The old name will continue to work.Fixed an issue that could cause node id assignment to fail when running on ephemeral disks and using Zookeeper for node id assignment. Nodes in this configuration will now try to pick a new id if their old id has been acquired by another node.
Cluster management stats now shows segments as underreplicated if they are replicated to enough hosts, but are not present on all configured hosts.
In the GraphQL API, the value
ChangeAlertsAndNotifiers
on thePermission
enum has been deprecated and will be removed in a later release. It has been replaced by theChangeTriggersAndActions
value. The same is true for theViewAction
enum. On theViewPermissionsType
type, theadministerAlerts
field has been deprecated and will be removed in a later release. It has been replaced by theadministerTriggersAndActions
field.In the GraphQL API, on the
Alert
type, thenotifiers
field has been deprecated and will be removed in a later release. It has been replaced by theactions
field.The configuration option
IP_FILTER_NOTIFIERS
has been renamed toIP_FILTER_ACTIONS
. The old name will continue to work.New config
MAXMIND_IP_LOCATION_EDITION_ID
for selecting the maxmind edition of the IP location database. Deprecates MAXMIND_EDITION_ID, but old config will continue to work.Added mutation to update the runAsUser for a read only dashboard token.
Fixed bug where repeating queries would not validate in alerts.
New feature "Scheduled Searches" making it possible to run queries on a schedule and trigger actions (formerly notifiers) upon query results. See Scheduled Searches.
The Humio Repository action (formerly notifier) now replaces a prefix '#' character in field names with @tag. so that
#source
becomes@tag.source
. This is done to make them searchable in Humio. You can change the name by creating a custom parser. See Falcon LogScale Repository.Fixed an rare issue where the digest coordinator would assign digest fewer hosts than configured.
Custom made saved queries, alerts and dashboards in the humio repository searching for events of the kinds metrics, requests or nonsensitive may need to be modified. This is described in more detail in LogScale's Internal Logging.
No longer overwrite the humio parser in the humio repository on startup.
Raised the parser test character length to .00.
Added config option for Auth0 based sign on method:
AUTH_ALLOW_SIGNUP
defaults to true. The config is forwarded to the auth0 configuration for the lock widget setting: allowSignUpUpgraded Log4j2 from 2.13.3 to 2.14.0.
Reduced the number of writes to global on restart, due to merge targets not being properly reused.
New config
AUTO_UPDATE_MAXMIND
for enabling/disabling updating of all maxmind databases. Deprecates AUTO_UPDATE_IP_LOCATION_DB, but old config will continue to work.unit
on timechart (and bucket) now works also when the function within uses nesting and anonymous pipelines.Renamed
LOG4J_CONFIGURATION
environment variable toHUMIO_LOG4J_CONFIGURATION
. See Configuration Settings.New validation when creating an ingest token using the API that the parser, if specified, actually exists in the repository.
Kafka client inside Humio has been bumped from 2.4.1 to 2.6.0.
Raised the limit for note widget text length to .00
Fixed logic for when the organization owner panel should be shown in the User's Danger zone.
Humio Server 1.18.4 Stable (2021-01-25)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.18.4 | Stable | 2021-01-25 | 2022-01-25 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | d6d2999c1640e0b922b79163c9ec83b5 |
SHA1 | a0452151aaa9437a2d4f772f23d3f817080d015c |
SHA256 | b786cb7edf1d2b8729a44ff73ce8239688aefd2431940d283a15537b3be01b37 |
SHA512 | cfce44d51dce08213bfc26f5bd74cf3596185bc15e87518f63cf9b601f0e8118923d61afa17770827cd1fae6547a5d11decdacc9cffb57f95f0f3b351151632d |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.18.4/server-1.18.4.tar.gz
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.18.4 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.18.4. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Other
Fixed an issue for on-prem users not on multitenant setup by reverted a metric change introduced in 1.18.0, jmx and Slf4j included an OrgId in all metrics for repositories.
Humio Server 1.18.3 Stable (2021-01-20)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.18.3 | Stable | 2021-01-20 | 2022-01-20 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 2db608cedd7603e6cd595c58aa9fad5d |
SHA1 | ea622d5f1a706daa3c6345bc1237918836498f9f |
SHA256 | 00f4f144647918d42cf85cb26ece7c0529a76af02d6a56dd483ada74b8028816 |
SHA512 | 2335597bf91028e1b476178039e15b47645cca2f8dfdf445514e279133a042ed44a5450c9456710a9843279d431b37fff85ba4c41abab56780d8923e81e6dcc9 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.18.3/server-1.18.3.tar.gz
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.18.3 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.18.3. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Other
Do not cache cancelled queries.
Update dependencies with known vulnerabilities
Fixed bug where the
format()
function produced wrong output for some floating-point numbers.Do not retry a query when getting a HTTP .0 error
Humio Server 1.18.2 Stable (2021-01-08)
Version | Type | Release Date | End of Support | Upgrades From | Data Migration | Config. Changes |
---|---|---|---|---|---|---|
1.18.2 | Stable | 2021-01-08 | 2022-01-08 | 1.16.0 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 325cfefc1a6eef3b4f9d1e6beeb5a53a |
SHA1 | a8af4a4a70c93cb6ff945c999bd0e6ea579d1a2a |
SHA256 | f2201aab5190ec92b540bc8be9b6ea59c2e840fece63b2d87891aff9d7fc284a |
SHA512 | 8a1e56622041d45db967e6aa003da14fb78143fc63d3dfb936e318d385761f8a10a57823040d68b8f200048fc28006df1d281e74baad1bcdef080334a8634af5 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.18.2/server-1.18.2.tar.gz
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.18.2 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.18.2. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Bug Fixes
Other
Fixed bug so as to reduce contention on the Query input queue.
Improves handling when many transfers to secondary storage are pending.
Adds a new configuration option for auth0: AUTH_ALLOW_SIGNUP. Default value is true.
Fixed bug where Humio could end in a corrupted state, needing manual intervention before working again.
Resolves problem when starting a query spanning very large data sets, a time-out could prevent the browser from getting responses initially.