Full Release Notes Index
This section contains a single page with all release notes on the same page.
Falcon LogScale 1.92.0 Preview (2023-05-30)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.92.0 | Preview | 2023-05-30 | 2024-05-30 | 1.44 | 11 | No | No |
Bug fixes and updates.
Behavior Changes
Scripts or environment which make use of these tools should be checked and update for the new configuration:
Remove
NEW_INGEST_ONLY_NODE_SEMANTICS
since we no longer support opting out of the newingestonly
behavior. The behavior has been the default since 1.79.0.For more information, see Falcon LogScale 1.79.0 Preview (2023-02-28), Ingest Node.
Be less aggressive updating the digest partitions when a node goes offline. When a node goes offline/online, creating a well balanced table can require changes to partitions other than those where the changed node appears. This can cause more digest reassignment that we'd like, so we're changing the behavior of the automation. We'll now only generate optimally balanced tables in reaction to nodes being registered or unregistered from the cluster, and in reaction to the digest replication factor changing. The rest of the time, we'll take the previously generated balanced table as a starting point, and do very minimal node replacements in it to ensure partitions are properly replicated to live nodes.
Metadata on segments in memory is now represented in a manner that requires less memory at runtime after booting. The heap required for global snapshot is in the range 3-6 times the size of the disk, for a cluster with many segments. This change reduces the memory requirements for long retention compared to previous versions. Note that for a short time during boot of a node the memory requirement is closer to 10-15 times the size of the snapshot on disk.
It is no longer allowed for nodes to delete bucketed minisegments involved in queries off local disks before the queries are done. This should help ensure queries do not "miss" querying these files if they are deleted while a query is running.
Improvements, new features and functionality
UI Changes
The Time Selector now only allows zooming out to approximately 4,000 years.
The
DeleteRepositoryOrView
data permission is now visible in the UI on Cloud environments.A new tutorial built on a dedicated demo data view is available for environments that do not have access to legacy tutorial based on a sandbox repository.
The
ChangeRetention
data permission is now enabled on Cloud environments.
Documentation
Regular Expression Syntax new page has been added with extended details of supported regular expression syntax and differences between the LogScale support and other implementations such as Java and Perl.
LogScale Kubernetes Reference Architecture new page has been added with LogScale reference architecture description when deploying LogScale using Kubernetes.
GraphQL API
The GraphQL schema for
UsageStats
has been updated to reflect that queries can be in progress.The
Usage
page has been updated to support queries that are in progress for longer than the GraphQL timeout allows.
Configuration
Setting the
SHARED_DASHBOARDS_ENABLED
environment variable tofalse
now disables the option of creating links for sharing dashboards.For more information, see Disabling Access to Shared Dashboards.
Added support for using Google Cloud storage access Workload Identity rather than an explicit service account for bucket storage and export to bucket of query results.
For more information, see Google Cloud Bucket Storage with Workload Identity.
Dashboards and Widgets
New parsing of Template Expressions has been implemented in the UI for improved performance.
When creating or editing interactions you can now visualize any unused parameter bindings, with the option to remove them.
For more information, see Unused parameters bindings.
The
empty list
alias is now available as an input option for parameter bindings, so that Multi-value Parameters can be set explicitly to have the value of an empty list.For more information, see Empty list alias.
Parameter labels are now used instead of parameter IDs when displaying the list of parameters that a widget / query is waiting on.
Other
Polling a query on
/queryjobs
can now delay the response a bit in order to allow returning a potentially `done` response. The typical effective delay is less than 2 seconds, and the positive effect is saving the extra poll roundtrip that would otherwise need to happen before the query completed. This in particular makes simple queries complete faster from the viewpoint of the client, as they do not have to wait for an extra poll roundtrip in most cases.When the Kafka broker set changes at runtime, track that set and use as bootstrap servers for Kafka whenever LogScale needs to create a new Kafka client at runtime. This allows replacing all Kafka brokers (incrementally, moving their work to new servers) without restarting LogScale. Note that the set is not persisted across restart of LogScale, so when restarting LogScale, make sure to provide an up to date set of bootstrap servers.
Reduced the amount of memory used when multiple queries use the
match()
function with the same arguments. Before, if you ran many queries that used the same file, the contents of the file would be represented multiple times in memory, once for each query. This could put you at risk of exhausting the server's memory if the files were large. With this change the file contents will be shared between the queries and represented only once. This enables the server to run more queries and/or handle larger files.For more information, see Lookup Files Operation.
Bug Fixes
UI Changes
Automation and Alerts
Fixed an issue that could cause some rarely occurring errors when running alerts to not show up on the alert.
Dashboards and Widgets
Fixed an issue where certain widget options would be ignored when importing a dashboard template or installing a package.
Fixed a wrong behaviour on the Interactions overview page when creating a new interaction: if the interaction panel was opened, the repository options would dropdown in it instead of in the Create new interaction dialog.
Other
The following Node Level Metrics that showed incorrect results are now fixed: primary-disk-usage, secondary-disk-usage, cluster-time-skew, temp-disk-usage-bytes
Removed some code vulnerable to CVE-2023-31442 issue. We do not believe LogScale is affected, as the removed code was experimental and never used in production, but we are removing it to be safe. LogScale does not use the vulnerable component in Akka by default. Users who customize their Akka configuration should ensure they do not set
akka.io.dns.resolver = async-dns
.
Falcon LogScale 1.91.0 Not Released (2023-05-23)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.91.0 | Not Released | 2023-05-23 | 2024-05-23 | 1.44 | 11 | No | No |
Not released.
Falcon LogScale 1.90.0 Not Released (2023-05-16)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.90.0 | Not Released | 2023-05-16 | 2024-05-16 | 1.44 | 11 | No | No |
Not released.
Falcon LogScale 1.89.0 Preview (2023-05-11)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.89.0 | Preview | 2023-05-11 | 2024-05-11 | 1.44 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Automation and Alerts
The Alert and Scheduled Search jobs no longer produce logs about specific alerts or scheduled searches in the humio repository. The logs are still sent to the humio-activity repository, which in normal setup is also ingested into the humio repository. So before, the logs would normally be duplicated, now they are not. The only difference between the two types of logs, is that the logs from the humio-activity repository all have loglevel equal to
INFO
. You can use the severity field instead to distinguish between the severity of the logs.
GraphQL API
Mutations enableAlert and disableAlert have been added for enabling and disabling an alert without changing other fields.
Log Collector
Added a new test status for configurations, which allows you to try out a configuration on one or more instances before it’s published.
For more information, see Testing a Remote Configuration.
Other
The following cluster management features are now enabled:
AutomaticJobDistribution
AutomaticDigesterDistribution
AutomaticSegmentDistribution
For more information, see Digest Rules.
Degrade and deprecate some REST and GraphQL APIs due to the introduction of
AutomaticSegmentDistribution
andAutomaticDigesterDistribution
. The deprecated elements will be removed in a future release, once the upgrade compatibility with version 1.88.0 is dropped. We expect this to be no earlier than September 2023.The following REST endpoints are deprecated, as they no longer have an effect and return meaningless results:
api/v1/clusterconfig/segments/prune-replicas
api/v1/clusterconfig/segments/distribute-evenly
api/v1/clusterconfig/segments/distribute-evenly-reshuffle-all
api/v1/clusterconfig/segments/distribute-evenly-to-host
api/v1/clusterconfig/segments/distribute-evenly-from-host
api/v1/clusterconfig/segments/partitions
api/v1/clusterconfig/segments/setdefaults
api/v1/clusterconfig/segments/set-replication-defaults
api/v1/clusterconfig/partitions/setdefaults
api/v1/clusterconfig/ingestpartitions/distribute-evenly-from-host
api/v1/clusterconfig/ingestpartitions/setdefaults
api/v1/clusterconfig/ingestpartitions
(POST
only,GET
will continue to work)
The following GraphQL mutations are deprecated, as they no longer have an effect and return meaningless results:
clusterMoveDataToNode
clusterMoveDataAwayFromNode
clusterMoveIngestRoutesAwayFromNode
clusterMoveIngestRoutesToNode
clusterMoveStorageRouteAwayFromNode
clusterMoveStorageRouteToNode
startDataRedistribution
updateStoragePartitionScheme
The IngestPartitionScheme mutation is not deprecated, but as it updates state that is overwritten by automation, we recommend against using it — it exists solely to serve as a debugging tool.
The following GraphQL fields on the
cluster
object are deprecated, and return meaningless values:ingestPartitionsWarnings
suggestedIngestPartitions
storagePartitions
storagePartitionsWarnings
suggestedStoragePartitions
storageDivergence
reapply_targetSize
The following fields in the return value of the
api/v1/clusterconfig/segments/segment-stats
endpoint are deprecated and degraded to always beO
:reapply_targetBytes
reapply_targetSegments
reapply_inboundBytes
reapply_inboundSegments
Bug Fixes
UI Changes
The
Search
page would reload when using the browser's history navigation buttons. This issue has now been fixed.An error for lacking permissions that appeared when updating the organization settings has been fixed. Now, if you have permissions to view the Organization Settings page, you can also update information on it.
Automation and Alerts
Dashboards and Widgets
The following issues have been fixed on dashboards:
A dashboard would sometimes be perceived as changed on the server even though it was not.
Discard unsaved changes would appear when creating and applying new parameters.
Functions
Other
Fixed an issue that could cause segments to appear missing in queries, due to the presence of deleted minisegments with the same target as live minisegments.
Some merged segments could temporarily be missing from query results right after an ephemeral node reboot. This issue has been fixed.
An edge case has been fixed where query workers could fail to include minisegments if the minisegments were merged at a bad time, causing queries to be missing the data in those segments.
Falcon LogScale 1.88.0 Stable (2023-05-24)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.88.0 | Stable | 2023-05-24 | 2024-05-24 | 1.44 | 11 | No | Yes |
TAR Checksum | Value |
---|---|
MD5 | 4498b5fcb67bc5d9418ddb67d502af19 |
SHA1 | ce9309cb9c9d6f56513ff1e5de4c91f4f23a8b47 |
SHA256 | 9ba3c4f782bbd58751571b247ab3e76b6e2b50f0457d6966c8754e6566569273 |
SHA512 | e5cebea46bb385f268c2e8ca6f7d6d42d12f19fe7704efcbcb41b50e40ccbf318ed3035c79b8f3fdf8623860e24190dde692fce09a938d9f0c2b3486ac436ae1 |
Docker Image | SHA256 Checksum |
---|---|
humio | 607c8b664d97ec29e5a11960d3b37a01580054d5582748721c5ac141c8be72c0 |
humio-core | 071c84efeb896afb372c43515aab1a5b67e61b035e90937311988ffda9c16a53 |
kafka | ccd909da61a4b1c8be82600f749d2a571afb3ee2baa720a77aaebf06ffd334e4 |
zookeeper | 9a2015bfd9a7b7401604bb54f17d9029b4c6dc42cf3b25655b5c7e60f7e1db86 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.88.0/server-1.88.0.tar.gz
Bug fixes and updates.
Behavior Changes
Scripts or environment which make use of these tools should be checked and update for the new configuration:
It is no longer allowed for nodes to delete bucketed minisegments involved in queries off local disks before the queries are done. This should help ensure queries do not "miss" querying these files if they are deleted while a query is running.
Upgrades
Changes that may occur or be required during an upgrade.
Other
Snakeyamls has been upgraded to 2.0 to address CVE-2022-1471 issue.
Docker images have been upgraded to Java 19.0.2. to address CVE-2022-45688 issue.
Improvements, new features and functionality
Behavior
Change how downloads from bucket storage are prioritized for queries. Previously the highest priority query was allowed to download as many segments as it liked. We now try to estimate how much work a query has available in local segments, and prioritize fetching segments for those queries that are close to running out of local work and becoming blocked for that reason.
UI Changes
Event List Interactions are now accessible from the Repository Settings page.
Organization level query blocking has been added to
Organization Settings
UI.For more information, see Organization Query Monitor.
Improvements in UI tables visualization: even long column headers' text is now always left-aligned (instead of center-aligned and on top of each other) and uses a different color.
The view permission
ChangeDashboardReadonlyToken
is now also required when creating and deleting shared dashboard tokens.
Automation and Alerts
The error message for an Alert or Scheduled Search on their edit pages now has a button for clearing the error while the dismiss icon will just close the message but not clear errors.
When enabling an Alert or Scheduled Search with no actions, an inline warning message now appears instead of a message box.
The default time window for Alerts has been updated:
When creating an alert from the Alerts page, the default query time window has been changed from to to match the default throttle time.
When creating an alert from the Search page, the default Throttle period has been changed to match that of the query time window set.
For more information, see Creating a New Alert.
When creating a new Alert, you now have a pulldown menu that suggests labels that you’ve previously created for other alerts. The same applies to Scheduled Searches.
For more information, see Creating a New Alert.
Clicking the Alerts will now show every unique label that has been created on every alert in the same repository. This means that you don't need to rewrite a label when wanting to add the same label to another alert. This feature also applies to Scheduled Searches.
button in
GraphQL API
The following GraphQL mutations can now also be performed with the
ChangeOrganizationPermissions
permission:assignOrganizationRoleToGroup
unassignOrganizationRoleFromGroup
The following GraphQL mutations can now also be performed with the
ChangeSystemPermissions
permission:assignSystemRoleToGroup
The following GraphQL queries and mutations can now also be performed with either
ChangeOrganizationPermissions
,ChangeSystemPermissions
permission depending on the group:addUsersToGroup
removeUsersFromGroup
assignRoleToGroup
group
groupByDisplayName
The permissions required in order to list IP filters have been updated. You can now also list IP filters with one of the following permissions:
ChangeOrganizationPermissions
ChangeAllViewOrRepositoryPermissions
ChangeSystemPermissions
The querySearchDomain GraphQL query now allows you to search for Views and Repositories based on your permissions — previously, enforcing specific permissions caused errors.
Configuration
The new configuration parameter
SEGMENT_READ_FADVICE
has been introduced.New configuration parameters have been added allowing control of
client.rack
for our Kafka consumers:KAFKA_CLIENT_RACK
— allows specifying the value directly.KAFKA_CLIENT_RACK_ENV_VAR
— if the value is not set inKAFKA_CLIENT_RACK
, this variable is read to find the name of the variable that holds the value. It defaults toZONE
, which is the same variable applied to the LogScale node zones by default.
Automatic rebalancing of existing segments onto cluster nodes has been enabled.
Manual editing of the segment partition table is no longer supported. The table is no longer displayed in the
Cluster Administration
UI.The segments will be distributed onto cluster nodes based on the following node-level settings:
ZONE
defines a node's zone. The balancing logic will attempt to distribute segment replicas across as many zones as possible.The target disk usage percentage determines how much of the node disk we will consider usable for storing segment data during a rebalance. The balancing logic will attempt to keep nodes equally full, while considering the node zone and segment replication factor. This can be configured via GraphQL using the setTargetDiskUsagePercentage mutation. The default value is
90
.Nodes with a
NODE_ROLES
setting that excludes segment storage will not receive segments as part of a rebalance.
Additionally, the following cluster-level setting has been introduced, editable via GraphQL mutations:
setSegmentReplicationFactor configures the desired number of segment replicas.
This is also configurable via the
DEFAULT_SEGMENT_REPLICATION_FACTOR
configuration parameter.If configured via both environment variable and GraphQL mutation, the mutation has precedence.
For new clusters the default is
1
. For clusters upgrading from older versions, the initial value is taken from theSTORAGE_REPLICATION_FACTOR
environment variable, if set. If instead the variable is not set, the value is taken from the replication factor of the storage partition table prior to the upgrade — this means that upgrading clusters should see no change to their replication factor, unless specified in theSTORAGE_REPLICATION_FACTOR
.The feature can be disabled in case of problems via either the GraphQL mutation setAllowRebalanceExistingSegments, or the environment variable
DEFAULT_ALLOW_REBALANCE_EXISTING_SEGMENTS
.If you need to disable the feature, please reach out to Support and share your concerns so we can try to address them. We intend to remove the option to handle segment partitions manually in the future.
Using the storage class "S3 Intelligent-Tiering" in AWS S3 selectively on files that LogScale knows continues to be supported: it is controlled by the new dynamic configuration
BucketStorageUploadInfrequentThresholdDays
that sets the minimum number of days of remaining retention for the data in order to switch from the default "S3 Standard" to the "Intelligent" tier.The decision is made at the point of upload to the bucket only, whereas existing objects in the bucket are not modified.
The bucket must be configured to not allow the optional tiers
Archive Access tier
norDeep Archive Access tier
as those do not have instant access, which is required for LogScale.As a consequence of that, do not enable automatic archiving within the S3 Intelligent-Tiering storage class.
Disable the AutomaticDigesterDistribution feature by default. While the feature works, it can cause performance issues on very large installs if nodes are rebooted repeatedly. In future versions, we've worked around this issue, but for 1.88 patch versions, we prefer simply disabling the feature.
Dashboards and Widgets
Multivalued parameters have been introduced to pass an array of values to the query. The support is limited to the Dashboards page.
For more information, see Multi-value Parameters.
When using the Edit in search view item on a dashboard widget, the values set in parameters in the query are also carried over into the search view.
The new interaction type Update Parameters has been introduced. This interaction allows you to update parameters in the context you’re working in — on the dashboard or on the Search page.
For more information, see Update Parameters.
The combo box has been updated to show multiple selections as "pills".
When Setting Up a Dashboard Interaction, the
{{ startTime }}
and{{ endTime }}
special variables now work differently, depending on whether the query, widget or dashboard is running in Live mode or not. They now work as follows:In a live query or dashboard, the
startTime
variable will contain the relative time, such as whereasendTime
will be empty.In a non-live query or dashboard,
startTime
will be the absolute start time when the query was last run.endTime
, similarly, will have the end time of when the query was last run.
Introduced a new setting for dashboard parameters configuration to defer query execution: the dashboard will not execute any queries on page load until the user provides a value to the parameter.
For more information, see Configuring Parameters.
Interactive elements in visualizations now have the point cursor.
The new interaction type
has been introduced, allowing users to create an interaction that will trigger a new search.For more information, see Managing Dashboard Interactions, Creating Event List Interactions.
You can now save interactions with a saved query on the Search page. Interactions in saved queries are also supported in Packages.
For more information, see Creating Event List Interactions.
You can now delete or duplicate Event List Interactions from the Interactions overview page.
For more information, see Deleting and Duplicating Event List Interactions.
Log Collector
Fleet Management updates:
Added the
Basic Information
page with primary information of a specific configuration e.g. name, description, no. of assigned instances.The Config Editor used to create/modify LogScale Collector configurations in LogScale has been augmented with context aware auto-completion, tooltips for keywords and highlighting of invalid settings.
For more information, see Creating a Configuration - Fleet Management.
On the Config Overview page a column showing the state of the configuration has been added. The configuration can either be or in state.
A menu item has been added on the Config Overview page, that links to the Settings page.
When clicking on an Error status on the Fleet Overview page, a dialog with the error details will open.
For more information, see LogScale Collector Fleet Management.
Functions
base64Decode()
query function has been updated such that, when decoding to UTF-8, invalid code points are replaced with a placeholder character.Performance improvements have been made to the
match()
query function in cases whereignoreCase=true
is used together with eithermode=cidr
, ormode=string
.When IOCs are not available, the
ioc:lookup()
query function will now produce an error. Previously, it only produced a warning.The memory usage of the functions
selectLast()
andgroupBy()
has been improved.
Other
When the automatic segment rebalancing feature is enabled, ignore the segment storage table when evaluating whether dead ephemeral nodes can be removed automatically.
Reduced the amount of memory used when multiple queries use the
match()
function with the same arguments. Before, if you ran many queries that used the same file, the contents of the file would be represented multiple times in memory, once for each query. This could put you at risk of exhausting the server's memory if the files were large. With this change the file contents will be shared between the queries and represented only once. This enables the server to run more queries and/or handle larger files.For more information, see Lookup Files Operation.
Improvements to query scheduler logic for "shelving" i.e., pausing queries considered too expensive. The pause/unpause logic are now more responsive and unpause queries faster when they become eligible to run.
Create Repositories
permission now also allows LogScale Self-Hosted users to create repositories.
Packages
The size limit of packages' lookup files has been changed to adhere to the
MAX_FILEUPLOAD_SIZE
configuration parameter. Previously the size limit was1MB
.For more information, see Exporting the Package.
Bug Fixes
UI Changes
The
Search
page would reload when using the browser's history navigation buttons. This issue has now been fixed.The Fields Panel flyout displayed the bottom 10 values rather than the top 10 values. This issue has now been fixed.
For more information, see Displaying Fields.
An issue in the
Usage
page that could fail showing any data has been fixed.The
Usage
page now shows an error if there are any warnings from the query.
Dashboards and Widgets
The tooltip in the
Time Chart
widget would not show any data points. This issue has now been fixed.'_'
was not recognized as a valid first symbol for parameters when parsing queries. This issue has now been fixed.Non-breaking space chars (ALT+Space) made Template Expressions unable to be resolved. This issue has been fixed.
Attempting to remove a widget on a dashboard would sometimes remove another widget than the one attempted to remove. This issue has been fixed.
""
was being discarded when creating URLs for interactions. This issue has now been fixed.The values of FixedList Parameter on a dashboard would change sort ordering after being exported to a yaml template file. This issue has been fixed.
Fixed an issue where clicking the Inspect link in alert notifications would land on a missing page.
Functions
timeChart()
provided withunit
andgroupBy()
as the aggregation function would not warn on exceeding the defaultgroupBy()
limit
. This issue has now been fixed.The
groupBy()
function would not always warn upon exceeding the defaultlimit
. This issue has now been fixed.Fixed a regression in
join()
validation, which was introduced in version Falcon LogScale 1.80.0 Preview (2023-03-07).
Other
In clusters with bucket storage running queries that take more than 90 minutes, those queries could spuriously fail with a complaint that segments were missing. The issue has now been fixed.
Export query result to file dialog would not close in some cases. This issue has now been fixed.
An issue that would cause bucket downloads to retry infinitely many times for certain types of segments has been fixed.
An uploaded file would sometimes disappear immediately after uploading. This issue has been fixed.
The following audit log issues have been fixed:
the audit log logged the name of the view owning the view bindings instead of the repository it links to. The name now matches the id in the binding log entry.
the audit log for a view update did not use the updated view but the view data before the update.
An issue that would cause query workers to handle minisegments for longer than intended has been fixed.
Fixed bucket downloads that could fail if the segment they were fetching disappeared from global.
In ephemeral-disk mode, allow removing a node via the UI when it is dead regardless of any data present on the node: ephemeral mode knows how to ensure durability also when nodes are lost without notice.
For more information, see Ephemeral Nodes and Cluster Identity.
Restart of queries based on lookup files has been fixed: only live queries need restarting from changes to uploaded files that they depend on. Scheduled Searches and static queries use the version of the file present when they start and run to completion.
Falcon LogScale 1.87.0 Preview (2023-04-25)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.87.0 | Preview | 2023-04-25 | 2023-05-24 | 1.44 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Dashboards and Widgets
When using the Edit in search view item on a dashboard widget, the values set in parameters in the query are also carried over into the search view.
When Setting Up a Dashboard Interaction, the
{{ startTime }}
and{{ endTime }}
special variables now work differently, depending on whether the query, widget or dashboard is running in Live mode or not. They now work as follows:In a live query or dashboard, the
startTime
variable will contain the relative time, such as whereasendTime
will be empty.In a non-live query or dashboard,
startTime
will be the absolute start time when the query was last run.endTime
, similarly, will have the end time of when the query was last run.
Functions
base64Decode()
query function has been updated such that, when decoding to UTF-8, invalid code points are replaced with a placeholder character.The memory usage of the functions
selectLast()
andgroupBy()
has been improved.
Packages
The size limit of packages' lookup files has been changed to adhere to the
MAX_FILEUPLOAD_SIZE
configuration parameter. Previously the size limit was1MB
.For more information, see Exporting the Package.
Bug Fixes
UI Changes
Dashboards and Widgets
Non-breaking space chars (ALT+Space) made Template Expressions unable to be resolved. This issue has been fixed.
Attempting to remove a widget on a dashboard would sometimes remove another widget than the one attempted to remove. This issue has been fixed.
Functions
timeChart()
provided withunit
andgroupBy()
as the aggregation function would not warn on exceeding the defaultgroupBy()
limit
. This issue has now been fixed.The
groupBy()
function would not always warn upon exceeding the defaultlimit
. This issue has now been fixed.
Other
In clusters with bucket storage running queries that take more than 90 minutes, those queries could spuriously fail with a complaint that segments were missing. The issue has now been fixed.
Falcon LogScale 1.86.0 Preview (2023-04-18)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.86.0 | Preview | 2023-04-18 | 2023-05-24 | 1.44 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Automation and Alerts
When creating a new Alert, you now have a pulldown menu that suggests labels that you’ve previously created for other alerts. The same applies to Scheduled Searches.
For more information, see Creating a New Alert.
Configuration
New configuration parameters have been added allowing control of
client.rack
for our Kafka consumers:KAFKA_CLIENT_RACK
— allows specifying the value directly.KAFKA_CLIENT_RACK_ENV_VAR
— if the value is not set inKAFKA_CLIENT_RACK
, this variable is read to find the name of the variable that holds the value. It defaults toZONE
, which is the same variable applied to the LogScale node zones by default.
Bug Fixes
Dashboards and Widgets
'_'
was not recognized as a valid first symbol for parameters when parsing queries. This issue has now been fixed.""
was being discarded when creating URLs for interactions. This issue has now been fixed.
Falcon LogScale 1.85.0 Preview (2023-04-13)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.85.0 | Preview | 2023-04-13 | 2023-05-24 | 1.44 | 11 | No | No |
Bug fixes and updates.
Upgrades
Changes that may occur or be required during an upgrade.
Other
Snakeyamls has been upgraded to 2.0 to address CVE-2022-1471 issue.
Improvements, new features and functionality
UI Changes
Organization level query blocking has been added to
Organization Settings
UI.For more information, see Organization Query Monitor.
Improvements in UI tables visualization: even long column headers' text is now always left-aligned (instead of center-aligned and on top of each other) and uses a different color.
Automation and Alerts
Clicking the Alerts will now show every unique label that has been created on every alert in the same repository. This means that you don't need to rewrite a label when wanting to add the same label to another alert. This feature also applies to Scheduled Searches.
button in
GraphQL API
The following GraphQL mutations can now also be performed with the
ChangeOrganizationPermissions
permission:assignOrganizationRoleToGroup
unassignOrganizationRoleFromGroup
The following GraphQL mutations can now also be performed with the
ChangeSystemPermissions
permission:assignSystemRoleToGroup
The following GraphQL queries and mutations can now also be performed with either
ChangeOrganizationPermissions
,ChangeSystemPermissions
permission depending on the group:addUsersToGroup
removeUsersFromGroup
assignRoleToGroup
group
groupByDisplayName
The permissions required in order to list IP filters have been updated. You can now also list IP filters with one of the following permissions:
ChangeOrganizationPermissions
ChangeAllViewOrRepositoryPermissions
ChangeSystemPermissions
Configuration
The new configuration parameter
SEGMENT_READ_FADVICE
has been introduced.Using the storage class "S3 Intelligent-Tiering" in AWS S3 selectively on files that LogScale knows continues to be supported: it is controlled by the new dynamic configuration
BucketStorageUploadInfrequentThresholdDays
that sets the minimum number of days of remaining retention for the data in order to switch from the default "S3 Standard" to the "Intelligent" tier.The decision is made at the point of upload to the bucket only, whereas existing objects in the bucket are not modified.
The bucket must be configured to not allow the optional tiers
Archive Access tier
norDeep Archive Access tier
as those do not have instant access, which is required for LogScale.As a consequence of that, do not enable automatic archiving within the S3 Intelligent-Tiering storage class.
Dashboards and Widgets
Multivalued parameters have been introduced to pass an array of values to the query. The support is limited to the Dashboards page.
For more information, see Multi-value Parameters.
Introduced a new setting for dashboard parameters configuration to defer query execution: the dashboard will not execute any queries on page load until the user provides a value to the parameter.
For more information, see Configuring Parameters.
The new interaction type
has been introduced, allowing users to create an interaction that will trigger a new search.For more information, see Managing Dashboard Interactions, Creating Event List Interactions.
Log Collector
Fleet Management updates:
Added the
Basic Information
page with primary information of a specific configuration e.g. name, description, no. of assigned instances.The Config Editor used to create/modify LogScale Collector configurations in LogScale has been augmented with context aware auto-completion, tooltips for keywords and highlighting of invalid settings.
For more information, see Creating a Configuration - Fleet Management.
Functions
When IOCs are not available, the
ioc:lookup()
query function will now produce an error. Previously, it only produced a warning.
Other
Worker-level query scheduling has been adjusted to avoid long-term starvation of expensive queries.
Improvements to query scheduler logic for "shelving" i.e., pausing queries considered too expensive. The pause/unpause logic are now more responsive and unpause queries faster when they become eligible to run.
Create Repositories
permission now also allows LogScale Self-Hosted users to create repositories.
Bug Fixes
Functions
Fixed a regression in
join()
validation, which was introduced in version Falcon LogScale 1.80.0 Preview (2023-03-07).Fixed an issue where a query with
join()
,selfJoin()
, orselfJoinFilter()
functions would sometimes get cancelled.
Other
An issue that would cause bucket downloads to retry infinitely many times for certain types of segments has been fixed.
The following audit log issues have been fixed:
the audit log logged the name of the view owning the view bindings instead of the repository it links to. The name now matches the id in the binding log entry.
the audit log for a view update did not use the updated view but the view data before the update.
An issue that would cause query workers to handle minisegments for longer than intended has been fixed.
Falcon LogScale 1.84.0 Not Released (2023-04-04)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.84.0 | Not Released | 2023-04-04 | 2023-05-24 | 1.44 | 11 | No | No |
Not released.
Falcon LogScale 1.83.0 Preview (2023-03-28)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.83.0 | Preview | 2023-03-28 | 2023-05-24 | 1.44 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
Event List Interactions are now accessible from the Repository Settings page.
Automation and Alerts
The default time window for Alerts has been updated:
When creating an alert from the Alerts page, the default query time window has been changed from to to match the default throttle time.
When creating an alert from the Search page, the default Throttle period has been changed to match that of the query time window set.
For more information, see Creating a New Alert.
GraphQL API
The querySearchDomain GraphQL query now allows you to search for Views and Repositories based on your permissions — previously, enforcing specific permissions caused errors.
Dashboards and Widgets
The combo box has been updated to show multiple selections as "pills".
Interactive elements in visualizations now have the point cursor.
You can now save interactions with a saved query on the Search page. Interactions in saved queries are also supported in Packages.
For more information, see Creating Event List Interactions.
You can now delete or duplicate Event List Interactions from the Interactions overview page.
For more information, see Deleting and Duplicating Event List Interactions.
Functions
Performance improvements have been made to the
match()
query function in cases whereignoreCase=true
is used together with eithermode=cidr
, ormode=string
.
Bug Fixes
Other
Fixed bucket downloads that could fail if the segment they were fetching disappeared from global.
Falcon LogScale 1.82.1 Stable (2023-05-15)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.82.1 | Stable | 2023-05-15 | 2024-05-15 | 1.44 | 11 | No | No |
TAR Checksum | Value |
---|---|
MD5 | fb4b50f131a07565a3f26b880d56fd4c |
SHA1 | 1263a3d79beba7826184e3ad25ecd0e943c7ea9e |
SHA256 | 0d941a09269ae5efaa934568009a4ac4ea8a3ef7100332afe253c82ff75ec17b |
SHA512 | 0277eab1d3069f5369f978b9d582f3093c6856563d4512c590cbed3a381e1fd8c45ddb4185e71c2ff5c2ce9dc2f97822fbe466574c0e638e90c2132db9980e06 |
Docker Image | SHA256 Checksum |
---|---|
humio | 87eaef9b043dd23a65eefd749e9540b27d554fd1f41484695d77815544347937 |
humio-core | 145cb7a5d35dffc62e7239b007721454ba2bd85af50496cc4c461bafbcd472d9 |
kafka | 31a6e03e68efd4d7a2a3be0858726d77c6c7e7be9eadecff52144e8e349b195e |
zookeeper | 4842ee4e9848b389d97e155a9504e9e9c54ae4312c9d47b23529e9bea4fcf85a |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.82.1/server-1.82.1.tar.gz
Bug fixes and updates.
Bug Fixes
UI Changes
Fixed some missing Field Interactions options for the data type in the Event List.
For more information, see Field Data Types.
Falcon LogScale 1.82.0 Stable (2023-04-12)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.82.0 | Stable | 2023-04-12 | 2024-04-12 | 1.44 | 11 | No | No |
TAR Checksum | Value |
---|---|
MD5 | 51d366030dddbe5f3b5cf2bf54507d11 |
SHA1 | 877287bb9d431853a530ff647b692a8c40f8fad8 |
SHA256 | 191b56f4e1a9e54bcf284b0280cce865251970d7bd0cd6660f132520b0931432 |
SHA512 | 88e8219b8a60fe259e1953584cee167d2325abf28525ea70bead77998af11b5ebe0df5bcce0a3bef398db95b5f99ac1f3022d8ab24f88aef22bde42f0f4af180 |
Docker Image | SHA256 Checksum |
---|---|
humio | 6087c619f855cf9a1d05c6aaf983feb3b1fdd7d051c8c769683541f45181da79 |
humio-core | 41089d22b64f5e7fb6e1337064afec7816ac84aa5602b1d98f6684fa16eb03e4 |
kafka | 3b3a4a610a5ab9b38dded8cad062aedf863651ca6f3f9c6b81bee753af9c6d6c |
zookeeper | e5887242f44220b313c6c11bb062ce1e3255d65ec9437bc58876ffbf1753ce0a |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.82.0/server-1.82.0.tar.gz
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
Improvements have been made on the Fields Panel, that would flicker when switching between the Results and Events tabs and the query was live. It now displays the fields of the aggregated query when on the Results tab, and the fields of the events query when on the Events tab.
Functions
The
match()
query function has been improved in terms of speed when usingglob
as themode
.
Other
Added backend support for organization level query blocking. Actors with the
BlockQueries
permission are able to block and stop queries running within their organization.Worker-level query scheduling has been adjusted to avoid long-term starvation of expensive queries.
Added optional global argument to
stopAllQueries
,stopStreamingQueries
,stopHistoricalQueries
,blockedQueries
,addToBlocklistById
,addToBlocklist
permissions. Default isfalse
i.e. within own organization only.
Bug Fixes
Dashboards and Widgets
The dropdown menu for dashboard parameter suggestions is now faster and can handle several thousand entries without blocking the UI.
For more information, see Managing Dashboard Parameters.
Functions
Fixed an issue where a query with
join()
,selfJoin()
, orselfJoinFilter()
functions would sometimes get cancelled.
Other
Fixed an issue that could cause recently merged minisegments to be excluded from searches after a reboot.
Fixed an issue that occurred when creating users: when multiple user creation requests were sent at the same time, multiple users were in some cases created with the same name.
Fixed a permission issue for LogScale Self-Hosted having a dependency on the
ManageOrganizations
system permission, which should not apply to that environment — theManageCluster
system permission in itself is now sufficient for Self-Hosted.Fixed an issue with API Explorer that could fail to load in some configurations when using cookie authentication.
Falcon LogScale 1.81.0 Preview (2023-03-14)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.81.0 | Preview | 2023-03-14 | 2023-04-12 | 1.44 | 11 | No | No |
Bug fixes and updates.
Removed
Items that have been removed as of this release.
The deprecated REST Alert API has been removed.
The deprecated REST Action API endpoint for testing actions has been removed.
Upgrades
Changes that may occur or be required during an upgrade.
Other
OpenSSL in Docker images has been upgraded to address CVE-2023-0286 issue.
Improvements, new features and functionality
Automation and Alerts
The throttle field on alerts can now be imported and exported.
Configuration
The default value for
AUTOSHARDING_TRIGGER_DELAY_MS
has been raised from 20,000 to 3,600,000.
Other
Event redaction will no longer rewrite minisegments. Instead, the redaction will be delayed until all minisegments that would be affected have been merged.
Query Monitor
page is now available on the organization level. Users withMonitor queries organization
level permission get access to the page where they can see queries running in their organization.For more information, see Query Monitor, Organization Query Monitor.
New ingest endpoint
api/v1/ingest/json
for ingesting JSON objects and JSON arrays has been added.For more information, see Ingest Raw JSON Data.
Bug Fixes
Falcon Data Replicator
Fixed a bug where testing new FDR feeds that use S3 Aliasing would fail for valid credentials.
Dashboards and Widgets
The following items have been fixed:
Parameter bindings would not be visible for imported dashboards when configuring interactions.
Imported dashboard containing interactions would be perceived as invalid.
For more information, see Managing Dashboard Interactions.
Functions
Fixed a bug where the query editor would wrongly claim that predicate functions used as match guards were missing an argument to the
field
parameter.
Other
Fixed an issue which could cause minisegments to not all be on the same host for a short time, while those minisegments were being merged. This could cause queries to be unable to query them.
Fixed some issues in the event redaction implementation which could cause the redaction to fail in rare cases.
A bug has been fixed that caused recent minisegments to be missed in queries if the minisegments were merged during the query.
Falcon LogScale 1.80.0 Preview (2023-03-07)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.80.0 | Preview | 2023-03-07 | 2023-04-12 | 1.44 | 11 | No | No |
Bug fixes and updates.
Behavior Changes
Scripts or environment which make use of these tools should be checked and update for the new configuration:
Ingested events would not be limited in size if the bulk of the data in the event was in fields other than @rawstring. This will now be enforced. Events that exceed the limit on event size at ingest are handled as follows:
@rawstring is truncated to the maximum allowed length, and all other fields are dropped from the event.
@timestamp becomes the ingest time.
@timezone becomes UTC.
(This is identical to the previous handling of oversized @rawstring).
Upgrades
Changes that may occur or be required during an upgrade.
Other
Upgrade Kafka client to 3.4.0.
Upgrade Kafka broker to 3.4.0 in the Kafka container.
The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.
Improvements, new features and functionality
UI Changes
Whether one can create a new repository is now controlled by the
Create repository
permission in the UI.Interactions installed from a package use the new repository where the package is installed.
Configuration
Removed
NEW_VHOST_SELECTION_ENABLED
as a configuration option. The option has beentrue
by default since 1.70; an opt-out is no longer needed.
Dashboards and Widgets
Changed the query editor when editing dashboard queries to be the same that is used on the Search page.
Log Collector
New Template feature added to the Fleet Management page, which allows you to:
upload a yaml file when creating a new configuration
export either the published or draft version of a configuration file.
For more information, see LogScale Collector Fleet Management Overview.
Functions
Saved queries can now be used in subqueries, see Using Functions as Arguments to Other Functions.
Other
Added backend support for organization level query monitor. The new
MonitorQueries
permission now allows viewing queries that are running within the organization.
Bug Fixes
UI Changes
A high CPU usage in the UI since LogScale 1.75 when the Time Zone Selector dropdown was displayed has now been fixed.
Configuration
Automatic generation and updating of the digest partitions table has been enabled, and manual editing is no longer supported. See Digest Rules for reference.
The table will be kept up to date based on the following node-level settings (see Assigning Digest Work to Node):
ZONE defines a node's zone. The table we generate will attempt to distribute segments across as many zones as possible.
Nodes will appear in the table more often if they have many cores. Nodes with fewer cores will appear less often.
Nodes with a
NODE_ROLES
setting that excludes digest work will not appear in the table.
A cluster-level setting has also been introduced: setDigestReplicationFactor GraphQL mutation configures the replication factor to use for the table. This is also settable via the environment variable
DEFAULT_DIGEST_REPLICATION_FACTOR
.Automatic management of the digest partition table is now handled by the environment variable
DEFAULT_ALLOW_UPDATE_DESIRED_DIGESTERS
. We intend to remove the option to handle digest partitions manually in the future.
Dashboards and Widgets
Keyboard combinations cmd+Z/Ctrl+Z no longer deletes the query on dashboard widgets.
Functions
A performance issue in
collect()
when it collected many values has been fixed.Validation of
join()
and join-like functions in conditional expressions and subqueries not having positional information has been fixed.Fixed an issue where joins in
case
statements,match
statements, and subqueries would mark the entire query as erroneous.
Other
Avoid caching warnings that some data segments could not be found on any servers. This prevents queries from displaying this warning spuriously.
Minisegments would be removed too early from nodes which were querying them, causing queries to be missing some data.
Some minisegments would be excluded from queries in cases where those minisegments had previously been merged, but the merge was reverted.
Two hosts booted at around the same time would conflict on which vhost number to use, causing one of the hosts to crash.
Falcon LogScale 1.79.0 Preview (2023-02-28)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.79.0 | Preview | 2023-02-28 | 2023-04-12 | 1.44 | 11 | No | No |
Bug fixes and updates.
Behavior Changes
Scripts or environment which make use of these tools should be checked and update for the new configuration:
The behavior of nodes using the
ingestonly
role has changed. Such nodes used not to write to global, and not register themselves in the cluster. They now do both.The old behavior can be restored by setting
NEW_INGEST_ONLY_NODE_SEMANTICS=false
. If you do this, please reach out to Support and outline your need, as this option will be removed in the near future.
Improvements, new features and functionality
Automation and Alerts
When creating or editing Alerts and Scheduled Searches, it is now possible to specify another user the alert or scheduled search should run as, via the new organization permission
ChangeTriggersToRunAsOtherUsers
.It is now checked that the user selected to run the alert or scheduled search has permissions to run it. Previously, that was first checked when trying to run the alert or scheduled search.
The new feature checks whether the user, trying to create or edit an alert or schedule search, has permissions to change and run as another user. If the feature is enabled, you can select the user to run an alert or schedule search as, from a list of users.
See Creating a New Alert and Scheduled Search Permissions for more information.
Functions
Bug Fixes
Falcon Data Replicator
Fixed a performance issue when setting
fileDownloadParallelism
to more than1
. See Adjust Polling Nodes Per Feed for more information.
UI Changes
The Event Distribution Histogram wouldn't show properly after manipulation of the @timestamp field.
Dashboards and Widgets
In visualizations using the
timeChart()
orbucket()
functions, when no results were returned you would just see an empty page. Consistently with other visualizations, you will now see a no-result message displayed, such as No results in active time window or Search Completed. No results found — depending on whether Live mode is selected or not.Fixed dashboard links to the same dashboard, as they would not correctly update the parameters.
Falcon LogScale 1.78.0 Preview (2023-02-21)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.78.0 | Preview | 2023-02-21 | 2023-04-12 | 1.44 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
The Time Zone Selector now shows the timezone as instead of when the offset is zero.
Clone items have all been replaced with Duplicate in the UI to be consistent with what they actually do.
An explicit logout message now indicates that the user's session has been terminated.
Automation and Alerts
Removed the sidepanel when creating/editing an Alerts or Scheduled Searches.
When updating or creating new Actions, any server errors will be displayed in a summary under the form. The server errors in the summary will now specify the form field title where the error occurred, to easily identify where the error is.
Configuration
The default value of
MAX_INGEST_REQUEST_SIZE
has been reduced from1024 MB
to32 MB
. This limits the size of ingest requests and rejects oversized requests. If the request is compressed within HTTP, then this restricts the size after decompressing.
Functions
Introduced the new query function
bitfield:extractFlags()
.More time format modifiers are now supported in the
format()
function:Full and abbreviated month, day-of-week names, and the century
Date/time composition format
Day Mon DD HH:MM:SS Zone YYYY
, e.g.,Tue Jun 22 16:45:05 GMT+1 1993
.
The
array:filter()
function is now generally available.
Other
"Sticky" autoshards no longer mean that the system cannot tune their value, but only that it cannot decrease the number of shards; the cluster is allowed to raise the number of shards on datasources when it needs to, also for those that were set as sticky using the REST API.
An enhancement has been made so that when the number of ingest partitions is increased, fresh partitions are assigned to all non-idle datasources based on the new set of partitions. Before this change only new datasources (new tag combinations) would be using the new partitions. The auto-balancing does not start if there are nodes in the cluster running versions prior to 1.78.0.
Bug Fixes
UI Changes
When exporting a dashboard, alert or scheduled search as a template, the labels' field was missing in the exported YAML.
For more information, see Managing Alerts, Scheduled Searches, Using Dashboards.
Double-clicking in the Event List would open the Inspection Panel instead of making a text selection. It now correctly selects the word being double-clicked.
Automation and Alerts
A typo has been fixed in message ActionWithIdNotFound.
GraphQL API
Pending deletes that would cause nodes to fail to start, reporting a NullPointerException, have been fixed.
Dashboards and Widgets
A newly added, unconfigured dashboard parameter could not be deleted again. This issue has been fixed.
Other
Fixed ingest-only nodes that would fail all requests to
/dataspaces
and/repositories
.Prevent nodes configured not to run queries from starting queries locally in the case where the query request can't be proxied.
When making updates to the query partition table, only change partitions with dead nodes. This should allow queries to continue without requiring resubmit when a previously unknown node joins the cluster.
Ensure we keep hosts listed in the query partition table up to date as those hosts restart. This should prevent an issue where removing too many nodes from a cluster could prevent queries from running.
Falcon LogScale 1.77.0 Preview (2023-02-14)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.77.0 | Preview | 2023-02-14 | 2023-04-12 | 1.44 | 11 | No | No |
Bug fixes and updates.
Behavior Changes
Scripts or environment which make use of these tools should be checked and update for the new configuration:
It is no longer possible to list ingest tokens for system repositories.
Improvements, new features and functionality
UI Changes
Filtering and group-by icons have been added to the Fields Panel and Inspection Panel detail views.
Documentation
The new Template Language reference information section has been added.
Dashboards and Widgets
Hold ⇧ (Shift) to show unformatted values. Hold ⌥ (Alt on Windows or Option on Mac) to show full legend labels.
startTime
,endTime
, and parameter variables are now also available when working with Template Language expressions on the Search page.
Functions
Introduced the
array:reduceAll()
function.As other released Array Query Functions, it requires square braces.
Other
Adding more Repositories and Views to a group is now done inside a dialog.
Ephemeral nodes are automatically removed from the cluster if they are offline for too long (2 hours by default).
Packages
Repository interactions are now supported in Packages. When exporting a package with dashboard link interactions referencing a dashboard also included in the package, then that reference will be updated to reflect this in the resulting zip file.
Bug Fixes
Dashboards and Widgets
When using the Export as template functionality, the label field was missing in the exported YAML.
For more information, see Using Dashboards.
The
Scatter Chart
widget visualization would under some conditions claim to be compatible with any result that has 3 or more fields. Yet it would not display anything unless the actual data was numeric. TheScatter Chart
visualization now properly detects compatibility and ignores any non-numeric fields in the query result.The
Table
widget is able to display any search result, yet in the widget dropdown, it would often say "Incompatible". It now indicates compatibility. For event type results, the Event List visualisation will still be preferred and auto selected.When importing a dashboard from a template, some widget options (including LegendPosition) were being ignored and reverted to their default value.
If you clone a widget and click Edit in Search View, you would be asked to discard your changes before editing, causing confusion. Now, Edit in Search View is not available until you save or discard using the buttons in the top bar.
For more information, see Managing Dashboard Widgets, Editing an Existing Widget.
Functions
The
collect()
function has been fixed in that itslimit
parameter was not being obeyed. This would lead to inconsistent results when there were more values to collect than what specified in the limit.
Other
Timeout from publish to global topic in Kafka has been fixed, as it resulted in marking input segments for merge as broken temporarily.
Nodes are now considered ephemeral only if they set
USING_EPHEMERAL_DISKS
totrue
. Previously, they were ephemeral if they either set that configuration, or if they were using the httponly node role.Linked to the correct SaaS eula for SaaS customers.
Fixing minisegment downloads during queries, as they could cause download retries to fail spuriously, even if the download actually succeeded.
Job-to-node assignment in Logscale has been reworked. Jobs that only needed to run on a subset of nodes in the cluster — such as the job for firing alert notifications or the job enforcing retention settings — would previously select which hosts were responsible for executing the job based on the segment storage table.
The selection is now based on consistent hashing, which means the job assignments should automatically follow the set of live nodes.
It is possible to observe where a given job is running based on logs found with the query
class=*JobAssignments*
.Fixing minisegment fetches as they failed to complete properly during queries, if the number of minisegments involved was too large.
Falcon LogScale 1.76.3 Stable (2023-04-27)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.76.3 | Stable | 2023-04-27 | 2024-04-27 | 1.44 | 11 | No | No |
TAR Checksum | Value |
---|---|
MD5 | 1e3ae5bfd9e5f5678fe34f0665148868 |
SHA1 | cafadf95ebeb23f145b263f9e05c7721a8a6d378 |
SHA256 | 7e532c0071874b5924b2d46c95e884c85f61de82eae228015a0c19f988f7311b |
SHA512 | f7b5ab273c7700554eece6798ebd8eb99cf4baf1e978d17b4dc92bb57f7d8001c0c03d0e03572007853ead7c63ea10191e4291d3abe6adfe18a46a3b7b5063fe |
Docker Image | SHA256 Checksum |
---|---|
humio | 21ff13996def725123764b56f9e9f3a563d4988b2f24f877abae4341db2eb3e9 |
humio-core | e848a7cdbc6d65eeb5bd33eaca3e5b697d2f477e41de294a729382ceaf383aa0 |
kafka | 395dd3f4cf6cc2a0bd02600bf7a08cadc2a840787727f77cb59e89833a48cd97 |
zookeeper | da46f56b5bcbf620c2d3e699c113a6bde0655028ed6ea6695663b7fecd479d3f |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.3/server-1.76.3.tar.gz
Bug fix.
Bug Fixes
Other
Fixed an issue with API Explorer that could fail to load in some configurations when using cookie authentication.
Falcon LogScale 1.76.2 Stable (2023-03-06)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.76.2 | Stable | 2023-03-06 | 2024-03-06 | 1.44 | 11 | No | No |
TAR Checksum | Value |
---|---|
MD5 | 6e3ffd1b9c487b41516d3aca0952c9d5 |
SHA1 | 02832eec0f41358be3e956d7e9dbab87da190d2e |
SHA256 | 1289683afb0666dbba0c7340b05d1d8ecbdd4f32ed69924108e5065d435f0fc1 |
SHA512 | 6d25eefba440ad98e76721945ac0cc12a02e1cd53ae1b1a35acd1b4b2abfe675583bdedaadefb44a12564680f507709541d43de116907fdc08a1f0a7a2f0d3b9 |
Docker Image | SHA256 Checksum |
---|---|
humio | ccde946345dfc1fe39bd0e36bc80fff02c67791241ecbfb2848842215c505b57 |
humio-core | 52bb05ccf27c04c842b307e2b895eb3bd296e40058c992bb8b898027c49595f2 |
kafka | 37e166cfeacd8ceae63929368c7d6a86560a9bc1a5b0ee174d775ef636f9a223 |
zookeeper | 0021b13408d1fad0b2644ddad81dce83af0fa2fd885b411526a365913b794f39 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.2/server-1.76.2.tar.gz
Security fix.
Upgrades
Changes that may occur or be required during an upgrade.
Other
Upgrade Kafka client to 3.4.0.
Upgrade Kafka broker to 3.4.0 in the Kafka container.
The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.
Falcon LogScale 1.76.1 Stable (2023-02-27)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.76.1 | Stable | 2023-02-27 | 2024-02-27 | 1.44 | 11 | No | No |
TAR Checksum | Value |
---|---|
MD5 | 5c03162eebeb9c4fe028bce4140da4d9 |
SHA1 | 56459772d2c7f5c2d21be6650d473bfee0893ab1 |
SHA256 | 04c067f721cb6a3bf3e74ce10d2bda8a12a3ede05c6b181af8a074a430321bfc |
SHA512 | 71e330f43a0825c70bf0fd8b1c3c82cedc554aab87316a906a72c813697c930be58eef2bffe049ff28f13bd0d4b44700e8fd7a54e796724acdf4c063c5c4508c |
Docker Image | SHA256 Checksum |
---|---|
humio | e4a730e769cb84cea8be642eb352763e6596caa249a95857de9052cc4b83ddb4 |
humio-core | 148d662610e09163ce581487ebdec4519960e9f332473b100cd3c6466d52943b |
kafka | c717b3b0c5087cb746bde5381419bf5cc31532a1756f2463ff31477374b89a4a |
zookeeper | 2b228e05f97e8946c323fa40060102de41210e5e38733ffb3dd0b353259c37d3 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.1/server-1.76.1.tar.gz
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The
REST
endpoint for testing actions has been deprecated. api/v1/repositories/repoId
/alertnotifiers/actionId
/test has been deprecated. The new GraphQL mutations should be used instead.
Prewarning; the following items are due to change in a future release.
Configuration
Starting from 1.78 release, the default value for the
MAX_INGEST_REQUEST_SIZE
configuration will be reduced from1 GB
to32 MB
.This value limits the size of ingest request and rejects oversized requests.
If the request is compressed within HTTP, then this restricts the size after decompressing.
Upgrades
Changes that may occur or be required during an upgrade.
Other
Upgrade Java to 17.0.6 in Docker containers
Upgrade Kafka to 3.3.2 for KAFKA-14379
Upgrade Kafka client to 3.3.2
Upgrade Kafka Docker container to 3.3.2
Packages
Optimizations in package handling require migration of data during upgrade. This migration is performed automatically. Please notice:
While the upgrade of cluster nodes are ongoing, we recommend you do not install or update any packages, as they may end up in an inconsistent state.
If a package ends up in a bad state during migration, it can be fixed simply by reinstalling the package.
You will potentially experience that accessing the list of installed packages will fail, and creating new dashboards, alerts, parsers, etc. based on package templates will not work as intended.
This should only happen during the cluster upgrade, and should resolve itself once the cluster is fully upgraded.
If the cluster nodes are downgraded, any packages installed or updated while running the new version will not work, and we therefore recommend uninstalling or downgrading those packages prior to downgrading the cluster nodes.
Improvements, new features and functionality
Deprecation
Removed the API for managing ingest tokens. This has long been deprecated and replaced by a GraphQL API.
UI Changes
The Search page and Dashboards URLs support links with timezones, to sharing links ensure the same timezone. E.g.
?tz=Europe/Copenhagen
Known field names are now shown as completion suggestions in The Search Box while you type.
Suggestions in The Search Box will show for certains function parameters like time formats.
Changes have been made for the three-dot menu (⋮) used for Field Interactions:
It is now available from the Fields Panel and the Inspection Panel, see Searching for Data.
Keyboard navigation has been improved.
For field interactions with live queries, the Fields Panel flyout will now display a fixed list of top values, keeping the values from the point in time when the menu was opened.
Tabs on the
Users
page are renamed: former Groups and Permissions tab is now renamed to Permissions; former Details tab is now renamed to Information. In addition, the Permissions tab is now displayed first — it is also the tab that will be opened by default when navigating to a user from other places in the product. See Role Based Access Control (RBAC) for a description of roles and permissions in the UI.Event List Interactions are now sorted by name and repository name by default.
You can now set your preferred timezone under Manage your Account.
The Search page now supports timezone picking. The timezone will be set on the users' session and remembered between pages.
Introduced Search Interactions to add custom event list options for all users in a repository.
For more information, see Event List Interactions.
Automation and Alerts
The list of Message Templates and Variables is no longer shown in the User Interface when editing Actions, instead a link to the documentation has been added.
GraphQL API
GraphQL API mutations have been added for testing actions without having to save them first. The added mutations are:
testEmailAction
testHumioRepoAction
testOpsGenieAction
testPagerDutyAction
testSlackAction
testSlackPostMessageAction
testUploadFileAction
testVictorOpsAction
testWebhookAction
The previous testAction mutation has been removed.
The new GraphQL API mutations' signature is almost the same as the create mutation for the same action, except that test actions require event data and a trigger name, as the previous testAction mutation did.
As a consequence, the
button is now always enabled in the UI.
Configuration
New dynamic configuration FlushSegmentsAndGlobalOnShutdown. When set, and when
USING_EPHEMERAL_DISKS
is set totrue
, forces all in-progress segments to be closed and uploaded to bucket, and also forces a write (and upload) of global snapshot during shutdown. When not set, this avoids the extra work and thus time shutting down from flushing very recent segments, as those can then be resumed on next boot, assuming that next boot continues on the same Kafka epoch. The default isfalse
, which allows faster shutdown.A new environment configuration variable
GLOB_ALLOW_LIST_EMAIL_ACTIONS
is introduced. It enables cluster-wide blocking of recipients of Email actions that are not in the provided allow list.The ability to keep the same merge target across digest changes is reintroduced. This feature was reverted in an earlier release due to a discovered issue where mini segments for an active merge target could end up spread across hosts. As that issue has been fixed, mini segments should now be stored on the hosts running digest for the target.
Dashboards and Widgets
The
Single Value
widget now supports interactions on both the Search and Dashboard page. See Managing Dashboard Interactions for more details on interactions.It is now possible to set a temporary timezone in dashboards, which will be read from the URL on page load.
For more information, see Time Interval Settings.
Introduced Dashboards Interactions to add interactive elements to your dashboards.
For more information, see Managing Dashboard Interactions.
Log Collector
LogScale Collector Fleet Management now supports remote configuration of LogScale Collectors. This gives an administrator the option of managing the configuration of LogScale Collector instances in LogScale, instead of managing configuration files directly on the device where Falcon LogScale Collector is installed.
For more information, see LogScale Collector Fleet Management, LogScale Collector Releases.
Functions
The query function
holtwinters()
has been removed from the product.Using
ioc:lookup()
in a query while the IOC service is disabled will now result in a failed query instead of a warning, stating that there are partial results.Queries containing a
join()
function no longer run truly live when the query is set to Live. Instead, these queries will run repeatedly at intervals determined by the query engine.For more information, see Warnings when Using Live join() Functions, Creating Widgets with Live join() Functions,
join()
, Special Behaviour for Live Joins.The performance of
in()
is improved when matching with values that do not use the*
wildcard.default()
now supports assigning the same value to multiple fields, by passing multiple field names to thefield
parameter.selectLast()
andgroupBy()
now use less state size, allowing for larger result sets.
Other
"Sticky" autoshards no longer mean that the system cannot tune their value, but only that it cannot decrease the number of shards; the cluster is allowed to raise the number of shards on datasources when it needs to, also for those that were set as sticky using the REST API.
Ephemeral nodes are automatically removed from the cluster if they are offline for too long (2 hours by default).
When creating a new group you now have to add the group and add permissions for it in the same multi step dialog.
Bug Fixes
UI Changes
Fixed an issue where the dashboard page would freeze when the value of a dashboard parameter was changed.
Fixed the UI as it were not showing an error when a query gets blocked due to query quota settings.
Fixed an issue that made switching UI theme report an error and only take effect for the current session.
We have fixed tooltips in the query editor, which were hidden by other elements in the UI.
Automation and Alerts
GraphQL API
Pending deletes that would cause nodes to fail to start, reporting a NullPointerException, have been fixed.
Configuration
Removed compression type
extreme
for configurationCOMPRESSION_TYPE
. Specifyingextreme
will now select the default value ofhigh
in order not to cause configuration errors for clusters that specifyextreme
. The suggestion is to removeCOMPRESSION_TYPE
from your configurations unless you specify the only other non-default value offast
.Fixed an issue where the IOC database could get out of sync. The IOC database will be re-downloaded upon upgrade, therefore IOCs won’t be completely available for a while after the upgrade.
Functions
Queries ending with
tail()
will no longer be rendered with infinite scroll.
Other
We have reduced the noise from
MiniSegmentMergeLatencyLoggerJob
by being more conservative about when we log mini segments that are unexpectedly not being merged. We have madeMiniSegmentMergeLatencyLoggerJob
take datasource idleness into account.Timeout from publish to global topic in Kafka has been fixed, as it resulted in marking input segments for merge as broken temporarily.
Nodes are now considered ephemeral only if they set
USING_EPHEMERAL_DISKS
totrue
. Previously, they were ephemeral if they either set that configuration, or if they were using the httponly node role.Fixing minisegment downloads during queries, as they could cause download retries to fail spuriously, even if the download actually succeeded.
Fixed a failing require from
MiniSegmentsAsTargetSegmentReader
, causing queries to fail in very rare cases.Fixed an issue where the query scheduling could hit races with the background recompression of files in a way that resulted in the query missing the file and ending up adding warnings about segment files being missed by the query.
Fixing minisegment fetches as they failed to complete properly during queries, if the number of minisegments involved was too large.
Fixed an issue for the ingest API that made it possible to ingest into system repositories.
We have set a maximum number of events that we will parse under a single timeout so large batches are allowed to take longer. If you've seen parsers time out not because the parser is actually slow but because you were processing many events in a single batch, this change should cause that stop happening. Only parsers that are genuinely slow should now time out.
Falcon LogScale 1.76.0 Preview (2023-02-07)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.76.0 | Preview | 2023-02-07 | 2023-02-27 | 1.44 | 11 | No | No |
Bug fixes and updates.
Prewarning; the following items are due to change in a future release.
Configuration
Starting from 1.78 release, the default value for the
MAX_INGEST_REQUEST_SIZE
configuration will be reduced from1 GB
to32 MB
.This value limits the size of ingest request and rejects oversized requests.
If the request is compressed within HTTP, then this restricts the size after decompressing.
Improvements, new features and functionality
Deprecation
Removed the API for managing ingest tokens. This has long been deprecated and replaced by a GraphQL API.
UI Changes
Event List Interactions are now sorted by name and repository name by default.
Dashboards and Widgets
The
Single Value
widget now supports interactions on both the Search and Dashboard page. See Managing Dashboard Interactions for more details on interactions.It is now possible to set a temporary timezone in dashboards, which will be read from the URL on page load.
For more information, see Time Interval Settings.
Log Collector
LogScale Collector Fleet Management now supports remote configuration of LogScale Collectors. This gives an administrator the option of managing the configuration of LogScale Collector instances in LogScale, instead of managing configuration files directly on the device where Falcon LogScale Collector is installed.
For more information, see LogScale Collector Fleet Management, LogScale Collector Releases.
Functions
Queries containing a
join()
function no longer run truly live when the query is set to Live. Instead, these queries will run repeatedly at intervals determined by the query engine.For more information, see Warnings when Using Live join() Functions, Creating Widgets with Live join() Functions,
join()
, Special Behaviour for Live Joins.
Bug Fixes
Other
Fixed an issue for the ingest API that made it possible to ingest into system repositories.
Falcon LogScale 1.75.0 Preview (2023-01-31)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.75.0 | Preview | 2023-01-31 | 2023-02-27 | 1.44 | 11 | No | No |
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The
REST
endpoint for testing actions has been deprecated. api/v1/repositories/repoId
/alertnotifiers/actionId
/test has been deprecated. The new GraphQL mutations should be used instead.
Upgrades
Changes that may occur or be required during an upgrade.
Other
Upgrade Java to 17.0.6 in Docker containers
Upgrade Kafka to 3.3.2 for KAFKA-14379
Upgrade Kafka client to 3.3.2
Upgrade Kafka Docker container to 3.3.2
Improvements, new features and functionality
UI Changes
The Search page and Dashboards URLs support links with timezones, to sharing links ensure the same timezone. E.g.
?tz=Europe/Copenhagen
Known field names are now shown as completion suggestions in The Search Box while you type.
Suggestions in The Search Box will show for certains function parameters like time formats.
You can now set your preferred timezone under Manage your Account.
The Search page now supports timezone picking. The timezone will be set on the users' session and remembered between pages.
Introduced Search Interactions to add custom event list options for all users in a repository.
For more information, see Event List Interactions.
GraphQL API
GraphQL API mutations have been added for testing actions without having to save them first. The added mutations are:
testEmailAction
testHumioRepoAction
testOpsGenieAction
testPagerDutyAction
testSlackAction
testSlackPostMessageAction
testUploadFileAction
testVictorOpsAction
testWebhookAction
The previous testAction mutation has been removed.
The new GraphQL API mutations' signature is almost the same as the create mutation for the same action, except that test actions require event data and a trigger name, as the previous testAction mutation did.
As a consequence, the
button is now always enabled in the UI.
Dashboards and Widgets
Introduced Dashboards Interactions to add interactive elements to your dashboards.
For more information, see Managing Dashboard Interactions.
Functions
The performance of
in()
is improved when matching with values that do not use the*
wildcard.default()
now supports assigning the same value to multiple fields, by passing multiple field names to thefield
parameter.selectLast()
andgroupBy()
now use less state size, allowing for larger result sets.
Bug Fixes
UI Changes
Fixed the UI as it were not showing an error when a query gets blocked due to query quota settings.
Fixed an issue that made switching UI theme report an error and only take effect for the current session.
Automation and Alerts
Functions
Queries ending with
tail()
will no longer be rendered with infinite scroll.
Other
Fixed a failing require from
MiniSegmentsAsTargetSegmentReader
, causing queries to fail in very rare cases.Unlimited waits for nodes to get in sync has been fixed. This caused digest coordination to fail, to limit the time allowed for a node to get "in sync" on a partition before leadership was assigned to it, in cases where the previous digest leader shut down gracefully.
Falcon LogScale 1.74.0 Preview (2023-01-24)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.74.0 | Preview | 2023-01-24 | 2023-02-27 | 1.44 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
Changes have been made for the three-dot menu (⋮) used for Field Interactions:
It is now available from the Fields Panel and the Inspection Panel, see Searching for Data.
Keyboard navigation has been improved.
For field interactions with live queries, the Fields Panel flyout will now display a fixed list of top values, keeping the values from the point in time when the menu was opened.
Automation and Alerts
The list of Message Templates and Variables is no longer shown in the User Interface when editing Actions, instead a link to the documentation has been added.
Configuration
A new environment configuration variable
GLOB_ALLOW_LIST_EMAIL_ACTIONS
is introduced. It enables cluster-wide blocking of recipients of Email actions that are not in the provided allow list.
Other
When creating a new group you now have to add the group and add permissions for it in the same multi step dialog.
Bug Fixes
UI Changes
Fixed an issue where the dashboard page would freeze when the value of a dashboard parameter was changed.
We have fixed tooltips in the query editor, which were hidden by other elements in the UI.
Configuration
Fixed an issue where the environment variable
OIDC_USE_HTTP_PROXY
was not respected. It means that LogScale will now call all OIDC endpoints directly without going through the HTTP Proxy, whenOIDC_USE_HTTP_PROXY
is set tofalse
.This fixes the known issue previously reported in Falcon LogScale 1.63.1 Stable (2022-11-14), Falcon LogScale 1.63.2 Stable (2022-11-30), Falcon LogScale 1.63.3 Stable (2022-12-21) and Falcon LogScale 1.70.0 Stable (2023-01-16).
Some restrictions have been introduced when running with
single-user
asAUTHENTICATION_METHOD
:Starting on a machine that already has multiple users will not delete them, but you will be unable to create additional users.
Running
AUTHENTICATION_METHOD=single-user
with multiple users will pick the best candidate based on username and privilege.
Other
We have set a maximum number of events that we will parse under a single timeout so large batches are allowed to take longer. If you've seen parsers time out not because the parser is actually slow but because you were processing many events in a single batch, this change should cause that stop happening. Only parsers that are genuinely slow should now time out.
Falcon LogScale 1.73.0 Preview (2023-01-17)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.73.0 | Preview | 2023-01-17 | 2023-02-27 | 1.44 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Functions
The query function
holtwinters()
has been removed from the product.Using
ioc:lookup()
in a query while the IOC service is disabled will now result in a failed query instead of a warning, stating that there are partial results.
Bug Fixes
Other
We have reduced the noise from
MiniSegmentMergeLatencyLoggerJob
by being more conservative about when we log mini segments that are unexpectedly not being merged. We have madeMiniSegmentMergeLatencyLoggerJob
take datasource idleness into account.
Falcon LogScale 1.72.0 Preview (2023-01-10)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.72.0 | Preview | 2023-01-10 | 2023-02-27 | 1.44 | 11 | No | No |
Bug fixes and updates.
Bug Fixes
Configuration
Removed compression type
extreme
for configurationCOMPRESSION_TYPE
. Specifyingextreme
will now select the default value ofhigh
in order not to cause configuration errors for clusters that specifyextreme
. The suggestion is to removeCOMPRESSION_TYPE
from your configurations unless you specify the only other non-default value offast
.
Other
Fixed an issue where the query scheduling could hit races with the background recompression of files in a way that resulted in the query missing the file and ending up adding warnings about segment files being missed by the query.
Falcon LogScale 1.71.0 Preview (2023-01-03)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.71.0 | Preview | 2023-01-03 | 2023-02-27 | 1.44 | 11 | No | No |
Bug fixes and updates.
Upgrades
Changes that may occur or be required during an upgrade.
Packages
Optimizations in package handling require migration of data during upgrade. This migration is performed automatically. Please notice:
While the upgrade of cluster nodes are ongoing, we recommend you do not install or update any packages, as they may end up in an inconsistent state.
If a package ends up in a bad state during migration, it can be fixed simply by reinstalling the package.
You will potentially experience that accessing the list of installed packages will fail, and creating new dashboards, alerts, parsers, etc. based on package templates will not work as intended.
This should only happen during the cluster upgrade, and should resolve itself once the cluster is fully upgraded.
If the cluster nodes are downgraded, any packages installed or updated while running the new version will not work, and we therefore recommend uninstalling or downgrading those packages prior to downgrading the cluster nodes.
Improvements, new features and functionality
UI Changes
Tabs on the
Users
page are renamed: former Groups and Permissions tab is now renamed to Permissions; former Details tab is now renamed to Information. In addition, the Permissions tab is now displayed first — it is also the tab that will be opened by default when navigating to a user from other places in the product. See Role Based Access Control (RBAC) for a description of roles and permissions in the UI.
Configuration
New dynamic configuration FlushSegmentsAndGlobalOnShutdown. When set, and when
USING_EPHEMERAL_DISKS
is set totrue
, forces all in-progress segments to be closed and uploaded to bucket, and also forces a write (and upload) of global snapshot during shutdown. When not set, this avoids the extra work and thus time shutting down from flushing very recent segments, as those can then be resumed on next boot, assuming that next boot continues on the same Kafka epoch. The default isfalse
, which allows faster shutdown.The ability to keep the same merge target across digest changes is reintroduced. This feature was reverted in an earlier release due to a discovered issue where mini segments for an active merge target could end up spread across hosts. As that issue has been fixed, mini segments should now be stored on the hosts running digest for the target.
Bug Fixes
Configuration
Fixed an issue where the IOC database could get out of sync. The IOC database will be re-downloaded upon upgrade, therefore IOCs won’t be completely available for a while after the upgrade.
Falcon LogScale 1.70.2 Stable (2023-03-06)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.70.2 | Stable | 2023-03-06 | 2024-03-06 | 1.44 | 11 | No | No |
TAR Checksum | Value |
---|---|
MD5 | be3b24f591693dae272c029c64172f9b |
SHA1 | 1ba350d80532d655a8f16585e2442a306e9bd163 |
SHA256 | b44d38ad5ebbc0a8765df609e1fab85ab0421ea4f298e766d5ae042862b4dfe5 |
SHA512 | fdc39cf36ac6ce8f88ceb78d7728cb6beebfae56faa54eef724b8154fac5e4cafee5118621ef2234eb080533243ebe06ef8b0a2f78aa1945f7fc21ccd7e9b010 |
Docker Image | SHA256 Checksum |
---|---|
humio | 80df972f2666dfd6cd0f6d667fa5fa4c0d70da505475fb2feafc2f9ec758d2b2 |
humio-core | f4c2cc95de7ad66e6800fbceb1a22caee567b482dcf6b1181b7369c9aa7c86eb |
kafka | 737cbf227b96a304343f03ed168642ae24ea0ca5f6e3c754ebb26e482b6b887c |
zookeeper | d45fc23dee3e9b4b8dd0be3a88baddba0fef08c21d77119b6d07254fbb34ee8c |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.70.2/server-1.70.2.tar.gz
Security fix and bug fixes.
Upgrades
Changes that may occur or be required during an upgrade.
Other
Upgrade Kafka client to 3.4.0.
Upgrade Kafka broker to 3.4.0 in the Kafka container.
The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.
Improvements, new features and functionality
Other
Ephemeral nodes are automatically removed from the cluster if they are offline for too long (2 hours by default).
Bug Fixes
GraphQL API
Pending deletes that would cause nodes to fail to start, reporting a NullPointerException, have been fixed.
Other
Timeout from publish to global topic in Kafka has been fixed, as it resulted in marking input segments for merge as broken temporarily.
Nodes are now considered ephemeral only if they set
USING_EPHEMERAL_DISKS
totrue
. Previously, they were ephemeral if they either set that configuration, or if they were using the httponly node role.
Falcon LogScale 1.70.1 Stable (2023-02-01)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.70.1 | Stable | 2023-02-01 | 2024-02-01 | 1.44 | 11 | No | No |
TAR Checksum | Value |
---|---|
MD5 | e0aa0e799d3f5b3009ef9a636ad96c78 |
SHA1 | 06710b69230c442dc67ba137bd02613cb29b5224 |
SHA256 | 5ada1e5a56d73d1e2532378035c1eccf9fa476b5226ae6bdc9d7e29dc8b2ddc3 |
SHA512 | e1768b9e41ef5940e2defbf10cc908b454ef6f67358b340fbcb648c5e91a98031b385cfcc242ee40ed33d4d17fb5e1eb7418abb287adbfe83e3827ae8e11a54f |
Docker Image | SHA256 Checksum |
---|---|
humio | 72a45d92e868e101a8bd2a7f20f83b37946761bfead3bce3bbb28a9ebf318a50 |
humio-core | f4c2cc95de7ad66e6800fbceb1a22caee567b482dcf6b1181b7369c9aa7c86eb |
kafka | c8500740a3ead1d9e6b48df608b225ffd9c221263a9bcd5f2134b3ade89260ac |
zookeeper | 0b1155a324d0940f6c4aa3e3f2088cec5d8cd77e6883454c59a111028b7cfe82 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.70.1/server-1.70.1.tar.gz
Bug fixes and updates.
Bug Fixes
Configuration
Fixed an issue where the environment variable
OIDC_USE_HTTP_PROXY
was not respected. It means that LogScale will now call all OIDC endpoints directly without going through the HTTP Proxy, whenOIDC_USE_HTTP_PROXY
is set tofalse
.This fixes the known issue previously reported in Falcon LogScale 1.63.1 Stable (2022-11-14), Falcon LogScale 1.63.2 Stable (2022-11-30), Falcon LogScale 1.63.3 Stable (2022-12-21) and Falcon LogScale 1.70.0 Stable (2023-01-16).
Some restrictions have been introduced when running with
single-user
asAUTHENTICATION_METHOD
:Starting on a machine that already has multiple users will not delete them, but you will be unable to create additional users.
Running
AUTHENTICATION_METHOD=single-user
with multiple users will pick the best candidate based on username and privilege.
Other
Unlimited waits for nodes to get in sync has been fixed. This caused digest coordination to fail, to limit the time allowed for a node to get "in sync" on a partition before leadership was assigned to it, in cases where the previous digest leader shut down gracefully.
Falcon LogScale 1.70.0 Stable (2023-01-16)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.70.0 | Stable | 2023-01-16 | 2024-01-16 | 1.44 | 11 | No | No |
TAR Checksum | Value |
---|---|
MD5 | d9bb7d6cbb0ca0bda19849432c379edf |
SHA1 | b6c06ea11e89db8f31c68b1aa2ad278aad0fe433 |
SHA256 | aaae7b77d39c82f5b6931f7be9da2e03ac7cb68bc7f246529562f3900bf23b02 |
SHA512 | 6370a6f003a2f2ac6f59fdbaa8d7578e2eae7658645bc97cc4ed5f3c75489c914cb09a35e8ca5a6b6203f8a084aac769bc6d9d9b7fd9547fa2cfe9cef6639f40 |
Docker Image | SHA256 Checksum |
---|---|
humio | 9bdd95bb499feb635b2fa10e2ccc8d3738173998679e0b59852b61e9f9072b07 |
humio-core | 8693b1c4fe80d51907f4b706e5f464ed990e365b50099ad8b6a8eb33d370b6cb |
kafka | f22f369876933b93084f34d73014697b6cbae24c3d915e8fb590f2289f4361ce |
zookeeper | b4bb9f58e8a519db4850e395824142fe62fe52f8fcf024de1001fd76481e63c7 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.70.0/server-1.70.0.tar.gz
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The following environment variables are deprecated as of this release. Their removal will be announced in a future version.
The recommended steps for migrating off of Zookeeper are described in Falcon LogScale 1.70.0 Stable (2023-01-16).
Note
When using Operator and Kubernetes deployments, you must upgrade to 0.17.0 of operator to support migration away from the Zookeeper requirement. See Version 0.17.0.
Upgrades
Changes that may occur or be required during an upgrade.
Installation and Deployment
We have enabled a new vhost selection method by default. The way hosts select their vhost number when joining the cluster has changed, the new logic is described at Node Identifiers documentation page.
The new logic does not depend on Zookeeper, even for clusters where nodes occasionally lose disk contents, such as Kubernetes. In order to smooth migration for clusters using Zookeeper, the new logic will still interact with Zookeeper to avoid nodes using a mix of new and old vhost code from fighting over the vhost numbers. This is only necessary while migrating.
The recommended steps for migrating off of Zookeeper are as follows:
Deploy the new LogScale version to all nodes.
Remove
ZOOKEEPER_URL_FOR_NODE_UUID
,ZOOKEEPER_URL
,ZOOKEEPER_PREFIX_FOR_NODE_UUID
,ZOOKEEPER_SESSIONTIMEOUT_FOR_NODE_UUID
from the configuration for all nodes.Reboot
Once rebooted, LogScale will no longer need Zookeeper directly, except as an indirect dependency of Kafka. Due to this, the 4 Zookeeper-related variables are deprecated as of this release and will be removed in a future version.
Since vhost numbers now change when a disk is wiped, cluster administrators for clusters using nodes where
USING_EPHEMERAL_DISKS
is set totrue
will need to ensure that the storage and digest partitioning tables are up to date as hosts join and leave the cluster. Updating the tables is handled automatically if using the Logscale Kubernetes operator, but for clusters that do not use this operator, cluster administrators should run scripts periodically to keep the storage and digest tables up to date. This is not a new requirement for ephemeral clusters, but we're providing a reminder here since it may be needed more frequently now.The cluster GraphQL query can provide updated tables (the
suggestedIngestPartitions
andsuggestedStoragePartitions
fields), which can then be applied via the updateIngestPartitionScheme and updateStoragePartitionScheme GraphQL mutations.Should you experience any issue in using this feature, you may opt out by setting
NEW_VHOST_SELECTION_ENABLED=false
. If you do this, please reach out to support with feedback, as we otherwise intend to remove the old vhost selection logic in the coming months.Note
When using Operator and Kubernetes deployments, you must upgrade to 0.17.0 of operator to support migration away from the Zookeeper requirement. See Version 0.17.0.
Improvements, new features and functionality
Dashboards and Widgets
Added support for export and import of dashboards with query based widgets which use a fixed time window.
Other
New background task
TagGroupingSuggestionsJob
that reports on flow rate in repositories with many datasources on what it considers slow ones, controlled by configuration of segment sizes and flush intervals. The output in the log can be input to decision on addTag Grouping
to a repository to reduce the number of slow datasources.Add code to ensure all minisegments for the same target end up located on the same hosts. A change in 1.63 could create a situation where minisegments for the same merge target wound up on different nodes, which the query code currently assumes can't happen. This could cause
Result is partial
responses to user queries.
Bug Fixes
Security
Update Netty to address CVE-2022-41915.
Automation and Alerts
Fixed a bug where a link in the notification for a failed alert would link to a non-existing page.
Dashboards and Widgets
Fixed an issue with parameters in dashboards, where the values of a fixed list parameter would not have their order maintained when exporting and importing templates.
Scatter Chart
has been updated:The x-axis would not update correctly with updated query results
The trend line toggle in the style panel was invisible.
Fixed three bugs in the
Bar Chart
— where the sorting would be wrong with updating query results in the stacked version, flickering would occur when deselecting all series in the legend, and deselecting renamed series in the legend would not have any effect.
Other
Fixed a bug where very long string literals in a regex could cause a query/parser to fail with a stack overflow.
Known Issues
Other
OIDC known issue preventing login:
if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.
Falcon LogScale 1.69.0 Preview (2022-12-13)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.69.0 | Preview | 2022-12-13 | 2023-01-16 | 1.44 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Other
Add bounds to maximum number of active notifications per user.
Throttle publish to global-events topic internally based on time spent in recent transactions of the same type (digest-related writes are not throttled). See details at new configuration variable
GLOBAL_THROTTLE_PERCENTAGE
page. Also see the metricglobal-operation-time
for measurements of the time spent.Added option to filter by group and role permission types in
groupsPage
androlesPage
queries.Reduced CPU usage of background tasks for the case of high partition count and high datasource count.
Add support for GET+DELETE requests for queries by external Query ID without including the repository name in the URL. The new URL is
/api/v1/queryjobs/QUERYID
. Note that shared dashboard token authentication is not supported on this API. (The existing API on/api/v1/repositories/REPONAM/queryjobs/QUERYID
remains unmodified and support POST requests for submit of queries.)
Bug Fixes
Other
LogScale no longer considers every host to be alive for a period after rebooting. Only hosts marked as
running
in global will be considered alive. This fixes an issue where a query coordinator might pointlessly direct queries to dead nodes because the coordinator had recently booted.Allow creating Kafka topics even if a broker is down.
Falcon LogScale 1.68.0 Preview (2022-12-06)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.68.0 | Preview | 2022-12-06 | 2023-01-16 | 1.44 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Deprecation
The query function
holtwinters()
is now deprecated and will be removed along with the release of future version 1.73; therefore, its usage in alerts is not recommended.
Falcon Data Replicator
Enforcing S3 file size limits (30MB) in FDR feeds. Files will not be ingested if they are above the limit.
UI Changes
Introduced the Social Login Settings feature: all customers with access to the organization identity providers page can now change social login settings in the UI. See Configuring Identity Providers for LogScale Cloud for details.
No longer possible to add a color to roles. Existing role colors removed from the UI.
Automation and Alerts
Improved performance when storing alert errors and trigger times in global.
Configuration
Set dynamic configuration
BucketStorageWriteVersion
to3
. This sets the format for files written to bucket storage to use a format that allows files larger than 2GB and incurs less memory pressure when decrypting files during download from the bucket. The new format is supported since 1.44.0 only.Changed the default value for
AUTHENTICATION_METHOD
fromnone
tosingle-user
.To set username and password, use the environment variables:
SINGLE_USER_USERNAME
— if not set, default isuser
.SINGLE_USER_PASSWORD
— if not set, a random password is generated.
See
SINGLE_USER_USERNAME
andSINGLE_USER_PASSWORD
documentation for more details on these variables.Set minimum version for the cluster to be 1.44.0.
Other
New metric
global-operation-time
: tracks local time spent processing each kind of message received on the global events topic.Audit logging has been improved.
Bug Fixes
UI Changes
The warning about unsaved changes being lost on an edited dashboard will now only show when actual changes have been made.
Other
Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when
version-for-bucket-writes=3
. The bug did not allow to decrypt files larger than 2GB.Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.
Falcon LogScale 1.67.0 Preview (2022-11-29)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.67.0 | Preview | 2022-11-29 | 2023-01-16 | 1.30 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Functions
A new query function named
createEvents()
has been released. This function creates events from strings and is used for testing queries.
Bug Fixes
UI Changes
IP Location drilldowns now correctly use lat and lon field names instead of latitude and longitude .
URL paths with repository name and no trailing /search resolved to
Not Found
. The URL /repoName will now again show the search page for therepoName
repository.
Functions
Falcon LogScale 1.66.0 Preview (2022-11-22)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.66.0 | Preview | 2022-11-22 | 2023-01-16 | 1.30 | 11 | No | Yes |
Bug fixes and updates.
Improvements, new features and functionality
Configuration
Added a new configuration to control when digest coordination will permit a node that is not "in sync" and to set a time limit. See
MAX_SECS_WAIT_FOR_SYNC_WHEN_CHANGING_DIGEST_LEADER
for all the details.
Other
Make adjustments to the HostsCleanerJob. It will now remove references to missing hosts in fewer writes, and will stop immediately if a host rejoins the cluster.
Bug Fixes
Functions
Fixed a bug seen in version 1.65 where
groupBy()
on multiple fields would sometimes produce multiple rows for the same combination of keys.
Other
Fixed a race where unavailable segments, due to nodes going away, would not become available again after nodes returning.
Fixed an issue that could cause the error message
Object is missing required member 'replicationFactor'
when downgrading from current versions to older versions. The error message is only a nuisance, since the object failing deserialization isn't in use in released code yet.Fixed an issue that could cause repeated unnecessary updates of currentHosts for some segments.
Packages
Fixed an issue where deleting a parser through an update or uninstall of a package could fail in an unexpected way if the parser was used by an ingest listener or an Fdr feed. Now, a proper error message will be shown.
Falcon LogScale 1.65.0 Preview (2022-11-15)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.65.0 | Preview | 2022-11-15 | 2023-01-16 | 1.30 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Security
The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.
UI Changes
The
Repository
icon has been changed to match the new look and feel.A new UI for
event forwarders
located under Organisation Settings now allows you to configure your event forwarders. See Event Forwarders for details.
Automation and Alerts
Added a query editor warning (yellow wavy lines) for joins in alerts.
Configuration
Added a new dynamic configuration
UndersizedMergingRetentionPercentage
, with a default value of 20. This configuration value is used when selecting undersized segments to merge, this setting controls how wide a time span can be merged together.The setting is interpreted as a percentage of the repository's
retention by time
setting. A reasonable range is 0 through to 90.
Other
Increased the limits for
bucket
. The maximum number of series has been raised from 50 to 500 and the maximum number of output events has been raised from 10,000 to 100,000.Avoid writing some messages to global if we can tell up-front that the message is unnecessary.
Reduce the scope of a precondition for a particular write to global. This should reduce unnecessary transaction rejections when such writes are bulked together.
Audit logging for s3 archiving which tracks when it is enabled, disabled, configured, and restarted.
Docker images have been upgraded to Java 17.0.5.
Bug Fixes
Configuration
Fix some issues with the workings of the
BUCKET_STORAGE_MULTIPLE_ENDPOINTS
andS3_STORAGE_ENDPOINT_BASE
configurations.The intent of this configuration is to allow users to configure buckets in multiple bucket services, for instance to allow migrating from AWS bucket storage to a local S3 service. When
true
, each bucket in global can have a separate endpoint configuration, as defined inS3_STORAGE_ENDPOINT_BASE
and similar configurations. This allows an existing cluster running against AWS S3 to begin uploading segments to an on-prem S3 by switching the endpoint base, while still keeping access to existing segments in AWS.When
false
(default), the endpoint base configuration is applied to all existing buckets on boot. This is intended for cases where the base URL needs to be changed for all bucket, for instance due to the introduction of a proxy.The issue was that we were not consistently looking up endpoint urls in global for the relevant bucket, but instead simply used whichever endpoint url happened to be defined in configuration at the time. This has been fixed.
Other
Fixed a minor desynchronization issue related to idle datasources.
The SAML login to
Humio
using deeplinks now works correctly.Fixed a bug where interaction context menus did not update the query editor in Safari.
When a host is removed from global, a job tries to clean up any references to it from other places in global, such as segments. Fixed a bug in this job that meant it didn't clean up references on segments that were tombstoned but not yet gone from global. This issue could block cleanup of those segments.
Falcon LogScale 1.64.0 Preview (2022-11-01)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.64.0 | Preview | 2022-11-01 | 2023-01-16 | 1.30 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Configuration
Added new dynamic configuration for
MaxIngestRequestSize
to allow limiting size of ingest requests after content-encoding has been applied. The default can be set using the new configuration variableMAX_INGEST_REQUEST_SIZE
, or applied via the dynamic configuration.
Dashboards and Widgets
It is now possible to specify a dashboard by name in the URL. It is also possible to have dashboard ID as a parameter in order to have permanent links.
Functions
Removed the restriction that
case
andmatch
expressions cannot be used in subqueries.The query function
in()
has been improved w.r.t. performance when searching in tag fields.Improved memory allocation for the query function
split()
.The query function
split()
now allows splitting arrays that contain arrays. For example, the eventa[0][0]=1, a[1][0]=2
can now be split usingsplit(a)
produces two events:_index=0, a[0]=1' and '_index=1, a[0]=2
.The query function
join()
now provides information to optimize the query.
Other
In the internal request log, include decoded size of the request body after content-encoding has been applied in new field
decodedContentLength
. This allows inspecting compression ratio of incoming requests and range of values seen. Requests without compression havecontentLength
in this new field too.
Bug Fixes
UI Changes
Fixed a bug where a disabled item in the main menu could be clicked on and which would redirect to the homepage.
The Inspection Panel now copies text correctly again.
menu in the event
Functions
Fixed an issue where
percentile()
would crash on invalid input.The query functions
bucket()
,holtwinters()
,beta:repeating()
,series()
,session()
, andwindow()
wrongly acceptednow
as a duration. This error has been fixed.
Other
Fixed an issue that could cause merged segments to appear to be missing after a restart, due to the datasource going idle.
Falcon LogScale 1.63.6 Stable (2023-03-22)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.63.6 | Stable | 2023-03-22 | 2024-03-22 | 1.30.0 | 11 | No | No |
TAR Checksum | Value |
---|---|
MD5 | c6a5dedd2c76d1ceb44984d2b6c249ee |
SHA1 | d45f31016599ea0c905c93cf731cb7d2fcd47a6c |
SHA256 | 8c9d3dc61b1f8a2f392ff53dd88602abcdb04b3084c847f54f00e55887d561a2 |
SHA512 | 1a5db287ab19b1c3efe1a5c447e27d7d4d66834f608a777485ea2aec73c8f7963b816ffe7b29758285dd692adf11989be302c3863feda97e0962e723b42c7e5a |
Docker Image | SHA256 Checksum |
---|---|
humio | 8b20c3c128d786c6dd121bab5f6878129343d9d9967b855ed9d9825a13560cd6 |
humio-core | 3d03504a00022115b7a581938dd8d0d7f96a583c57d02efdf15b4127971914df |
kafka | 6c9978f48ade34b4bb12f7e5862c556ba60e2650555db05ae36ac9abd44062ca |
zookeeper | cad51c3f5959cd99609d6abdb28ea938b87942780567a462e897ba34e31d3679 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.6/server-1.63.6.tar.gz
Bug fix.
Bug Fixes
Other
Fixed an issue with API Explorer that could fail to load in some configurations when using cookie authentication.
Falcon LogScale 1.63.5 Stable (2023-03-06)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.63.5 | Stable | 2023-03-06 | 2024-03-06 | 1.30.0 | 11 | No | No |
TAR Checksum | Value |
---|---|
MD5 | e4684d95d5cf279a36f9581d395dbd6b |
SHA1 | b179a38c49fb4d4c9b298ea867f69f97e1eb5dc8 |
SHA256 | a0bfa4e22b5800a5ca2f117914d30a68df66fd1ddfe5452cc97960832e3714b8 |
SHA512 | 168dcec977536d77f3f793b811b41e483b6ca17b942d305953ce6099d1d01de7d7a14fa135681d330ef0ce5b9bff94457fba265064e838f1fedca49f8e032f3d |
Docker Image | SHA256 Checksum |
---|---|
humio | c78c2e3e9b3956346aa8ad0b90b68ad42c17e25e22b2b45ad0c9d564aa6f6e29 |
humio-core | 4811ddd5298fa41d7ccf123f83aa060d77a2583528208dfdfe6c98b298f931f3 |
kafka | adae65ce4cb90bf64fcef617d13d896a531f08cca8286b7241be62013f3c801a |
zookeeper | 4e146244b375c139e49e3247b24cdfd8adfded7a07b9dba074ebb68878033619 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.5/server-1.63.5.tar.gz
Security fix.
Upgrades
Changes that may occur or be required during an upgrade.
Other
Upgrade Kafka client to 3.4.0.
Upgrade Kafka broker to 3.4.0 in the Kafka container.
The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.
Falcon LogScale 1.63.4 Stable (2023-02-01)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.63.4 | Stable | 2023-02-01 | 2024-02-01 | 1.30.0 | 11 | No | No |
TAR Checksum | Value |
---|---|
MD5 | b8b3067213532194d2510cc1b12b1ed8 |
SHA1 | 5418f0926f51fafb413500fbdbb41df496a7fb0d |
SHA256 | 994882158ac89800a9418fe8d2b51426dc794ec1fbc5dc1d365530c8449fefca |
SHA512 | 262f662af3647d77352e1abe990be003f98a2abf50be0350b538ca8cc13ff56ec6414f3a045758d64bbf4e137918877fe56d70a1b3ef01e1405da4514742d66e |
Docker Image | SHA256 Checksum |
---|---|
humio | 8861250649894e744ecb070db48a50c5ffdf071f7bc26a3b1bc41970262da77e |
humio-core | b310155c2958037385eb20527dad3bd10a0854c0761ef9991ca4c48d01074a42 |
kafka | 4d9fb7715fd851192005c1cf8180e9ff9a27b84f58e720b36f4d4f3baa5a4449 |
zookeeper | d00d8999eb2880d7d0ef307210b7c5aa3949b2c16ec1d471af36d9344a8501c9 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.4/server-1.63.4.tar.gz
Bug fixes and updates.
Bug Fixes
Configuration
Fixed an issue where the environment variable
OIDC_USE_HTTP_PROXY
was not respected. It means that LogScale will now call all OIDC endpoints directly without going through the HTTP Proxy, whenOIDC_USE_HTTP_PROXY
is set tofalse
.This fixes the known issue previously reported in Falcon LogScale 1.63.1 Stable (2022-11-14), Falcon LogScale 1.63.2 Stable (2022-11-30), Falcon LogScale 1.63.3 Stable (2022-12-21) and Falcon LogScale 1.70.0 Stable (2023-01-16).
Other
Unlimited waits for nodes to get in sync has been fixed. This caused digest coordination to fail, to limit the time allowed for a node to get "in sync" on a partition before leadership was assigned to it, in cases where the previous digest leader shut down gracefully.
Falcon LogScale 1.63.3 Stable (2022-12-21)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.63.3 | Stable | 2022-12-21 | 2023-12-21 | 1.30.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 74b7a4bc3143245a361537e572c5afb2 |
SHA1 | ef312b1b71d041d1b9a4ebfd7ef5108c6fff24b3 |
SHA256 | c7fe720697a9c624db9cc26268883b7389092c3c0dbc5541b643ff12cf62226d |
SHA512 | 5fb5b6dee09abafc1f45b2cce0889e315cd1aa6fc79dd393bfb78eac5bd51047ada7670d65fe4bbc7908b0791c17048552eb03abf675fb70b74778b5142db523 |
Docker Image | SHA256 Checksum |
---|---|
humio | ba99848f525941344e972b9fddc437042aaaa851bbba6a10f3e54aebccafbe62 |
humio-core | ef99f9f84bfd3258f4abc92e6b3f1ec300003caaf93cb330a1a52f419e9e6e76 |
kafka | d96ae0f7043c57f0f1b0ae79a03d27fdb38854232f63dc341987158b6703b09f |
zookeeper | 357e3e93a78cc19e7d8aad157e6b1416c36fbf31153897d40adc9aa02b9b9b61 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.3/server-1.63.3.tar.gz
Bug fixes and updates.
Improvements, new features and functionality
Other
Add code to ensure all minisegments for the same target end up located on the same hosts. A change in 1.63 could create a situation where minisegments for the same merge target wound up on different nodes, which the query code currently assumes can't happen. This could cause
Result is partial
responses to user queries.
Bug Fixes
Security
Update Netty to address CVE-2022-41915.
Automation and Alerts
Fixed a bug where a link in the notification for a failed alert would link to a non-existing page.
Other
Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when
version-for-bucket-writes=3
. The bug did not allow to decrypt files larger than 2GB.Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.
Known Issues
Other
OIDC known issue preventing login:
if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.
Falcon LogScale 1.63.2 Stable (2022-11-30)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.63.2 | Stable | 2022-11-30 | 2023-11-30 | 1.30.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 4b6142d1443af26cbe05f794f8fb65ec |
SHA1 | 2d21db39a7d4de74df05aea99baab1ad5d5def35 |
SHA256 | fe66c9be4aab6b027a5ebc5711fedaeee0aea088c7a20981dfdca07739325f1a |
SHA512 | efb7e6aaa4dbbfd1662552fb3f07b6895bcb2220b69da34a6deb228bd13b286a38ac470f436a0378fa24701d13094da3d3524ebd0f9580a9a599ca5c |
Docker Image | SHA256 Checksum |
---|---|
humio | dd063817c4b302708422213deaa45ac8c799dfc199ae9dc8e80c18a12f882c28 |
humio-core | 2f52662a0191e3723c65ac344b8aedb8a0b4a31f324823857fc2dcd13262c5e4 |
kafka | cfc1d3f130db496dff29c8c8bf3897253615b03521584bd1f3e17da7a398b67f |
zookeeper | 3d485ef41d36cbc71b583bee7153f75d660c2d1bf42c88fa6dbc21557eac0123 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.2/server-1.63.2.tar.gz
Bug fixes and updates.
Bug Fixes
UI Changes
URL paths with repository name and no trailing /search resolved to
Not Found
. The URL /repoName will now again show the search page for therepoName
repository.
Known Issues
Other
OIDC known issue preventing login:
if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.
Falcon LogScale 1.63.1 Stable (2022-11-14)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.63.1 | Stable | 2022-11-14 | 2023-11-14 | 1.30 | 11 | No | No |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.1/server-1.63.1.tar.gz
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated feature removal: the file-based backup feature was deprecated in 1.42.0 and is now removed from Humio. The following configs are no longer supported and will do nothing if set:
The
DELETE_BACKUP_AFTER_MILLIS
config is still supported, as it is used for configuring the delay between a file being marked for deletion in Humio, and that file being removed from bucket storage.
Improvements, new features and functionality
Security
The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.
Falcon Data Replicator
Added the new
fileDownloadParallelism
setting for FDR feeds to download files from the same SQS message in parallel. See Adjust Polling Nodes Per Feed for all the details.
UI Changes
Parsing JSON arrays in drill-down context menus no longer adds a trailing dot to the prefix field name.
Add Falcon LogScale announcement on login and signup pages.
Contextual drill-down menus for field interactions have been introduced, see Field Interactions. In particular:
Fields in the Inspection Panel are now provided with and context menu items, replacing the former buttons, see updates at Inspecting Events.
The Fields Panel on the left-hand side of the User Interface is now provided with and context menu items, replacing the former drill-down buttons in the field details flyout (when clicking a field in the fields menu). See updates at Displaying Fields.
Fields that have JSON, URL and Timestamps content will have a
drill-down option which will parse the field as a LogScale field.Parsing JSON will automatically use the field name as prefix for the new field name.
Fields containing numbers (currently JSON only) will have
, , , , and drill-down options.
Interactions on JSON data now enabled for JSON arrays in the Event List.
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
Following its name change, mentions of Humio have been changed to Falcon LogScale.
The
Single Value
widget has updated properties:New design for the toggle switch: it is now bigger and has a green/gray color profile instead of blue/gray.
The color profile of the displayed value by trend is now customizable.
Change Humio logo to Falcon LogScale on login and signup pages.
Automation and Alerts
Self-hosted only: the old implementation of how alert queries are run has been removed. As a consequence, the dynamic configuration
UseLegacyAlertJob
has also been removed.Added two new message templates to actions,
{query_start_s}
and{query_end_s}
. See Message Templates and Variables for details.
GraphQL API
Added new createDashboardFromTemplateV2 mutation with input parameters aligned with the rest of the create from template mutations.
Dashboards and Widgets
JSON in
and formats columns inEvent List
widgets now have fields underlined on hover and are clickable. This allows drill-downs and copying values easily.
Functions
QueryAPI — Added
staticMetaData
property toQueryJobStartedResult
. At the moment it only contains the propertyexecutionMode
, which can be used to communicate hints about the way the backend executes the query to the front-end.QueryAPI —
executionModeHint
renamed toexecutionMode
.Introduced new valid array syntax in
array:contains()
andarray:regex()
functions:Changed the expected format of the
array
parameter.Changed these functions to no longer be experimental.
Improved the
format()
:Fixed an issue where the
format()
function would output the wrong amount of left padded zeros for decimal conversions.Formatting large positive numbers as hex no longer causes a loss of bits for integers less than 2^63.
Formatting negative numbers as hex no longer produces unintelligible strings.
Fixed an issue where adding the
#
flag would not display the correct formatting string.Fixed an issue where specifying the time/date modifier
N
would fail to parse.Fixed an issue where supplying multiple fields required you to specify the index of the last field as an argument specifier.
Added a length specifier to allow for outputting fields as 32-bit integers instead of 64-bits.
Using the type specifier
%F
now tries to format the specified field as a floating point.
See the
format()
reference documentation page for all the above mentioned updates on the supported formatting syntax.
Other
Added a new ingest endpoint for receiving metrics and traces via OpenTelemetry OTLP/http. See OpenTelemetry for all the details.
New background task that runs at startup. It verifies the checksums present in local segment files, traversing the most recently updated segment files on the local disk, using the timestamps they have when Humio status. If a file has invalid checksum it will be renamed to
crc-error.X
whereX
is the ID of the segment. An error will be logged as well.Add an additional validation check when uploading files to S3-like bucket storage. Humio will now perform a HEAD request for the file's final location in the bucket to verify that the upload succeeded.
Created new test function for event forwarders, which takes as input an event forwarder configuration and tests whether it is possible to connect to the Kafka server. The current test function which takes an ID as input and tests an existing event forwarder by ID, is now marked as deprecated.
Added a new dynamic config
UndersizedMergingRetentionPercentage
, with a default value of 20. This configuration value is used when selecting undersized segments to merge, this setting controls how wide a time span can be merged together.The setting is interpreted as a percentage of the repository's
retention by time
setting. A reasonable range is 0 through to 90.Added use of the HTTP Proxy Client Configuration, if configured, in a lot of places.
When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
Empty datasource directories will be now removed from the local file system while starting the server.
Add a script in the tarball distribution's bin directory to check the execution environment, checking common permission issues and other requirements for an environment suitable for running Logscale.
It's now possible to expand multiple bell notifications.
Use latest version of Java 17 in Docker images.
Bug Fixes
UI Changes
Change missing
@timestamp
field to give a warning instead of an error in functionstail()
,head()
,bucket()
, andtimeChart()
.
Dashboards and Widgets
Bug fixed in
Scatter Chart
widget tooltip, so that the description of the actual point only is shown in the tooltip when hovering the mouse over one point, instead of multiple points.Fixed a bug where query result containing no valid results was handled incorrectly in visualisation.
Functions
Fixed an issue where
NaN
values could causegroupBy()
queries to fail.Fixed an issue where
match()
would sometimes give errors whenignoreCase=true
and events contained latin1 encoded characters.Fixed a bug where the
selfJoin()
function would not apply thepostfilter
parameter.
Other
When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
It is now possible for a user to use the same personal invite token after the user has been transferred to another organization.
Fixed an issue where nothing was displayed on the average ingest chart in case only one datapoint is present.
When a host is removed from global, a job tries to clean up any references to it from other places in global, such as segments. Fixed a bug in this job that meant it didn't clean up references on segments that were tombstoned but not yet gone from global. This could block cleanup of those segments.
Fix an issue causing a content-length check for bucket uploads to fail when encryption was enabled. The content-length check is not normally enabled, so this should only affect clusters that have disabled ETag-based validation.
Fix an issue that could cause event redaction tasks to fail to complete, if a segment having events redacted was deleted due to retention.
Fixed a regression causing a reflective method lookup to fail when Humio is running on a Java prior to 13.
Known Issues
Other
OIDC known issue preventing login:
if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.
Falcon LogScale 1.63.0 Preview (2022-10-25)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.63.0 | Preview | 2022-10-25 | 2022-11-14 | 1.30 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
GraphQL API
Added enableEventForwarder and disableEventForwarder mutations to enable/disable event forwarders.
Log Collector
Humio Log Collector is now Falcon LogScale Collector.
New FleetOverview functionality for the LogScale Collector 1.2.0 is available.
LogScale Collector download page has moved into the new top level tab LogScale Collector Fleet Management (Cloud-only).
Functions
The
base64Decode()
query function now accepts non-canonical encodings.The
holtwinters()
query function will be deprecated with the release of future version 1.68. From then, it cannot be expected to work in alerts, and it will be removed entirely with the release of version 1.72.The
parseCsv()
function has improved its performance, in particular in terms of memory pressure.
Other
Close all segments a node is working on when shutting down. This should help start later in Kafka after reboots.
Bug Fixes
Other
Fixed an issue with validations when creating a new Ingest Listener as Netflow/UDP.
The form validation for Ingest Listener will now clearly tell the user that the parser needs to be selected when you change between different protocols.
Fixed a race condition where the segment top offset wasn't removed when a datasource went idle due to a race. This could result in event redaction not running for such segments.
Humio Server 1.62.0 Preview (2022-10-18)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.62.0 | Preview | 2022-10-18 | 2022-11-14 | 1.30 | 11 | No | No |
Updates.
Improvements, new features and functionality
UI Changes
Parsing JSON arrays in drill-down context menus no longer adds a trailing dot to the prefix field name.
Add Falcon LogScale announcement on login and signup pages.
Following its name change, mentions of Humio have been changed to Falcon LogScale.
Change Humio logo to Falcon LogScale on login and signup pages.
Functions
Introduced new valid array syntax in
array:contains()
andarray:regex()
functions:Changed the expected format of the
array
parameter.Changed these functions to no longer be experimental.
Other
Added a new ingest endpoint for receiving metrics and traces via OpenTelemetry OTLP/http. See OpenTelemetry for all the details.
Add a script in the tarball distribution's bin directory to check the execution environment, checking common permission issues and other requirements for an environment suitable for running Logscale.
Humio Server 1.61.0 Preview (2022-10-11)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.61.0 | Preview | 2022-10-11 | 2022-11-14 | 1.30 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Falcon Data Replicator
Added the new
fileDownloadParallelism
setting for FDR feeds to download files from the same SQS message in parallel. See Adjust Polling Nodes Per Feed for all the details.
UI Changes
Interactions on JSON data now enabled for JSON arrays in the Event List.
Functions
QueryAPI — Added
staticMetaData
property toQueryJobStartedResult
. At the moment it only contains the propertyexecutionMode
, which can be used to communicate hints about the way the backend executes the query to the front-end.QueryAPI —
executionModeHint
renamed toexecutionMode
.
Bug Fixes
Functions
Fixed a bug where the
selfJoin()
function would not apply thepostfilter
parameter.
Other
Fixed an issue where nothing was displayed on the average ingest chart in case only one datapoint is present.
Fix an issue that could cause event redaction tasks to fail to complete, if a segment having events redacted was deleted due to retention.
Fixed a regression causing a reflective method lookup to fail when Humio is running on a Java prior to 13.
Humio Server 1.60.0 Preview (2022-10-04)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.60.0 | Preview | 2022-10-04 | 2022-11-14 | 1.30 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
Contextual drill-down menus for field interactions have been introduced, see Field Interactions. In particular:
Fields in the Inspection Panel are now provided with and context menu items, replacing the former buttons, see updates at Inspecting Events.
The Fields Panel on the left-hand side of the User Interface is now provided with and context menu items, replacing the former drill-down buttons in the field details flyout (when clicking a field in the fields menu). See updates at Displaying Fields.
Fields that have JSON, URL and Timestamps content will have a
drill-down option which will parse the field as a LogScale field.Parsing JSON will automatically use the field name as prefix for the new field name.
Fields containing numbers (currently JSON only) will have
, , , , and drill-down options.
GraphQL API
Added new createDashboardFromTemplateV2 mutation with input parameters aligned with the rest of the create from template mutations.
Dashboards and Widgets
JSON in
and formats columns inEvent List
widgets now have fields underlined on hover and are clickable. This allows drill-downs and copying values easily.
Other
New background task that runs at startup. It verifies the checksums present in local segment files, traversing the most recently updated segment files on the local disk, using the timestamps they have when Humio status. If a file has invalid checksum it will be renamed to
crc-error.X
whereX
is the ID of the segment. An error will be logged as well.It's now possible to expand multiple bell notifications.
Use latest version of Java 17 in Docker images.
Bug Fixes
Dashboards and Widgets
Fixed a bug where query result containing no valid results was handled incorrectly in visualisation.
Functions
Fixed an issue where
NaN
values could causegroupBy()
queries to fail.
Humio Server 1.59.0 Preview (2022-09-27)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.59.0 | Preview | 2022-09-27 | 2022-11-14 | 1.30 | 11 | No | No |
Updates.
Improvements, new features and functionality
UI Changes
The
Single Value
widget has updated properties:New design for the toggle switch: it is now bigger and has a green/gray color profile instead of blue/gray.
The color profile of the displayed value by trend is now customizable.
Automation and Alerts
Added two new message templates to actions,
{query_start_s}
and{query_end_s}
. See Message Templates and Variables for details.
Humio Server 1.58.0 Preview (2022-09-20)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.58.0 | Preview | 2022-09-20 | 2022-11-14 | 1.30 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
Functions
Improved the
format()
:Fixed an issue where the
format()
function would output the wrong amount of left padded zeros for decimal conversions.Formatting large positive numbers as hex no longer causes a loss of bits for integers less than 2^63.
Formatting negative numbers as hex no longer produces unintelligible strings.
Fixed an issue where adding the
#
flag would not display the correct formatting string.Fixed an issue where specifying the time/date modifier
N
would fail to parse.Fixed an issue where supplying multiple fields required you to specify the index of the last field as an argument specifier.
Added a length specifier to allow for outputting fields as 32-bit integers instead of 64-bits.
Using the type specifier
%F
now tries to format the specified field as a floating point.
See the
format()
reference documentation page for all the above mentioned updates on the supported formatting syntax.
Other
Add an additional validation check when uploading files to S3-like bucket storage. Humio will now perform a HEAD request for the file's final location in the bucket to verify that the upload succeeded.
Empty datasource directories will be now removed from the local file system while starting the server.
Bug Fixes
UI Changes
Change missing
@timestamp
field to give a warning instead of an error in functionstail()
,head()
,bucket()
, andtimeChart()
.
Other
Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.
Fix an issue causing a content-length check for bucket uploads to fail when encryption was enabled. The content-length check is not normally enabled, so this should only affect clusters that have disabled ETag-based validation.
Humio Server 1.57.0 Preview (2022-09-13)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.57.0 | Preview | 2022-09-13 | 2022-11-14 | 1.30 | 11 | No | No |
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated feature removal: the file-based backup feature was deprecated in 1.42.0 and is now removed from Humio. The following configs are no longer supported and will do nothing if set:
The
DELETE_BACKUP_AFTER_MILLIS
config is still supported, as it is used for configuring the delay between a file being marked for deletion in Humio, and that file being removed from bucket storage.
Improvements, new features and functionality
UI Changes
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
Other
Created new test function for event forwarders, which takes as input an event forwarder configuration and tests whether it is possible to connect to the Kafka server. The current test function which takes an ID as input and tests an existing event forwarder by ID, is now marked as deprecated.
Added use of the HTTP Proxy Client Configuration, if configured, in a lot of places.
When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
Bug Fixes
Dashboards and Widgets
Bug fixed in
Scatter Chart
widget tooltip, so that the description of the actual point only is shown in the tooltip when hovering the mouse over one point, instead of multiple points.
Functions
Fixed an issue where
match()
would sometimes give errors whenignoreCase=true
and events contained latin1 encoded characters.
Other
When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
It is now possible for a user to use the same personal invite token after the user has been transferred to another organization.
Fixed an issue where the HTTP threads (Akka pool) could get blocked while sending ingest requests to Kafka, which could result in Humio HTTP endpoints not responding.
Humio Server 1.56.4 Stable (2022-12-21)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.56.4 | Stable | 2022-12-21 | 2023-12-21 | 1.30.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 2afb7131fc25ec5161869b348421a51d |
SHA1 | 5c93d5bd0b065b2de49571f9285ab087c2b7b6fd |
SHA256 | ca1b48a745b492dd2a580ff2efcd37a20440787dc150c65ae51ad3547bbc5528 |
SHA512 | c24ff5be15fd46b712de76d574d4b9e49464e3679cd8b5fe707442337fac6fc828cc9173663a3e2f3271a3ad6545c4b87c849ce75db27cfb5ed05795f998011f |
Docker Image | SHA256 Checksum |
---|---|
humio | c44efa344016b1e3750fbaa0c48aaf82a1a70400c7e5f84c230396143523fc94 |
humio-core | 0c5cc7251f855759999c61a259fc3b3dae5180b43f97296fe4ff0709c872af6b |
kafka | 270d083cd4a0e1947e9f151396404bd77c3e6581dd3615e04814b9b4e0108743 |
zookeeper | 116ef60d3affef2415dfb3b25b6460b67bceebedc4b11070039aa3ba2dbcbb31 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.4/server-1.56.4.tar.gz
Bug fixes and updates.
Improvements, new features and functionality
Security
The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.
Bug Fixes
Security
Update Netty to address CVE-2022-41915.
Other
Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when
version-for-bucket-writes=3
. The bug did not allow to decrypt files larger than 2GB.Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.
Humio Server 1.56.3 Stable (2022-10-05)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.56.3 | Stable | 2022-10-05 | 2023-10-05 | 1.30.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | f58e3b5944609cb3331a54277b4bf9d6 |
SHA1 | 48c6bf3339693489e073cbac67ba799fbe48661f |
SHA256 | 0273a18b354b2844a48175b16fd88f02b1522281a94850a3cc6815430d9efea5 |
SHA512 | 9ba1ef1ffc2f9d5d1a366b11f724bf24489e9f97c456104399b31d02b4da2903b6c1ac3903ecab862b305e530c19d12400748657cf096f35838ebab978b045e2 |
Docker Image | SHA256 Checksum |
---|---|
humio | 6de3bd848774503be64bc0ff6301afa5544bf379e58a8f485703d139ff13c2e1 |
humio-core | 7a15c633a82db8246a9d4a2e51bd3f802f11f7e08c53d88cb0f79a4886fd12ab |
kafka | e12d028592c8f92fc23413fc5c9eef903690d3f164b571d05cba3f6319101ceb |
zookeeper | f2e3390dd8552af9830c711f39c409f2ef668a457d377b38610e77d03f42cb2c |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.3/server-1.56.3.tar.gz
Bug fixes and updates.
Bug Fixes
Security
Update Scala to address CVE-2022-36944.
Humio Server 1.56.2 Stable (2022-09-26)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.56.2 | Stable | 2022-09-26 | 2023-09-26 | 1.30 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 954f0d64fe9405b757c522a34c28c1cc |
SHA1 | 14a5afe64517155bc6f7dd1da5d8a94ed42155a0 |
SHA256 | cd02dbf3ced3c551e13b1a39d621949770f4ade27b1c5c7f233791b339fd5aa5 |
SHA512 | a26172900cb29b89702bf2b61020850d6a24e739de046fc486e5b49b2b06296757086f00984a22d3950d70a0967105408acf8ce003bf5b8e7e2db9f8a0ba3b64 |
Docker Image | SHA256 Checksum |
---|---|
humio | 3d47b95b292f61d31e491ed7682d540675b62dda8693ed0a23b39a6dd55fdbba |
humio-core | b13a27d6d39436469033fb8f69f5a6945283a71468ea2248c2902cb38c842501 |
kafka | eecc82f9fb8ad2cb7e890650ff8e20538905a33fa53da4272c0582b68d11937e |
zookeeper | 0ab597706043240b1591e412a0b85b03737f583254148cd33bf5443039b368ad |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.2/server-1.56.2.tar.gz
Bug fixes and updates.
Improvements, new features and functionality
Falcon Data Replicator
The feature flag for FDR feeds has been removed. FDR feeds are now generally available.
UI Changes
The Log line format type in the Event List will now render fully expanded JSON when a JSON structure starts with a square bracket or curly bracket followed by a newline.
It is now possible to interact directly with the JSON properties and values in the EventList.
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
In the Event List you can assign data types to a column field. You can now make the setting the default for a fields and the setting is remembered when even the field is added to the Event List, e.g. from the fields panel on the Search page. The button for assigning default data type to a field can be found in the Data type dropdown menu in the column headers of the event list widget. See Field Data Types.
It is now possible to scroll to the selected event on the Search page.
The event lists column header menus have been redesigned to be simpler:
You can now click the border between columns header in the event to fit the column to the content.
The Event List column Format Panel has been updated to make it easier to manage columns.
See Formatting Columns.
Documentation
Fixed a broken link to the documentation for Message Templates and Variables when editing alerts and scheduled searches.
Automation and Alerts
When you create or edit an action it will now show a warning dialog if you have unsaved changes.
A major change has been made to how alert queries are run in order to better reuse live queries when nodes are restarted in a Humio cluster. Find more details at Alerts.
When creating new Actions, the new name will now stay when you change the Action Type without getting cleared. This also works when you want to change the New Action name while creating a New Action.
GraphQL API
Deprecates the
defaultSharedTimeIsLive
input field on the updateDashboard GraphQL mutation, in favor ofupdateFrequency
.
Configuration
New dynamic configuration
MinimumHumioVersion
, default value is0.0.0
, that allows setting a minimum Humio version that this cluster will accept starting on. This allows protecting against inadvertently later rolling back too far for some other feature to be turned on, that has an implied minimum version for support of that feature.Added environment variable
ENABLE_SANDBOXES
to make it possible to enable and disable sandbox repositories.On cloud: added a configuration on dynamic identity providers to configure if users are allowed to be lazily created.
Dashboards and Widgets
Implemented support for widgets with a fixed time interval on dashboards.
Functions
BREAKING CHANGE: Changes to the serialization format of the Intermediate Language representation of queries.
Description: The serialization format used to serialize the intermediate language representation of queries has changed to a JSON format. This has multiple consequences for on-prem customers. During upgrades to this version and rollbacks from this version you can expect the following:
Queries can be slower than usual initially as the query cache clears itself.
Queries may cause deserialization errors if they are run during upgrade and two or more nodes have different versions. It is recommended to block all queries upon upgrade and downgrade to and from this version and have all nodes upgrade at the same time.
Query functions
selectFromMin()
andselectFromMax()
are now generally available for use.Improved warning message when using
groupBy()
withlimit=max
and the limit is exceeded.
Other
Add UI for enabling and disabling social logins on the identity providers page.
Reduced memory usage for queries that include
noResultUntilDone: true
in their inputs. This reduces memory usage in queries that do "export" of an aggregate result via the Query API, as well as the "inner" queries in joins, and queries from scheduled searches.Permit the first character in the field name of a field being turned into a tag to be anything. If the first character does not match
[a-zA-Z]
then strip that from the resulting tag name. This does not alter the set of allowed names for tags, but allows the field names being turned into tags to have any character as the leading one, e.g. permitting examples such as&path
and*path
as field names to turn into the tag#path
.With the new implementation for running alerts, alerts will now start faster after a node has been restarted, making it easier for alerts with a small search interval to be able to alert on events during the downtime.
It is now possible to select an entire permissions group when configuring permissions for a role.
When configuring SAML and OIDC for an organization, for users with the
ManageOrganizations
permission to enable/disable whether the IDP is Default and Humio managed.Added new system permission, PatchGlobal, enabling access to the global patch API.
In the dialog for entering a name, when creating a new entity (Alerts, Actions, Scheduled Searches, Parsers), hitting Enter without filling out the name field will now show an error and will not let you go on to the next page.
In case view is not found we will try to fixup the cache on all cluster nodes.
When searching for queries using the
Query Monitor
in Cluster Administration you can now filter queries based on internal and external query IDs.Added an option to make token hashing output in json format. See tokenhashing usage described at Hashed Root Access Token.
Allow any root user and any user with the PatchGlobal permission to use the global patch API. Previously required using the server-local special bootstraps root token, that would be valid only on the local node, thus hard to use via a load balancer.
Added support for writing
H
in place of minutes in the cron schedule of scheduled searches — see Cron Schedule Templates for details.When saving a parser, validate that the fields designated as tag fields have names that are valid as tag field names. Since packages with invalid parsers cannot be installed, if you have an invalid parser in a package, you will need to edit it to keep being able to install it.
Added the possibility of creating a role that grants permissions on the system and organization levels from the UI.
Updated the flow of creating and editing roles in the Organization Settings pages.
Bug Fixes
Falcon Data Replicator
Removed the deprecated feature flag
FdrFeeds
Fixed a bug where a dropdown for choosing a parser was not visible in a dialog when creating a new FDR feed.
UI Changes
GraphQL API
Fixed an error when querying for actions in GraphQL on a deleted view.
Marked all feature flags as preview in GraphQL, which means that once they are no longer needed, they will be removed without being deprecated first.
Dashboards and Widgets
The
button on the dashboard correctly applies the typed filter again.Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.
Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.
The Single Value color threshold list could get into a state where you could not type threshold values into the four text fields.
Fixed an issue where wordwrap did not work in the Inspect Panel.
Functions
Other
Fixed an issue where the HTTP threads (Akka pool) could get blocked while sending ingest requests to Kafka, which could result in Humio HTTP endpoints not responding.
Fixes a bug where a placeholder would appear for the region selector on the login pages, even though it itself wouldn't be shown since it has no configured regions.
Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.
We have removed the
@host
field from thehumio-activity
logs and the#host
tag from thehumio-audit
log, as we can no longer provide meaningful values for these. The@host
field in thehumio-metrics
logs will remain, but its value will be changed to thevhost id
(an integer number).Fixed an issue with tags in Event Forwarding, so that it is now possible to filter on tags using event forwarding rules, and the tags are present in the forwarded events.
Fixing an issue, where the sessions of a user wasn't revoked when the user was deleted.
Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.
It is no longer possible to have an upload file action with a path in the file name. This would result in an unusable file being created.
Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with
topOffset
attribute being-1
, andMiniSegmentMergeLatencyLoggerJob
logging that some segments are not being merged.Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.
Packages
Previously parsing packages was very strict, falling when detecting unsupported files. This is no longer the case, unsupported files will now be ignored and won't stop the package from installing.
Humio Server 1.56.1 Preview (2022-09-20)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.56.1 | Preview | 2022-09-20 | 2022-09-26 | 1.30 | 11 | No | No |
Update.
Improvements, new features and functionality
UI Changes
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
Humio Server 1.56.0 Preview (2022-09-06)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.56.0 | Preview | 2022-09-06 | 2022-09-26 | 1.30 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
It is now possible to interact directly with the JSON properties and values in the EventList.
Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
In the Event List you can assign data types to a column field. You can now make the setting the default for a fields and the setting is remembered when even the field is added to the Event List, e.g. from the fields panel on the Search page. The button for assigning default data type to a field can be found in the Data type dropdown menu in the column headers of the event list widget. See Field Data Types.
The event lists column header menus have been redesigned to be simpler:
You can now click the border between columns header in the event to fit the column to the content.
The Event List column Format Panel has been updated to make it easier to manage columns.
See Formatting Columns.
Dashboards and Widgets
Implemented support for widgets with a fixed time interval on dashboards.
Functions
BREAKING CHANGE: Changes to the serialization format of the Intermediate Language representation of queries.
Description: The serialization format used to serialize the intermediate language representation of queries has changed to a JSON format. This has multiple consequences for on-prem customers. During upgrades to this version and rollbacks from this version you can expect the following:
Queries can be slower than usual initially as the query cache clears itself.
Queries may cause deserialization errors if they are run during upgrade and two or more nodes have different versions. It is recommended to block all queries upon upgrade and downgrade to and from this version and have all nodes upgrade at the same time.
Other
Added the possibility of creating a role that grants permissions on the system and organization levels from the UI.
Updated the flow of creating and editing roles in the Organization Settings pages.
Bug Fixes
Falcon Data Replicator
Removed the deprecated feature flag
FdrFeeds
GraphQL API
Marked all feature flags as preview in GraphQL, which means that once they are no longer needed, they will be removed without being deprecated first.
Dashboards and Widgets
Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.
Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.
Other
Fixed an issue with tags in Event Forwarding, so that it is now possible to filter on tags using event forwarding rules, and the tags are present in the forwarded events.
It is no longer possible to have an upload file action with a path in the file name. This would result in an unusable file being created.
Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with
topOffset
attribute being-1
, andMiniSegmentMergeLatencyLoggerJob
logging that some segments are not being merged.
Humio Server 1.55.0 Preview (2022-08-30)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.55.0 | Preview | 2022-08-30 | 2022-09-26 | 1.30 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
It is now possible to scroll to the selected event on the Search page.
Automation and Alerts
When you create or edit an action it will now show a warning dialog if you have unsaved changes.
When creating new Actions, the new name will now stay when you change the Action Type without getting cleared. This also works when you want to change the New Action name while creating a New Action.
Functions
Query functions
selectFromMin()
andselectFromMax()
are now generally available for use.
Other
It is now possible to select an entire permissions group when configuring permissions for a role.
In the dialog for entering a name, when creating a new entity (Alerts, Actions, Scheduled Searches, Parsers), hitting Enter without filling out the name field will now show an error and will not let you go on to the next page.
Bug Fixes
Other
Fixing an issue, where the sessions of a user wasn't revoked when the user was deleted.
Humio Server 1.54.0 Preview (2022-08-23)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.54.0 | Preview | 2022-08-23 | 2022-09-26 | 1.30 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
UI Changes
The Log line format type in the Event List will now render fully expanded JSON when a JSON structure starts with a square bracket or curly bracket followed by a newline.
Configuration
Added environment variable
ENABLE_SANDBOXES
to make it possible to enable and disable sandbox repositories.
Other
When configuring SAML and OIDC for an organization, for users with the
ManageOrganizations
permission to enable/disable whether the IDP is Default and Humio managed.Added an option to make token hashing output in json format. See tokenhashing usage described at Hashed Root Access Token.
Bug Fixes
Functions
Other
Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.
Packages
Previously parsing packages was very strict, falling when detecting unsupported files. This is no longer the case, unsupported files will now be ignored and won't stop the package from installing.
Humio Server 1.53.0 Preview (2022-08-16)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.53.0 | Preview | 2022-08-16 | 2022-09-26 | 1.30.0 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Other
Add UI for enabling and disabling social logins on the identity providers page.
Reduced memory usage for queries that include
noResultUntilDone: true
in their inputs. This reduces memory usage in queries that do "export" of an aggregate result via the Query API, as well as the "inner" queries in joins, and queries from scheduled searches.When searching for queries using the
Query Monitor
in Cluster Administration you can now filter queries based on internal and external query IDs.
Bug Fixes
Dashboards and Widgets
The
button on the dashboard correctly applies the typed filter again.The Single Value color threshold list could get into a state where you could not type threshold values into the four text fields.
Fixed an issue where wordwrap did not work in the Inspect Panel.
Other
We have removed the
@host
field from thehumio-activity
logs and the#host
tag from thehumio-audit
log, as we can no longer provide meaningful values for these. The@host
field in thehumio-metrics
logs will remain, but its value will be changed to thevhost id
(an integer number).Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.
Humio Server 1.52.0 Preview (2022-08-09)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.52.0 | Preview | 2022-08-09 | 2022-09-26 | 1.30 | 11 | No | No |
Bug fixes and updates.
Improvements, new features and functionality
Falcon Data Replicator
The feature flag for FDR feeds has been removed. FDR feeds are now generally available.
Documentation
Fixed a broken link to the documentation for Message Templates and Variables when editing alerts and scheduled searches.
Automation and Alerts
A major change has been made to how alert queries are run in order to better reuse live queries when nodes are restarted in a Humio cluster. Find more details at Alerts.
GraphQL API
Deprecates the
defaultSharedTimeIsLive
input field on the updateDashboard GraphQL mutation, in favor ofupdateFrequency
.
Configuration
New dynamic configuration
MinimumHumioVersion
, default value is0.0.0
, that allows setting a minimum Humio version that this cluster will accept starting on. This allows protecting against inadvertently later rolling back too far for some other feature to be turned on, that has an implied minimum version for support of that feature.On cloud: added a configuration on dynamic identity providers to configure if users are allowed to be lazily created.
Functions
Improved warning message when using
groupBy()
withlimit=max
and the limit is exceeded.
Other
Permit the first character in the field name of a field being turned into a tag to be anything. If the first character does not match
[a-zA-Z]
then strip that from the resulting tag name. This does not alter the set of allowed names for tags, but allows the field names being turned into tags to have any character as the leading one, e.g. permitting examples such as&path
and*path
as field names to turn into the tag#path
.With the new implementation for running alerts, alerts will now start faster after a node has been restarted, making it easier for alerts with a small search interval to be able to alert on events during the downtime.
Added new system permission, PatchGlobal, enabling access to the global patch API.
In case view is not found we will try to fixup the cache on all cluster nodes.
Allow any root user and any user with the PatchGlobal permission to use the global patch API. Previously required using the server-local special bootstraps root token, that would be valid only on the local node, thus hard to use via a load balancer.
Added support for writing
H
in place of minutes in the cron schedule of scheduled searches — see Cron Schedule Templates for details.When saving a parser, validate that the fields designated as tag fields have names that are valid as tag field names. Since packages with invalid parsers cannot be installed, if you have an invalid parser in a package, you will need to edit it to keep being able to install it.
Bug Fixes
Falcon Data Replicator
Fixed a bug where a dropdown for choosing a parser was not visible in a dialog when creating a new FDR feed.
UI Changes
GraphQL API
Fixed an error when querying for actions in GraphQL on a deleted view.
Other
Fixes a bug where a placeholder would appear for the region selector on the login pages, even though it itself wouldn't be shown since it has no configured regions.
Humio Server 1.51.3 Stable (2022-12-21)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.51.3 | Stable | 2022-12-21 | 2023-12-21 | 1.30.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 905f743a0266a5a5263dab94b23bbbb5 |
SHA1 | e4e32ca0fe460e7d708418d8b42bf30939298706 |
SHA256 | d81ad776a869a90b199e405e51f71ba0861a5034045d0b17611564a689370af5 |
SHA512 | 78f53b9ed42816638064fe3dc03d86e1667f13a60b45a13e32d55428ca1ecdcf88966d536224a999d95583c61390141b0d14fcb9643db80329f8a839da570e41 |
Docker Image | SHA256 Checksum |
---|---|
humio | 3400bf4a1e7304b5e904406d3c0ef8baa7d3feeb4a25d8b5607fc8a7fbdb2c60 |
humio-core | 7604f6e444a43be68d510023e34e2ebda393c48516f29baafd561876a5fa3c72 |
kafka | 1528fc8436b88d07d81e232ac9631a49e8d86ebe1911bf80477911262a3fe6fe |
zookeeper | 55f5e094f8da5d9b4767b1b342b78dce32c67dc6e9112b049415dea79aa98444 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.3/server-1.51.3.tar.gz
Bug fixes and updates.
Improvements, new features and functionality
Security
The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.
Bug Fixes
Security
Update Netty to address CVE-2022-41915.
Other
Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when
version-for-bucket-writes=3
. The bug did not allow to decrypt files larger than 2GB.Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.
Humio Server 1.51.2 Stable (2022-10-05)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.51.2 | Stable | 2022-10-05 | 2023-10-05 | 1.30.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | e21bc8fda9250669b15d7d61521501f7 |
SHA1 | 50669930b6f27b097221b7e9a12cc9b061d70e52 |
SHA256 | aec3efe7a376ada047e813aad87cd68c43a8ea0de1cfb863190b77265b3f8d32 |
SHA512 | 1b9cec3f814d207bcc49ce9c43bcfcd139f7ddfaedd293c9a20fdfee2898aa0ff5fb5c82374eef2371e31753e331e15f8a6646a0e23b326885a1105fbd6081d4 |
Docker Image | SHA256 Checksum |
---|---|
humio | a63f552480e3e1ccaa22a095ff7b98efcbfc01d9e66fa7f1b40b45242226fc4en |
humio-core | af30f2076612b8e04a8c55172b3ff6cbd41d09b9be64b0267d9f8bd6d3b9efdc |
kafka | 723d25e8ba4bfb7247c4d39021155681aefab20f584c2d7db786941aa9d1522d |
zookeeper | 5878dbf9e32a0913da59d0b2e8dd13c5c7ba6043ba933a8b23d368f0d1241315 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.2/server-1.51.2.tar.gz
Bug fixes and updates.
Bug Fixes
Security
Update Scala to address CVE-2022-36944.
Dashboards and Widgets
Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.
Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.
Other
Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.
Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with
topOffset
attribute being-1
, andMiniSegmentMergeLatencyLoggerJob
logging that some segments are not being merged.
Humio Server 1.51.1 Stable (2022-08-29)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.51.1 | Stable | 2022-08-29 | 2023-08-29 | 1.30.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 6410ab777ec6d98066a3492f4a6b68af |
SHA1 | 2b55844a4c4d5d613f091a7a753977e6b51477f4 |
SHA256 | a8beb23cfa0b00aebbd4a4a95665deedcce868c0be1de5c5383601fd55ba60f9 |
SHA512 | c37d2ee75d3b7ac4259fd453c24fa8ada18de360837ba475cf552747ac1b0b07dfce618ced2708e51ee9d66c5ff1a36081bb57a2531922930c385846ac80d73c |
Docker Image | SHA256 Checksum |
---|---|
humio | 10c21dbc2eba33d4e401b0559ae0ecacfd1f80e9184b946164e674068380d286 |
humio-core | f232ce1b182b74bb534249fbf8eba1ab41544242353e1fe4d21f69a0e6a7c190 |
kafka | 98fe1b8f3c6caadb6efb6de3e5be3215e9987f235c1134ac0e14eb8705d1d2d8 |
zookeeper | 97c571a338e94b9ecaf66c6e9625c593dff68fe62c04c1b2a1ffd44bf10d39ba |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.1/server-1.51.1.tar.gz
Bug fix.
Bug Fixes
Dashboards and Widgets
The
button on the dashboard correctly applies the typed filter again.
Functions
Fixed a bug related to query result metadata for some functions when used as the last aggegate function in a query.
Fixed a recent bug which caused the category links from
groupBy()
-groups to be lost when a subsequentsort()
was used, and also made grouping-based charts (bar, pie, heat map) unusable in such cases.
Other
Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.
Fixed an issue for ephemeral disk based installs where segment files could stay longer on local disks than they were required to, in cases where some nodes listed in the cluster were not alive for extended periods of time.
Humio Server 1.51.0 Stable (2022-08-15)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.51.0 | Stable | 2022-08-15 | 2023-08-15 | 1.30.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | af0041ec27647291086073dc83628bc2 |
SHA1 | 210e924a2863c3b28d08659241c0a283482c12b8 |
SHA256 | fddcb2184d76d5cfefb2f6a02705f66764d8972fb2e664ef7115353344d05680 |
SHA512 | 2b230a836e18d13a282ea28be23130897876e6cbe0bfa30a71a3795a7704255cbdf1c19eadc094cd970e58e0234c540a6b469266765d736fc6435c0a01bbda1e |
Docker Image | SHA256 Checksum |
---|---|
humio | c5db5fac0b03adf9039c31ef4ba69c49356b230b01e0eab0b16c477768dd52af |
humio-core | 36dbe1d90534d2ca72bdadb4992397aa60d2315565ce7a3c7c272a48617cf759 |
kafka | 92de8c0d092fe5c04cc10e076a9bb183c8f3136b9813f3ae74b423ae090cb0d8 |
zookeeper | 85620182a8c5f91426e0d138ca21947975c99a16fbb00f9e7d0c0ca7a8e94d2a |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.0/server-1.51.0.tar.gz
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated
enabledFeatures
query. Use newfeatureFlags
query instead.The deprecated REST API for parsers has been removed.
The deprecated REST API for actions has been removed, except for the endpoint for testing an action.
Improvements, new features and functionality
Falcon Data Replicator
Added environment variable
FDR_USE_PROXY
which makes the fdr job use the proxy settings specified with:HTTP_PROXY_*
environment variables.FDR polling is now turned on by default. Whether FDR polling should be turned on or off on a node can be configured using the
ENABLE_FDR_POLLING_ON_NODE
configuration variable.If an S3 file is found to be incorrectly formatted during FDR ingest, it will not be ingested completely, but an attempt is made to ingest the remaining S3 files of the SQS message.
If an S3 file cannot be found during FDR ingest, it will not be ingested, but an attempt is made to ingest the remaining S3 files of the SQS message.
UI Changes
The Live checkbox is now no longer checked automatically when changing the value of the time window in the Time Selector. See Expanding the Time Frame for details.
Toggle switches anywhere in the UI are now tabbable and can be accessed using the keyboard.
When editing an email action in the UI and adding multiple recipients, it is now possible to add a space after the comma in the comma-separated list of recipients.
Field columns now support multiple formatting options. See Formatting Columns for details.
If Humio fails to start because the cluster is being upgraded, a dedicated message will show when launching the UI.
Improved keyboard accessibility for creating repositories and views.
In lists of users, with user avatars containing user initials, the current user would sometimes appear to have an opening parenthesis as their last initial.
The design of the Time Selector has been updated, and it now features an button on the dashboard page. See Time Interval Settings.
Add missing accessibility features to the login page.
The Save As... button is now always displayed on the Search page, see it described at Saving a Search.
New styling of errors on search and dashboard pages.
Adds an icon and a hint to a disabled side navigation menu item that tells the user the reason for it being disabled.
Documentation
All documentation links have been updated after the documentation site has been restructured. Please contact support, if you experience any broken links.
Automation and Alerts
Fixed a bug where an alert with name longer than 50 characters could not be edited.
GraphQL API
Improved error messaging of GraphQL queries and mutations for alerts, scheduled searches and actions in cases where a given repository or view cannot be found.
The GQL API mutation updateDashboard has been updated to take a new argument updateFrequency which can currently only be
NEVER
orREALTIME
, which correspond respectively to "dashboard where queries are never updated after first completion" and "dashboard where query results are updated indefinitely".Introduced new dynamic configuration
LiveQueryMemoryLimit
. It can be set using GraphQL. See Limits for details.Introduced new dynamic configuration
GroupMaxLimit
. It can be set using GraphQL. See Limits for details.Added a new dynamic configuration flag
QueryResultRowCountLimit
that globally limits how many results (events) a query can return. This flag can be set by administrators through GraphQL. See Limits for more details.Added a GraphQL mutation for testing an action. It is still in preview, but it will replace the equivalent REST endpoint soon.
Expose a new GraphQL type with feature flag descriptions and whether they are experimental.
Introduced new dynamic configuration
JoinRowLimit
. It can be set using GraphQL and can be used as an alternative to the environment variableMAX_JOIN_LIMIT
. If theJoinRowLimit
is set, then its value will be used instead ofMAX_JOIN_LIMIT
. If it is not set, thenMAX_JOIN_LIMIT
will be used.Introduced new dynamic configuration
QueryMemoryLimit
. It can be set using GraphQL. See alsoLiveQueryMemoryLimit
for live queries. For more details, see Limits.Added a new dynamic configuration
GroupDefaultLimit
. This can be done through GraphQL. See Limits for details. If you've changed the value ofMAX_STATE_LIMIT
, we recommend that you also changeGroupDefaultLimit
andGroupMaxLimit
to the same value for a seamless upgrade, seegroupBy()
for details.Introduced new dynamic configuration
StateRowLimit
. It can be set using GraphQL. See Limits for details.Added preview fields
isClusterBeingUpdated
andminimumNodeVersion
to the GraphQL Cluster object type.
Configuration
New file format for files uploaded to bucket storage that allows files larger than 2GB to be written to bucket storage. This may be turned on by setting the DynamicConfig BucketStorageWriteVersion to "3". When creating a new Humio clusters, the new format is the default. The new format is supported only on Humio version 1.41+.
Default value of configuration variable
S3_ARCHIVING_WORKERCOUNT
raised from1
to(vCPU/4)
.Change default value for configuration
AUTOSHARDING_MAX
from 16 to 128.Detect need for higher autoshard count by monitoring ingest request flow in the cluster. Dynamically increase the number of autoshards for each datasource to keep flow on each resulting shard below approximately 2MB/s. New DynamicConfig for this that sets the target maximum rate of ingest for each shard of a datasource:
TargetMaxRateForDatasource
. Default value is 2000000 (2 MB).Added a new environment variable
GLOB_MATCH_LIMIT
which sets the maximum number of rows for csv_file inmatch(..., file=csv_file, glob=true)
function. PreviouslyMAX_STATE_SIZE
was used to determine this limit. The default value of this variable is 20000. If you've changed the value ofMAX_STATE_SIZE
, we recommend that you also changeGLOB_MATCH_LIMIT
to the same value for a seamless upgrade.Add environment variable
EULA_URL
to specificy url for terms and conditions.Support for KMS on S3 bucket for Bucket Storage. Specify full ARN of the key. The
key_id
is persisted in the internalBucketEntity
so that a later change of the ID of the key to use for uploads will make Humio still refer the old keyID when downloading files uploaded using the previous key. Setting a new value for the target key results in a fresh internal bucket entity to track which files used kms and which did not. For simplicity it is recommended to not mix KMS and non-KMS configurations on the same S3 bucket.New configuration variable
S3_STORAGE_KMS_KEY_ARN
that specifies the KMS key to use.New configuration variable
S3_STORAGE_2_KMS_KEY_ARN
for 2nd bucket key.New configuration variable
S3_RECOVER_FROM_KMS_KEY_ARN
for recovery bucket key.
New configurations
BUCKET_STORAGE_SSE_COMPATIBLE
that makes bucket storage not verify checksums of raw objects after uploading to an S3. This option is turned on automatically is KMS is enabled (seeS3_STORAGE_KMS_KEY_ARN
) but is available directly here for use with other S3 compatible providers where verfying even content length does not work.Mini segments usually get merged if their event timestamps span more than
MAX_HOURS_SEGMENT_OPEN
. Mini segments created as part of backfilling did not follow this rule, but will now get merged if their ingest timestamps span more thanMAX_HOURS_SEGMENT_OPEN
.Added a link to humio-activity repository for debugging IDP configurations to the page for setting up the same.
Adds a new metric for measuring the merge latency, which is defined as the latency between the last minisegment being written in a sequence with the same merge target, and those minisegments being merged. The metric name is
segment-merge-latency-ms
.Bucket storage now has support for a new format for the keys (file names) for the files placed in the bucket. When the new format is applied, listing of files only happens for the prefixes "tmp/" and "globalsnapshots/". This help products such a "HCP". The new format is applied only to buckets created after the DynamicConfig
BucketStorageKeySchemeVersion
has been set to "2". Existing cluster can start using the new format for new files by setting the DynamicConfig. The change will take effect after restarting the cluster. When creating a new Humio clusters, the new format is the default. The new format is supported only on Humio version 1.41+.Improve the error message if Humio is configured to use bucket storage, but the credentials for the bucket are not configured.
Adds a new logger job that logs the age of an unmerged miniSegment if the age exceeds the threshold set by the env variable
MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING
. The default value ofMINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING
is 2 xMAX_HOURS_SEGMENT_OPEN
.MAX_HOURS_SEGMENT_OPEN
defaults to 24 hours. The error log produced looks like:Oldest unmerged miniSegment is older than the threshold thresholdMs={value} miniSegmentAgeMs={value} segment={value}
.
Dashboards and Widgets
Introducing the
Heatmap
widget that visualizes aggregated data as a colorised grid.Added empty states for all widget types that will be rendered when there are no results.
The widget legend column width is now based on the custom series title (if specified) instead of the original series name.
Single Value
widget new configuration: deprecated fielduse-colorised-thresholds
in favor ofcolor-method
.Single Value
widget Editor: the configuration optionEnable Thresholds
is being replaced by an option calledMethod
under the Colors section.Sorting of
Pie Chart
widget categories, descending by value. Categories grouped asOthers
will always be last.When importing existing dashboard with a static Shared time, recent changes in the time selection would make those dashboards live.
Note
widget:Default background color is now
Auto
.Introduced the text color configuration option.
Applied stylistic changes for the Inspect Panel used in Widget Editor.
The
Normalize
option for theWorld Map
widget has been replaced by a third magnitude mode namedNone
, which results in fixed size and opacity for all marks.Dashboards can now be configured to not update after the initial search has completed. This mode is mainly meant to be used when a dashboard is interactive and not for wall-mounted monitors that should update continually. The feature can be accessed from the Dashboard properties panel when a dashboard is put in edit-mode. See Working in Edit Mode.
Single Value
widget:Missing buckets are now shown as gaps on the sparkline.
Isolated data points are now visualised as dots on the sparkline.
The
Pie Chart
widget now uses the first column for the series as a fall back option.Table
widgets will now break lines for newline characters in columns.The Dashboard page now displays the current cluster status.
Pie Chart
widget now uses the first column for the series as a fall back option.Bar Chart
widget:The Y-axis can now start at smaller values than 1 for logarithmic scales, when the data contain small enough values.
It now has an
Auto
setting for the Input Data Format property, see Wide or Long Input Format for details.Now works with bucket query results.
Better handling of dashboard connections issues during restarts and upgrades.
Log Collector
The Log Collector download page has been enabled for on-prem deployments.
Functions
The
groupBy()
function now acceptsmax
as value for thelimit
parameter, which sets the limit to the largest allowed value (as configured by the dynamic configurationGroupMaxLimit
).Added validation to the
field
andkey
parameters of thejoin()
function, so empty lists will be rejected with a meaningful error message.Added validation to the
field
parameter of thekvParse()
function, so empty lists will be rejected with a meaningful error message.Improved the phrasing of the warning shown when
groupBy()
exceeds the max or default limit.
Other
Adds a new metric for the temp disk usage. The metric name is
temp-disk-usage-bytes
and denotes how many bytes are used.Humio now logs digest partition assignments regularly. The logs can be found using the query
class=*DigestLeadershipLoggerJob*
.Added a new action type that creates a CSV file from the query result and uploads it to Humio to be used with the
match()
query function. See Upload File.Added a log of the approximate query result size before transmission to the frontend, captured by the
approximateResultBeforeSerialization
key.All feature flags now contains a textual description about what features are hidden behind the flag.
Added detection and handling of all queries being blocked during Humio upgrades.
Fixed an issue where query auto-completion sometimes wouldn't show the documentation for the suggested functions.
Fix a bug that could cause Humio to spuriously log errors warning about segments not being merged for datasources doing backfilling.
Adds a logger job for cluster management stats it log the stats every 2 minutes, which makes them searchable in Humio.
The logs belong to the class
c.h.c.ClusterManagementStatsLoggerJob
, logs for all segments containsglobalSegmentStats
log about singular segments starts withsegmentStats
.Added a log line for when a query exceeds its allotted memory quota.
All users will not have access to the audit log or search all view by default anymore. Access can be granted with permissions.
Java in the docker images no longer has the
cap_net_bind_service
capability and thus Humio cannot bind directly to privileged ports when running as a non-root user.Bump the version of the Monaco code editor.
The referrer meta tag for Humio has been changed from no-referrer to same-origin.
When unregistering a node from a cluster, return a validation error if it is still alive. Hosts should be shut down before attempting to remove them from the cluster. This validation can be skipped using the same
accept-data-loss
parameter that also disables other validations for the unregistration endpoint.Include the requester in logs from QuerySessions when a live query is restarted or cancelled.
The audit log system repository on Cloud has been replaced with a view, so that dashboards etc. can be created on top of audit log data.
Fix a bug causing Humio's digest coordinator to allow nodes to take over digest without catching up to the current leader. This could cause the new leader to replay more data from Kafka than necessary.
Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.
Add warning when a multitenancy user is changing data retention on an unlimited repository.
Streaming queries that fail to validate now return a message of why validation failed.
Fix an unhandled IO exception from
TempDirUsageJob
. The consequence of the uncaught exception was only noise in the error log.Improved performance of NDJSON format in S3 Archiving.
Add flag whether a feature is experimental.
Remove remains of default groups and roles. The concept was replaced with UserRoles.
Make a number of improvements to the digest partition coordinator. The coordinator now tries harder to avoid assigning digest to nodes that are not caught up on fetching segments from the other nodes. It also does a better job unassigning digest from dead nodes in edge cases.
Make
BucketStorageUploadJob
only log at info level rather than error if a segment upload fails because the segment has been removed from the host. This can happen if node X tries to upload a segment, but node Y beats it to the punch. Node X may then choose to remove its copy before the upload completes.Added a log message with the maximum state size seen by the live part of live queries.
Bug Fixes
Security
Update Netty to address CVE-2022-24823.
Bump javax.el to address CVE-2021-28170.
Falcon Data Replicator
FDR Ingest will no longer fail on events that are larger than the maximum allowed event size. Instead, such messages will be truncated.
UI Changes
Prevent the UI showing errors for smaller connection issues while restarting.
Intermediate network issues are not reported immediately as an error in the UI.
Fixed a bug where the "=" and "/=" buttons did not appear on cells in the event list where they should.
When viewing the events behind e.g. a Time Chart, the events will now only display with the
@timestamp
and@rawstring
columns.Fix the dropdown menus closing too early on the home page.
Cloud: Updated the layout for license key page.
Fixed an issue where some warnings would show twice.
Websocket connections are now kept open when transitioning pages, and are used more efficiently for syntax highlighting.
GraphQL API
Fix the
assets
GraphQL query in organizations with views that are not 1-to-1 linked.
Configuration
Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.
Index in block needs reading from blockwriter before adding each item.
Fixed a bug where the @id field of events in live query were off by one.
Fixed a bug that could result in merging small ("undersized") segments even if the resulting segment would then have a wider than desired time span. The goal it to not produce segments that span more than the 10% of the retention setting for time for the repository. If no time-based retention is configured on the repository, then 3 times the value of configuration variable
MAX_HOURS_SEGMENT_OPEN
is applied as limit. For default settings, that results in 72 hours.Fixed an issue where event forwarding still showed as beta.
Dashboards and Widgets
The theme toggle on a shared dashboard was moved to the header panel and no longer overlaps with any widgets.
The
Time Chart
widget regression line is no longer affected by the interpolation setting.
Functions
Fixed a bug where
ioc:lookup()
would sometimes give incorrect results when negated.Revised some of the error messages and warnings regarding
join()
andselfJoin()
.Fixed a bug where using
eval
as an argument to a function would result in a confusing error message.Fixed a bug where the
writeJson()
function would write any field starting with a case-insensitiveinf
orinfinity
prefix as a null value in the resulting JSON.
Other
Fix an issue causing the event forwarding feature to incorrectly reject topic names that contained a dash
(-)
.Fix response entities not being discarded in error cases for the
proxyqueryjobs
endpoint, which could cause warnings in the log.Fixed an issue where query auto-completion would sometimes delete existing parentheses.
Fix type in
Unregisters node
text on cluster admin UI.Fix performance issue for users with access to many views.
Some errors messages wrongly pointed to the beginning of the query.
Fixed an issue where event forwarder properties were not properly validated.
Reduced the timeout used when testing event forwarders in order to get a better error when timeouts happen.
Fix an issue causing Humio to create a large number of temporary directories in the data directory.
Bump woodstox to address SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754.
Make streaming queries search segments newest-to-oldest rather than oldest-to-newest. Streaming queries do not ensure the order of exported events anyway, and searching newest-to-oldest is more efficient.
Fixed an issue where strings like
Nana
andInformation
could be interpreted asNaN
(not-a-number) andinfinity
, respectively.Humio will now clean up its tmp directories by deleting all "humiotmp" directories in the data directory when terminating gracefully.
Fix a regression in the launcher script causing
JVM_LOG_DIR
to not be evaluated relative to the Humio base install path. All paths in the launcher script should now be relative to the base install path, which is the directory containing the bin folder.Fix a bug that could cause merge targets to be cached indefinitely if the associated minis had their mergeTarget unset. The effect was a minor memory leak.
Fix a bug that could cause Humio to attempt to merge minisegments from one datasource into a segment in another datasource, causing an error to be thrown.
When configuring thread priorities, Humio will no longer attempt to call the native setpriority function. It will instead only call the Java API for setting thread priority.
Improve file path handling in DiskSpaceJob to eliminate edge cases where the job might not have been able to tell if a file was on primary or secondary storage.
Centralise decision for names of files in bucket, allow more than one variant.
Improved hover messages for strings.
Fix a bug where changing a role for a user under a repository would trigger infinite network requests.
Fix an issue that could rarely cause exceptions to be thrown from
Segments.originalBytesWritten
, causing noise in the log.Fix a bug causing digesters to continue digesting even if the local disk is full. The digester will now pause digesting and error log if this occurs.
Fixed a bug where multiline comments weren't always highlighted correctly.
Fixes the placement of a confirmation dialog when attempting to change retention.
Update
org.json:json
to address a vulnerability that could cause stack overflows.Upgrade Kafka to 3.2.0 in the docker images, and in the Humio dependencies.
Fix a bug that could cause a
NumberFormatException
to be thrown fromZookeeperStatsClient
.Fixed an issue where JSON parsing on ingest and in the query language was inefficient for large JSON objects.
If a segment is deleted or otherwise disappears from global while Humio is attempting to upload it to bucket storage, the upload will now be dropped with an info-level log, rather than requeued with an error log.
Humio Server 1.50.0 Preview (2022-08-02)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.50.0 | Preview | 2022-08-02 | 2022-08-15 | 1.30.0 | 11 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Improvements, new features and functionality
UI Changes
When editing an email action in the UI and adding multiple recipients, it is now possible to add a space after the comma in the comma-separated list of recipients.
The design of the Time Selector has been updated, and it now features an button on the dashboard page. See Time Interval Settings.
Adds an icon and a hint to a disabled side navigation menu item that tells the user the reason for it being disabled.
Documentation
All documentation links have been updated after the documentation site has been restructured. Please contact support, if you experience any broken links.
GraphQL API
The GQL API mutation updateDashboard has been updated to take a new argument updateFrequency which can currently only be
NEVER
orREALTIME
, which correspond respectively to "dashboard where queries are never updated after first completion" and "dashboard where query results are updated indefinitely".
Dashboards and Widgets
Dashboards can now be configured to not update after the initial search has completed. This mode is mainly meant to be used when a dashboard is interactive and not for wall-mounted monitors that should update continually. The feature can be accessed from the Dashboard properties panel when a dashboard is put in edit-mode. See Working in Edit Mode.
Functions
Added validation to the
field
parameter of thetop()
function, so empty lists will be rejected with a meaningful error message.Added validation to the
field
andkey
parameters of thejoin()
function, so empty lists will be rejected with a meaningful error message.Added validation to the
field
parameter of thekvParse()
function, so empty lists will be rejected with a meaningful error message.Improved the phrasing of the warning shown when
groupBy()
exceeds the max or default limit.
Other
Humio now logs digest partition assignments regularly. The logs can be found using the query
class=*DigestLeadershipLoggerJob*
.Added a new action type that creates a CSV file from the query result and uploads it to Humio to be used with the
match()
query function. See Upload File.Fixed an issue where query auto-completion sometimes wouldn't show the documentation for the suggested functions.
Streaming queries that fail to validate now return a message of why validation failed.
Bug Fixes
GraphQL API
Fix the
assets
GraphQL query in organizations with views that are not 1-to-1 linked.
Configuration
Fixed an issue where validation of
+/- Infinity
as integer arguments would crash.Fixed an issue where event forwarding still showed as beta.
Functions
Fixed an issue where
join()
would not produce the correct results whenmode=left
was set.
Other
Fixed an issue where query auto-completion would sometimes delete existing parentheses.
Fix performance issue for users with access to many views.
Fix an issue causing Humio to create a large number of temporary directories in the data directory.
Fix an issue that could rarely cause exceptions to be thrown from
Segments.originalBytesWritten
, causing noise in the log.Fixed an issue where JSON parsing on ingest and in the query language was inefficient for large JSON objects.
Humio Server 1.49.1 Preview (2022-07-26)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.49.1 | Preview | 2022-07-26 | 2022-08-15 | 1.30.0 | 11 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Deprecation
Items that have been deprecated and may be removed in a future release.
The deprecated REST API for parsers has been removed.
Improvements, new features and functionality
UI Changes
The Save As... button is now always displayed on the Search page, see it described at Saving a Search.
Automation and Alerts
Fixed a bug where an alert with name longer than 50 characters could not be edited.
Functions
The
groupBy()
function now acceptsmax
as value for thelimit
parameter, which sets the limit to the largest allowed value (as configured by the dynamic configurationGroupMaxLimit
).
Other
Java in the docker images no longer has the
cap_net_bind_service
capability and thus Humio cannot bind directly to privileged ports when running as a non-root user.Fix an unhandled IO exception from
TempDirUsageJob
. The consequence of the uncaught exception was only noise in the error log.Parser installation will now be ignored when installing a package into a system repository.
Make
BucketStorageUploadJob
only log at info level rather than error if a segment upload fails because the segment has been removed from the host. This can happen if node X tries to upload a segment, but node Y beats it to the punch. Node X may then choose to remove its copy before the upload completes.
Bug Fixes
UI Changes
Fixed an issue where some warnings would show twice.
Functions
Revised some of the error messages and warnings regarding
join()
andselfJoin()
.
Other
Fixed an issue where strings like
Nana
andInformation
could be interpreted asNaN
(not-a-number) andinfinity
, respectively.Fix a bug that could cause a
NumberFormatException
to be thrown fromZookeeperStatsClient
.
Humio Server 1.49.0 Not Released (2022-07-26)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.49.0 | Not Released | 2022-07-26 | 2022-08-15 | 1.30.0 | 11 | No | No |
Not released.
Humio Server 1.48.1 Preview (2022-07-19)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.48.1 | Preview | 2022-07-19 | 2022-08-15 | 1.30.0 | 11 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated
enabledFeatures
query. Use newfeatureFlags
query instead.Remove the following feature flags and their usage:
EnterpriseLogin
,OidcDynamicIdpProviders
,UsagePage
,RequestToActivity
,CommunityNewDemoData
.
Improvements, new features and functionality
UI Changes
The Live checkbox is now no longer checked automatically when changing the value of the time window in the Time Selector. See Expanding the Time Frame for details.
Updated styling on the log in pages.
Add missing accessibility features to the login page.
GraphQL API
Expose a new GraphQL type with feature flag descriptions and whether they are experimental.
Other
All feature flags now contains a textual description about what features are hidden behind the flag.
Added detection and handling of all queries being blocked during Humio upgrades.
Include the requester in logs from QuerySessions when a live query is restarted or cancelled.
Add flag whether a feature is experimental.
Bug Fixes
UI Changes
When viewing the events behind e.g. a Time Chart, the events will now only display with the
@timestamp
and@rawstring
columns.
Dashboards and Widgets
The theme toggle on a shared dashboard was moved to the header panel and no longer overlaps with any widgets.
Other
Fix response entities not being discarded in error cases for the
proxyqueryjobs
endpoint, which could cause warnings in the log.Fixes the placement of a confirmation dialog when attempting to change retention.
Humio Server 1.48.0 Not Released (2022-07-19)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.48.0 | Not Released | 2022-07-19 | 2022-08-15 | 1.30.0 | 11 | No | No |
Not released.
Humio Server 1.47.1 Preview (2022-07-12)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.47.1 | Preview | 2022-07-12 | 2022-08-15 | 1.30.0 | 11 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Improvements, new features and functionality
Falcon Data Replicator
FDR polling is now turned on by default. Whether FDR polling should be turned on or off on a node can be configured using the
ENABLE_FDR_POLLING_ON_NODE
configuration variable.
UI Changes
If Humio fails to start because the cluster is being upgraded, a dedicated message will show when launching the UI.
GraphQL API
Introduced new dynamic configuration
LiveQueryMemoryLimit
. It can be set using GraphQL. See Limits for details.Introduced new dynamic configuration
GroupMaxLimit
. It can be set using GraphQL. See Limits for details.Added a new dynamic configuration flag
QueryResultRowCountLimit
that globally limits how many results (events) a query can return. This flag can be set by administrators through GraphQL. See Limits for more details.Introduced new dynamic configuration
JoinRowLimit
. It can be set using GraphQL and can be used as an alternative to the environment variableMAX_JOIN_LIMIT
. If theJoinRowLimit
is set, then its value will be used instead ofMAX_JOIN_LIMIT
. If it is not set, thenMAX_JOIN_LIMIT
will be used.Introduced new dynamic configuration
QueryMemoryLimit
. It can be set using GraphQL. See alsoLiveQueryMemoryLimit
for live queries. For more details, see Limits.Added a new dynamic configuration
GroupDefaultLimit
. This can be done through GraphQL. See Limits for details. If you've changed the value ofMAX_STATE_LIMIT
, we recommend that you also changeGroupDefaultLimit
andGroupMaxLimit
to the same value for a seamless upgrade, seegroupBy()
for details.Introduced new dynamic configuration
StateRowLimit
. It can be set using GraphQL. See Limits for details.Added preview fields
isClusterBeingUpdated
andminimumNodeVersion
to the GraphQL Cluster object type.
Configuration
Support for KMS on S3 bucket for Bucket Storage. Specify full ARN of the key. The
key_id
is persisted in the internalBucketEntity
so that a later change of the ID of the key to use for uploads will make Humio still refer the old keyID when downloading files uploaded using the previous key. Setting a new value for the target key results in a fresh internal bucket entity to track which files used kms and which did not. For simplicity it is recommended to not mix KMS and non-KMS configurations on the same S3 bucket.New configuration variable
S3_STORAGE_KMS_KEY_ARN
that specifies the KMS key to use.New configuration variable
S3_STORAGE_2_KMS_KEY_ARN
for 2nd bucket key.New configuration variable
S3_RECOVER_FROM_KMS_KEY_ARN
for recovery bucket key.
New configurations
BUCKET_STORAGE_SSE_COMPATIBLE
that makes bucket storage not verify checksums of raw objects after uploading to an S3. This option is turned on automatically is KMS is enabled (seeS3_STORAGE_KMS_KEY_ARN
) but is available directly here for use with other S3 compatible providers where verfying even content length does not work.Mini segments usually get merged if their event timestamps span more than
MAX_HOURS_SEGMENT_OPEN
. Mini segments created as part of backfilling did not follow this rule, but will now get merged if their ingest timestamps span more thanMAX_HOURS_SEGMENT_OPEN
.
Dashboards and Widgets
Applied stylistic changes for the Inspect Panel used in Widget Editor.
Table
widgets will now break lines for newline characters in columns.
Other
Fix a bug that could cause Humio to spuriously log errors warning about segments not being merged for datasources doing backfilling.
Improved performance of validation of keys in tags.
All users will not have access to the audit log or search all view by default anymore. Access can be granted with permissions.
The referrer meta tag for Humio has been changed from no-referrer to same-origin.
The audit log system repository on Cloud has been replaced with a view, so that dashboards etc. can be created on top of audit log data.
Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.
Bug Fixes
Functions
Fixed a bug where using
eval
as an argument to a function would result in a confusing error message.
Other
Fix type in
Unregisters node
text on cluster admin UI.
Humio Server 1.47.0 Not Released (2022-07-12)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.47.0 | Not Released | 2022-07-12 | 2022-08-15 | 1.30.0 | 11 | No | No |
Not released.
Humio Server 1.46.0 Preview (2022-07-05)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.46.0 | Preview | 2022-07-05 | 2022-08-15 | 1.30.0 | 11 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Improvements, new features and functionality
UI Changes
In lists of users, with user avatars containing user initials, the current user would sometimes appear to have an opening parenthesis as their last initial.
New styling of errors on search and dashboard pages.
GraphQL API
Improved error messaging of GraphQL queries and mutations for alerts, scheduled searches and actions in cases where a given repository or view cannot be found.
Dashboards and Widgets
Introducing the
Heatmap
widget that visualizes aggregated data as a colorised grid.Added empty states for all widget types that will be rendered when there are no results.
The widget legend column width is now based on the custom series title (if specified) instead of the original series name.
Sorting of
Pie Chart
widget categories, descending by value. Categories grouped asOthers
will always be last.Better handling of dashboard connections issues during restarts and upgrades.
Other
When unregistering a node from a cluster, return a validation error if it is still alive. Hosts should be shut down before attempting to remove them from the cluster. This validation can be skipped using the same
accept-data-loss
parameter that also disables other validations for the unregistration endpoint.Fix a bug causing Humio's digest coordinator to allow nodes to take over digest without catching up to the current leader. This could cause the new leader to replay more data from Kafka than necessary.
Remove remains of default groups and roles. The concept was replaced with UserRoles.
Make a number of improvements to the digest partition coordinator. The coordinator now tries harder to avoid assigning digest to nodes that are not caught up on fetching segments from the other nodes. It also does a better job unassigning digest from dead nodes in edge cases.
Bug Fixes
Falcon Data Replicator
FDR Ingest will no longer fail on events that are larger than the maximum allowed event size. Instead, such messages will be truncated.
UI Changes
Intermediate network issues are not reported immediately as an error in the UI.
Configuration
Fixed a bug that could result in merging small ("undersized") segments even if the resulting segment would then have a wider than desired time span. The goal it to not produce segments that span more than the 10% of the retention setting for time for the repository. If no time-based retention is configured on the repository, then 3 times the value of configuration variable
MAX_HOURS_SEGMENT_OPEN
is applied as limit. For default settings, that results in 72 hours.
Functions
Fixed a bug where the
writeJson()
function would write any field starting with a case-insensitiveinf
orinfinity
prefix as a null value in the resulting JSON.
Other
Upgrade Kafka to 3.2.0 in the docker images, and in the Humio dependencies.
Humio Server 1.45.0 Preview (2022-06-28)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.45.0 | Preview | 2022-06-28 | 2022-08-15 | 1.30.0 | 11 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Improvements, new features and functionality
Configuration
Adds a new metric for measuring the merge latency, which is defined as the latency between the last minisegment being written in a sequence with the same merge target, and those minisegments being merged. The metric name is
segment-merge-latency-ms
.Adds a new logger job that logs the age of an unmerged miniSegment if the age exceeds the threshold set by the env variable
MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING
. The default value ofMINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING
is 2 xMAX_HOURS_SEGMENT_OPEN
.MAX_HOURS_SEGMENT_OPEN
defaults to 24 hours. The error log produced looks like:Oldest unmerged miniSegment is older than the threshold thresholdMs={value} miniSegmentAgeMs={value} segment={value}
.
Dashboards and Widgets
Other
Bump the version of the Monaco code editor.
Added a log message with the maximum state size seen by the live part of live queries.
Bug Fixes
UI Changes
Fix the dropdown menus closing too early on the home page.
Websocket connections are now kept open when transitioning pages, and are used more efficiently for syntax highlighting.
Dashboards and Widgets
The
Time Chart
widget regression line is no longer affected by the interpolation setting.
Other
Some errors messages wrongly pointed to the beginning of the query.
Bump woodstox to address SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754.
Make streaming queries search segments newest-to-oldest rather than oldest-to-newest. Streaming queries do not ensure the order of exported events anyway, and searching newest-to-oldest is more efficient.
Fix a bug causing digesters to continue digesting even if the local disk is full. The digester will now pause digesting and error log if this occurs.
Humio Server 1.44.0 Preview (2022-06-21)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.44.0 | Preview | 2022-06-21 | 2022-08-15 | 1.30.0 | 11 | No | No |
Bug fixes and an updated dependency, released to cloud only.
Deprecation
Items that have been deprecated and may be removed in a future release.
The deprecated REST API for actions has been removed, except for the endpoint for testing an action.
Improvements, new features and functionality
UI Changes
Toggle switches anywhere in the UI are now tabbable and can be accessed using the keyboard.
Improved keyboard accessibility for creating repositories and views.
GraphQL API
Introduced new dynamic configuration flags
query-memory-limit
. It can be set using GraphQL. The flag replaces the environment variableMAX_MEMORY_FOR_REDUCE
, so if you have changed the value ofMAX_MEMORY_FOR_REDUCE
, please usequery-memory-limit
now instead. See Limits for more details.Introduced new dynamic configuration flag
state-row-limit
. It can be set using GraphQL. The flag can be used as an alternative to the environment variableMAX_STATE_LIMIT
. Ifstate-row-limit
is set, then its value will be used instead ofMAX_STATE_LIMIT
. If it is not set, thenMAX_STATE_LIMIT
will be used.Introduced new dynamic configuration flag
join-row-limit
. It can be set using GraphQL. The flag can be used as an alternative to the environment variableMAX_JOIN_LIMIT
. If thejoin-row-limit
flag is set, then its value will be used instead ofMAX_JOIN_LIMIT
. If it is not set, thenMAX_JOIN_LIMIT
will be used.
Configuration
Default value of configuration variable
S3_ARCHIVING_WORKERCOUNT
raised from1
to(vCPU/4)
.Added a new environment variable
GROUPBY_DEFAULT_LIMIT
which sets the default value for thelimit
parameter ofgroupBy()
. SeegroupBy()
documentation for details.Added a link to humio-activity repository for debugging IDP configurations to the page for setting up the same.
Dashboards and Widgets
The
Normalize
option for theWorld Map
widget has been replaced by a third magnitude mode namedNone
, which results in fixed size and opacity for all marks.Single Value
widget:Missing buckets are now shown as gaps on the sparkline.
Isolated data points are now visualised as dots on the sparkline.
The dashboards page now displays the current cluster status.
Bar Chart
widget:The Y-axis can now start at smaller values than 1 for logarithmic scales, when the data contain small enough values.
It now has an
Auto
setting for the Input Data Format property, see Wide or Long Input Format for details.Now works with bucket query results.
Log Collector
The Log Collector download page has been enabled for on-prem deployments.
Other
Adds a new metric for the temp disk usage. The metric name is
temp-disk-usage-bytes
and denotes how many bytes are used.Added a log of the approximate query result size before transmission to the frontend, captured by the
approximateResultBeforeSerialization
key.Adds a logger job for cluster management stats it log the stats every 2 minutes, which makes them searchable in Humio.
The logs belong to the class
c.h.c.ClusterManagementStatsLoggerJob
, logs for all segments containsglobalSegmentStats
log about singular segments starts withsegmentStats
.Add warning when a multitenancy user is changing data retention on an unlimited repository.
Improved performance of NDJSON format in S3 Archiving.
Bug Fixes
Security
Update Netty to address CVE-2022-24823.
Bump javax.el to address CVE-2021-28170.
Other
Fix an issue causing the event forwarding feature to incorrectly reject topic names that contained a dash
(-)
.Improve file path handling in DiskSpaceJob to eliminate edge cases where the job might not have been able to tell if a file was on primary or secondary storage.
Fix a bug where changing a role for a user under a repository would trigger infinite network requests.
Fixed a bug where multiline comments weren't always highlighted correctly.
Update
org.json:json
to address a vulnerability that could cause stack overflows.If a segment is deleted or otherwise disappears from global while Humio is attempting to upload it to bucket storage, the upload will now be dropped with an info-level log, rather than requeued with an error log.
Humio Server 1.42.2 Stable (2022-10-05)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.42.2 | Stable | 2022-10-05 | 2023-10-05 | 1.30.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | c129f5c1d5d5cf469abdfd604267b6d6 |
SHA1 | 737393d0e02fc6a3e5599a20d3b7f640d0ce3347 |
SHA256 | e283e268d4d268a21f0e7fe2f6ff08582a96cb6d37dd28b020670eb3600a8e86 |
SHA512 | 6cc3f4ad41b46d71ff67db7a4720e1a027583938ec1158b1fa45de8943030caf70e4b7b50dea9c42c92b3bb6d9ab335783a9b5f12dd9b79e240e4eadceac17ba |
Docker Image | SHA256 Checksum |
---|---|
humio | 4a5399bb43705c9e2f95d745fd87766552d9f1ef74d459feb3e10244b958d37e |
humio-core | 070dff4cd2a472994ad4999d36b98c1592fb6be703c9f2ae590f278dc47339e4 |
kafka | a5447202b222b70d6569e03668056e6059621894d3287f6d92f0e4ecbfb50a34 |
zookeeper | 6487f4600d004f1ea797a86bef307781ac8840b438c28c8405ffdfd334205f99 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.2/server-1.42.2.tar.gz
Bug fixes and updates.
Bug Fixes
Security
Update Scala to address CVE-2022-36944.
Other
Fix performance issue for users with access to many views.
Humio Server 1.42.1 Stable (2022-07-18)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.42.1 | Stable | 2022-07-18 | 2023-07-18 | 1.30.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 0d84ae2bac065c74f033b3f510812cf6 |
SHA1 | aa21f410e29c6189b56526c42d4414398544f3e3 |
SHA256 | 6b59d546a2f271d499b857b290f6c283b90282a5d9a213bc037652367f258c4d |
SHA512 | 688242a795f9526828841faabc34e59e048439a1c748842d0a0fdf8eb8dffa99ce2f5281fa1c067dbbbac3db0494af006f46d3917de4f85c73372d536a102d97 |
Docker Image | SHA256 Checksum |
---|---|
humio | d83d0ea9247637ce91d2b84123659858624fe329583e1c6fe6900bd4eaa4acae |
humio-core | 14ec97ed7bf950b0e0669627babebfb3e5ca67b38cc40d116254567ee4e9199d |
kafka | e9a4ee28381265a1b80071257996003a9bea0e29234a6394477d8859cb546e68 |
zookeeper | b377e734d662fe80b4dbc6b355965694464e437a2e0855272b9652ac9225b050 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.1/server-1.42.1.tar.gz
Bug fixes and an updated dependency.
Improvements, new features and functionality
UI Changes
The Search page.
button is now always displayed on the
Bug Fixes
Other
Updated dependencies to woodstox to fix a vulnerability.
Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.
Humio Server 1.42.0 Stable (2022-06-17)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.42.0 | Stable | 2022-06-17 | 2023-06-17 | 1.30.0 | 11 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 6f0306d98c1f4931a083fe9211841ea1 |
SHA1 | afee8f0c7c705b0c6b54c5a3321cf7ed6bbfc6f2 |
SHA256 | 0167bd6ae46368db74434133b9881380fd6c389c9ea35ac5612d9a643366d3ac |
SHA512 | e66acd012641e19d6c8c7613a56302c66138902912eb3aaa2157fef4199b6e77b20367be49bd90f2b430573b6317bd7214600436edfaf52cbffc108c0c414fd6 |
Docker Image | SHA256 Checksum |
---|---|
humio | 37cb34cccd8e0b749308f96bc49cd67c92ca6af537e5c01cec0ecf4d26d2712f |
humio-core | 958fc373d5cf0da75861981cbf6fb3cead3c41388480d72b4bb7ad85734bc0cd |
kafka | aea9942f9b789b058984dc348fa91657c8be210ad9d6f85ed8e0fdd6f09e408d |
zookeeper | d52cd8f48f55cf09db7426a746b536face085b8b919ed1cdc1ce57f7e74d450e |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.0/server-1.42.0.tar.gz
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The Feature Flag, CookieAuthServerSide, has been deprecated as cookie authentication is now enabled by default. Instead, the configuration field
ENABLE_BEARER_TOKEN_AUTHORIZATION
has been introduced.The local disk based backup feature described at Making Back-Ups is deprecated, and is planned for removal in September 2022. We have found that restoring backups using this feature is difficult in practice, it is not commonly used, and the backup/restore functionality is covered by the bucket storage feature as well. For these reasons, we are deprecating this feature in favour of bucket storage.
The
DELETE_BACKUP_AFTER_MILLIS
configuration parameter, which controls the delay between data being deleted in Humio and removed from backup, will be retained, since it controls a similar delay for bucket storage. Customers using local disk based backups should migrate to using bucket storage instead. Systems not wishing to use a cloud bucket storage solution can keep backup support by instead installing an on-prem S3- or GCS-compatible solution, such as MinIO.
Improvements, new features and functionality
Falcon Data Replicator
Added the
fdr-invisible-message-count
metric, which contains the approximate number of invisible messages on an FDR feed's SQS queue.Improved error logging, when an FDR feed fails to download data from an S3 bucket. It now clearly states when a download failed because the S3 bucket is located in a different region than the SQS queue.
Added the
fdr-message-count
metric, which contains the approximate number of messages on an FDR feed's SQS queue.
UI Changes
The Format Panel is now available for changing the style of the data displayed in the Event list — see Changing the Data Display.
Both the
Scatter Chart
and theBar Chart
widgets now support automatically adding/toggling axis and legend titles based on the mapped data.The Fields Panel now enables you to fetch fields beyond those from the last 200 events — see Adding and Removing Fields.
Configuration
Improve the error message if Humio is configured to use bucket storage, but the credentials for the bucket are not configured.
Dashboards and Widgets
The
Single Value
widget is now available. Construct a query which returns any single value, or use thetimeChart()
query function to create a single-value widget instance with sparkline and trend indicators.The
Gauge
widget is being deprecated in favour of theSingle Value
widget. Configurations of the former widget are compatible with the latter. This means that persisted configurations of the Gauge widget (url / dashboard widgets / saved queries / recent queries) are still valid, but are visualised using the Single Value widget instead.
Log Collector
The Humio Log Collector can now be downloaded from the Organizational Settings page, see the Log Collector Documentation for a complete list of the supported logs formats and operating systems.
Functions
worldMap()
will warn about licensing issues with IP database.sankey()
now accepts more weight functions such as anonymous functions and thepercentile()
function.ioc:lookup()
would sometimes give incorrect results when negated.worldMap()
accepts more magnitude functions, anonymous functions and thepercentile()
function.
Other
Fixed an issue that if download of IOCs took more than an hour, Humio would indefinitely start a new download every hour which would eventually fail.
Logging to the humio-activity repository is now also done for events in sandbox repositories.
Ensured that errors during view tombstone removal are logged and don't prevent the RetentionJob from performing other cleanup tasks.
Fixed an issue where Humio's Zookeeper monitoring page would show X/0 followers in sync.
Email actions can now add the result set as a
CSV
attachment.When cleaning up a deleted data space, don't error log if two nodes race to delete the data space metadata from global.
Fixed an issue where a scheduled search could trigger actions multiple times for the same time period if actions took a long time to finish.
Fixed an underlying bug causing
addToExistingJob did not find the existing job
to be error logged unnecessarily. Humio may decide to fetch a segment from bucket storage for querying. If this decision is made right as the query is cancelled, Humio could log the message above. With this fix, Humio will instead skip downloading the segment, and not log the error.Specifying a versionless packageId will load the newest version of that package.
Humio Server 1.40.0 Stable (2022-05-12)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.40.0 | Stable | 2022-05-12 | 2023-05-12 | 1.30.0 | 11 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 8a733e1201103eeef32e63b0bf4c8977 |
SHA1 | 5b217fb48f1b5684330ec70fc5d20d322b0a75f8 |
SHA256 | 8838d422459feb6a56d1f15578c581fec7983165635fb4e74f312c2cc4da8046 |
SHA512 | 94bb617a37475918313decc3bf56696890c90d3e3f91de78dccb9431fee0b1bba8d90f60f0d591f5acbea7c6e09c5cb57ddf95fba088a34efc92a0899ac4aef9 |
Docker Image | SHA256 Checksum |
---|---|
humio | 7c9b77b32fc84e31ecc57461ae3e8bfac9b584fb6fb3af0b909bd7e05903d0d8 |
humio-core | 9326081840d3f852df54702c9d5e72ea492d49c55aab51ed83b1b234439c4ec7 |
kafka | 344a06f56ada7ea9af2c7c5d146fa07f6fda87be750a7283e6f753189b42a0b5 |
zookeeper | 42cdbca9d0ce73516a27beda618390a40db3e086580ce3d6ab2779c1952980ee |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.40.0/server-1.40.0.tar.gz
1.40 REQUIRES minimum version 1.30.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.30.0+ first. After running 1.40.0 or later, you cannot run versions prior to 1.30.0.
Behavior Changes
Scripts or environment which make use of these tools should be checked and update for the new configuration:
The
selfJoin()
query function was observed to cause memory problems, so we have set a limit of .0.0 output events (there was previously no bound). This limit can be adjusted with the GraphQL mutation setDynamicConfig with config flag SelfJoinLimit. A value of-1
returnsselfJoin
to its old, unbounded version.
Improvements, new features and functionality
Falcon Data Replicator
Fixed an issue where exceptions in FDR were not properly logged.
The static configuration variable
ENABLE_FDR_POLLING_ON_NODE
is no longer supported, as its functionality has been replaced with the dynamic configurations listed above.Introduced dynamic configuration options for changing FDR polling behaviour at runtime. FDR polling is not enabled by default, so you should take care to set up these new configurations after upgrading, or you will risk that your FDR data isn't ingested into Humio before it is deleted from Falcon.
It is now possible to test an FDR feed in the UI, which will test that Humio can connect to the SQS queue and the S3 bucket.
Using the dynamic configuration option
FdrMaxNodes
, administrators can put a cap on how many nodes should at most simultaneously poll data from the same FDR feed. Defaults to 5 nodes.Using the dynamic configuration option
FdrExcludedNodes
, administrators can now exclude specific nodes from polling from FDR. Defaults to the empty list, so all nodes will be used for polling.Using the dynamic configuration option
FdrEnable
, administrators can now turn FDR polling on/off on the entire cluster with a single update. Defaults tofalse
.
UI Changes
Improvements to the
Sankey Diagram
widget, it now has multiple style options; show/hide the y-axis, sorting type, label position, and colors plus labels for series.Keep empty lines in queries when exporting assets as templates or to packages.
Added style options to either truncate or show full legend labels in widgets.
The widget dropdown can now be navigated with the keyboard.
Introducing the new
Scatter Chart
widget (previously known as XY):It supports long data format (one field for the series name and one field for the y values) as well as wide format (one field per series value).
You can now visualize data in the
Scatter Chart
when queried with thetimeChart()
,bucket()
andgroupBy()
functions, as well as thetable()
function like before.
Syntax highlighting for XML, JSON and accesslog data now uses more distinguishable colors.
Added support in
fieldstats()
query function for skipping events. This is used by the UI, but only in situations where we know an approximate result is acceptable and where processing all events would be too costly.The
@timestamp
column is now allowed to be moved amongst the other columns in the event list.When using a widget that is not compatible with the current data, the
button now works again.Improvements to the
Pie Chart
widget, it now has a max series setting similar to theTime Chart
widget.Events with JSON data can now be collapsed and expanded in the Json panel.
GraphQL API
Removed the following deprecated GraphQL fields:
UserSettings.settings
,UserSettings.isEventListOrderChangedMessageDismissed
, andUserSettings.isNewRepoHelpDismissed
.Marked experimental language features as preview in GraphQL API.
It is now possible to refer a parser by name when creating an ingest token or assigning a parser to an existing ingest token using the GraphQL API mutations addIngestTokenV3 and assignParserToIngestTokenV2. The old mutations addIngestTokenV2 and assignParserToIngestToken have been deprecated.
Added a new GraphQL mutation to rename views or repositories by ID.
It is now possible to refer a parser by name when creating or updating an ingest listener using the GraphQL API mutations createIngestListenerV3 and updateIngestListenerV3. It is now also possible to change the repository on an ingest listener using updateIngestListenerV3. The old mutations createIngestListenerV2 and updateIngestListenerV2 have been deprecated.
Added a GraphQL mutation deleteSearchDomainById that deletes views or repositories by ID.
Added two new organization level permissions:
DeleteAllRepositories
andDeleteAllViews
that allow repository and view deletion, respectively, inside an organization.The GraphQL queries and mutations for FDR feeds are no longer in preview.
Removed the deprecated clientMutationId argument from the GraphQL mutation updateSettings.
Changed permission token related GraphQL endpoints to use enumerations instead of strings.
Configuration
Amended how Humio chooses segments to download from bucket storage when prefetching. If
S3_STORAGE_PREFERRED_COPY_SOURCE
isfalse
, the prefetcher will only download segments that are not already on another host. Otherwise, it will download as many hosts as necessary to follow the configured replication factor. This should help avoid excessive bucket downloads when nodes in the cluster have lots of empty disk space.Added a new config
NATIVE_FADVICE_SUPPORT
(defaulttrue
) to allow turning off the use offadvice
internally.Added a new config
NATIVE_FALLOCATE_SUPPORT
(defaulttrue
) to allow turning off the use offallocate
andftruncate
internally.Added a new configuration variable
BUCKET_STORAGE_TRUST_POLICY
for the dual-bucket use case. This setting configures which bucket is considered the "trusted" bucket when two buckets are configured, which impacts when Humio considers data to be safely replicated. Supported values arePrimary
for trusting the primary bucket,Secondary
for trusting the secondary bucket,TrustEither
for considering data safely replicated if it is in either bucket, andRequireBoth
for considering data safely replicated only if it is in both buckets. This config replaces theBUCKET_STORAGE_2_TRUSTED
configuration,true
in the old configuration equates toSecondary
in the new configuration. The default value of the new configuration isSecondary
.Require that
{S3/GCS}_STORAGE
config must be set before{S3/GCS}_STORAGE_2
is set.Validate block CRCs before uploading segment files to bucket storage. Can be disabled by setting
VALIDATE_BLOCK_CRCS_BEFORE_UPLOAD
tofalse
.
Dashboards and Widgets
Improvements to the
Bar Chart
widget:Added style options to name the x and y axis.
Added option for interpreting the resulting query data as either wide or long format data.
Added option to set a max label length for the x-axis, instead of the bottom padding option. With auto-padding and this style option, it is easier to fit the wanted information in the view.
It is now possible to configure bar charts to have a logarithmic y axis.
Introduced the stacked bar charts option.
It no longer has an artificial minimum height for bars, as this may distort at a glance interpretations of the chart.
It no longer has sorting by default, which means that the order will be identical to the query result. You can now sort the x axis of the bar chart by using the
sort()
query function, if sort by series in the style options is not set.It now has a max series setting similar to the
Time Chart
widget.
Improvements to the
Time Chart
widget:It now has an option to show the underlying data points, which makes it possible to inspect the behaviour of the different interpolation methods.
Trend lines can now be added in the chart.
Introducing the
Single Value
widget. Construct a query which returns any single value, or use thetimeChart()
query function to create a single-value widget instance with sparkline and trend indicators.
Functions
The
findTimestamp()
function now supports date formats like23FEB2022
, that is date, literal month and year without any separators in between. Other formats still require separators between the parts.
Other
Added more visibility on organization limits when changing the retention settings on a repository.
When calculating the starting offset in Kafka for digest, Humio will now trust that if a segment in global is listed as being in bucket storage, that segment is actually present in bucket storage. Humio no longer double checks by asking bucket storage directly.
Fixed a bug with UTF-8 serialization of 4-byte codepoints (emojis etc.).
Fixed a race condition between nodes creating the merge result for the same target segment, and also transferring it among the nodes concurrently. If a query read the file during that race, an in-memory cache of the file header might hold contents that did not match the local file, resulting in
Broken segment
warnings in queries.It is no longer possible to delete a parser that is used by an ingest listener. You must first assign another parser to the ingest listener.
It is now validated, that the parser supplied when creating or updating an ingest listener, exists.
Improved the flow of creating a blocked query.
If the query scheduler attempts to read a broken segment file, it may be able to fetch a new copy from bucket storage in some cases. Humio will now only allow this if it can be guaranteed that no events from the broken segment have been added to the query result. Otherwise the query will receive a warning.
Fixed an issue where non-default log formats such as
log4j2-json-stdout.xml
that logs toSTDOUT
were not fully in control of their output stream, as log entries of levelERROR
were also printed directly tostderr
from within the code. The default log4j2 configuration now includes a Console appender that prints errors tostdout
, achieving the same result, while allowing the other formats to fully control their output stream.Added a feature that allows regular users with delete permissions on cloud to rename views and repositories.
It is now possible to create a view with the same name as a deleted view.
Fixed an issue when using bucket storage alongside secondary storage, where Humio would download files to the secondary storage but register them as present in the primary. It will now download and register them as present on the secondary storage.
Updating alert labels using the addAlertLabel and removeAlertLabel mutations now requires the
ChangeTriggersAndActions
permission.Fixed an issue where Filebeat 8.1 would not be compatible unless
output.elasticsearch.allow_older_versions
was set totrue
.Fixed an issue where Filebeat 8.0 would not be compatible unless
setup.ilm.enabled
was set tofalse
.Improved the phrasing of some error messages.
Added a feature that allows deletion of repositories and views on cloud.
Made changes to Humio's tracking of bucket storage downloads. This should avoid some rare cases where downloads could get stuck.
Fixed bugs related to repository deletes.
Fixed an issue where the UI would not detect parameters in a query when using saved queries from a package.
Fixed an issue where
NetFlow
parsing would crash if it received an options data record.The query scheduler improperly handled regex limits being hit, it should result in a warning on the query. In some cases it was handled by retrying the segment read.
It is no longer possible to create ingest listeners on system repositories using the APIs. Previously, it was only prohibited in the UI.
During ingest, if an event has too many fields we now sort the fields lexicographically and remove fields from the end. Before, there was no system to which fields were retained, it was effectively random.
Fixed an issue where audit logging of alerts, scheduled searches and actions residing on views would yield incomplete or missing audit logs.
It is no longer possible to use experimental functions in Alerts, Parsers, and Event Forwarding. They are now only available on the search page.
Humio is now more strict during a Kafka reset to avoid global desyncs. Only one node will be allowed to boot on the new epoch, remaining nodes won't be allowed to use their snapshots, and will need to fetch a fresh global snapshot from that node.
Fixed an issue that could cause an exception to be thrown in the ingest code if digest assignment changed while a local segment file being written was still empty.
When logging Kafka consumer and producer metrics, Humio will now log repeated metrics like
records-lag-max
once per partition, with the partition specified in thepartition
field.Fixed an ingest bug where sometimes we wouldn't turn event fields into tags if we fell back to using the key-value parser. Now we always turn fields into tags.
Reduced the amount of time Humio will spend during shutdown waiting for in-progress data to flush to disk to 60 seconds from 150 seconds.
Improved distribution onto partitions of tag combinations (datasources) that are affected by auto sharding, resulting in less collisions.
Fixed an issue where download of IOCs from another node in the cluster could start before the previous download had finished, resulting in too many open connections between nodes in the cluster.
Added support for restoring deleted repositories and views when using bucket storage. See Delete a Repository or View.
Fixed an ingest bug where, when truncating an event with too many fields, we wouldn't count error fields, leading to the event still being larger than the maximum size.
Fixed an issue where
OrganizationStatsUpdaterJob
would repeatedly post the errorcom.humio.entities.organization.OrganizationSingleModeNotSupported: Not supported when using organizations in single mode
when the cluster was configured for only one organization.Improved performance of formatting action messages, when the query result for an alert or scheduled search contains large events.
Fixed an issue where some errors showed wrong positions in the search page query field.
Fixed an issue that links in alerts from OpsGenie actions were not clickable.
Added
humio-token-hashing.sh
to the Humio bin directory. This invokes a utility for generating root tokens.Fixed a bug where accessing a
csv
file with records spanning multiple lines would fail with an exception.Renamed the Humio tarball distribution to
humio-1.39.0.tar.gz
instead ofhumio-release-1.39.0.tar.gz
. The file now contains a directory namedhumio-1.39.0
instead ofhumio-release-1.39.0
.Fixed an issue that could cause creation of two datasources for the same tag set if messages with the same tags happened to arrive on different Kafka partitions.
When Humio detects multiple datasources for the same set of tags, it will not deduplicate them by selecting one source to keep and marking the others replaced.
Fixed an issue that could cause the query scheduler to erroneously retry searching a bucketed segment.
Added
humio-decrypt-bucket-file.sh
to the Humio bin directory. This invokes a utility for decrypting files downloaded from bucket storage.Ingest listeners are now only stopped, not deleted, when a user deletes a repository. If the repository is restored, the ingest listener will be restarted automatically. When it is no longer possible to restore the repository, the ingest listener will be deleted.
When shared dashboards are disabled or become inaccessible because of IP filters, they will now be completely unreachable, and any dashboards already open will show an informative error message.
Webhook action has been updated to only allow the following HTTP verbs:
GET
,HEAD
,POST
,PUT
,PATCH
,DELETE
andOPTIONS
.Fixed how relative time is displayed.
Adding and removing queries from the query blocklist is now audit logged as two separate audit log event types,
query-blocklist-add
andquery-blocklist-remove
, rather than the single event typeblocklist
.Improved distribution of new autosharded datasources.
Fixed an issue where an exception in rare cases could cause ingest requests to fail intermittently.
Fixed duplicate
Change triggers and actions
entry in view permission token page.Fixed an ingest bug where, under some circumstances, we would reverse the order of events in a batch.
Fixed an ingest bug where if multiple types of errors occurred for an event we would only add error fields describing one of them. Now we always report all errors.
The REST API for ingest listeners has been deprecated.
Fixed an ingest bug where we might discard
@timezone
and@error
fields in events with too many fields. Now we always retain those and only discard other fields.Fixed a caching-related issue with
groupBy()
in live queries that would briefly cause inconsistent results.Fixed an issue where the
set-replication-defaults config endpoint
could attempt to assign storage to nodes configured not to store segments.Webhook action now includes the 'Message Body Template' for
PATCH
andDELETE
requests as well if it is not empty.Create, update and delete operations on ingest listeners are now always audit logged. Previously, they were only logged when performed through the REST API. Also, the audit log format has been updated to be similar to the format of other assets. Look for events with the
type
field set toingestlistener.create
,ingestlistener.update
, andingestlistener.delete
.Fixed an issue where query cancellation could in rare cases cause the query scheduler to throw exceptions.
Added a new system-level permission allowing changing the user name of a user.
Automatic system removals of queries expired from the blocklist are now audit logged as well.
Humio will now periodically log node configs to the debug log, in addition to the existing log of config on node boot. These logs will come from
com.humio.jobs.ConfigLoggerJob
.
Humio Server 1.38.2 Stable (2022-06-13)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.38.2 | Stable | 2022-06-13 | 2023-06-13 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | c00de7af24633422654b3d16a764d753 |
SHA1 | 6c3043c27e5c7b3c7353f0f0e5e3e5b876319314 |
SHA256 | 6770856e5dcf19eee5384eecc40617fed15d92e2c2872ff7432f63bf43867c4a |
SHA512 | 7660d46ca1700336ce6fd2390e4b6de5b15963693499a6313513ff63ee9cedb6f99e1f595465ae3b1c420d0ba9b4626abe0ba81450f3bd7e92d528b0b1f51c6d |
Docker Image | SHA256 Checksum |
---|---|
humio | 1290b8e98ae3553b092879867a433077a1eb7ff626c989d01d14f71218644072 |
humio-core | 4a9c5aa23b7842034e34dda4aaffcb12f6f23a8e1c2cf04933b44a8cdafbe74d |
kafka | 04d14b84378ac9f6787af1b8477a0d2cbd6979da283bde177470d1af85a01637 |
zookeeper | 46aa8bbcaa2c64cfa7afdb6e07df0783658b4983a6727ca6670989364e687477 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.2/server-1.38.2.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Security
Updated dependencies to fix vulnerabilities to CVE-2021-22573.
Summary
Updated java script dependencies to fix vulnerabilities.
Humio Server 1.38.1 Stable (2022-04-27)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.38.1 | Stable | 2022-04-27 | 2023-04-27 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | fcaf2c288bd1f7c0fbc63deca59aa53d |
SHA1 | aec8d78eb49ee4954f2e542f614c89595da0ec39 |
SHA256 | d31c13fcecfd380562faddb7ba4662484aa2254f1f0f54591241341870c7ae83 |
SHA512 | 98134b241d67029255018c24032897623e91a3f54627c53e1c801bd4528b9ea13ab48abe328f2b76f40048bf4cb7dd45480a9398f6bd8dea4edb5db1d296b3da |
Docker Image | SHA256 Checksum |
---|---|
humio | 2d33f1706e053414996c9ac5d3533a15b637d3b321ad91362ac1a2fb4e54d722 |
humio-core | 7c1a2c853c4d7c348cfe948340a0f4101eb92a9ce365943897bf6c34cf393312 |
kafka | e3fc06aca9f5df2e628fb6a2b78c39aaf1c1b682728eb74bbd87d018aa83b49a |
zookeeper | 73746eff47c136fc01bf5898c4fecf43d459d3f103ccd29e10edf2ce7c79255d |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.1/server-1.38.1.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Summary
Updated dependencies to Jackson to fix a vulnerability.
Updated java script dependencies to fix vulnerabilities.
Other
Use latest version of Alpine on Docker image.
Use latest version of Java 1.13 on Docker image.
Humio Server 1.38.0 Stable (2022-03-15)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.38.0 | Stable | 2022-03-15 | 2023-03-15 | 1.26.0 | 11 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 83afa7f6d2c55efbb88387474efd1264 |
SHA1 | 5587c3365fcfb22e1a45ea96b9503497b705125e |
SHA256 | 357591952ed12d0d9f93b084cff4b0ff6848d7a464071ff27edee9f921e23174 |
SHA512 | 7a88658b07d69f6a2fe151da8fe94ebfe0a1259ffa48c45df6154dcce4f6453fac8f78087cefdf869fb6322fa4e31a01f830d9db998293ebeabb0f2c8e3e5cfb |
Docker Image | SHA256 Checksum |
---|---|
humio | 9cd0f6a91b150bb51f9407451bd70c40dc49f730f76840e061a6570008d88453 |
humio-core | cff83e3a3ea8c455040ca31d4e8071a0f1c80be894fdde4cad768e69e1c449e5 |
kafka | d960ac292f781baa54c1388f4bbc94c77c1ae06b94a082a214777844f1435120 |
zookeeper | b2ab322170bfab4d221f6f5e4a4cca5751b2d97bcf75d451de4d24a00c775206 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.0/server-1.38.0.tar.gz
Humio can now poll and ingest data from the Falcon platform's Falcon Data Replicator(FDR) service. This feature can be used as an alternative to the standalone fdr2humio project. See the Ingesting FDR Data for more information.
Improvements, new features and functionality
Falcon Data Replicator
Improved performance of FDRJob.
UI Changes
Added a quick-fix for unknown escape sequences in the search field.
First row entry in the statistics table on the repo page is now a table header and added hidden content to the empty table header in the new view page.
Pop-ups and drop-downs will now close automatically when focus leaves them.
Hover over parameter names and arguments in the search field now includes the default value.
On the time, bar and pie charts you can hold the
ALT
/OPTION
key to display long legend titles.The search page now has focus states on the Language Syntax, Event List Widget and buttons.
Reworked the hover message layout and changed the hover information on text (in the search field).
The bar and pie charts now support holding the SHIFT key to display unformatted numeric values.
Hover information in the search field is shown despite an overlapping warning.
When changing focus inside a dialog with the keyboard, the focus will no longer move outside the dialog while it is open.
The Cluster Nodes table has been redesigned to allow for easier overview and copying the version-number.
Fixed an issue where queries with
tail()
would behave in an unexpected manner when an event is focused.Visually hidden clipboard field is now hidden for assistive technologies/keyboard users.
Better accessibility for queries panel. You can now tab to focus individual queries, and open a details panel. From here you can also access all actions in the details panel by tabbing.
Fixed a bug where the Package Marketplace would redirect to unsupported package versions on older Humio instances.
Added a warning for unknown escape sequences in the search field.
When using the table visualisation in dark mode, empty table cells are now clearly discernible.
Added a quick-fix to convert non-ASCII quotes to ASCII quotes in the search field.
Minor UX improvements (ie. accessibility) on the queries panel.
GraphQL API
The
PERMISSION_MODEL_MODE
config option has been removed. All graphql related schema has also been removed.Deprecates the ReadContents view action, in favor of ReadEvents. This also means ReadEvents has been undeprecated, as we have slightly changed how we consider read rights, and want the action names to match this.
Fixed a bug in the response from calling the installPackageFromZip graphql mutation. Previously the response type exposed a deprecated clientmutationid that could not be selected. Also now if form fields are missing they are properly reported in the response.
Configuration
Added config
IP_FILTER_RDNS
for specifying what IP addresses can be queried using therdns
query function.The Property
inter.broker.protocol.version
inkafka.properties
now defaults to 2.4 if not specified. Users upgrading Kafka can either setinter.broker.protocol.version
manually inkafka.properties
, or passDEFAULT_INTER_BROKER_PROTOCOL_VERSION
as an environment variable to Docker when launching the container. Please follow Kafka's upgrade guidelines when upgrading a Kafka cluster to avoid data loss https://kafka.apache.org/documentation/#upgrade_3_1_0.Added config
IP_FILTER_RDNS_SERVER
for specifying what DNS servers can be allowed in therdns()
query function.Added config
RDNS_DEFAULT_SERVER
for specifying what DNS server is the default for therdns
query function.Added new configuration
NATIVE_FADVICE_SUPPORT
(defaulttrue
) to allow turning off the use of fadvice internally.Added the config
CORS_ALLOWED_ORIGINS
a comma separated list for CORS allowed origins, default allows all origins.Fixed a bug where
TLS_KEYSTORE_TYPE
andTLS_TRUSTSTORE_TYPE
would only recognize lower-case values.Added new settings for how uploads to bucket storage are validated. In the case that validation with etags are not available, content length can be used instead.
Added new configuration
NATIVE_FALLOCATE_SUPPORT
(defaulttrue
) to allow turning off the use of fallocate and ftruncate internally.When Kafka topic configuration is managed by Humio (default true) set
max.message.bytes
on the topics to the value of ConfigTOPIC_MAX_MESSAGE_BYTES
, default is 8388608 (8 MB). Minimum value is 2 MB.Reduce default value of
INGESTQUEUE_COMPRESSION_LEVEL
, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.
Functions
Fixed an issue where
tail()
could produce results inconsistent with other query functions, when used in a live query.
Other
Fixed an issue where live queries would sometimes double-count parts of the historic data.
Fixed several issues where users could add invalid query filters via the
context button after selecting text in the Event List.Fixed an ingest bug where under some circumstances we would reverse the order of events in a batch.
Fixed a bug in the Sankey chart such that it now updates on updated query results.
Fixed an issue with epoch and offsets not always being stripped from segments.
Improved the performance of deletes from global.
Previously a package could be updated with another package with the same name and version, but with different content. This is no longer allowed, and any attempt do so will be rejected and fail.
Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.
Fixed a compatibility issue with LogStash 7.16+ and 8.0.0 when using the Elasticsearch output plugin.
Fixed an issue where users could be shown in-development feature on the client when running a local installation of Humio.
Fixed a compatibility issue with FileBeat 8.0.0.
Added tombstoning to uploaded files, which helps with avoiding data loss.
Ensure only a cluster leader that still holds cluster leadership can force digesters to release partition leadership. This could cause spurious reboots in clusters where leadership was under contention.
Ensure a digester can only acquire or release partition leadership if no other digester has leadership of that partition. This could cause spurious reboots if digester leadership became contended.
Fixed an issue where negated functions could lose their negation.
Fixed an issue where top(max) could throw an exception when given values large enough to be represented as positive infinity.
Added a new system-level permission that allows changing usernames of users.
Fixed an issue where
percentile()
would crash on inputs larger than ~1.76e308.Warn at startup if
CORES
>AvailableProcessorCount
as seen by the JVM.During identity provider configuration, it's possible to fetch SAML configuration from an endpoint.
During Digest startup, abort fetching segments from other nodes if the assigned partition set changes while fetching.
Fixed a bug where providing a bad view/repository name when blocking queries would block the query in all views and repositories.
LSP warnings don't crash queries any more.
Allow cluster managers access to settings for personal sandboxes and to block and kill queries in them.
Do not run the Global snapshot consistency check on stateless ingest nodes.
Fixed a bug where the
button on the Fields panel would do nothingFor HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.
Published new versions of the Humio Kafka Docker containers for Kafka 3.1.0.
Upgrades the Kafka client to 3.1.0 from 2.8.1. 3.1.0 enables the idempotent producer by default, which implies acks=all. Clusters that set acks to a different number via
EXTRA_KAFKA_CONFIGS_FILE
should update their config to also specify enable.idempotence=false
Humio Server 1.37.1 Preview (2022-02-25)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.37.1 | Preview | 2022-02-25 | 2022-03-15 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | e46117f38ef25afde602a458e5266b4b |
SHA1 | 3b0f5a30a7918a5f08ae8492bf855fadfc36fb90 |
SHA256 | 014420dfb22f8521a687eac1179c528afe0477fbb9284dc5381d9f91fd5329d1 |
SHA512 | ee13258be363f1b2103b864517ea4b9de9d6a78dcee0c4fcba95af2ea873dacebb298f6410f12cf68ecde3d17210256f85713ada7f5988726dc4440f5fbeee21 |
Docker Image | SHA256 Checksum |
---|---|
humio | e131f664f67e5ce98a397431b1f1a9d3c134d47dd24a24ed8ad76ae9e6d79eb0 |
humio-core | e0de42791dd3e83c2aa9bea871cb6e7a62bf51c835de2142adfd51aa863625a3 |
kafka | 9ab50e070047406cd6316fa2017d15ca24caa6e7a9b20ba741114b9cc1c3feec |
zookeeper | 47aa1a18a57652f156406021dc61f8bb1042bc2bd23c89e715e14a8be4fb07f9 |
Minor fixes and improvements.
Improvements, new features and functionality
Falcon Data Replicator
Improved performance of FDRJob.
Other
Added a new system-level permission that allows changing usernames of users.
Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.
Bug Fixes
Other
Fixed an issue where
QueryFunctionValidator
failed giving the errorscala.MatchError
.Fixed an issue where some queries using regex would use an unbounded regex engine.
Fixed an issue where users could be shown in-development feature on the client when running a local installation of Humio.
Humio Server 1.37.0 Preview (2022-02-14)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.37.0 | Preview | 2022-02-14 | 2022-03-15 | 1.26.0 | 11 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | f5c25eee6d9efb0ddf9d86ca74c84a3c |
SHA1 | 6026cc511279e9089bc49d8e5a0dd320e5397712 |
SHA256 | 097886ea8a6d2eece7980c46ba0b1002b7f7edf6d68109f91374b002a61e4975 |
SHA512 | 7c8fb7d2c53c5aab60ddf54250e47d41289cd9635005d3a765742298a20eb7f35426955a7388caf48fbc044747e917cfdd93003ce252c42358d947a504f73c29 |
Docker Image | SHA256 Checksum |
---|---|
humio | c27d93d4fd87d253117b1442a7391ea3cd28366a960727482b27b58706211435 |
humio-core | f43d4a206d9386d601798029df5c02d9b1e1b35bb6ae0f666aa6d8d36bcc60e3 |
kafka | 291d25337324ab70a3490f9b06ed2860215f37b84ced203b26cfa5d10877ce42 |
zookeeper | 606ebc2ffcd28bc36d7d091ad649743f22de21b891f7a75c9048343e019372ef |
Humio can now poll and ingest data from the Falcon platform's Falcon Data Replicator (FDR) service. This feature can be used as an alternative to the standalone fdr2humio project. See the Ingesting FDR Data for more information.
Improvements, new features and functionality
UI Changes
When using the table visualisation in dark mode, empty table cells are now clearly discernible.
Added a quick-fix for unknown escape sequences in the search field.
The Cluster Nodes table has been redesigned to allow for easier overview and copying the version-number.
On the time, bar and pie charts you can hold the
ALT
/OPTION
key to display long legend titles.Added a warning for unknown escape sequences in the search field.
The bar and pie charts now support holding the SHIFT key to display unformatted numeric values.
Minor UX improvements (ie. accessibility) on the queries panel.
The search page now has focus states on the Language Syntax, Event List Widget and buttons.
First row entry in the statistics table on the repo page is now a table header and added hidden content to the empty table header in the new view page.
Hover over parameter names and arguments in the search field now includes the default value.
Pop-ups and drop-downs will now close automatically when focus leaves them.
Better accessibility for queries panel. You can now tab to focus individual queries, and open a details panel. From here you can also access all actions in the details panel by tabbing.
When changing focus inside a dialog with the keyboard, the focus will no longer move outside the dialog while it is open.
Added a quick-fix to convert non-ASCII quotes to ASCII quotes in the search field.
Reworked the hover message layout and changed the hover information on text (in the search field).
Hover information in the search field is shown despite an overlapping warning.
Visually hidden clipboard field is now hidden for assistive technologies/keyboard users.
GraphQL API
Deprecates the ReadContents view action, in favor of ReadEvents. This also means ReadEvents has been undeprecated, as we have slightly changed how we consider read rights, and want the action names to match this.
Fixed a bug in the response from calling the installPackageFromZip graphql mutation. Previously the response type exposed a deprecated clientmutationid that could not be selected. Also now if form fields are missing they are properly reported in the response.
Configuration
The Property
inter.broker.protocol.version
inkafka.properties
now defaults to 2.4 if not specified. Users upgrading Kafka can either setinter.broker.protocol.version
manually inkafka.properties
, or passDEFAULT_INTER_BROKER_PROTOCOL_VERSION
as an environment variable to Docker when launching the container. Please follow Kafka's upgrade guidelines when upgrading a Kafka cluster to avoid data loss https://kafka.apache.org/documentation/#upgrade_3_1_0.Added config
IP_FILTER_RDNS_SERVER
for specifying what DNS servers can be allowed in therdns()
query function.Added config
RDNS_DEFAULT_SERVER
for specifying what DNS server is the default for therdns()
query function.Fixed a bug where
TLS_KEYSTORE_TYPE
andTLS_TRUSTSTORE_TYPE
would only recognize lower-case values.Reduce default value of
INGESTQUEUE_COMPRESSION_LEVEL
, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.The
PERMISSION_MODEL_MODE
configuration option has been removed. All graphql related schema has also been removed.Added new settings for how uploads to bucket storage are validated. In the case that validation with etags are not available, content length can be used instead.
When Kafka topic configuration is managed by Humio (default true) set
max.message.bytes
on the topics to the value of ConfigTOPIC_MAX_MESSAGE_BYTES
, default is 8388608 (8 MB). Minimum value is 2 MB.Added config
IP_FILTER_RDNS
for specifying what IP addresses can be queried using therdns()
query function.Added the config
CORS_ALLOWED_ORIGINS
a comma separated list for CORS allowed origins, default allows all origins.
Other
During identity provider configuration, it's possible to fetch SAML configuration from an endpoint.
Do not run the Global snapshot consistency check on stateless ingest nodes.
Allow cluster managers access to settings for personal sandboxes and to block and kill queries in them.
Ensure only a cluster leader that still holds cluster leadership can force digesters to release partition leadership. This could cause spurious reboots in clusters where leadership was under contention.
Improve the performance of deletes from global.
Ensure a digester can only acquire or release partition leadership if no other digester has leadership of that partition. This could cause spurious reboots if digester leadership became contended.
Added tombstoning to uploaded files, which helps with avoiding data loss.
Published new versions of the Humio Kafka Docker containers for Kafka 3.1.0.
Upgrades the Kafka client to 3.1.0 from 2.8.1. 3.1.0 enables the idempotent producer by default, which implies acks=all. Clusters that set acks to a different number via
EXTRA_KAFKA_CONFIGS_FILE
should update their config to also specify enable.idempotence=falseDuring Digest startup, abort fetching segments from other nodes if the assigned partition set changes while fetching.
Bug Fixes
UI Changes
Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
Fixed a compatibility issue with LogStash 7.16+ and 8.0.0 when using the Elasticsearch output plugin.
Fixed a bug where the
button on the Fields panel would do nothingFixed an issue where
percentile()
would crash on inputs larger than ~1.76e308.Fixed an issue where
tail()
could produce results inconsistent with other query functions, when used in a live query.Fixes an issue with epoch and offsets not always being stripped from segments.
Fixed a bug where the Package Marketplace would redirect to unsupported package versions on older Humio instances.
Warn at startup if
CORES
>AvailableProcessorCount
as seen by the JVM.For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.
Fixed an issue where negated functions could lose their negation.
Fixed an issue where queries with
tail()
would behave in an unexpected manner when an event is focused.Fixed several issues where users could add invalid query filters via the
context button after selecting text in the Event List.LSP warnings don't crash queries any more.
Fixed a bug in the Sankey chart such that it now updates on updated query results.
Fixed an issue where live queries would sometimes double-count parts of the historic data.
Fixed an issue where top(max) could throw an exception when given values large enough to be represented as positive infinity.
Fixed a compatibility issue with FileBeat 8.0.0.
Fixed a bug where providing a bad view/repository name when blocking queries would block the query in all views and repositories.
Previously a package could be updated with another package with the same name and version, but with different content. This is no longer allowed, and any attempt do so will be rejected and fail.
Humio Server 1.36.4 Stable (2022-06-13)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.36.4 | Stable | 2022-06-13 | 2023-06-13 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | ec11e6c40052ff89c3f7a2a2b1fddc95 |
SHA1 | fafb29f0c7fe9638ad0b136ae0e7d1402a750912 |
SHA256 | 3b8496c25ac0704d8e42f9261ec93877c7c9148f1f85d8bf0b5a6eaaf83e1820 |
SHA512 | 205f646e1a700d38c95916a69830ab2b4f14b7839d8eaefa61cbdaf4404759e3ed8f6b9279b0050008cdaacddad6222cb8a91f730753b84a1fc029e4a5207ab4 |
Docker Image | SHA256 Checksum |
---|---|
humio | 5c7189dfae8441322eea8eddbd25962dfc7e68f26eae3c7516e5a46f5b6313f0 |
humio-core | 57ab8aaa9ce90575fd037da08f2be15df18286e74480594f08dd3c5ae81f39fa |
kafka | 4a03a4e0cb9aab9a0c3f626c8b49daa64dafb54eafb8ae67298dd86b45624c33 |
zookeeper | 24ba0f7cdcaca8d841dba4ba2cdc7348e82c6c44c1ffff5537ba13d066c7c180 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.4/server-1.36.4.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Security
Updated java script dependencies to fix vulnerabilities to CVE-2021-22573.
Humio Server 1.36.3 Stable (2022-04-27)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.36.3 | Stable | 2022-04-27 | 2023-04-27 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 868ce151355a55e1793513eee4af54e2 |
SHA1 | a3e57e2fdbadcbfde4625d46084f25d84c5c2514 |
SHA256 | 59792217be1bf5d12ba47e1049df45778c6cefcabbc57d6f7126b5bc98f093c0 |
SHA512 | a93f931491b8c77050adde3c1aa983d3c949ad6708f8be932cfb901ea6e69a03cdd06a62394627f80e593afaa354f2f30edf596a23300f5c3b16faee80afb09c |
Docker Image | SHA256 Checksum |
---|---|
humio | be443af484a4131b93cdee2e7a5449fcfa8320a344d2f81f7b432dea89365a65 |
humio-core | 1f3a36d2f6a0d97bc9d4462072e3fafa2355c5bc8352e1bc47a526332c1ec01c |
kafka | ef6819d75f850b26a886b67e4e80f2d623eab268c4d2b4f85f7f47aa8daf9ecb |
zookeeper | a0edb279463029310c1f43555045297f54882082a70753916394a38b56c3e5be |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.3/server-1.36.3.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Summary
Use latest version of Alpine on Docker image.
Use latest version of Java 1.13 on Docker image.
Updated dependencies to Jackson to fix a vulnerability.
Updated java script dependencies to fix vulnerabilities.
Configuration
Added new configuration
NATIVE_FADVICE_SUPPORT
(default true) to allow turning off the use of fadvice internally.Added new config
NATIVE_FALLOCATE_SUPPORT
(default true) to allow turning off the use of fallocate and ftruncate internally.
Other
Fix ingest bug where under some circumstances we would reverse the order of events in a batch.
Humio Server 1.36.2 Stable (2022-03-01)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.36.2 | Stable | 2022-03-01 | 2023-03-01 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 4949fefd4012efb53b92595c364a4c7a |
SHA1 | 5350c5df3d0d43a5c08c2766003b28c959c912b1 |
SHA256 | 2fac7cb6e1216790893ec0759f697736a9ca2605313bcef53b7af54ee72257d5 |
SHA512 | 31fcdae45f52a263d5340b961a6e0feb98ea1fbb4ced0388216add576db9747995150112dee88d9ec3ea49cfc1367da1ca57bff13399d8d665fe9cdb80e9a1d8 |
Docker Image | SHA256 Checksum |
---|---|
humio | 4a80cd68778a6d5ccd734982c46e0355f0acf5c68ad564dd67cdb6e949750970 |
humio-core | 7a3e262871585d8a43df8c4c4dbcf706327cade2f683ffaa9a543afccc3e8687 |
kafka | 6e362a4827f9a41d37b19bdfa63f3cad7f77d2786f6b0366e410474de99113ce |
zookeeper | deac05cfaa4762eaf079afa3063cf9271eff7080157d0e785a4c345d280f5d24 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.2/server-1.36.2.tar.gz
Performance and stability improvements.
Bug Fixes
Summary
Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.
Other
Fixed a race condition between nodes creating the merge result for the same target segment, and also transferring it among the nodes concurrently. If a query read the file during that race condition, an in-memory cache of the file header might hold contents that did not match the local file, resulting in "Broken segment" warnings in queries.
Humio Server 1.36.1 Stable (2022-02-14)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.36.1 | Stable | 2022-02-14 | 2023-02-14 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 0aee460ed84a4acda917ce6cd61c433d |
SHA1 | 9ea746229c3f1f0f780d356b7ce4b6f6e1bbb78d |
SHA256 | 56a3a2e7ba88e1f5a019184a0d68e83f25b319d54e3aaee3eba4a37f0ef8950c |
SHA512 | aa3117230e866ae621c3f72e1517a9629f45520ea2fa00b6dc8c2ad3a6a1589ffbde36f38b3b1ec0ad927f89da4a9df7f3e6b59f1e844796553b5675608304e9 |
Docker Image | SHA256 Checksum |
---|---|
humio | 2671bacddfe88f34eaba196332b08659e79eab40c2ce26a0e6c2f7e58a78a213 |
humio-core | ecfa5dd303d12725f754b4afabc44196ba37df739f04c30432401eb3149874ee |
kafka | 0d50f27e33bf61f8b76f482fa7b2c4237227af7e429b1080e65daa877c65b457 |
zookeeper | 62a511127a0eaa4ba0f5a29c421063d4c6822371ba6ee16e96ae1b930ca0e7ce |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.1/server-1.36.1.tar.gz
Performance and stability improvements.
Bug Fixes
Summary
Improve the performance of deletes from global.
Reading hashfilter in chunks to avoid having huge off heap buffers.
Performance improvements of IngestPartitionCoordinator.
Downgrade to Java 1.13 on Docker image to fix rare cases of JVM crashes.
Humio Server 1.36.0 Stable (2022-01-31)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.36.0 | Stable | 2022-01-31 | 2023-01-31 | 1.26.0 | 11 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 87cdf81b183bf1a065596181b873d813 |
SHA1 | 8425487e7e3b566ed2eae42cac4cbb6010eb1825 |
SHA256 | 76af04b53a689411f4048e743e0491cb437b99503630a87cf5aba2eb0281231f |
SHA512 | 9dca89bf4097b1c4949c458b9010fff12edd25248c2f0f2e18835466e852d6c5fa6981c8763125b769c5a6673bd00a1a385bfb22f7241aeeadf9e826ef208c99 |
Docker Image | SHA256 Checksum |
---|---|
humio-core | 2641650964190056ac10ad0225b712c3a01d844bf2c5f517663187d45adf846c |
kafka | 99e3a00c93308aa92a8363c65644748d6ace602c1c6e425dcfc32be12432dee7 |
zookeeper | 45c911346e3b58501e1a1b264c178debd33edd692cd901dd9e87cbcd2f93e60a |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.0/server-1.36.0.tar.gz
Beta: Bucket storage support for dual targets
Support for dual targets to allow using one as the preferred
download and the other to trust for durability. One example of
this is to save on cost (on traffic) by using a local bucket
implementation, such as
MinIO, in the local
datacenter as the preferred bucket storage target, while using a
remote Amazon S3
bucket as the trusted bucket for durability. If the local
MinIO bucket is lost (or just
not responding for a while) the Humio cluster still works using
the AWS S3 bucket with no
reconfiguration or restart required. Configuration of the second
bucket is via configuration entries similar to the existing
STORAGE
keys, but using
the prefix STORAGE_2
for
the extra bucket.
When using dual targets, bucket storage backends may need
different proxy configurations for each backend - or not. The
new configuration
BUCKET_STORAGE_MULTIPLE_ENDPOINTS
(default
false
) controls whether
the proxy configuration in the environment is applied to all
bucket storage backends. When set to
true
, each bucket
preserves the active proxy/endpoint configuration and a change
to those will trigger creation of a fresh internally persisted
bucket storage access configuration.
Improvements, new features and functionality
UI Changes
Improved accessibility when choosing a theme.
Hovering over text within a query now shows the result of interpreting escape characters.
Disable the option to creating a view if the user does not have Connect a view permission on any repository. This is more intuitive than getting an empty dropdown of repositories to choose from.
Allow more dialogs in the UI to be closed with the
Esc
key.Time Selector is now accessible by keyboard.
Added ability to resize search page query field by dragging or fitting to query.
New feature to select text in the search page event list and include/exclude that in the search query.
Improved dark mode toggle button's accessibility.
New dialogs for creation of parsers and dashboards.
GraphQL API
Improved the error messages when the GraphQL queries SearchDomain.alert, SearchDomain.action, and SearchDomain.savedQuery do not find the entity with the given ID.
Configuration
Reduce default value of
INGESTQUEUE_COMPRESSION_LEVEL
, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.Make
ZOOKEEPER_URL
optional. When not set, the zookeeper-status-logger job does not run, and the cluster administration page does not display information about a Zookeeper cluster.When using
ZOOKEEPER_URL_FOR_NODE_UUID
for assignment of node ID to Humio nodes, and value ofZOOKEEPER_PREFIX_FOR_NODE_UUID
(default/humio_autouuid
) does not match contents of localUUID
file, acquire a fresh nodeuuid
.Added the config
CORS_ALLOWED_ORIGINS
a comma separated list for CORS allowed origins, default allows all origins.Added
INITIAL_FEATURE_FLAGS
which lets you enable/disable feature flags on startup. For instance, settingINITIAL_FEATURE_FLAGS=+UserRoles,-UsagePage
Enables
UserRoles
and disablesUsagePage
.New configuration
BUCKET_STORAGE_MULTIPLE_ENDPOINTS
and many configurations usingSTORAGE_2
as prefix. See Bucket Storage.
Functions
Added job which will periodically run a query and record how long it took. By default the query is
count()
.Added a limit parameter to the
fieldstats()
function. This parameter limits the number of fields to include in the result.
Other
Improved usability of the groups page.
Added analytics on query language feature use to the audit-log under the fields
queryParserMetrics
.Added a job that scans segments which are waiting to be archived, this value is recorded in the metric:
s3-archiving-latency-max
.Improved the error message when an ingest request times out.
Added warning logs when errors are rendered to browser during oAuth flows.
Allow the same view name across organizations.
Added exceptions to the Humio logs from
AlertJob
andScheduledSearchJob
.Added granular IP Filter support for shared dashboards (BETA - API only).
Added ability to override max auto shard count for a specific repository.
Remove caching of API calls to prevent caching of potential sensitive data.
Added option to specify an IP Filter for which addresses hostname verification should not be made.
Improved the default permissions on the group page by leaving their view expanded once the user cancels update.
Improved caching of UI static assets.
Improved Humio's detection of Kafka resets. We now load the Kafka cluster id once on boot. If it changes after that, the node will crash.
Allow the query scheduler to enqueue segments and
aux
files for download from bucket storage more regularly. This should ensure that queries fetching smallaux
files can more reliably keep the download job busy.
Bug Fixes
UI Changes
Fixed an issue where the digest coordinator could consider a host to be alive if the coordinator hadn't seen any timestamps from that host.
From the alerts overview and the scheduled searches overview, it is now possible to clear the error status on an alert or a scheduled search.
Fixed an issue in the Export to file dialog on the search page. It is now possible to export fields with spaces.
Fixed an issue where the
SegmentMoverJob
could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.Code completion in the query editor now also works on the right hand side of
:=
.Reenable a feature to make Humio delete local copies of bucketed segments, even if they are involved in a query.
When bootstrapping a new cluster, set the cluster version in global right away. Since nodes will not boot on a snapshot that doesn't specify a cluster version, it is important that this field exists in all snapshots.
No longer allow requests to
/hec
to specify organizations by name. We now only accept IDs.Fixed an issue where
top
would fail if the sum of the values exceeded 2^63-1. Exceeding sums are now pegged to 2^63-1.Fixed an issue in the
Table
widget. It will no longer insert 0-values for missing fields in integer columns. Empty fields will be shown consistently, independent of the column data type.Reduce noise in the log when the bucket storage upload job attempts to upload a file that is deleted concurrently.
Make Humio handle missing
aux
files a little faster when downloading segments from bucket storage.The query endpoint API now supports languageVersion for specifying Humio query language versions.
When creating ingest and chatter topic, reduce desired max.message.bytes to what Kafka cluster allows, if that is lower than our desired values.
Fixed an issue that repeatedly tried to restart live queries from a given user upon the deletion of the user.
When starting ingest, Humio checks that the computed starting position in Kafka is below the Kafka end offset. Ensure that the end offset is requested after the starting position is computed, not before. This might prevent a very rare spurious boot failure.
Removed a spurious warning log when requesting a non-existent
hash
file from S3.Bumped the Humio Docker containers to Java 17. If you manually set any
--add-opens
flags in your JVM config, you should remove them. The container should set the right flags automatically.Fixed an issue where, if a custom parser was overriding a built-in parser, then the custom parser could accidentally be overwritten by creating a new parser with the same name.
Fixed an issue where live queries would sometimes double-count parts of the historic data.
The
/hec
endpoint no longer responds toOPTIONS
requests saying it supportsGET
requests. It doesn't and never has.Fixed an issue where MaxMind databases would only update if a license was present at startup and not if it was added later.
The action message templates
{events_str}
and{query_result_summary}
always evaluate to the same string. To reflect this, the UI has been updated so that these templates are combined into the same item in the template overview for Email, Slack and Webhook actions.Fixed
session()
such that it works when events arrive out of time order.Fixed a race condition that could cause digesters to calculate two different offsets during startup when determining where to start consuming, and which partially written segments to discard, which could lead to data loss when partially written segments were replayed from Kafka.
Query partition tables updates are now rejected if written by a node that is no longer the cluster leader.
Make writes to Kafka's chatter topic block in a similar manner as writes to global.
Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
The
AlertJob
andScheduledSearchJob
now only log validation errors from running the queries as warnings, previously, some of these were logged as errors.Humio now tries to avoid interrupting threads during shutdown, instead allowing them to finish their work. This should reduce log noise when shutting down.
When interacting with the REST API for files, errors now have detailed error messages.
Errors on scheduled searches are now cleared more granularly. Errors when starting a query are cleared as soon as another query is successfully started, errors from polling a query are cleared when a query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
For HTTP Event Collector (HEC) the input field
sourcetype
is now also stored in@sourcetype
.Fixed an issue where nodes could request partitions from the query partitioning table that were not present.
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
Remove
script-src: unsafe-eval
from content security policy.No longer allow organization- and system-level ingest tokens to ingest into sandbox and system repos.
Reenable a feature to make Humio fetch and check
hash
files from bucket storage before fetching the segments.Fixed an issue where repeating queries could cause other queries to fail.
Queries on views no longer restart when the ordering of the view's connections is changed.
Fixed a compatibility issue with Filebeat 7.16.0.
Fixed a number of instability issues in the query scheduler. The scheduler should now more reliably ensure that each query either completes, or is cancelled.
Fixed an issue where the Humio query URLs sent by actions would land users on the search page in editing mode for the alert or scheduled search that had triggered. Now, they still land on the search page, but not in editing mode.
Errors on alerts are now cleared more granularly. Errors when starting the alert query are cleared as soon as the query is successfully started, errors from polling the query are cleared when the query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
The
repository/.../query
endpoint now returns a status code of.0 (BadRequest)
when given an invalid query in some cases where previously it returned503 (ServiceUnavailable)
.Fixed Humio always reading and discarding an already processed message from the ingest queue on boot.
SAML and OIDC only - During signout, Humio background tabs will be redirected to a signout landing page instead of to the login page.
Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
Humio Server 1.35.0 Preview (2022-01-17)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.35.0 | Preview | 2022-01-17 | 2022-01-31 | 1.26.0 | 11 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 83b164ea22cbc8a347ee22a4e49d87fb |
SHA1 | cde673dc3026cf8455e980a7f1ffc17de2a92072 |
SHA256 | a43b1f86fe2f610eadaacfcff50264de578be56959125d24d27e51e1eacc403d |
SHA512 | a0897d2b8acb1ad888c1f0128bc46a9f3a425cc87adc40192ea3089533f247ce0ddff23971b1298d58cdb9f0e93f1bb24ae3392587de3a313fa4bbd89a32747b |
Docker Image | SHA256 Checksum |
---|---|
humio | 2f6d1b42b5d2d519bd0152bf6e28952a8f5d9e711bfc6c8c50fb58d917d033f0 |
humio-core | 56193b2add6ece05561e058ffcd1706989b9633cb1da857b26582df7d7bf210a |
kafka | 149bce1bfa2e9c3e8eb6ff3d8c9416fad058b392134cab5958bf405f2553d264 |
zookeeper | 9393097554e28403372ef38f87eab200292a41f75d8d38a8d102f926e7919eae |
Beta: Bucket storage support for dual targets
Support for dual targets to allow using one as the preferred
download and the other to trust for durability. One example of
this is to save on cost (on traffic) by using a local bucket
implementation, such as
MinIO, in the local
datacenter as the preferred bucket storage target, while using a
remote Amazon S3
bucket as the trusted bucket for durability. If the local
MinIO bucket is lost (or just
not responding for a while) the Humio cluster still works using
the AWS S3 bucket with no
reconfiguration or restart required. Configuration of the second
bucket is via configuration entries similar to the existing
STORAGE
keys, but using
the prefix STORAGE_2
for
the extra bucket.
When using dual targets, bucket storage backends may need
different proxy configurations for each backend - or not. The
new configuration
BUCKET_STORAGE_MULTIPLE_ENDPOINTS
(default
false
) controls whether
the proxy configuration in the environment is applied to all
bucket storage backends. When set to
true
, each bucket
preserves the active proxy/endpoint configuration and a change
to those will trigger creation of a fresh internally persisted
bucket storage access configuration.
Improvements, new features and functionality
UI Changes
Allow more dialogs in the UI to be closed with the
Esc
key.Improved accessibility when choosing a theme.
New dialogs for creation of parsers and dashboards.
New feature to select text in the search page event list and include/exclude that in the search query.
Hovering over text within a query now shows the result of interpreting escape characters.
Time Selector is now accessible by keyboard.
Disable the option to creating a view if the user does not have Connect a view permission on any repository. This is more intuitive than getting an empty dropdown of repositories to choose from.
Improved dark mode toggle button's accessibility.
Added ability to resize search page query field by dragging or fitting to query.
GraphQL API
Improved the error messages when the GraphQL queries SearchDomain.alert, SearchDomain.action, and SearchDomain.savedQuery do not find the entity with the given ID.
Configuration
Added
INITIAL_FEATURE_FLAGS
which lets you enable/disable feature flags on startup. For instance, settingINITIAL_FEATURE_FLAGS=+UserRoles,-UsagePage enables
UserRoles
and disablesUsagePage
.Reduce default value of
INGESTQUEUE_COMPRESSION_LEVEL
, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.Make
ZOOKEEPER_URL
optional. When not set, the zookeeper-status-logger job does not run, and the cluster administration page does not display information about a Zookeeper cluster.When using
ZOOKEEPER_URL_FOR_NODE_UUID
for assignment of node ID to Humio nodes, and value ofZOOKEEPER_PREFIX_FOR_NODE_UUID
(default/humio_autouuid
) does not match contents of localUUID
file, acquire a fresh nodeuuid
.New configuration
BUCKET_STORAGE_MULTIPLE_ENDPOINTS
and many configurations usingSTORAGE_2
as prefix. See Bucket Storage
Functions
Added a
limit
parameter to thefieldstats()
function. This parameter limits the number of fields to include in the result.
Other
Added a job that scans segments which are waiting to be archived, this value is recorded in the metric:
s3-archiving-latency-max
.Improved the error message when an ingest request times out.
Allow the same view name across organizations.
Allow the query scheduler to enqueue segments and
aux
files for download from bucket storage more regularly. This should ensure that queries fetching smallaux
files can more reliably keep the download job busy.Improved the default permissions on the group page by leaving their view expanded once the user cancels update.
Improved usability of the groups page.
Added warning logs when errors are rendered to browser during oAuth flows.
Added ability to override max auto shard count for a specific repository.
Added granular IP Filter support for shared dashboards (BETA - API only).
Improved Humio's detection of Kafka resets. We now load the Kafka cluster id once on boot. If it changes after that, the node will crash.
Added analytics on query language feature use to the audit-log under the fields
queryParserMetrics
.Added option to specify an IP Filter for which addresses hostname verification should not be made.
Added job which will periodically run a query and record how long it took. By default the query is
count()
.Added exceptions to the Humio logs from
AlertJob
andScheduledSearchJob
.
Bug Fixes
UI Changes
Fixed a race condition that could cause digesters to calculate two different offsets during startup when determining where to start consuming, and which partially written segments to discard, which could lead to data loss when partially written segments were replayed from Kafka.
When bootstrapping a new cluster, set the cluster version in global right away. Since nodes will not boot on a snapshot that doesn't specify a cluster version, it is important that this field exists in all snapshots.
Fixed an issue where the Humio query URLs sent by actions would land users on the search page in editing mode for the alert or scheduled search that had triggered. Now, they still land on the search page, but not in editing mode.
Fixed an issue where the digest coordinator could consider a host to be alive if the coordinator hadn't seen any timestamps from that host.
Reduce noise in the log when the bucket storage upload job attempts to upload a file that is deleted concurrently.
The
repository/.../query
endpoint now returns a status code of.0 (BadRequest)
when given an invalid query in some cases where previously it returned503 (ServiceUnavailable)
.Humio now tries to avoid interrupting threads during shutdown, instead allowing them to finish their work. This should reduce log noise when shutting down.
When creating ingest and chatter topic, reduce desired max.message.bytes to what Kafka cluster allows, if that is lower than our desired values.
Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
Fixed an issue where, if a custom parser was overriding a built-in parser, then the custom parser could accidentally be overwritten by creating a new parser with the same name.
Code completion in the query editor now also works on the right hand side of
:=
.Fixed an issue in the Export to file dialog on the search page. It is now possible to export fields with spaces.
Reenable a feature to make Humio delete local copies of bucketed segments, even if they are involved in a query.
The action message templates
{events_str}
and{query_result_summary}
always evaluate to the same string. To reflect this, the UI has been updated so that these templates are combined into the same item in the template overview for Email, Slack and Webhook actions.Queries on views no longer restart when the ordering of the view's connections is changed.
Make Humio handle missing
aux
files a little faster when downloading segments from bucket storage.Fixed Humio always reading and discarding an already processed message from the ingest queue on boot.
Fixed an issue where live queries would sometimes double-count parts of the historic data.
Fixed an issue that repeatedly tried to restart live queries from a given user upon the deletion of the user.
Reenable a feature to make Humio fetch and check
hash
files from bucket storage before fetching the segments.Fixed a compatibility issue with Filebeat 7.16.0.
The
/hec
endpoint no longer responds toOPTIONS
requests saying it supportsGET
requests. It doesn't and never has.Bumped the Humio Docker containers to Java 17. If you manually set any
--add-opens
flags in your JVM config, you should remove them. The container should set the right flags automatically.Fixed an issue where MaxMind databases would only update if a license was present at startup and not if it was added later.
From the alerts overview and the scheduled searches overview, it is now possible to clear the error status on an alert or a scheduled search.
Fixed a number of instability issues in the query scheduler. The scheduler should now more reliably ensure that each query either completes, or is cancelled.
SAML and OIDC only - During signout, Humio background tabs will be redirected to a signout landing page instead of to the login page.
Removed a spurious warning log when requesting a non-existent
hash
file from S3.Errors on scheduled searches are now cleared more granularly. Errors when starting a query are cleared as soon as another query is successfully started, errors from polling a query are cleared when a query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
Fixed an issue where the
SegmentMoverJob
could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.No longer allow requests to
/hec
to specify organizations by name. We now only accept IDs.Errors on alerts are now cleared more granularly. Errors when starting the alert query are cleared as soon as the query is successfully started, errors from polling the query are cleared when the query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
Remove
script-src: unsafe-eval
from content security policy.The
AlertJob
andScheduledSearchJob
now only log validation errors from running the queries as warnings, previously, some of these were logged as errors.For HTTP Event Collector (HEC) the input field
sourcetype
is now also stored in@sourcetype
.Fixed an issue where repeating queries could cause other queries to fail.
Fixed
session()
function such that it works when events arrive out of time order.Fixed an issue in the Table widget. It will no longer insert 0-values for missing fields in integer columns. Empty fields will be shown consistently, independent of the column data type.
The query endpoint API now supports languageVersion for specifying Humio query language versions.
Query partition tables updates are now rejected if written by a node that is no longer the cluster leader.
Fixed an issue where nodes could request partitions from the query partitioning table that were not present.
No longer allow organization- and system-level ingest tokens to ingest into sandbox and system repos.
Make writes to Kafka's chatter topic block in a similar manner as writes to global.
Fixed an issue where
top
would fail if the sum of the values exceeded 2^63-1. Exceeding sums are now pegged to 2^63-1.When starting ingest, Humio checks that the computed starting position in Kafka is below the Kafka end offset. Ensure that the end offset is requested after the starting position is computed, not before. This might prevent a very rare spurious boot failure.
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
Humio Server 1.34.3 Stable (2022-03-09)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.34.3 | Stable | 2022-03-09 | 2023-03-09 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 7184f2582bed56c0b29ffb2d39f508a5 |
SHA1 | 9d7beb007f9ec9e7603bcbf164b3006dce0932ef |
SHA256 | ac95c6538dc88b6af31f0c55aaa46740503860ea90ad41d330593402915d885b |
SHA512 | d4738190dfd9b100ac896969e70a541f1d0242fb822f312142636cb5055009f13f0dbca6193f6cb8ce89d36d9f3f8b9ebec5a684570a4f9500bd8ffc3379ee6a |
Docker Image | SHA256 Checksum |
---|---|
humio | 955acd05d628a4da69a546ea58134a786c77349bfc21e10631b3f5b2934140ab |
humio-core | 64547f071a29e5df7eb945f369b28cf6d365b1590f577163fd18fe8b76ce63ce |
kafka | b3318e88aa3aaaae09d88fae2bd37882d1a41738983a1ef783f9f07c30c73101 |
zookeeper | 049489e9fcda7ca0ea11d96e45d8dde8d9a6582e0b9740b6865a952ec13332e5 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.3/server-1.34.3.tar.gz
Performance improvements of Ingest and internal caching.
Bug Fixes
Summary
Performance improvements of Ingest and internal caching.
Humio Server 1.34.2 Stable (2022-02-01)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.34.2 | Stable | 2022-02-01 | 2023-02-01 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | ebca829a100a92c4b96f05f421c9e5d2 |
SHA1 | f9d21990e4ae6f64eac6bd6aa6d65899583d1311 |
SHA256 | 2141bd8fb2537f0242b30998938d780bd53cedbf2b04622b956923f677a56350 |
SHA512 | 02d33bdfb65bf5ab949da8ae0a1bb9f04a509564c8d4a74cc08f5033040987152abd42743b0720290304f4bd5c4e50550327117efb6eda01d3b0ed8ef357938e |
Docker Image | SHA256 Checksum |
---|---|
humio | 426715cb9faedce379d6a6add003cfcaa3fe9ce5b5ce706fab202b89eb5c8c45 |
humio-core | a927eb85f709561b659e3a566a5b0fd3e6b3be84b19db2832d70722897265cbb |
kafka | f181a5a1668d6c3f1ebe5e5216a00b393ee20eb0f1845d1a93309fdbfac8406d |
zookeeper | 361063a0a2eb0361209781f7dff9d5f0067b33806f14882fc4a0a0ff9f434b66 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.2/server-1.34.2.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Security
Updated dependencies to follow-redirects for CVE-2022-0155.
Updated dependencies to nanoid for CVE-2021-23566.
Updated dependencies to Akka for CVE-2021-42697.
Updated dependencies to Jawn for CVE-2022-21653.
Updated dependencies to node-fetch for CVE-2022-0235.
Summary
Fixed an issue where live queries would sometimes double-count parts of the historic data.
Fixes an issue with epoch and offsets not always being stripped from segments.
Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
Humio Server 1.34.1 Stable (2022-01-06)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.34.1 | Stable | 2022-01-06 | 2023-01-06 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 1d6b54fc6b4f52abff6c1106a904e4d1 |
SHA1 | 67e6e0cd4e6eb59a0d88f85dc0f511aefacef1dc |
SHA256 | 23f50f620fd5e51755521aba8185b76e4ca0187206fd55e8ed5fbbe14e42578b |
SHA512 | 6ad8fe4040b7c2e80643071e05b1d305f6d66e74c4041d3a4ac56f84ec6fd3f2b63c04c421029c436f081b8ab22e8a60bf17c5330f7fe117d178c596526a344f |
Docker Image | SHA256 Checksum |
---|---|
humio | e66c6b3fcf45bd36502c877e8a4a617f9f662c5cf672e6c6c73b45445d41ad20 |
humio-core | fa7e9355cd4f41e64b404e65e33166c28fdc6c2ce5ceeea382007778f9ff64ce |
kafka | 459b3a6df8a678493bfb3266d243b867ed3ae4251464276c854afa0b2f784dac |
zookeeper | 748cfc151533e1e2efc870299bc5c2b10fda97ec0c6f522dd8c8576d9aea315e |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.1/server-1.34.1.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Security
Updated dependencies to Netty to fix CVE-2021-43797
Updated dependencies to log4j 2.17.1 to fix CVE-2021-44832 and CVE-2021-45105
Summary
Updated dependencies to Jackson to fix a weakness
Humio Server 1.34.0 Stable (2021-12-15)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.34.0 | Stable | 2021-12-15 | 2022-12-15 | 1.26.0 | 11 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 4dc3b67c42b44e59e0ad6cc02a220f12 |
SHA1 | 099a9ae07d5595fb06c145aaa80b46ba9f74dd10 |
SHA256 | 22cd6f60f030d56bcae159b853efe6dcd76f7add127e64c37bcca58c66d1a155 |
SHA512 | 2645369a9ec989c1b40b190993ecbd4eca8be63b60318a1b1259124819446c06c3bbba92a9c22f1e194133b9da5d05b6c0346369c33e8c33a9777a2a168ae524 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.0/server-1.34.0.tar.gz
Humio Server 1.34 REQUIRES minimum previous version 1.26.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.26.0+ first. After running 1.34.0 or later, you cannot downgrade to versions prior to 1.26.0.
You can now use the mouse to resize columns in the event list. Previously you had to click the column header and use the
buttons.Improvements, new features and functionality
UI Changes
Added buttons for stopping all queries, streaming queries, and historical queries from inside the query monitor.
Disable actions if permissions are handled externally.
Added maximum width to tabs on the Group page, so they do not keep expanding forever.
Added autofocus to the first field when opening a dialog using the save as functionality from the Search page.
Updated the links for Privacy Notice and Terms and Conditions.
Allow resize of columns in the event list by mouse.
Dark mode is officially deemed stable enough to be out of beta.
Validation error messages are now more precise and have improved formatting.
The overall look of message boxes in Humio has been updated.
GraphQL API
The GraphQL field isEventForwardingEnabled on the HumioMetadata type is deprecated, as it is no longer in use internally. If you rely on this, please let us know.
Renamed the deleteEvents related GraphQL mutations and queries to redactEvents. The redactEvents API is intended for redacting sensitive data from a repository, not for bulk deletion of events. We think the new name invites fewer misunderstandings.
Added 2-phase migration that will allow old user api tokens to be used and clean global from secrets after a 30 day period.
Added three GraphQL mutations for stopping queries: stopAllQueries, stopStreamingQueries, and stopHistoricalQueries.
Added GraphQL mutation clearRecentQueries which a user can run to clear their recent queries in a specific view or repository.
Changed old personal user token implementation to hash based.
Configuration
When checking if the ViewAction.EventForwarding action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if the event forwarding is not enabled on the server.
Functions
Refactored query functions
join()
,selfJoin()
, andselfJoinFilter()
into user-visible and internal implementations.The
kvParse()
query function can now parse unquoted empty values using the new parameter separatorPadding to specify if your data has whitespace around the key-value separator (typically =). The default is "Unknown", which will leave the functionality of the function unchanged.Added query function
math:arctan2()
to the query language.Added the
communityId()
function for calculating hashes of network flow tuples according to the (Community ID Spec).Improved performance of the query functions
drop()
and rename() by quite a bit.Added a
minSpan
parameter totimeChart()
andbucket()
, which can be used to specify a minimum span when using a short time interval.
Other
Made the transfer coordinator display more clear errors instead of an internal server error for multinode clusters.
Retention based on compressed size will no longer account for segment replication.
Improved error messages when an invalid regular expression is used in replace.
Improved the error reporting when installing, updating or exporting a package fails.
Reduce limit on number of datasources for sandbox repositories created when a user is created to .0 by default.
New metric: ingest-request-delay. Histogram of ingest request time spent being delayed due to exceeding limit on concurrent processing of ingest (milliseconds).
Improved handling of multiple nodes attempting to create views with the same names at the same time, as might happen when bootstrapping a cluster.
Added checksum verification within hash filter files on read.
Improved shutdown logic slightly, helping prevent thread pools from getting stuck or logging spurious errors during shutdown.
Added Australian states to the States dropdown.
Added support in the humio event collector for organization- and system-wide ingest tokens and the ability to use a parser from a different repo than the one being ingested into.
Reword regular expression related error messages.
Minor optimization when using groupBy with a single field.
It is now possible to create actions, alerts, scheduled searches, and parsers from Yaml template files.
Added management API to put hosts in maintenance mode.
Added a precondition that ensures that the number of ingest partitions cannot be reduced.
Improved partition layout auto-balancing algorithm.
Query validation has been improved to include several errors which used to first show up after submitting search.
It is now possible to ingest logs into Humio using LogStash v.7.13 and upwards.
Added metric for the number of currently running streaming queries.
Node roles can now be assigned/removed at runtime.
Added new metric: bucket-storage-upload-latency-max. It shows the amount of time spent for the event that that has been pending for upload to bucket storage the longest.
Added "export as yaml" function to the list pages of parsers, actions and scheduled searches.
Create, update, and delete of dashboards is now audit logged.
Query editor: improved code completion of function names.
Added validation and a more clear error message for queries with a time span of 0.
A compressed segment with a size of 1GB will now always count for retention as 1 GB. Previously, a compressed segment with a size of 1GB might count for more than 1GB when calculating retention, if that segment had more replicas than configured. The effect on the retention policy was that if you had configured retention of .0GB compressed bytes, Humio might retain less than .0GB of compressed data if any of those segments had too many replicas.
Prepopulate email field when invited user is filling in a form with this information.
Bug Fixes
Security
Updated dependencies to log4j 2.16 to remove of message lookups (CVE-2021-44228 and CVE-2021-45046)
Automation and Alerts
Alerts and scheduled searches are now enabled per default when created. The check disabling these entities if no actions are attached has been replaced with a warning, which informs a user that even though the entity is enabled, nothing will trigger since no actions are attached.
Fixed an issue where an alert would not be throttled until after its actions had completed, which could make the alert trigger multiple times shortly after each other if an action was slow. Now, the alert is throttled as soon as it triggers.
Alerts and scheduled searches are no longer run on cloud for organizations with an expired trial license, and on-prem for any expired license.
Functions
Fixed a bug in the validation of the
bits
parameter ofhashMatch()
andhashRewrite()
.
Other
Fixed a bug where only part of the Users page was loading when navigating from the All organizations page.
Use a fresh (random) name for the tmp folder below the datadir to ensure that it is a proper subdir of the datadir and not a mount point.
When performing jobs triggered via the Redact Events API, Humio could restart queries for unrelated views until the delete job completed. This has been improved, so only views affected by the delete will be impacted.
Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.
Changes to the state of IOC access on organizations are now reflected in the audit log.
Fixed an issue where
sort()
would cause events to be read ina non-optimal order for the entire query.Fixed an edge case where Humio might create multiple copies of the same datasource when the number of Kafka partitions is changed. The fix ensures only one copy will be created.
Fixed a compatibility issue with Filebeat 7.16.0
Prevent unauthorized analytics requests being sent.
Remove the ability to create ingest tokens and ingest listeners on system repositories.
Fixed an issue on sandbox renaming, that would allow you to rename a sandbox and end up in a bad state.
Addressed an issue causing Humio to sometimes error log an ArrayIndexOutOfBoundsException during shutdown.
Fixed a bug with the cache not being populated between restarts on single node clusters.
The field vhost in internal Humio logging is now reserved for denoting the host logging the message. Other uses of vhost now uses the field hostId.
Fixed an issue in the interactive tutorial.
Removed a spurious warning log when requesting a non-existent hash file from S3.
Fixed incorrect results when searching through saved queries and recent queries.
Changed field type for zip codes.
When checking if the ViewAction.ChangeRepoConnections action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a repository, as the action only makes sense on views.
When an alert query encounters a warning and Humio is not configured to trigger alerts despite warnings
ALERT_DESPITE_WARNINGS=true
the warning text will now be shown as an error message on the alert in the UI.Fixed an issue where the web client could start queries from the beginning of time when scrolling backwards through events in the UI.
Fixed an issue where a failing event forwarder would be cached indefinitely and could negatively impact Humio performance.
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
Browser storage is now cleared when initiating while unauthenticated.
Fixed an issue where some regexes could not be used.
Fixed an issue where
series()
failed to serialize its state properly.Temporary fix of issue with live queries not having first aggregator as
bucket()
ortimeChart()
, but then later in the query having those as a second aggregator. As a temporary fix, such queries will fail. In later releases, this will get fixed more properly.Fixed an issue where missing undersized segments in a datasource might cause Humio to repeatedly transfer undersized segments between nodes.
Fixed an issue where a scheduled search failed and was retried, if it had multiple actions and at least one action was unknown to Humio. Now, the unknown action is logged, but the scheduled search completes successfully and continues to the next scheduled run.
Fixed an issue where OIDC without a discovery endpoint would fail to configure if
OIDC_TOKEN_ENDPOINT_AUTH_METHOD
was not set.Fixed a number of stability issues with the event redaction job.
Changed default package type to "application" on the export package wizard.
Fixed styling issue on the search page where long errors would overflow the screen.
Fixed a bug where invalid UTF-16 characters could not be ingested. They are now converted to 'ufffd'.
Fixed an issue where the segment merger would write that the current node had a segment slightly before registering that segment in the local node.
When a digester fails to start, rather than restarting the JVM as previous releases did, keep retrying to start assuming that the issue is transient, such as data for a single ingest partition being unavailable for a short while. While in this situation the process reports the metric for ingest latency on the affected partitions as being uptime of the JVM process at this point. The idea is to signal that data is not flowing on those partitions, so that a monitored metric can raise an alarm somewhere. In lack of a proper latency in this situation, it's better to have a growing non-zero metrics than having the metrics being zero.
Fixed an issue where the segment merger could mishandle errors during merge.
Fixed an issue on on-prem trial license that would use user count limits from cloud.
Fixed an issue causing Humio running on Java 16+ to return incorrect search results when the input query contains Unicode surrogate pairs (e.g. when searching for an emoji).
Fixed an issue that in rare cases would cause login errors.
Removed error query param from URL when entering Humio.
Fixed an issue where comments spanning multiple lines wouldn't be colored correctly.
When checking if the ViewAction.ChangeS3ArchivingSettings action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a view, as the action only makes sense on repositories.
Fixed a bug where query coordination partitions would not get updated.
Fixed an issue where release notes would not close when a release is open.
Fixed an issue where error messages would show wrong input.
Crash the node if any of a number of critical threads die. This should help prevent zombie nodes.
Fixed an issue where certain problems would highlight the first word in a query.
Fixed an issue where streaming (exporting) query results in JSON format could include extra "," characters within the output.
Fixed an issue where clicking on the counters of parsed events on the Parsers page would open an empty search page, except for built-in parsers. Now, it correctly shows the latest parsed events for all parsers (except package parsers).
Fixed an issue when adding a group to a repository or view than an error message is displayed when the user is not the organization owner or root.
Fixed an issue where a digest node could be unable to rejoin the cluster after being shut down if all other digest nodes were also down at the time.
Include view+parser-name in thread dumps when time is spent inside a parser.
Fixed a bug where shared lookup files could not be downloaded from the UI.
Changes to the state of backend feature flags are now reflected in the audit log.
Fixed an issue where a dashboard installed with a YAML file could be slightly different than what was specified in the file.
Fixed some widgets on dashboards reporting errors while waiting for data to load.
No longer return the "Query Plan" in responses, but return a hash in the new field hashedQueryOnView instead. The plan could leak information not otherwise visible to the user, such as query prefixes being applied.
When creating or updating an action, the backend now verifies that the host url associated with the action is prefixed with either 'http://' or 'https://'. This affects Actions of the type: Webhook, OpsGenie, Single-Channel Slack and VictorOps.
Fixed a bug where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there were too many datasources in the repo. This led to a crash loop when the affected node was restarted.
Support Java 17.
Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
Humio Server 1.33.3 Preview (2021-12-10)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.33.3 | Preview | 2021-12-10 | 2021-12-15 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 10d2ee69d0bcdc6313fb3529912007ba |
SHA1 | 5be098e4f3f6500704e85c0763c918763b90aa34 |
SHA256 | eaefa5ce2c162fbd9d0a57d3b7c47dee828848eabdd7e96d885a812208c20a46 |
SHA512 | a9268b87f416d9b857eccb506c304ba7ca552cd6408ac13791b160e0d17c3d82e67213025ec7bca820e970676e4a24d1a1f4d20ff27e3cbc5bc30edf874e58a0 |
More security fixes related to
log4j
logging.
Bug Fixes
Security
Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).
Humio Server 1.33.2 Preview (2021-12-10)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.33.2 | Preview | 2021-12-10 | 2021-12-15 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 393be03445adbf84f63ef93b522b85fa |
SHA1 | 36454936dfe7c3863656043a8ee1d8639c1c198e |
SHA256 | e03616ba1d8d92e80031231ad7e2b7666121e7ccf7eee10f7a816241a90706ac |
SHA512 | 5d0504538cfa1db51f7188d4f6fef03aeb5a69b466f2e8367e91208745c4bf9050f271ffdf52ed6027796487ac11106726fbf3d7c3d6e259efa49f369793aa96 |
Security fix related to
log4j
logging, and fix
compatibility with Filebeat.
Bug Fixes
Security
Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).
Summary
Fixed a compatibility issue with Filebeat 7.16.0
Humio Server 1.33.1 Preview (2021-11-23)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.33.1 | Preview | 2021-11-23 | 2021-12-15 | 1.26.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | d9f270df38f2ce472801c81a06fa67af |
SHA1 | c5740a06b4b86a8615767c388a7cf6d3e3a8ccf1 |
SHA256 | ed3c03b5dcb8fe2c7230bae2775346283d7cdc143854260672a5ba66f11d612b |
SHA512 | d2762a9fa648af32e85205b4d972ad15d47870fc030c111d31ca4d048ce9459ce6e50a3bce0063f0c7347a6640181b4e3c41d1273a4c82b297fd8d3c844c529a |
Critical bug fixes related to version dependencies, alert throttling, etc.; Improve Interactive Tutorial.
Bug Fixes
Summary
Fixed an issue that in rare cases would cause login errors.
Updated a dependency to a version fixing a critical bug.
Fixed an issue in the interactive tutorial.
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
Automation and Alerts
Reverted from 1.33.0 Errors on alerts, which are shown in the alert overview, are now only cleared when either the alert query is updated by a user or the alert triggers. Previously, errors that occurred when actions were triggered would be removed when the alert no longer triggered. Now, they will be displayed until the actions trigger successfully. Conversely, errors that occur when running the query may now remain until the next time the alert triggers, where they would previously be removed as soon as the query run again without errors.
Fixed an issue where an alert would not be throttled until after its actions had completed, which could make the alert trigger multiple times shortly after each other if an action was slow. Now, the alert is throttled as soon as it triggers.
Humio Server 1.33.0 Preview (2021-11-15)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.33.0 | Preview | 2021-11-15 | 2021-12-15 | 1.26.0 | 11 | No | Yes |
JAR Checksum | Value |
---|---|
MD5 | 2964782694b82a39cc5b644d040fae68 |
SHA1 | b520dbabec0321b953c496b960710ba5fb6614a7 |
SHA256 | 8b8de633ca08c9592ee2441b0498de1a86aa4093a505821923be7e8501b62526 |
SHA512 | be827349bf450d51b4c42c55c13120ba735196f598eaec798a7eb11b8e1320a6ad86caefca3841a3560013311e30347dc595a96ed59d4cb5c0cf946e72208ac2 |
1.33 REQUIRES minimum version 1.26.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.26.0+ first. After running 1.33.0 or later, you cannot run versions prior to 1.26.0.
Once the release has been deployed, all existing personal api tokens will be hashed so they still can be used, but you will not be able to retrieve them again. If you want to preserve the tokens, be sure to copy it into a secrets vault before the release is deployed. The api-token field on the User type in GraphQL has been removed.
You can now use the mouse to resize columns in the event list. Previously you had to click the column header and use the "Increase / Decrease Width" buttons.
Improvements, new features and functionality
UI Changes
Allow resize of columns in the event list by mouse.
Added autofocus to the first field when opening a dialog using the save as functionality from the Search page.
Added maximum width to tabs on the Group page, so they do not keep expanding forever.
Validation error messages are now more precise and have improved formatting.
The overall look of message boxes in Humio has been updated.
Dark mode is officially deemed stable enough to be out of beta.
Updated the links for Privacy Notice and Terms and Conditions.
Disable actions if permissions are handled externally.
Added buttons for stopping all queries, streaming queries, and historical queries from inside the query monitor.
GraphQL API
Renamed the deleteEvents related GraphQL mutations and queries to redactEvents. The redactEvents API is intended for redacting sensitive data from a repository, not for bulk deletion of events. We think the new name invites fewer misunderstandings.
Added three GraphQL mutations for stopping queries: stopAllQueries, stopStreamingQueries, and stopHistoricalQueries.
Changed old personal user token implementation to hash based.
Added GraphQL mutation clearRecentQueries which a user can run to clear their recent queries in a specific view or repository.
The GraphQL field isEventForwardingEnabled on the HumioMetadata type is deprecated, as it is no longer in use internally. If you rely on this, please let us know.
Added 2-phase migration that will allow old user api tokens to be used and clean global from secrets after a 30 day period.
Configuration
When checking if the ViewAction.EventForwarding action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if the event forwarding is not enabled on the server.
Functions
Added the
communityId()
function for calculating hashes of network flow tuples according to the Community ID Spec.The
kvParse()
query function can now parse unquoted empty values using the new parameter separatorPadding to specify if your data has whitespace around the key-value separator (typically =). The default is "Unknown", which will leave the functionality of the function unchanged.Added query function
math:arctan2()
to the query language.Improved performance of the query functions
drop()
andrename()
by quite a bit.Refactored query functions
join()
,selfJoin()
, andselfJoinFilter()
into user-visible and internal implementations.Added a
minSpan
parameter totimeChart()
andbucket()
, which can be used to specify a minimum span when using a short time interval.
Other
Retention based on compressed size will no longer account for segment replication.
Added checksum verification within hash filter files on read.
Added "export as yaml" function to the list pages of parsers, actions and scheduled searches.
Made the transfer coordinator display more clear errors instead of an internal server error for multinode clusters.
Query editor: improved code completion of function names.
Reduce limit on number of datasources for sandbox repositories created when a user is created to .0 by default.
Added validation and a more clear error message for queries with a time span of 0.
Added management API to put hosts in maintenance mode.
It is now possible to ingest logs into Humio using LogStash v.7.13 and upwards.
Query validation has been improved to include several errors which used to first show up after submitting search.
Minor optimization when using groupBy with a single field.
Node roles can now be assigned/removed at runtime.
Reword regular expression related error messages.
A compressed segment with a size of 1GB will now always count for retention as 1 GB. Previously, a compressed segment with a size of 1GB might count for more than 1GB when calculating retention, if that segment had more replicas than configured. The effect on the retention policy was that if you had configured retention of .0GB compressed bytes, Humio might retain less than .0GB of compressed data if any of those segments had too many replicas.
Improved error messages when an invalid regular expression is used in replace.
Prepopulate email field when invited user is filling in a form with this information.
New metric: ingest-request-delay. Histogram of ingest request time spent being delayed due to exceeding limit on concurrent processing of ingest (milliseconds).
Added Australian states to the States dropdown.
Improved shutdown logic slightly, helping prevent thread pools from getting stuck or logging spurious errors during shutdown.
Improved the error reporting when installing, updating or exporting a package fails.
Added metric for the number of currently running streaming queries.
Added a precondition that ensures that the number of ingest partitions cannot be reduced.
Improved partition layout auto-balancing algorithm.
Create, update, and delete of dashboards is now audit logged.
Added support in the humio event collector for organization- and system-wide ingest tokens and the ability to use a parser from a different repo than the one being ingested into.
It is now possible to create actions, alerts, scheduled searches, and parsers from Yaml template files.
Added new metric: bucket-storage-upload-latency-max. It shows the amount of time spent for the event that that has been pending for upload to bucket storage the longest.
Improved handling of multiple nodes attempting to create views with the same names at the same time, as might happen when bootstrapping a cluster.
Bug Fixes
UI Changes
When an alert query encounters a warning and Humio is not configured to trigger alerts despite warnings
ALERT_DESPITE_WARNINGS
the warning text will now be shown as an error message on the alert in the UI.
Automation and Alerts
Alerts and scheduled searches are now enabled per default when created. The check disabling these entities if no actions are attached has been replaced with a warning, which informs a user that even though the entity is enabled, nothing will trigger since no actions are attached.
Alerts and scheduled searches are no longer run on cloud for organizations with an expired trial license, and on-prem for any expired license.
Functions
Fixed an issue where
sort()
would cause events to be read ina non-optimal order for the entire query.Fixed an issue where
series()
failed to serialize its state properly.Fixed a bug in the validation of the
bits
parameter ofhashMatch()
andhashRewrite()
.
Other
Fixed an issue where OIDC without a discovery endpoint would fail to configure if
OIDC_TOKEN_ENDPOINT_AUTH_METHOD
was not set.Temporary fix of issue with live queries not having first aggregator as
bucket()
ortimeChart()
, but then later in the query having those as a second aggregator. As a temporary fix, such queries will fail. In later releases, this will get fixed more properly.Fixed a bug where only part of the Users page was loading when navigating from the All organizations page.
Fixed a bug where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there were too many datasources in the repo. This led to a crash loop when the affected node was restarted.
When checking if the ViewAction.ChangeRepoConnections action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a repository, as the action only makes sense on views.
Fixed a number of stability issues with the event redaction job.
Removed error query param from URL when entering Humio.
Fixed a bug where query coordination partitions would not get updated.
Fixed an edge case where Humio might create multiple copies of the same datasource when the number of Kafka partitions is changed. The fix ensures only one copy will be created.
Fixed an issue where the segment merger would write that the current node had a segment slightly before registering that segment in the local node.
The field vhost in internal Humio logging is now reserved for denoting the host logging the message. Other uses of vhost now uses the field hostId.
Removed a spurious warning log when requesting a non-existent hash file from S3.
Fixed an issue when adding a group to a repository or view than an error message is displayed when the user is not the organization owner or root.
Changed default package type to "application" on the export package wizard.
Fixed an issue where a scheduled search failed and was retried, if it had multiple actions and at least one action was unknown to Humio. Now, the unknown action is logged, but the scheduled search completes successfully and continues to the next scheduled run.
Fixed styling issue on the search page where long errors would overflow the screen.
Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
When checking if the ViewAction.ChangeS3ArchivingSettings action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a view, as the action only makes sense on repositories.
Fixed a bug where invalid UTF-16 characters could not be ingested. They are now converted to 'ufffd'.
Fixed an issue on on-prem trial license that would use user count limits from cloud.
Fixed an issue where the segment merger could mishandle errors during merge.
Changes to the state of backend feature flags are now reflected in the audit log.
Include view+parser-name in thread dumps when time is spent inside a parser.
When a digester fails to start, rather than restarting the JVM as previous releases did, keep retrying to start assuming that the issue is transient, such as data for a single ingest partition being unavailable for a short while. While in this situation the process reports the metric for ingest latency on the affected partitions as being uptime of the JVM process at this point. The idea is to signal that data is not flowing on those partitions, so that a monitored metric can raise an alarm somewhere. In lack of a proper latency in this situation, it's better to have a growing non-zero metrics than having the metrics being zero.
Fixed a bug where shared lookup files could not be downloaded from the UI.
Fixed an issue where error messages would show wrong input.
Fixed some widgets on dashboards reporting errors while waiting for data to load.
Fixed a bug with the cache not being populated between restarts on single node clusters.
Fixed an issue on sandbox renaming, that would allow you to rename a sandbox and end up in a bad state.
Fixed an issue where missing undersized segments in a datasource might cause Humio to repeatedly transfer undersized segments between nodes.
Support Java 17.
Fixed an issue where a digest node could be unable to rejoin the cluster after being shut down if all other digest nodes were also down at the time.
Changes to the state of IOC access on organizations are now reflected in the audit log.
Fixed an issue where release notes would not close when a release is open.
Browser storage is now cleared when initiating while unauthenticated.
Prevent unauthorized analytics requests being sent.
Fixed incorrect results when searching through saved queries and recent queries.
Fixed an issue where some regexes could not be used.
Fixed an issue where a failing event forwarder would be cached indefinitely and could negatively impact Humio performance.
Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.
Addressed an issue causing Humio to sometimes error log an ArrayIndexOutOfBoundsException during shutdown.
Fixed an issue where a dashboard installed with a YAML file could be slightly different than what was specified in the file.
Fixed an issue where comments spanning multiple lines wouldn't be colored correctly.
When creating or updating an action, the backend now verifies that the host url associated with the action is prefixed with either 'http://' or 'https://'. This affects Actions of the type: Webhook, OpsGenie, Single-Channel Slack and VictorOps.
Fixed an issue where certain problems would highlight the first word in a query.
No longer return the "Query Plan" in responses, but return a hash in the new field hashedQueryOnView instead. The plan could leak information not otherwise visible to the user, such as query prefixes being applied.
Fixed an issue causing Humio running on Java 16+ to return incorrect search results when the input query contains Unicode surrogate pairs (e.g. when searching for an emoji).
When performing jobs triggered via the Redact Events API, Humio could restart queries for unrelated views until the delete job completed. This has been improved, so only views affected by the delete will be impacted.
Changed field type for zip codes.
Fixed an issue where the web client could start queries from the beginning of time when scrolling backwards through events in the UI.
Errors on alerts, which are shown in the alert overview, are now only cleared when either the alert query is updated by a user or the alert triggers. Previously, errors that occurred when actions were triggered would be removed when the alert no longer triggered. Now, they will be displayed until the actions trigger successfully. On the other hand, errors that occur when running the query may now remain until the next time the alert triggers, where they would previously be removed as soon as the query run again without errors.
This change was reverted in 1.33.1.
Use a fresh (random) name for the tmp folder below the datadir to ensure that it is a proper subdir of the datadir and not a mount point.
Fixed an issue where clicking on the counters of parsed events on the Parsers page would open an empty search page, except for built-in parsers. Now, it correctly shows the latest parsed events for all parsers (except package parsers).
Crash the node if any of a number of critical threads die. This should help prevent zombie nodes.
Remove the ability to create ingest tokens and ingest listeners on system repositories.
Humio Server 1.32.8 Stable (2022-03-09)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.32.8 | Stable | 2022-03-09 | 2023-03-09 | 1.16.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 94782d07a7feda72ffc831747e6740f1 |
SHA1 | 8c1afb6e1b4fe6e5eabe30823e7705b7a03a7af5 |
SHA256 | 76eaa3581ad45443af93dd9e6f92f51142bdc082ba8af234b0ffc7f4346ef630 |
SHA512 | 6929950a72ee073402aea63a3acc016b15ae435ba5c9cf4c24b94fbf51af01c4ccfa4da223374527b597c154f0ca72a114feb0ec45bfae55fad8be17645bccf5 |
Docker Image | SHA256 Checksum |
---|---|
humio | d8f1892f444ab53d2e94419a096978da0eba8d7a995096d9b6f031162fd3bb3c |
humio-core | 49d2631113684a8fc8b3ad53e5545a661961607a3033357ee977ce50d0b49f0a |
kafka | 3bbbaec63eb2ca089800172d94e95f6bb84266dcbac3e76217f50c4169133546 |
zookeeper | 9830902ac961b08c778f38b8714dcfab6be076c1acc5366db459a8560cb6eb61 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.8/server-1.32.8.tar.gz
Updated dependencies with security fixes and weakness and improved performance.
Bug Fixes
Security
Updated dependencies to Akka to fix CVE-2021-42697.
Updated dependencies to jawn to fix CVE-2022-21653.
Summary
Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
Performance improvements of Ingest and internal caching.
Fixes issue with epoch and offsets not always being stripped from segments.
Humio Server 1.32.7 Stable (2022-01-06)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.32.7 | Stable | 2022-01-06 | 2023-01-06 | 1.16.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 30080b4b84bb4aba37eb11023019bd78 |
SHA1 | c53f4ac43beee249a68c90cae62d0b768b1284d7 |
SHA256 | 192b0554f6cbdfd5853cc90d8a418497df800da85bc0795238fc359aae8fa309 |
SHA512 | 0119341a2d041b0143a849881279274b7aef6589e8f90730907401562d03c631065bdb6f3e567b9cdffe31e572c570414f9386ef12e39ffaefdb4a8a5d70f479 |
Docker Image | SHA256 Checksum |
---|---|
humio | c286be555ee8e333acaa87ff010a8b6ecda18cd57c57b2925513b300792c021c |
humio-core | c1efbc9ae9dd76ccbaa674e63ff0029625724c1bb82f3b759cf692f65b3861fc |
kafka | e0d67223acc40bc46d9205286655b28e5c5adfdacbd86441e57e4939113805ee |
zookeeper | c5a7a9ab2dc6be82defe163499b943b727697a3e5d06fc8ead128240e596beb9 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.7/server-1.32.7.tar.gz
Updated dependencies with security fixes and weakness.
Bug Fixes
Security
Updated dependencies to log4j 2.17.1 to fix CVE-2021-44832 and CVE-2021-45105
Updated dependencies to Netty to fix CVE-2021-43797
Summary
Updated dependencies to Jackson to fix a weakness
Humio Server 1.32.6 Stable (2021-12-15)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.32.6 | Stable | 2021-12-15 | 2022-12-15 | 1.16.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 7faf420472dbc06536e7478f9b62ab9b |
SHA1 | 77ab5617ec6a9ea24d5db93d82e44a6baa9b8bc2 |
SHA256 | f77c2758074e6ed3b0543531e8ad8ca8a62b934484ee2ac820eabcdd9c572b20 |
SHA512 | 777a8f6e1f2371aea2f9aaeed46633c5c0837e96b1a902433adb7ad8fd98efdaf0f1b21fbae5c8ddb9b5099c4f85e70a0d5a7e9ca00a47b2f2293c9b37c129fe |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.6/server-1.32.6.tar.gz
Security fix related to
log4j
logging, and fix
compatibility with Filebeat.
Bug Fixes
Security
Updated dependencies to log4j 2.16 to remove of message lookups (CVE-2021-45046)
Summary
Fixed issue where streaming (exporting) query results in JSON format could include extra "," characters within the output.
Humio Server 1.32.5 Stable (2021-12-10)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.32.5 | Stable | 2021-12-10 | 2022-12-10 | 1.16.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | e4475e8c2f6623ff22465ccd59bbfb8a |
SHA1 | 5affbdbd10674259ec178db75171d73eb2835f1d |
SHA256 | 92c0261e328c43f0ba46ffaa72fc5e8a1ef075438759286ab00ea5dbb5b5ca30 |
SHA512 | e698dd4a2aa8c85ca3d89cc596e05677106d509082f816e46b3dca6b4b3313690d4c41c3a5b5529d08d91e51ebbfb3f9217e7830d1f4ade54fd79b40f366f449 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.5/server-1.32.5.tar.gz
Security fix related to
log4j
logging.
Bug Fixes
Security
Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).
Humio Server 1.32.4 Stable (2021-12-10)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.32.4 | Stable | 2021-12-10 | 2022-12-10 | 1.16.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 237975851200cd2a21b749ea3994f307 |
SHA1 | 0e6acfcbc13150c83861af51798d8f4510de7bb4 |
SHA256 | 99a86034dc2e26f0779a64a11633563f59dbc94959b85f80f996e5c267053ae4 |
SHA512 | aba67fee43c26d832cc9fb0a5ce3af0faabb596bc33c597eaba83f8f7d3e7da1ec61f6554c257ca7063991a802fdd4149f90e25db856751ca538c1d2f5262a40 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.4/server-1.32.4.tar.gz
Security fix related to
log4j
logging, and fix
compatibility with Filebeat.
Bug Fixes
Security
Updated dependencies to address a critical security vulnerability for the
log4j
logging framework, "log4shell", (CVE-2021-44228).Fixed a compatibility issue with Filebeat 7.16.0
Humio Server 1.32.3 Stable (2021-12-01)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.32.3 | Stable | 2021-12-01 | 2022-12-01 | 1.16.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | a930565c1e42104fcf6b963089db33ec |
SHA1 | b4818b51348ae64bf79104813d89fb34ec183a71 |
SHA256 | a100e4eb4161b0dc01ac745dffd5bb22839c557fd120f2ddb8359981558af5d5 |
SHA512 | fb2439171324b098a870bb143e4442bacd007c0f18c2fce9ead458e6f05d8672f3f4309e4c59c7b74a6c74763b6936707f67f36eb645847f0daaee75badd4f9a |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.3/server-1.32.3.tar.gz
Bug fix to resolve problem with clusters using bucket storage.
Bug Fixes
Summary
Fixed an issue that would result in a query not completing when one of the involved segments was deleted locally while the query was running. This could happen on clusters using bucket storage with more data than fits the local disks.
Humio Server 1.32.2 Stable (2021-11-19)
Version | Type | Release Date | End of Support | Upgrades From | JDK Compatibility | Data Migration | Config. Changes |
---|---|---|---|---|---|---|---|
1.32.2 | Stable | 2021-11-19 | 2022-11-19 | 1.16.0 | 11 | No | No |
JAR Checksum | Value |
---|---|
MD5 | 098c372a532df86516d89e7d257f86b6 |
SHA1 | ea67955c0cad253a0278fe408fcce7d300491455 |
SHA256 | f2289d4bf0321e0dde905a8d4148d709e5ac846fdd055c7133172f5d33ef9fe0 |
SHA512 | 1bb52a2333339201a7c56f2d0d93997e60ea5b62d5b2ec1dc9f84d812b50c3e5ebca8039de029ecdb14e00885f9e9965532acc13dd339589a45a836a5548b849 |
Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.2/server-1.32.2.tar.gz
Critical bug fix regarding version dependency, and race conditions.
Bug Fixes
Summary
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
Updated a dependency to a version fixing a critical bug.