Full Release Notes Index

This section contains a single page with all release notes on the same page.

Falcon LogScale 1.92.0 Preview (2023-05-30)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.92.0Preview2023-05-302024-05-301.4411NoNo

Bug fixes and updates.

Behavior Changes

Scripts or environment which make use of these tools should be checked and update for the new configuration:

  • Remove NEW_INGEST_ONLY_NODE_SEMANTICS since we no longer support opting out of the new ingestonly behavior. The behavior has been the default since 1.79.0.

    For more information, see Falcon LogScale 1.79.0 Preview (2023-02-28), Ingest Node.

  • Be less aggressive updating the digest partitions when a node goes offline. When a node goes offline/online, creating a well balanced table can require changes to partitions other than those where the changed node appears. This can cause more digest reassignment that we'd like, so we're changing the behavior of the automation. We'll now only generate optimally balanced tables in reaction to nodes being registered or unregistered from the cluster, and in reaction to the digest replication factor changing. The rest of the time, we'll take the previously generated balanced table as a starting point, and do very minimal node replacements in it to ensure partitions are properly replicated to live nodes.

  • Metadata on segments in memory is now represented in a manner that requires less memory at runtime after booting. The heap required for global snapshot is in the range 3-6 times the size of the disk, for a cluster with many segments. This change reduces the memory requirements for long retention compared to previous versions. Note that for a short time during boot of a node the memory requirement is closer to 10-15 times the size of the snapshot on disk.

  • It is no longer allowed for nodes to delete bucketed minisegments involved in queries off local disks before the queries are done. This should help ensure queries do not "miss" querying these files if they are deleted while a query is running.

Improvements, new features and functionality

  • UI Changes

    • The Time Selector now only allows zooming out to approximately 4,000 years.

    • The DeleteRepositoryOrView data permission is now visible in the UI on Cloud environments.

    • A new tutorial built on a dedicated demo data view is available for environments that do not have access to legacy tutorial based on a sandbox repository.

    • The ChangeRetention data permission is now enabled on Cloud environments.

  • Documentation

    • Regular Expression Syntax new page has been added with extended details of supported regular expression syntax and differences between the LogScale support and other implementations such as Java and Perl.

    • LogScale Kubernetes Reference Architecture new page has been added with LogScale reference architecture description when deploying LogScale using Kubernetes.

  • GraphQL API

    • The GraphQL schema for UsageStats has been updated to reflect that queries can be in progress.

    • The Usage page has been updated to support queries that are in progress for longer than the GraphQL timeout allows.

  • Configuration

  • Dashboards and Widgets

    • New parsing of Template Expressions has been implemented in the UI for improved performance.

    • When creating or editing interactions you can now visualize any unused parameter bindings, with the option to remove them.

      For more information, see Unused parameters bindings.

    • The empty list alias is now available as an input option for parameter bindings, so that Multi-value Parameters can be set explicitly to have the value of an empty list.

      For more information, see Empty list alias.

    • Parameter labels are now used instead of parameter IDs when displaying the list of parameters that a widget / query is waiting on.

  • Other

    • Polling a query on /queryjobs can now delay the response a bit in order to allow returning a potentially `done` response. The typical effective delay is less than 2 seconds, and the positive effect is saving the extra poll roundtrip that would otherwise need to happen before the query completed. This in particular makes simple queries complete faster from the viewpoint of the client, as they do not have to wait for an extra poll roundtrip in most cases.

    • When the Kafka broker set changes at runtime, track that set and use as bootstrap servers for Kafka whenever LogScale needs to create a new Kafka client at runtime. This allows replacing all Kafka brokers (incrementally, moving their work to new servers) without restarting LogScale. Note that the set is not persisted across restart of LogScale, so when restarting LogScale, make sure to provide an up to date set of bootstrap servers.

    • Reduced the amount of memory used when multiple queries use the match() function with the same arguments. Before, if you ran many queries that used the same file, the contents of the file would be represented multiple times in memory, once for each query. This could put you at risk of exhausting the server's memory if the files were large. With this change the file contents will be shared between the queries and represented only once. This enables the server to run more queries and/or handle larger files.

      For more information, see Lookup Files Operation.

Bug Fixes

  • UI Changes

    • Fixed an issue where the filter would remain applied in the saved or recent queries when switching tabs in the Queries menu.

    • Fixed the order of the timezones in the timezone dropdown on the Search and Dashboards pages.

  • Automation and Alerts

    • Fixed an issue that could cause some rarely occurring errors when running alerts to not show up on the alert.

  • Dashboards and Widgets

    • Fixed an issue where certain widget options would be ignored when importing a dashboard template or installing a package.

    • Fixed a wrong behaviour on the Interactions overview page when creating a new interaction: if the interaction panel was opened, the repository options would dropdown in it instead of in the Create new interaction dialog.

  • Other

Falcon LogScale 1.91.0 Not Released (2023-05-23)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.91.0Not Released2023-05-232024-05-231.4411NoNo

Not released.

Falcon LogScale 1.90.0 Not Released (2023-05-16)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.90.0Not Released2023-05-162024-05-161.4411NoNo

Not released.

Falcon LogScale 1.89.0 Preview (2023-05-11)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.89.0Preview2023-05-112024-05-111.4411NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Automation and Alerts

    • The Alert and Scheduled Search jobs no longer produce logs about specific alerts or scheduled searches in the humio repository. The logs are still sent to the humio-activity repository, which in normal setup is also ingested into the humio repository. So before, the logs would normally be duplicated, now they are not. The only difference between the two types of logs, is that the logs from the humio-activity repository all have loglevel equal to INFO. You can use the severity field instead to distinguish between the severity of the logs.

  • GraphQL API

    • Mutations enableAlert and disableAlert have been added for enabling and disabling an alert without changing other fields.

  • Log Collector

    • Added a new test status for configurations, which allows you to try out a configuration on one or more instances before it’s published.

      For more information, see Testing a Remote Configuration.

  • Other

    • The following cluster management features are now enabled:

      • AutomaticJobDistribution

      • AutomaticDigesterDistribution

      • AutomaticSegmentDistribution

      For more information, see Digest Rules.

    • Degrade and deprecate some REST and GraphQL APIs due to the introduction of AutomaticSegmentDistribution and AutomaticDigesterDistribution. The deprecated elements will be removed in a future release, once the upgrade compatibility with version 1.88.0 is dropped. We expect this to be no earlier than September 2023.

      The following REST endpoints are deprecated, as they no longer have an effect and return meaningless results:

      • api/v1/clusterconfig/segments/prune-replicas

      • api/v1/clusterconfig/segments/distribute-evenly

      • api/v1/clusterconfig/segments/distribute-evenly-reshuffle-all

      • api/v1/clusterconfig/segments/distribute-evenly-to-host

      • api/v1/clusterconfig/segments/distribute-evenly-from-host

      • api/v1/clusterconfig/segments/partitions

      • api/v1/clusterconfig/segments/setdefaults

      • api/v1/clusterconfig/segments/set-replication-defaults

      • api/v1/clusterconfig/partitions/setdefaults

      • api/v1/clusterconfig/ingestpartitions/distribute-evenly-from-host

      • api/v1/clusterconfig/ingestpartitions/setdefaults

      • api/v1/clusterconfig/ingestpartitions (POST only, GET will continue to work)

      The following GraphQL mutations are deprecated, as they no longer have an effect and return meaningless results:

      • clusterMoveDataToNode

      • clusterMoveDataAwayFromNode

      • clusterMoveIngestRoutesAwayFromNode

      • clusterMoveIngestRoutesToNode

      • clusterMoveStorageRouteAwayFromNode

      • clusterMoveStorageRouteToNode

      • startDataRedistribution

      • updateStoragePartitionScheme

      The IngestPartitionScheme mutation is not deprecated, but as it updates state that is overwritten by automation, we recommend against using it — it exists solely to serve as a debugging tool.

      The following GraphQL fields on the cluster object are deprecated, and return meaningless values:

      • ingestPartitionsWarnings

      • suggestedIngestPartitions

      • storagePartitions

      • storagePartitionsWarnings

      • suggestedStoragePartitions

      • storageDivergence

      • reapply_targetSize

      The following fields in the return value of the api/v1/clusterconfig/segments/segment-stats endpoint are deprecated and degraded to always be O:

      • reapply_targetBytes

      • reapply_targetSegments

      • reapply_inboundBytes

      • reapply_inboundSegments

Bug Fixes

  • UI Changes

    • The Search page would reload when using the browser's history navigation buttons. This issue has now been fixed.

    • An error for lacking permissions that appeared when updating the organization settings has been fixed. Now, if you have permissions to view the Organization Settings page, you can also update information on it.

  • Automation and Alerts

    • The throttle field would be empty when editing an Alert; this issue has now been fixed.

    • Fixed an issue where clicking the Inspect link in Alert notifications would land on a missing page.

  • Dashboards and Widgets

    • The following issues have been fixed on dashboards:

      • A dashboard would sometimes be perceived as changed on the server even though it was not.

      • Discard unsaved changes would appear when creating and applying new parameters.

  • Functions

    • The rename() function would drop the field, if the field and as arguments were identical; this issue has now been fixed.

  • Other

    • Fixed an issue that could cause segments to appear missing in queries, due to the presence of deleted minisegments with the same target as live minisegments.

    • Some merged segments could temporarily be missing from query results right after an ephemeral node reboot. This issue has been fixed.

    • An edge case has been fixed where query workers could fail to include minisegments if the minisegments were merged at a bad time, causing queries to be missing the data in those segments.

Falcon LogScale 1.88.0 Stable (2023-05-24)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.88.0Stable2023-05-242024-05-241.4411NoYes
TAR ChecksumValue
MD54498b5fcb67bc5d9418ddb67d502af19
SHA1ce9309cb9c9d6f56513ff1e5de4c91f4f23a8b47
SHA2569ba3c4f782bbd58751571b247ab3e76b6e2b50f0457d6966c8754e6566569273
SHA512e5cebea46bb385f268c2e8ca6f7d6d42d12f19fe7704efcbcb41b50e40ccbf318ed3035c79b8f3fdf8623860e24190dde692fce09a938d9f0c2b3486ac436ae1
Docker ImageSHA256 Checksum
humio607c8b664d97ec29e5a11960d3b37a01580054d5582748721c5ac141c8be72c0
humio-core071c84efeb896afb372c43515aab1a5b67e61b035e90937311988ffda9c16a53
kafkaccd909da61a4b1c8be82600f749d2a571afb3ee2baa720a77aaebf06ffd334e4
zookeeper9a2015bfd9a7b7401604bb54f17d9029b4c6dc42cf3b25655b5c7e60f7e1db86

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.88.0/server-1.88.0.tar.gz

Bug fixes and updates.

Behavior Changes

Scripts or environment which make use of these tools should be checked and update for the new configuration:

  • It is no longer allowed for nodes to delete bucketed minisegments involved in queries off local disks before the queries are done. This should help ensure queries do not "miss" querying these files if they are deleted while a query is running.

Upgrades

Changes that may occur or be required during an upgrade.

Other

  • Snakeyamls has been upgraded to 2.0 to address CVE-2022-1471 issue.

  • Docker images have been upgraded to Java 19.0.2. to address CVE-2022-45688 issue.

Improvements, new features and functionality

  • Behavior

    • Change how downloads from bucket storage are prioritized for queries. Previously the highest priority query was allowed to download as many segments as it liked. We now try to estimate how much work a query has available in local segments, and prioritize fetching segments for those queries that are close to running out of local work and becoming blocked for that reason.

  • UI Changes

  • Automation and Alerts

    • The error message for an Alert or Scheduled Search on their edit pages now has a button for clearing the error while the dismiss icon will just close the message but not clear errors.

    • When enabling an Alert or Scheduled Search with no actions, an inline warning message now appears instead of a message box.

    • The default time window for Alerts has been updated:

      • When creating an alert from the Alerts page, the default query time window has been changed from 24 Hours to 1 Hours to match the default throttle time.

      • When creating an alert from the Search page, the default Throttle period has been changed to match that of the query time window set.

      For more information, see Creating a New Alert.

    • When creating a new Alert, you now have a pulldown menu that suggests labels that you’ve previously created for other alerts. The same applies to Scheduled Searches.

      For more information, see Creating a New Alert.

    • Clicking the Labels button in Alerts will now show every unique label that has been created on every alert in the same repository. This means that you don't need to rewrite a label when wanting to add the same label to another alert. This feature also applies to Scheduled Searches.

  • GraphQL API

    • The following GraphQL mutations can now also be performed with the ChangeOrganizationPermissions permission:

      • assignOrganizationRoleToGroup

      • unassignOrganizationRoleFromGroup

      The following GraphQL mutations can now also be performed with the ChangeSystemPermissions permission:

      • assignSystemRoleToGroup

      The following GraphQL queries and mutations can now also be performed with either ChangeOrganizationPermissions, ChangeSystemPermissions permission depending on the group:

      • addUsersToGroup

      • removeUsersFromGroup

      • assignRoleToGroup

      • group

      • groupByDisplayName

    • The permissions required in order to list IP filters have been updated. You can now also list IP filters with one of the following permissions:

      • ChangeOrganizationPermissions

      • ChangeAllViewOrRepositoryPermissions

      • ChangeSystemPermissions

    • The querySearchDomain GraphQL query now allows you to search for Views and Repositories based on your permissions — previously, enforcing specific permissions caused errors.

  • Configuration

    • The new configuration parameter SEGMENT_READ_FADVICE has been introduced.

    • New configuration parameters have been added allowing control of client.rack for our Kafka consumers:

      • KAFKA_CLIENT_RACK — allows specifying the value directly.

      • KAFKA_CLIENT_RACK_ENV_VAR — if the value is not set in KAFKA_CLIENT_RACK, this variable is read to find the name of the variable that holds the value. It defaults to ZONE, which is the same variable applied to the LogScale node zones by default.

    • Automatic rebalancing of existing segments onto cluster nodes has been enabled.

      Manual editing of the segment partition table is no longer supported. The table is no longer displayed in the Cluster Administration UI.

      The segments will be distributed onto cluster nodes based on the following node-level settings:

      • ZONE defines a node's zone. The balancing logic will attempt to distribute segment replicas across as many zones as possible.

      • The target disk usage percentage determines how much of the node disk we will consider usable for storing segment data during a rebalance. The balancing logic will attempt to keep nodes equally full, while considering the node zone and segment replication factor. This can be configured via GraphQL using the setTargetDiskUsagePercentage mutation. The default value is 90.

      • Nodes with a NODE_ROLES setting that excludes segment storage will not receive segments as part of a rebalance.

      Additionally, the following cluster-level setting has been introduced, editable via GraphQL mutations:

      • setSegmentReplicationFactor configures the desired number of segment replicas.

      This is also configurable via the DEFAULT_SEGMENT_REPLICATION_FACTOR configuration parameter.

      If configured via both environment variable and GraphQL mutation, the mutation has precedence.

      For new clusters the default is 1. For clusters upgrading from older versions, the initial value is taken from the STORAGE_REPLICATION_FACTOR environment variable, if set. If instead the variable is not set, the value is taken from the replication factor of the storage partition table prior to the upgrade — this means that upgrading clusters should see no change to their replication factor, unless specified in the STORAGE_REPLICATION_FACTOR .

      The feature can be disabled in case of problems via either the GraphQL mutation setAllowRebalanceExistingSegments, or the environment variable DEFAULT_ALLOW_REBALANCE_EXISTING_SEGMENTS.

      If you need to disable the feature, please reach out to Support and share your concerns so we can try to address them. We intend to remove the option to handle segment partitions manually in the future.

    • Using the storage class "S3 Intelligent-Tiering" in AWS S3 selectively on files that LogScale knows continues to be supported: it is controlled by the new dynamic configuration BucketStorageUploadInfrequentThresholdDays that sets the minimum number of days of remaining retention for the data in order to switch from the default "S3 Standard" to the "Intelligent" tier.

      The decision is made at the point of upload to the bucket only, whereas existing objects in the bucket are not modified.

      The bucket must be configured to not allow the optional tiers Archive Access tier nor Deep Archive Access tier as those do not have instant access, which is required for LogScale.

      As a consequence of that, do not enable automatic archiving within the S3 Intelligent-Tiering storage class.

    • Disable the AutomaticDigesterDistribution feature by default. While the feature works, it can cause performance issues on very large installs if nodes are rebooted repeatedly. In future versions, we've worked around this issue, but for 1.88 patch versions, we prefer simply disabling the feature.

  • Dashboards and Widgets

    • Multivalued parameters have been introduced to pass an array of values to the query. The support is limited to the Dashboards page.

      For more information, see Multi-value Parameters.

    • When using the Edit in search view item on a dashboard widget, the values set in parameters in the query are also carried over into the search view.

    • The new interaction type Update Parameters has been introduced. This interaction allows you to update parameters in the context you’re working in — on the dashboard or on the Search page.

      For more information, see Update Parameters.

    • The combo box has been updated to show multiple selections as "pills".

    • When Setting Up a Dashboard Interaction, the {{ startTime }} and {{ endTime }} special variables now work differently, depending on whether the query, widget or dashboard is running in Live mode or not. They now work as follows:

      • In a live query or dashboard, the startTime variable will contain the relative time, such as 2d whereas endTime will be empty.

      • In a non-live query or dashboard, startTime will be the absolute start time when the query was last run. endTime, similarly, will have the end time of when the query was last run.

    • Introduced a new setting for dashboard parameters configuration to defer query execution: the dashboard will not execute any queries on page load until the user provides a value to the parameter.

      For more information, see Configuring Parameters.

    • Interactive elements in visualizations now have the point cursor.

    • The new interaction type Search Link has been introduced, allowing users to create an interaction that will trigger a new search.

      For more information, see Managing Dashboard Interactions, Creating Event List Interactions.

    • You can now save interactions with a saved query on the Search page. Interactions in saved queries are also supported in Packages.

      For more information, see Creating Event List Interactions.

    • You can now delete or duplicate Event List Interactions from the Interactions overview page.

      For more information, see Deleting and Duplicating Event List Interactions.

  • Log Collector

    • Fleet Management updates:

      • Added the Basic Information page with primary information of a specific configuration e.g. name, description, no. of assigned instances.

      • The Config Editor used to create/modify LogScale Collector configurations in LogScale has been augmented with context aware auto-completion, tooltips for keywords and highlighting of invalid settings.

      For more information, see Creating a Configuration - Fleet Management.

    • On the Config Overview page a column showing the state of the configuration has been added. The configuration can either be published or in draft state.

      A menu item has been added on the Config Overview page, that links to the Settings page.

      When clicking on an Error status on the Fleet Overview page, a dialog with the error details will open.

      For more information, see LogScale Collector Fleet Management.

  • Functions

    • base64Decode() query function has been updated such that, when decoding to UTF-8, invalid code points are replaced with a placeholder character.

    • Performance improvements have been made to the match() query function in cases where ignoreCase=true is used together with either mode=cidr, or mode=string.

    • When IOCs are not available, the ioc:lookup() query function will now produce an error. Previously, it only produced a warning.

    • The memory usage of the functions selectLast() and groupBy() has been improved.

  • Other

    • When the automatic segment rebalancing feature is enabled, ignore the segment storage table when evaluating whether dead ephemeral nodes can be removed automatically.

    • Reduced the amount of memory used when multiple queries use the match() function with the same arguments. Before, if you ran many queries that used the same file, the contents of the file would be represented multiple times in memory, once for each query. This could put you at risk of exhausting the server's memory if the files were large. With this change the file contents will be shared between the queries and represented only once. This enables the server to run more queries and/or handle larger files.

      For more information, see Lookup Files Operation.

    • Improvements to query scheduler logic for "shelving" i.e., pausing queries considered too expensive. The pause/unpause logic are now more responsive and unpause queries faster when they become eligible to run.

    • Create Repositories permission now also allows LogScale Self-Hosted users to create repositories.

  • Packages

    • The size limit of packages' lookup files has been changed to adhere to the MAX_FILEUPLOAD_SIZE configuration parameter. Previously the size limit was 1MB.

      For more information, see Exporting the Package.

Bug Fixes

  • UI Changes

    • The Search page would reload when using the browser's history navigation buttons. This issue has now been fixed.

    • The Fields Panel flyout displayed the bottom 10 values rather than the top 10 values. This issue has now been fixed.

      For more information, see Displaying Fields.

    • An issue in the Usage page that could fail showing any data has been fixed.

      The Usage page now shows an error if there are any warnings from the query.

  • Dashboards and Widgets

    • The tooltip in the Time Chart widget would not show any data points. This issue has now been fixed.

    • '_' was not recognized as a valid first symbol for parameters when parsing queries. This issue has now been fixed.

    • Non-breaking space chars (ALT+Space) made Template Expressions unable to be resolved. This issue has been fixed.

    • Attempting to remove a widget on a dashboard would sometimes remove another widget than the one attempted to remove. This issue has been fixed.

    • "" was being discarded when creating URLs for interactions. This issue has now been fixed.

    • The values of FixedList Parameter on a dashboard would change sort ordering after being exported to a yaml template file. This issue has been fixed.

    • Fixed an issue where clicking the Inspect link in alert notifications would land on a missing page.

  • Functions

  • Other

    • In clusters with bucket storage running queries that take more than 90 minutes, those queries could spuriously fail with a complaint that segments were missing. The issue has now been fixed.

    • Export query result to file dialog would not close in some cases. This issue has now been fixed.

    • An issue that would cause bucket downloads to retry infinitely many times for certain types of segments has been fixed.

    • An uploaded file would sometimes disappear immediately after uploading. This issue has been fixed.

    • The following audit log issues have been fixed:

      • the audit log logged the name of the view owning the view bindings instead of the repository it links to. The name now matches the id in the binding log entry.

      • the audit log for a view update did not use the updated view but the view data before the update.

    • An issue that would cause query workers to handle minisegments for longer than intended has been fixed.

    • Fixed bucket downloads that could fail if the segment they were fetching disappeared from global.

    • In ephemeral-disk mode, allow removing a node via the UI when it is dead regardless of any data present on the node: ephemeral mode knows how to ensure durability also when nodes are lost without notice.

      For more information, see Ephemeral Nodes and Cluster Identity.

    • Restart of queries based on lookup files has been fixed: only live queries need restarting from changes to uploaded files that they depend on. Scheduled Searches and static queries use the version of the file present when they start and run to completion.

Falcon LogScale 1.87.0 Preview (2023-04-25)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.87.0Preview2023-04-252023-05-241.4411NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Dashboards and Widgets

    • When using the Edit in search view item on a dashboard widget, the values set in parameters in the query are also carried over into the search view.

    • When Setting Up a Dashboard Interaction, the {{ startTime }} and {{ endTime }} special variables now work differently, depending on whether the query, widget or dashboard is running in Live mode or not. They now work as follows:

      • In a live query or dashboard, the startTime variable will contain the relative time, such as 2d whereas endTime will be empty.

      • In a non-live query or dashboard, startTime will be the absolute start time when the query was last run. endTime, similarly, will have the end time of when the query was last run.

  • Functions

    • base64Decode() query function has been updated such that, when decoding to UTF-8, invalid code points are replaced with a placeholder character.

    • The memory usage of the functions selectLast() and groupBy() has been improved.

  • Packages

    • The size limit of packages' lookup files has been changed to adhere to the MAX_FILEUPLOAD_SIZE configuration parameter. Previously the size limit was 1MB.

      For more information, see Exporting the Package.

Bug Fixes

  • UI Changes

    • An issue in the Usage page that could fail showing any data has been fixed.

      The Usage page now shows an error if there are any warnings from the query.

  • Dashboards and Widgets

    • Non-breaking space chars (ALT+Space) made Template Expressions unable to be resolved. This issue has been fixed.

    • Attempting to remove a widget on a dashboard would sometimes remove another widget than the one attempted to remove. This issue has been fixed.

  • Functions

    • timeChart() provided with unit and groupBy() as the aggregation function would not warn on exceeding the default groupBy() limit. This issue has now been fixed.

    • The groupBy() function would not always warn upon exceeding the default limit. This issue has now been fixed.

  • Other

    • In clusters with bucket storage running queries that take more than 90 minutes, those queries could spuriously fail with a complaint that segments were missing. The issue has now been fixed.

Falcon LogScale 1.86.0 Preview (2023-04-18)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.86.0Preview2023-04-182023-05-241.4411NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Automation and Alerts

    • When creating a new Alert, you now have a pulldown menu that suggests labels that you’ve previously created for other alerts. The same applies to Scheduled Searches.

      For more information, see Creating a New Alert.

  • Configuration

    • New configuration parameters have been added allowing control of client.rack for our Kafka consumers:

      • KAFKA_CLIENT_RACK — allows specifying the value directly.

      • KAFKA_CLIENT_RACK_ENV_VAR — if the value is not set in KAFKA_CLIENT_RACK, this variable is read to find the name of the variable that holds the value. It defaults to ZONE, which is the same variable applied to the LogScale node zones by default.

Bug Fixes

  • Dashboards and Widgets

    • '_' was not recognized as a valid first symbol for parameters when parsing queries. This issue has now been fixed.

    • "" was being discarded when creating URLs for interactions. This issue has now been fixed.

Falcon LogScale 1.85.0 Preview (2023-04-13)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.85.0Preview2023-04-132023-05-241.4411NoNo

Bug fixes and updates.

Upgrades

Changes that may occur or be required during an upgrade.

Other

  • Snakeyamls has been upgraded to 2.0 to address CVE-2022-1471 issue.

Improvements, new features and functionality

  • UI Changes

    • Organization level query blocking has been added to Organization Settings UI.

      For more information, see Organization Query Monitor.

    • Improvements in UI tables visualization: even long column headers' text is now always left-aligned (instead of center-aligned and on top of each other) and uses a different color.

  • Automation and Alerts

    • Clicking the Labels button in Alerts will now show every unique label that has been created on every alert in the same repository. This means that you don't need to rewrite a label when wanting to add the same label to another alert. This feature also applies to Scheduled Searches.

  • GraphQL API

    • The following GraphQL mutations can now also be performed with the ChangeOrganizationPermissions permission:

      • assignOrganizationRoleToGroup

      • unassignOrganizationRoleFromGroup

      The following GraphQL mutations can now also be performed with the ChangeSystemPermissions permission:

      • assignSystemRoleToGroup

      The following GraphQL queries and mutations can now also be performed with either ChangeOrganizationPermissions, ChangeSystemPermissions permission depending on the group:

      • addUsersToGroup

      • removeUsersFromGroup

      • assignRoleToGroup

      • group

      • groupByDisplayName

    • The permissions required in order to list IP filters have been updated. You can now also list IP filters with one of the following permissions:

      • ChangeOrganizationPermissions

      • ChangeAllViewOrRepositoryPermissions

      • ChangeSystemPermissions

  • Configuration

    • The new configuration parameter SEGMENT_READ_FADVICE has been introduced.

    • Using the storage class "S3 Intelligent-Tiering" in AWS S3 selectively on files that LogScale knows continues to be supported: it is controlled by the new dynamic configuration BucketStorageUploadInfrequentThresholdDays that sets the minimum number of days of remaining retention for the data in order to switch from the default "S3 Standard" to the "Intelligent" tier.

      The decision is made at the point of upload to the bucket only, whereas existing objects in the bucket are not modified.

      The bucket must be configured to not allow the optional tiers Archive Access tier nor Deep Archive Access tier as those do not have instant access, which is required for LogScale.

      As a consequence of that, do not enable automatic archiving within the S3 Intelligent-Tiering storage class.

  • Dashboards and Widgets

    • Multivalued parameters have been introduced to pass an array of values to the query. The support is limited to the Dashboards page.

      For more information, see Multi-value Parameters.

    • Introduced a new setting for dashboard parameters configuration to defer query execution: the dashboard will not execute any queries on page load until the user provides a value to the parameter.

      For more information, see Configuring Parameters.

    • The new interaction type Search Link has been introduced, allowing users to create an interaction that will trigger a new search.

      For more information, see Managing Dashboard Interactions, Creating Event List Interactions.

  • Log Collector

    • Fleet Management updates:

      • Added the Basic Information page with primary information of a specific configuration e.g. name, description, no. of assigned instances.

      • The Config Editor used to create/modify LogScale Collector configurations in LogScale has been augmented with context aware auto-completion, tooltips for keywords and highlighting of invalid settings.

      For more information, see Creating a Configuration - Fleet Management.

  • Functions

    • When IOCs are not available, the ioc:lookup() query function will now produce an error. Previously, it only produced a warning.

  • Other

    • Worker-level query scheduling has been adjusted to avoid long-term starvation of expensive queries.

    • Improvements to query scheduler logic for "shelving" i.e., pausing queries considered too expensive. The pause/unpause logic are now more responsive and unpause queries faster when they become eligible to run.

    • Create Repositories permission now also allows LogScale Self-Hosted users to create repositories.

Bug Fixes

  • Functions

  • Other

    • An issue that would cause bucket downloads to retry infinitely many times for certain types of segments has been fixed.

    • The following audit log issues have been fixed:

      • the audit log logged the name of the view owning the view bindings instead of the repository it links to. The name now matches the id in the binding log entry.

      • the audit log for a view update did not use the updated view but the view data before the update.

    • An issue that would cause query workers to handle minisegments for longer than intended has been fixed.

Falcon LogScale 1.84.0 Not Released (2023-04-04)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.84.0Not Released2023-04-042023-05-241.4411NoNo

Not released.

Falcon LogScale 1.83.0 Preview (2023-03-28)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.83.0Preview2023-03-282023-05-241.4411NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • UI Changes

  • Automation and Alerts

    • The default time window for Alerts has been updated:

      • When creating an alert from the Alerts page, the default query time window has been changed from 24 Hours to 1 Hours to match the default throttle time.

      • When creating an alert from the Search page, the default Throttle period has been changed to match that of the query time window set.

      For more information, see Creating a New Alert.

  • GraphQL API

    • The querySearchDomain GraphQL query now allows you to search for Views and Repositories based on your permissions — previously, enforcing specific permissions caused errors.

  • Dashboards and Widgets

  • Functions

    • Performance improvements have been made to the match() query function in cases where ignoreCase=true is used together with either mode=cidr, or mode=string.

Bug Fixes

  • Other

    • Fixed bucket downloads that could fail if the segment they were fetching disappeared from global.

Falcon LogScale 1.82.1 Stable (2023-05-15)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.82.1Stable2023-05-152024-05-151.4411NoNo
TAR ChecksumValue
MD5fb4b50f131a07565a3f26b880d56fd4c
SHA11263a3d79beba7826184e3ad25ecd0e943c7ea9e
SHA2560d941a09269ae5efaa934568009a4ac4ea8a3ef7100332afe253c82ff75ec17b
SHA5120277eab1d3069f5369f978b9d582f3093c6856563d4512c590cbed3a381e1fd8c45ddb4185e71c2ff5c2ce9dc2f97822fbe466574c0e638e90c2132db9980e06
Docker ImageSHA256 Checksum
humio87eaef9b043dd23a65eefd749e9540b27d554fd1f41484695d77815544347937
humio-core145cb7a5d35dffc62e7239b007721454ba2bd85af50496cc4c461bafbcd472d9
kafka31a6e03e68efd4d7a2a3be0858726d77c6c7e7be9eadecff52144e8e349b195e
zookeeper4842ee4e9848b389d97e155a9504e9e9c54ae4312c9d47b23529e9bea4fcf85a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.82.1/server-1.82.1.tar.gz

Bug fixes and updates.

Bug Fixes

Falcon LogScale 1.82.0 Stable (2023-04-12)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.82.0Stable2023-04-122024-04-121.4411NoNo
TAR ChecksumValue
MD551d366030dddbe5f3b5cf2bf54507d11
SHA1877287bb9d431853a530ff647b692a8c40f8fad8
SHA256191b56f4e1a9e54bcf284b0280cce865251970d7bd0cd6660f132520b0931432
SHA51288e8219b8a60fe259e1953584cee167d2325abf28525ea70bead77998af11b5ebe0df5bcce0a3bef398db95b5f99ac1f3022d8ab24f88aef22bde42f0f4af180
Docker ImageSHA256 Checksum
humio6087c619f855cf9a1d05c6aaf983feb3b1fdd7d051c8c769683541f45181da79
humio-core41089d22b64f5e7fb6e1337064afec7816ac84aa5602b1d98f6684fa16eb03e4
kafka3b3a4a610a5ab9b38dded8cad062aedf863651ca6f3f9c6b81bee753af9c6d6c
zookeepere5887242f44220b313c6c11bb062ce1e3255d65ec9437bc58876ffbf1753ce0a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.82.0/server-1.82.0.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

  • UI Changes

    • Improvements have been made on the Fields Panel, that would flicker when switching between the Results and Events tabs and the query was live. It now displays the fields of the aggregated query when on the Results tab, and the fields of the events query when on the Events tab.

  • Functions

    • The match()query function has been improved in terms of speed when using glob as the mode.

  • Other

    • Added backend support for organization level query blocking. Actors with the BlockQueries permission are able to block and stop queries running within their organization.

    • Worker-level query scheduling has been adjusted to avoid long-term starvation of expensive queries.

    • Added optional global argument to stopAllQueries, stopStreamingQueries, stopHistoricalQueries, blockedQueries, addToBlocklistById, addToBlocklist permissions. Default is false i.e. within own organization only.

Bug Fixes

  • Dashboards and Widgets

    • The dropdown menu for dashboard parameter suggestions is now faster and can handle several thousand entries without blocking the UI.

      For more information, see Managing Dashboard Parameters.

  • Functions

  • Other

    • Fixed an issue that could cause recently merged minisegments to be excluded from searches after a reboot.

    • Fixed an issue that occurred when creating users: when multiple user creation requests were sent at the same time, multiple users were in some cases created with the same name.

    • Fixed a permission issue for LogScale Self-Hosted having a dependency on the ManageOrganizations system permission, which should not apply to that environment — the ManageCluster system permission in itself is now sufficient for Self-Hosted.

    • Fixed an issue with API Explorer that could fail to load in some configurations when using cookie authentication.

Falcon LogScale 1.81.0 Preview (2023-03-14)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.81.0Preview2023-03-142023-04-121.4411NoNo

Bug fixes and updates.

Removed

Items that have been removed as of this release.

  • The deprecated REST Alert API has been removed.

  • The deprecated REST Action API endpoint for testing actions has been removed.

Upgrades

Changes that may occur or be required during an upgrade.

Other

  • OpenSSL in Docker images has been upgraded to address CVE-2023-0286 issue.

Improvements, new features and functionality

  • Automation and Alerts

    • The throttle field on alerts can now be imported and exported.

  • Configuration

  • Other

    • Event redaction will no longer rewrite minisegments. Instead, the redaction will be delayed until all minisegments that would be affected have been merged.

    • Query Monitor page is now available on the organization level. Users with Monitor queries organization level permission get access to the page where they can see queries running in their organization.

      For more information, see Query Monitor, Organization Query Monitor.

    • New ingest endpoint api/v1/ingest/json for ingesting JSON objects and JSON arrays has been added.

      For more information, see Ingest Raw JSON Data.

Bug Fixes

  • Falcon Data Replicator

    • Fixed a bug where testing new FDR feeds that use S3 Aliasing would fail for valid credentials.

  • Dashboards and Widgets

    • The following items have been fixed:

      • Parameter bindings would not be visible for imported dashboards when configuring interactions.

      • Imported dashboard containing interactions would be perceived as invalid.

      For more information, see Managing Dashboard Interactions.

  • Functions

    • Fixed a bug where the query editor would wrongly claim that predicate functions used as match guards were missing an argument to the field parameter.

  • Other

    • Fixed an issue which could cause minisegments to not all be on the same host for a short time, while those minisegments were being merged. This could cause queries to be unable to query them.

    • Fixed some issues in the event redaction implementation which could cause the redaction to fail in rare cases.

    • A bug has been fixed that caused recent minisegments to be missed in queries if the minisegments were merged during the query.

Falcon LogScale 1.80.0 Preview (2023-03-07)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.80.0Preview2023-03-072023-04-121.4411NoNo

Bug fixes and updates.

Behavior Changes

Scripts or environment which make use of these tools should be checked and update for the new configuration:

  • Ingested events would not be limited in size if the bulk of the data in the event was in fields other than @rawstring. This will now be enforced. Events that exceed the limit on event size at ingest are handled as follows:

    • @rawstring is truncated to the maximum allowed length, and all other fields are dropped from the event.

    • @timestamp becomes the ingest time.

    • @timezone becomes UTC.

    (This is identical to the previous handling of oversized @rawstring).

Upgrades

Changes that may occur or be required during an upgrade.

Other

  • Upgrade Kafka client to 3.4.0.

    Upgrade Kafka broker to 3.4.0 in the Kafka container.

    The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.

Improvements, new features and functionality

  • UI Changes

    • Whether one can create a new repository is now controlled by the Create repository permission in the UI.

    • Interactions installed from a package use the new repository where the package is installed.

  • Configuration

    • Removed NEW_VHOST_SELECTION_ENABLED as a configuration option. The option has been true by default since 1.70; an opt-out is no longer needed.

  • Dashboards and Widgets

    • Changed the query editor when editing dashboard queries to be the same that is used on the Search page.

  • Log Collector

    • New Template feature added to the Fleet Management page, which allows you to:

      • upload a yaml file when creating a new configuration

      • export either the published or draft version of a configuration file.

      For more information, see LogScale Collector Fleet Management Overview.

  • Functions

  • Other

    • Added backend support for organization level query monitor. The new MonitorQueries permission now allows viewing queries that are running within the organization.

Bug Fixes

  • UI Changes

    • A high CPU usage in the UI since LogScale 1.75 when the Time Zone Selector dropdown was displayed has now been fixed.

  • Configuration

    • Automatic generation and updating of the digest partitions table has been enabled, and manual editing is no longer supported. See Digest Rules for reference.

      The table will be kept up to date based on the following node-level settings (see Assigning Digest Work to Node):

      • ZONE defines a node's zone. The table we generate will attempt to distribute segments across as many zones as possible.

      • Nodes will appear in the table more often if they have many cores. Nodes with fewer cores will appear less often.

      • Nodes with a NODE_ROLES setting that excludes digest work will not appear in the table.

      A cluster-level setting has also been introduced: setDigestReplicationFactor GraphQL mutation configures the replication factor to use for the table. This is also settable via the environment variable DEFAULT_DIGEST_REPLICATION_FACTOR.

      Automatic management of the digest partition table is now handled by the environment variable DEFAULT_ALLOW_UPDATE_DESIRED_DIGESTERS. We intend to remove the option to handle digest partitions manually in the future.

  • Dashboards and Widgets

    • Keyboard combinations cmd+Z/Ctrl+Z no longer deletes the query on dashboard widgets.

  • Functions

    • A performance issue in collect() when it collected many values has been fixed.

    • Validation of join() and join-like functions in conditional expressions and subqueries not having positional information has been fixed.

    • Fixed an issue where joins in case statements, match statements, and subqueries would mark the entire query as erroneous.

  • Other

    • Avoid caching warnings that some data segments could not be found on any servers. This prevents queries from displaying this warning spuriously.

    • Minisegments would be removed too early from nodes which were querying them, causing queries to be missing some data.

    • Some minisegments would be excluded from queries in cases where those minisegments had previously been merged, but the merge was reverted.

    • Two hosts booted at around the same time would conflict on which vhost number to use, causing one of the hosts to crash.

Falcon LogScale 1.79.0 Preview (2023-02-28)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.79.0Preview2023-02-282023-04-121.4411NoNo

Bug fixes and updates.

Behavior Changes

Scripts or environment which make use of these tools should be checked and update for the new configuration:

  • The behavior of nodes using the ingestonly role has changed. Such nodes used not to write to global, and not register themselves in the cluster. They now do both.

    The old behavior can be restored by setting NEW_INGEST_ONLY_NODE_SEMANTICS=false. If you do this, please reach out to Support and outline your need, as this option will be removed in the near future.

Improvements, new features and functionality

  • Automation and Alerts

    • When creating or editing Alerts and Scheduled Searches, it is now possible to specify another user the alert or scheduled search should run as, via the new organization permission ChangeTriggersToRunAsOtherUsers.

      It is now checked that the user selected to run the alert or scheduled search has permissions to run it. Previously, that was first checked when trying to run the alert or scheduled search.

      The new feature checks whether the user, trying to create or edit an alert or schedule search, has permissions to change and run as another user. If the feature is enabled, you can select the user to run an alert or schedule search as, from a list of users.

      See Creating a New Alert and Scheduled Search Permissions for more information.

  • Functions

    • Introduced a memory limit in collect() mapper phase. The collect() function now collects up to the value of the limit argument or 10 MiB worth of distinct values, whichever comes first.

    • Memory consumption of the format() function has been decreased.

Bug Fixes

  • Falcon Data Replicator

  • UI Changes

    • The Event Distribution Histogram wouldn't show properly after manipulation of the @timestamp field.

  • Dashboards and Widgets

    • In visualizations using the timeChart() or bucket() functions, when no results were returned you would just see an empty page. Consistently with other visualizations, you will now see a no-result message displayed, such as No results in active time window or Search Completed. No results found — depending on whether Live mode is selected or not.

    • Fixed dashboard links to the same dashboard, as they would not correctly update the parameters.

Falcon LogScale 1.78.0 Preview (2023-02-21)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.78.0Preview2023-02-212023-04-121.4411NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • UI Changes

    • The Time Zone Selector now shows the timezone as +00:00 instead of -00:00 when the offset is zero.

    • Clone items have all been replaced with Duplicate in the UI to be consistent with what they actually do.

    • An explicit logout message now indicates that the user's session has been terminated.

  • Automation and Alerts

    • Removed the sidepanel when creating/editing an Alerts or Scheduled Searches.

    • When updating or creating new Actions, any server errors will be displayed in a summary under the form. The server errors in the summary will now specify the form field title where the error occurred, to easily identify where the error is.

  • Configuration

    • The default value of MAX_INGEST_REQUEST_SIZE has been reduced from 1024 MB to 32 MB. This limits the size of ingest requests and rejects oversized requests. If the request is compressed within HTTP, then this restricts the size after decompressing.

  • Functions

    • Introduced the new query function bitfield:extractFlags().

    • More time format modifiers are now supported in the format() function:

      • Full and abbreviated month, day-of-week names, and the century

      • Date/time composition format Day Mon DD HH:MM:SS Zone YYYY, e.g., Tue Jun 22 16:45:05 GMT+1 1993.

    • The array:filter() function is now generally available.

  • Other

    • "Sticky" autoshards no longer mean that the system cannot tune their value, but only that it cannot decrease the number of shards; the cluster is allowed to raise the number of shards on datasources when it needs to, also for those that were set as sticky using the REST API.

    • An enhancement has been made so that when the number of ingest partitions is increased, fresh partitions are assigned to all non-idle datasources based on the new set of partitions. Before this change only new datasources (new tag combinations) would be using the new partitions. The auto-balancing does not start if there are nodes in the cluster running versions prior to 1.78.0.

Bug Fixes

  • UI Changes

    • When exporting a dashboard, alert or scheduled search as a template, the labels' field was missing in the exported YAML.

      For more information, see Managing Alerts, Scheduled Searches, Using Dashboards.

    • Double-clicking in the Event List would open the Inspection Panel instead of making a text selection. It now correctly selects the word being double-clicked.

  • Automation and Alerts

    • A typo has been fixed in message ActionWithIdNotFound.

  • GraphQL API

    • Pending deletes that would cause nodes to fail to start, reporting a NullPointerException, have been fixed.

  • Dashboards and Widgets

    • A newly added, unconfigured dashboard parameter could not be deleted again. This issue has been fixed.

  • Other

    • Fixed ingest-only nodes that would fail all requests to /dataspaces and /repositories.

    • Prevent nodes configured not to run queries from starting queries locally in the case where the query request can't be proxied.

    • When making updates to the query partition table, only change partitions with dead nodes. This should allow queries to continue without requiring resubmit when a previously unknown node joins the cluster.

    • Ensure we keep hosts listed in the query partition table up to date as those hosts restart. This should prevent an issue where removing too many nodes from a cluster could prevent queries from running.

Falcon LogScale 1.77.0 Preview (2023-02-14)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.77.0Preview2023-02-142023-04-121.4411NoNo

Bug fixes and updates.

Behavior Changes

Scripts or environment which make use of these tools should be checked and update for the new configuration:

  • It is no longer possible to list ingest tokens for system repositories.

Improvements, new features and functionality

  • UI Changes

    • Filtering and group-by icons have been added to the Fields Panel and Inspection Panel detail views.

  • Documentation

  • Dashboards and Widgets

    • Hold ⇧ (Shift) to show unformatted values. Hold ⌥ (Alt on Windows or Option on Mac) to show full legend labels.

    • startTime, endTime, and parameter variables are now also available when working with Template Language expressions on the Search page.

  • Functions

  • Other

    • Adding more Repositories and Views to a group is now done inside a dialog.

    • Ephemeral nodes are automatically removed from the cluster if they are offline for too long (2 hours by default).

  • Packages

    • Repository interactions are now supported in Packages. When exporting a package with dashboard link interactions referencing a dashboard also included in the package, then that reference will be updated to reflect this in the resulting zip file.

Bug Fixes

  • Dashboards and Widgets

    • When using the Export as template functionality, the label field was missing in the exported YAML.

      For more information, see Using Dashboards.

    • The Scatter Chart widget visualization would under some conditions claim to be compatible with any result that has 3 or more fields. Yet it would not display anything unless the actual data was numeric. The Scatter Chart visualization now properly detects compatibility and ignores any non-numeric fields in the query result.

    • The Table widget is able to display any search result, yet in the widget dropdown, it would often say "Incompatible". It now indicates compatibility. For event type results, the Event List visualisation will still be preferred and auto selected.

    • When importing a dashboard from a template, some widget options (including LegendPosition) were being ignored and reverted to their default value.

    • If you clone a widget and click Edit in Search View, you would be asked to discard your changes before editing, causing confusion. Now, Edit in Search View is not available until you save or discard using the buttons in the top bar.

      For more information, see Managing Dashboard Widgets, Editing an Existing Widget.

  • Functions

    • The collect() function has been fixed in that its limit parameter was not being obeyed. This would lead to inconsistent results when there were more values to collect than what specified in the limit.

  • Other

    • Timeout from publish to global topic in Kafka has been fixed, as it resulted in marking input segments for merge as broken temporarily.

    • Nodes are now considered ephemeral only if they set USING_EPHEMERAL_DISKS to true. Previously, they were ephemeral if they either set that configuration, or if they were using the httponly node role.

    • Linked to the correct SaaS eula for SaaS customers.

    • Fixing minisegment downloads during queries, as they could cause download retries to fail spuriously, even if the download actually succeeded.

    • Job-to-node assignment in Logscale has been reworked. Jobs that only needed to run on a subset of nodes in the cluster — such as the job for firing alert notifications or the job enforcing retention settings — would previously select which hosts were responsible for executing the job based on the segment storage table.

      The selection is now based on consistent hashing, which means the job assignments should automatically follow the set of live nodes.

      It is possible to observe where a given job is running based on logs found with the query class=*JobAssignments*.

    • Fixing minisegment fetches as they failed to complete properly during queries, if the number of minisegments involved was too large.

Falcon LogScale 1.76.3 Stable (2023-04-27)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.76.3Stable2023-04-272024-04-271.4411NoNo
TAR ChecksumValue
MD51e3ae5bfd9e5f5678fe34f0665148868
SHA1cafadf95ebeb23f145b263f9e05c7721a8a6d378
SHA2567e532c0071874b5924b2d46c95e884c85f61de82eae228015a0c19f988f7311b
SHA512f7b5ab273c7700554eece6798ebd8eb99cf4baf1e978d17b4dc92bb57f7d8001c0c03d0e03572007853ead7c63ea10191e4291d3abe6adfe18a46a3b7b5063fe
Docker ImageSHA256 Checksum
humio21ff13996def725123764b56f9e9f3a563d4988b2f24f877abae4341db2eb3e9
humio-coree848a7cdbc6d65eeb5bd33eaca3e5b697d2f477e41de294a729382ceaf383aa0
kafka395dd3f4cf6cc2a0bd02600bf7a08cadc2a840787727f77cb59e89833a48cd97
zookeeperda46f56b5bcbf620c2d3e699c113a6bde0655028ed6ea6695663b7fecd479d3f

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.3/server-1.76.3.tar.gz

Bug fix.

Bug Fixes

  • Other

    • Fixed an issue with API Explorer that could fail to load in some configurations when using cookie authentication.

Falcon LogScale 1.76.2 Stable (2023-03-06)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.76.2Stable2023-03-062024-03-061.4411NoNo
TAR ChecksumValue
MD56e3ffd1b9c487b41516d3aca0952c9d5
SHA102832eec0f41358be3e956d7e9dbab87da190d2e
SHA2561289683afb0666dbba0c7340b05d1d8ecbdd4f32ed69924108e5065d435f0fc1
SHA5126d25eefba440ad98e76721945ac0cc12a02e1cd53ae1b1a35acd1b4b2abfe675583bdedaadefb44a12564680f507709541d43de116907fdc08a1f0a7a2f0d3b9
Docker ImageSHA256 Checksum
humioccde946345dfc1fe39bd0e36bc80fff02c67791241ecbfb2848842215c505b57
humio-core52bb05ccf27c04c842b307e2b895eb3bd296e40058c992bb8b898027c49595f2
kafka37e166cfeacd8ceae63929368c7d6a86560a9bc1a5b0ee174d775ef636f9a223
zookeeper0021b13408d1fad0b2644ddad81dce83af0fa2fd885b411526a365913b794f39

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.2/server-1.76.2.tar.gz

Security fix.

Upgrades

Changes that may occur or be required during an upgrade.

Other

  • Upgrade Kafka client to 3.4.0.

    Upgrade Kafka broker to 3.4.0 in the Kafka container.

    The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.

Falcon LogScale 1.76.1 Stable (2023-02-27)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.76.1Stable2023-02-272024-02-271.4411NoNo
TAR ChecksumValue
MD55c03162eebeb9c4fe028bce4140da4d9
SHA156459772d2c7f5c2d21be6650d473bfee0893ab1
SHA25604c067f721cb6a3bf3e74ce10d2bda8a12a3ede05c6b181af8a074a430321bfc
SHA51271e330f43a0825c70bf0fd8b1c3c82cedc554aab87316a906a72c813697c930be58eef2bffe049ff28f13bd0d4b44700e8fd7a54e796724acdf4c063c5c4508c
Docker ImageSHA256 Checksum
humioe4a730e769cb84cea8be642eb352763e6596caa249a95857de9052cc4b83ddb4
humio-core148d662610e09163ce581487ebdec4519960e9f332473b100cd3c6466d52943b
kafkac717b3b0c5087cb746bde5381419bf5cc31532a1756f2463ff31477374b89a4a
zookeeper2b228e05f97e8946c323fa40060102de41210e5e38733ffb3dd0b353259c37d3

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.1/server-1.76.1.tar.gz

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The REST endpoint for testing actions has been deprecated. api/v1/repositories/repoId/alertnotifiers/actionId/test has been deprecated. The new GraphQL mutations should be used instead.

Prewarning; the following items are due to change in a future release.

  • Configuration

    • Starting from 1.78 release, the default value for the MAX_INGEST_REQUEST_SIZE configuration will be reduced from 1 GB to 32 MB.

      This value limits the size of ingest request and rejects oversized requests.

      If the request is compressed within HTTP, then this restricts the size after decompressing.

Upgrades

Changes that may occur or be required during an upgrade.

Other

  • Upgrade Java to 17.0.6 in Docker containers

    Upgrade Kafka to 3.3.2 for KAFKA-14379

    Upgrade Kafka client to 3.3.2

    Upgrade Kafka Docker container to 3.3.2

Packages

  • Optimizations in package handling require migration of data during upgrade. This migration is performed automatically. Please notice:

    • While the upgrade of cluster nodes are ongoing, we recommend you do not install or update any packages, as they may end up in an inconsistent state.

      If a package ends up in a bad state during migration, it can be fixed simply by reinstalling the package.

    • You will potentially experience that accessing the list of installed packages will fail, and creating new dashboards, alerts, parsers, etc. based on package templates will not work as intended.

      This should only happen during the cluster upgrade, and should resolve itself once the cluster is fully upgraded.

    • If the cluster nodes are downgraded, any packages installed or updated while running the new version will not work, and we therefore recommend uninstalling or downgrading those packages prior to downgrading the cluster nodes.

Improvements, new features and functionality

  • Deprecation

    • Removed the API for managing ingest tokens. This has long been deprecated and replaced by a GraphQL API.

  • UI Changes

    • The Search page and Dashboards URLs support links with timezones, to sharing links ensure the same timezone. E.g. ?tz=Europe/Copenhagen

    • Known field names are now shown as completion suggestions in The Search Box while you type.

    • Suggestions in The Search Box will show for certains function parameters like time formats.

    • Changes have been made for the three-dot menu (⋮) used for Field Interactions:

      • It is now available from the Fields Panel and the Inspection Panel, see Searching for Data.

      • Keyboard navigation has been improved.

      • For field interactions with live queries, the Fields Panel flyout will now display a fixed list of top values, keeping the values from the point in time when the menu was opened.

    • Tabs on the Users page are renamed: former Groups and Permissions tab is now renamed to Permissions; former Details tab is now renamed to Information. In addition, the Permissions tab is now displayed first — it is also the tab that will be opened by default when navigating to a user from other places in the product. See Role Based Access Control (RBAC) for a description of roles and permissions in the UI.

    • Event List Interactions are now sorted by name and repository name by default.

    • You can now set your preferred timezone under Manage your Account.

    • The Search page now supports timezone picking. The timezone will be set on the users' session and remembered between pages.

    • Introduced Search Interactions to add custom event list options for all users in a repository.

      For more information, see Event List Interactions.

  • Automation and Alerts

  • GraphQL API

    • GraphQL API mutations have been added for testing actions without having to save them first. The added mutations are:

      • testEmailAction

      • testHumioRepoAction

      • testOpsGenieAction

      • testPagerDutyAction

      • testSlackAction

      • testSlackPostMessageAction

      • testUploadFileAction

      • testVictorOpsAction

      • testWebhookAction

      The previous testAction mutation has been removed.

      The new GraphQL API mutations' signature is almost the same as the create mutation for the same action, except that test actions require event data and a trigger name, as the previous testAction mutation did.

      As a consequence, the Test button is now always enabled in the UI.

  • Configuration

    • New dynamic configuration FlushSegmentsAndGlobalOnShutdown. When set, and when USING_EPHEMERAL_DISKS is set to true, forces all in-progress segments to be closed and uploaded to bucket, and also forces a write (and upload) of global snapshot during shutdown. When not set, this avoids the extra work and thus time shutting down from flushing very recent segments, as those can then be resumed on next boot, assuming that next boot continues on the same Kafka epoch. The default is false, which allows faster shutdown.

    • A new environment configuration variable GLOB_ALLOW_LIST_EMAIL_ACTIONS is introduced. It enables cluster-wide blocking of recipients of Email actions that are not in the provided allow list.

    • The ability to keep the same merge target across digest changes is reintroduced. This feature was reverted in an earlier release due to a discovered issue where mini segments for an active merge target could end up spread across hosts. As that issue has been fixed, mini segments should now be stored on the hosts running digest for the target.

  • Dashboards and Widgets

  • Log Collector

  • Functions

  • Other

    • "Sticky" autoshards no longer mean that the system cannot tune their value, but only that it cannot decrease the number of shards; the cluster is allowed to raise the number of shards on datasources when it needs to, also for those that were set as sticky using the REST API.

    • Ephemeral nodes are automatically removed from the cluster if they are offline for too long (2 hours by default).

    • When creating a new group you now have to add the group and add permissions for it in the same multi step dialog.

Bug Fixes

  • UI Changes

    • Fixed an issue where the dashboard page would freeze when the value of a dashboard parameter was changed.

    • Fixed the UI as it were not showing an error when a query gets blocked due to query quota settings.

    • Fixed an issue that made switching UI theme report an error and only take effect for the current session.

    • We have fixed tooltips in the query editor, which were hidden by other elements in the UI.

  • Automation and Alerts

    • For self-hosted: Postmark for sending emails from Actions no longer uses the IP filter, allowing administrators not to put Postmark on the IP allowlist.

  • GraphQL API

    • Pending deletes that would cause nodes to fail to start, reporting a NullPointerException, have been fixed.

  • Configuration

    • Removed compression type extreme for configuration COMPRESSION_TYPE. Specifying extreme will now select the default value of high in order not to cause configuration errors for clusters that specify extreme. The suggestion is to remove COMPRESSION_TYPE from your configurations unless you specify the only other non-default value of fast.

    • Fixed an issue where the IOC database could get out of sync. The IOC database will be re-downloaded upon upgrade, therefore IOCs won’t be completely available for a while after the upgrade.

  • Functions

    • Queries ending with tail() will no longer be rendered with infinite scroll.

  • Other

    • We have reduced the noise from MiniSegmentMergeLatencyLoggerJob by being more conservative about when we log mini segments that are unexpectedly not being merged. We have made MiniSegmentMergeLatencyLoggerJob take datasource idleness into account.

    • Timeout from publish to global topic in Kafka has been fixed, as it resulted in marking input segments for merge as broken temporarily.

    • Nodes are now considered ephemeral only if they set USING_EPHEMERAL_DISKS to true. Previously, they were ephemeral if they either set that configuration, or if they were using the httponly node role.

    • Fixing minisegment downloads during queries, as they could cause download retries to fail spuriously, even if the download actually succeeded.

    • Fixed a failing require from MiniSegmentsAsTargetSegmentReader, causing queries to fail in very rare cases.

    • Fixed an issue where the query scheduling could hit races with the background recompression of files in a way that resulted in the query missing the file and ending up adding warnings about segment files being missed by the query.

    • Fixing minisegment fetches as they failed to complete properly during queries, if the number of minisegments involved was too large.

    • Fixed an issue for the ingest API that made it possible to ingest into system repositories.

    • We have set a maximum number of events that we will parse under a single timeout so large batches are allowed to take longer. If you've seen parsers time out not because the parser is actually slow but because you were processing many events in a single batch, this change should cause that stop happening. Only parsers that are genuinely slow should now time out.

Falcon LogScale 1.76.0 Preview (2023-02-07)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.76.0Preview2023-02-072023-02-271.4411NoNo

Bug fixes and updates.

Prewarning; the following items are due to change in a future release.

  • Configuration

    • Starting from 1.78 release, the default value for the MAX_INGEST_REQUEST_SIZE configuration will be reduced from 1 GB to 32 MB.

      This value limits the size of ingest request and rejects oversized requests.

      If the request is compressed within HTTP, then this restricts the size after decompressing.

Improvements, new features and functionality

Bug Fixes

  • Other

    • Fixed an issue for the ingest API that made it possible to ingest into system repositories.

Falcon LogScale 1.75.0 Preview (2023-01-31)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.75.0Preview2023-01-312023-02-271.4411NoNo

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The REST endpoint for testing actions has been deprecated. api/v1/repositories/repoId/alertnotifiers/actionId/test has been deprecated. The new GraphQL mutations should be used instead.

Upgrades

Changes that may occur or be required during an upgrade.

Other

  • Upgrade Java to 17.0.6 in Docker containers

    Upgrade Kafka to 3.3.2 for KAFKA-14379

    Upgrade Kafka client to 3.3.2

    Upgrade Kafka Docker container to 3.3.2

Improvements, new features and functionality

  • UI Changes

    • The Search page and Dashboards URLs support links with timezones, to sharing links ensure the same timezone. E.g. ?tz=Europe/Copenhagen

    • Known field names are now shown as completion suggestions in The Search Box while you type.

    • Suggestions in The Search Box will show for certains function parameters like time formats.

    • You can now set your preferred timezone under Manage your Account.

    • The Search page now supports timezone picking. The timezone will be set on the users' session and remembered between pages.

    • Introduced Search Interactions to add custom event list options for all users in a repository.

      For more information, see Event List Interactions.

  • GraphQL API

    • GraphQL API mutations have been added for testing actions without having to save them first. The added mutations are:

      • testEmailAction

      • testHumioRepoAction

      • testOpsGenieAction

      • testPagerDutyAction

      • testSlackAction

      • testSlackPostMessageAction

      • testUploadFileAction

      • testVictorOpsAction

      • testWebhookAction

      The previous testAction mutation has been removed.

      The new GraphQL API mutations' signature is almost the same as the create mutation for the same action, except that test actions require event data and a trigger name, as the previous testAction mutation did.

      As a consequence, the Test button is now always enabled in the UI.

  • Dashboards and Widgets

  • Functions

    • The performance of in() is improved when matching with values that do not use the * wildcard.

    • default() now supports assigning the same value to multiple fields, by passing multiple field names to the field parameter.

    • selectLast() and groupBy() now use less state size, allowing for larger result sets.

Bug Fixes

  • UI Changes

    • Fixed the UI as it were not showing an error when a query gets blocked due to query quota settings.

    • Fixed an issue that made switching UI theme report an error and only take effect for the current session.

  • Automation and Alerts

    • For self-hosted: Postmark for sending emails from Actions no longer uses the IP filter, allowing administrators not to put Postmark on the IP allowlist.

  • Functions

    • Queries ending with tail() will no longer be rendered with infinite scroll.

  • Other

    • Fixed a failing require from MiniSegmentsAsTargetSegmentReader, causing queries to fail in very rare cases.

    • Unlimited waits for nodes to get in sync has been fixed. This caused digest coordination to fail, to limit the time allowed for a node to get "in sync" on a partition before leadership was assigned to it, in cases where the previous digest leader shut down gracefully.

Falcon LogScale 1.74.0 Preview (2023-01-24)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.74.0Preview2023-01-242023-02-271.4411NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • UI Changes

    • Changes have been made for the three-dot menu (⋮) used for Field Interactions:

      • It is now available from the Fields Panel and the Inspection Panel, see Searching for Data.

      • Keyboard navigation has been improved.

      • For field interactions with live queries, the Fields Panel flyout will now display a fixed list of top values, keeping the values from the point in time when the menu was opened.

  • Automation and Alerts

  • Configuration

    • A new environment configuration variable GLOB_ALLOW_LIST_EMAIL_ACTIONS is introduced. It enables cluster-wide blocking of recipients of Email actions that are not in the provided allow list.

  • Other

    • When creating a new group you now have to add the group and add permissions for it in the same multi step dialog.

Bug Fixes

  • UI Changes

    • Fixed an issue where the dashboard page would freeze when the value of a dashboard parameter was changed.

    • We have fixed tooltips in the query editor, which were hidden by other elements in the UI.

  • Configuration

  • Other

    • We have set a maximum number of events that we will parse under a single timeout so large batches are allowed to take longer. If you've seen parsers time out not because the parser is actually slow but because you were processing many events in a single batch, this change should cause that stop happening. Only parsers that are genuinely slow should now time out.

Falcon LogScale 1.73.0 Preview (2023-01-17)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.73.0Preview2023-01-172023-02-271.4411NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Functions

    • The query function holtwinters() has been removed from the product.

    • Using ioc:lookup() in a query while the IOC service is disabled will now result in a failed query instead of a warning, stating that there are partial results.

Bug Fixes

  • Other

    • We have reduced the noise from MiniSegmentMergeLatencyLoggerJob by being more conservative about when we log mini segments that are unexpectedly not being merged. We have made MiniSegmentMergeLatencyLoggerJob take datasource idleness into account.

Falcon LogScale 1.72.0 Preview (2023-01-10)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.72.0Preview2023-01-102023-02-271.4411NoNo

Bug fixes and updates.

Bug Fixes

  • Configuration

    • Removed compression type extreme for configuration COMPRESSION_TYPE. Specifying extreme will now select the default value of high in order not to cause configuration errors for clusters that specify extreme. The suggestion is to remove COMPRESSION_TYPE from your configurations unless you specify the only other non-default value of fast.

  • Other

    • Fixed an issue where the query scheduling could hit races with the background recompression of files in a way that resulted in the query missing the file and ending up adding warnings about segment files being missed by the query.

Falcon LogScale 1.71.0 Preview (2023-01-03)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.71.0Preview2023-01-032023-02-271.4411NoNo

Bug fixes and updates.

Upgrades

Changes that may occur or be required during an upgrade.

Packages

  • Optimizations in package handling require migration of data during upgrade. This migration is performed automatically. Please notice:

    • While the upgrade of cluster nodes are ongoing, we recommend you do not install or update any packages, as they may end up in an inconsistent state.

      If a package ends up in a bad state during migration, it can be fixed simply by reinstalling the package.

    • You will potentially experience that accessing the list of installed packages will fail, and creating new dashboards, alerts, parsers, etc. based on package templates will not work as intended.

      This should only happen during the cluster upgrade, and should resolve itself once the cluster is fully upgraded.

    • If the cluster nodes are downgraded, any packages installed or updated while running the new version will not work, and we therefore recommend uninstalling or downgrading those packages prior to downgrading the cluster nodes.

Improvements, new features and functionality

  • UI Changes

    • Tabs on the Users page are renamed: former Groups and Permissions tab is now renamed to Permissions; former Details tab is now renamed to Information. In addition, the Permissions tab is now displayed first — it is also the tab that will be opened by default when navigating to a user from other places in the product. See Role Based Access Control (RBAC) for a description of roles and permissions in the UI.

  • Configuration

    • New dynamic configuration FlushSegmentsAndGlobalOnShutdown. When set, and when USING_EPHEMERAL_DISKS is set to true, forces all in-progress segments to be closed and uploaded to bucket, and also forces a write (and upload) of global snapshot during shutdown. When not set, this avoids the extra work and thus time shutting down from flushing very recent segments, as those can then be resumed on next boot, assuming that next boot continues on the same Kafka epoch. The default is false, which allows faster shutdown.

    • The ability to keep the same merge target across digest changes is reintroduced. This feature was reverted in an earlier release due to a discovered issue where mini segments for an active merge target could end up spread across hosts. As that issue has been fixed, mini segments should now be stored on the hosts running digest for the target.

Bug Fixes

  • Configuration

    • Fixed an issue where the IOC database could get out of sync. The IOC database will be re-downloaded upon upgrade, therefore IOCs won’t be completely available for a while after the upgrade.

Falcon LogScale 1.70.2 Stable (2023-03-06)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.70.2Stable2023-03-062024-03-061.4411NoNo
TAR ChecksumValue
MD5be3b24f591693dae272c029c64172f9b
SHA11ba350d80532d655a8f16585e2442a306e9bd163
SHA256b44d38ad5ebbc0a8765df609e1fab85ab0421ea4f298e766d5ae042862b4dfe5
SHA512fdc39cf36ac6ce8f88ceb78d7728cb6beebfae56faa54eef724b8154fac5e4cafee5118621ef2234eb080533243ebe06ef8b0a2f78aa1945f7fc21ccd7e9b010
Docker ImageSHA256 Checksum
humio80df972f2666dfd6cd0f6d667fa5fa4c0d70da505475fb2feafc2f9ec758d2b2
humio-coref4c2cc95de7ad66e6800fbceb1a22caee567b482dcf6b1181b7369c9aa7c86eb
kafka737cbf227b96a304343f03ed168642ae24ea0ca5f6e3c754ebb26e482b6b887c
zookeeperd45fc23dee3e9b4b8dd0be3a88baddba0fef08c21d77119b6d07254fbb34ee8c

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.70.2/server-1.70.2.tar.gz

Security fix and bug fixes.

Upgrades

Changes that may occur or be required during an upgrade.

Other

  • Upgrade Kafka client to 3.4.0.

    Upgrade Kafka broker to 3.4.0 in the Kafka container.

    The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.

Improvements, new features and functionality

  • Other

    • Ephemeral nodes are automatically removed from the cluster if they are offline for too long (2 hours by default).

Bug Fixes

  • GraphQL API

    • Pending deletes that would cause nodes to fail to start, reporting a NullPointerException, have been fixed.

  • Other

    • Timeout from publish to global topic in Kafka has been fixed, as it resulted in marking input segments for merge as broken temporarily.

    • Nodes are now considered ephemeral only if they set USING_EPHEMERAL_DISKS to true. Previously, they were ephemeral if they either set that configuration, or if they were using the httponly node role.

Falcon LogScale 1.70.1 Stable (2023-02-01)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.70.1Stable2023-02-012024-02-011.4411NoNo
TAR ChecksumValue
MD5e0aa0e799d3f5b3009ef9a636ad96c78
SHA106710b69230c442dc67ba137bd02613cb29b5224
SHA2565ada1e5a56d73d1e2532378035c1eccf9fa476b5226ae6bdc9d7e29dc8b2ddc3
SHA512e1768b9e41ef5940e2defbf10cc908b454ef6f67358b340fbcb648c5e91a98031b385cfcc242ee40ed33d4d17fb5e1eb7418abb287adbfe83e3827ae8e11a54f
Docker ImageSHA256 Checksum
humio72a45d92e868e101a8bd2a7f20f83b37946761bfead3bce3bbb28a9ebf318a50
humio-coref4c2cc95de7ad66e6800fbceb1a22caee567b482dcf6b1181b7369c9aa7c86eb
kafkac8500740a3ead1d9e6b48df608b225ffd9c221263a9bcd5f2134b3ade89260ac
zookeeper0b1155a324d0940f6c4aa3e3f2088cec5d8cd77e6883454c59a111028b7cfe82

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.70.1/server-1.70.1.tar.gz

Bug fixes and updates.

Bug Fixes

Falcon LogScale 1.70.0 Stable (2023-01-16)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.70.0Stable2023-01-162024-01-161.4411NoNo
TAR ChecksumValue
MD5d9bb7d6cbb0ca0bda19849432c379edf
SHA1b6c06ea11e89db8f31c68b1aa2ad278aad0fe433
SHA256aaae7b77d39c82f5b6931f7be9da2e03ac7cb68bc7f246529562f3900bf23b02
SHA5126370a6f003a2f2ac6f59fdbaa8d7578e2eae7658645bc97cc4ed5f3c75489c914cb09a35e8ca5a6b6203f8a084aac769bc6d9d9b7fd9547fa2cfe9cef6639f40
Docker ImageSHA256 Checksum
humio9bdd95bb499feb635b2fa10e2ccc8d3738173998679e0b59852b61e9f9072b07
humio-core8693b1c4fe80d51907f4b706e5f464ed990e365b50099ad8b6a8eb33d370b6cb
kafkaf22f369876933b93084f34d73014697b6cbae24c3d915e8fb590f2289f4361ce
zookeeperb4bb9f58e8a519db4850e395824142fe62fe52f8fcf024de1001fd76481e63c7

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.70.0/server-1.70.0.tar.gz

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

Upgrades

Changes that may occur or be required during an upgrade.

Installation and Deployment

  • We have enabled a new vhost selection method by default. The way hosts select their vhost number when joining the cluster has changed, the new logic is described at Node Identifiers documentation page.

    The new logic does not depend on Zookeeper, even for clusters where nodes occasionally lose disk contents, such as Kubernetes. In order to smooth migration for clusters using Zookeeper, the new logic will still interact with Zookeeper to avoid nodes using a mix of new and old vhost code from fighting over the vhost numbers. This is only necessary while migrating.

    The recommended steps for migrating off of Zookeeper are as follows:

    1. Deploy the new LogScale version to all nodes.

    2. Remove ZOOKEEPER_URL_FOR_NODE_UUID, ZOOKEEPER_URL, ZOOKEEPER_PREFIX_FOR_NODE_UUID, ZOOKEEPER_SESSIONTIMEOUT_FOR_NODE_UUID from the configuration for all nodes.

    3. Reboot

    Once rebooted, LogScale will no longer need Zookeeper directly, except as an indirect dependency of Kafka. Due to this, the 4 Zookeeper-related variables are deprecated as of this release and will be removed in a future version.

    Since vhost numbers now change when a disk is wiped, cluster administrators for clusters using nodes where USING_EPHEMERAL_DISKS is set to true will need to ensure that the storage and digest partitioning tables are up to date as hosts join and leave the cluster. Updating the tables is handled automatically if using the Logscale Kubernetes operator, but for clusters that do not use this operator, cluster administrators should run scripts periodically to keep the storage and digest tables up to date. This is not a new requirement for ephemeral clusters, but we're providing a reminder here since it may be needed more frequently now.

    The cluster GraphQL query can provide updated tables (the suggestedIngestPartitions and suggestedStoragePartitions fields), which can then be applied via the updateIngestPartitionScheme and updateStoragePartitionScheme GraphQL mutations.

    Should you experience any issue in using this feature, you may opt out by setting NEW_VHOST_SELECTION_ENABLED=false. If you do this, please reach out to support with feedback, as we otherwise intend to remove the old vhost selection logic in the coming months.

    Note

    When using Operator and Kubernetes deployments, you must upgrade to 0.17.0 of operator to support migration away from the Zookeeper requirement. See Version 0.17.0.

Improvements, new features and functionality

  • Dashboards and Widgets

    • Added support for export and import of dashboards with query based widgets which use a fixed time window.

  • Other

    • New background task TagGroupingSuggestionsJob that reports on flow rate in repositories with many datasources on what it considers slow ones, controlled by configuration of segment sizes and flush intervals. The output in the log can be input to decision on add Tag Grouping to a repository to reduce the number of slow datasources.

    • Add code to ensure all minisegments for the same target end up located on the same hosts. A change in 1.63 could create a situation where minisegments for the same merge target wound up on different nodes, which the query code currently assumes can't happen. This could cause Result is partial responses to user queries.

Bug Fixes

  • Security

    • Update Netty to address CVE-2022-41915.

  • Automation and Alerts

    • Fixed a bug where a link in the notification for a failed alert would link to a non-existing page.

  • Dashboards and Widgets

    • Fixed an issue with parameters in dashboards, where the values of a fixed list parameter would not have their order maintained when exporting and importing templates.

    • Scatter Chart has been updated:

      • The x-axis would not update correctly with updated query results

      • The trend line toggle in the style panel was invisible.

    • Fixed three bugs in the Bar Chart — where the sorting would be wrong with updating query results in the stacked version, flickering would occur when deselecting all series in the legend, and deselecting renamed series in the legend would not have any effect.

  • Other

    • Fixed a bug where very long string literals in a regex could cause a query/parser to fail with a stack overflow.

Known Issues

Falcon LogScale 1.69.0 Preview (2022-12-13)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.69.0Preview2022-12-132023-01-161.4411NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Other

    • Add bounds to maximum number of active notifications per user.

    • Throttle publish to global-events topic internally based on time spent in recent transactions of the same type (digest-related writes are not throttled). See details at new configuration variable GLOBAL_THROTTLE_PERCENTAGE page. Also see the metric global-operation-time for measurements of the time spent.

    • Added option to filter by group and role permission types in groupsPage and rolesPage queries.

    • Reduced CPU usage of background tasks for the case of high partition count and high datasource count.

    • Add support for GET+DELETE requests for queries by external Query ID without including the repository name in the URL. The new URL is /api/v1/queryjobs/QUERYID. Note that shared dashboard token authentication is not supported on this API. (The existing API on /api/v1/repositories/REPONAM/queryjobs/QUERYID remains unmodified and support POST requests for submit of queries.)

Bug Fixes

  • Other

    • LogScale no longer considers every host to be alive for a period after rebooting. Only hosts marked as running in global will be considered alive. This fixes an issue where a query coordinator might pointlessly direct queries to dead nodes because the coordinator had recently booted.

    • Allow creating Kafka topics even if a broker is down.

Falcon LogScale 1.68.0 Preview (2022-12-06)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.68.0Preview2022-12-062023-01-161.4411NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Deprecation

    • The query function holtwinters() is now deprecated and will be removed along with the release of future version 1.73; therefore, its usage in alerts is not recommended.

  • Falcon Data Replicator

    • Enforcing S3 file size limits (30MB) in FDR feeds. Files will not be ingested if they are above the limit.

  • UI Changes

    • Introduced the Social Login Settings feature: all customers with access to the organization identity providers page can now change social login settings in the UI. See Configuring Identity Providers for LogScale Cloud for details.

    • No longer possible to add a color to roles. Existing role colors removed from the UI.

  • Automation and Alerts

    • Improved performance when storing alert errors and trigger times in global.

  • Configuration

    • Set dynamic configuration BucketStorageWriteVersion to 3. This sets the format for files written to bucket storage to use a format that allows files larger than 2GB and incurs less memory pressure when decrypting files during download from the bucket. The new format is supported since 1.44.0 only.

    • Changed the default value for AUTHENTICATION_METHOD from none to single-user.

      To set username and password, use the environment variables:

      See SINGLE_USER_USERNAME and SINGLE_USER_PASSWORD documentation for more details on these variables.

    • Set minimum version for the cluster to be 1.44.0.

  • Other

    • New metric global-operation-time: tracks local time spent processing each kind of message received on the global events topic.

    • Audit logging has been improved.

Bug Fixes

  • UI Changes

    • The warning about unsaved changes being lost on an edited dashboard will now only show when actual changes have been made.

  • Other

    • Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when version-for-bucket-writes=3. The bug did not allow to decrypt files larger than 2GB.

    • Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.

Falcon LogScale 1.67.0 Preview (2022-11-29)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.67.0Preview2022-11-292023-01-161.3011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Functions

    • A new query function named createEvents() has been released. This function creates events from strings and is used for testing queries.

Bug Fixes

  • UI Changes

    • IP Location drilldowns now correctly use lat and lon field names instead of latitude and longitude .

    • URL paths with repository name and no trailing /search resolved to Not Found. The URL /repoName will now again show the search page for the repoName repository.

  • Functions

    • Bugs fixed for the collect() function, where:

      • The function mistakenly warned about exceeding its limit if the number of collected values was equal to the limit.

      • The limit parameter was not applied correctly.

Falcon LogScale 1.66.0 Preview (2022-11-22)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.66.0Preview2022-11-222023-01-161.3011NoYes

Bug fixes and updates.

Improvements, new features and functionality

  • Configuration

  • Other

    • Make adjustments to the HostsCleanerJob. It will now remove references to missing hosts in fewer writes, and will stop immediately if a host rejoins the cluster.

Bug Fixes

  • Functions

    • Fixed a bug seen in version 1.65 where groupBy() on multiple fields would sometimes produce multiple rows for the same combination of keys.

  • Other

    • Fixed a race where unavailable segments, due to nodes going away, would not become available again after nodes returning.

    • Fixed an issue that could cause the error message Object is missing required member 'replicationFactor' when downgrading from current versions to older versions. The error message is only a nuisance, since the object failing deserialization isn't in use in released code yet.

    • Fixed an issue that could cause repeated unnecessary updates of currentHosts for some segments.

  • Packages

    • Fixed an issue where deleting a parser through an update or uninstall of a package could fail in an unexpected way if the parser was used by an ingest listener or an Fdr feed. Now, a proper error message will be shown.

Falcon LogScale 1.65.0 Preview (2022-11-15)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.65.0Preview2022-11-152023-01-161.3011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Security

    • The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.

  • UI Changes

    • The Repository icon has been changed to match the new look and feel.

    • A new UI for event forwarders located under Organisation Settings now allows you to configure your event forwarders. See Event Forwarders for details.

  • Automation and Alerts

    • Added a query editor warning (yellow wavy lines) for joins in alerts.

  • Configuration

    • Added a new dynamic configuration UndersizedMergingRetentionPercentage, with a default value of 20. This configuration value is used when selecting undersized segments to merge, this setting controls how wide a time span can be merged together.

      The setting is interpreted as a percentage of the repository's retention by time setting. A reasonable range is 0 through to 90.

  • Other

    • Increased the limits for bucket. The maximum number of series has been raised from 50 to 500 and the maximum number of output events has been raised from 10,000 to 100,000.

    • Avoid writing some messages to global if we can tell up-front that the message is unnecessary.

    • Reduce the scope of a precondition for a particular write to global. This should reduce unnecessary transaction rejections when such writes are bulked together.

    • Audit logging for s3 archiving which tracks when it is enabled, disabled, configured, and restarted.

    • Docker images have been upgraded to Java 17.0.5.

Bug Fixes

  • Configuration

    • Fix some issues with the workings of the BUCKET_STORAGE_MULTIPLE_ENDPOINTS and S3_STORAGE_ENDPOINT_BASE configurations.

      The intent of this configuration is to allow users to configure buckets in multiple bucket services, for instance to allow migrating from AWS bucket storage to a local S3 service. When true, each bucket in global can have a separate endpoint configuration, as defined in S3_STORAGE_ENDPOINT_BASE and similar configurations. This allows an existing cluster running against AWS S3 to begin uploading segments to an on-prem S3 by switching the endpoint base, while still keeping access to existing segments in AWS.

      When false (default), the endpoint base configuration is applied to all existing buckets on boot. This is intended for cases where the base URL needs to be changed for all bucket, for instance due to the introduction of a proxy.

      The issue was that we were not consistently looking up endpoint urls in global for the relevant bucket, but instead simply used whichever endpoint url happened to be defined in configuration at the time. This has been fixed.

  • Other

    • Fixed a minor desynchronization issue related to idle datasources.

    • The SAML login to Humio using deeplinks now works correctly.

    • Fixed a bug where interaction context menus did not update the query editor in Safari.

    • When a host is removed from global, a job tries to clean up any references to it from other places in global, such as segments. Fixed a bug in this job that meant it didn't clean up references on segments that were tombstoned but not yet gone from global. This issue could block cleanup of those segments.

Falcon LogScale 1.64.0 Preview (2022-11-01)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.64.0Preview2022-11-012023-01-161.3011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Configuration

    • Added new dynamic configuration for MaxIngestRequestSize to allow limiting size of ingest requests after content-encoding has been applied. The default can be set using the new configuration variable MAX_INGEST_REQUEST_SIZE, or applied via the dynamic configuration.

  • Dashboards and Widgets

    • It is now possible to specify a dashboard by name in the URL. It is also possible to have dashboard ID as a parameter in order to have permanent links.

  • Functions

    • Removed the restriction that case and match expressions cannot be used in subqueries.

    • The query function in() has been improved w.r.t. performance when searching in tag fields.

    • Improved memory allocation for the query function split().

    • The query function split() now allows splitting arrays that contain arrays. For example, the event a[0][0]=1, a[1][0]=2 can now be split using split(a) produces two events: _index=0, a[0]=1' and '_index=1, a[0]=2.

    • The query function join() now provides information to optimize the query.

  • Other

    • In the internal request log, include decoded size of the request body after content-encoding has been applied in new field decodedContentLength. This allows inspecting compression ratio of incoming requests and range of values seen. Requests without compression have contentLength in this new field too.

Bug Fixes

  • UI Changes

    • Fixed a bug where a disabled item in the main menu could be clicked on and which would redirect to the homepage.

    • The Copy menu in the event Inspection Panel now copies text correctly again.

  • Functions

  • Other

    • Fixed an issue that could cause merged segments to appear to be missing after a restart, due to the datasource going idle.

Falcon LogScale 1.63.6 Stable (2023-03-22)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.63.6Stable2023-03-222024-03-221.30.011NoNo
TAR ChecksumValue
MD5c6a5dedd2c76d1ceb44984d2b6c249ee
SHA1d45f31016599ea0c905c93cf731cb7d2fcd47a6c
SHA2568c9d3dc61b1f8a2f392ff53dd88602abcdb04b3084c847f54f00e55887d561a2
SHA5121a5db287ab19b1c3efe1a5c447e27d7d4d66834f608a777485ea2aec73c8f7963b816ffe7b29758285dd692adf11989be302c3863feda97e0962e723b42c7e5a
Docker ImageSHA256 Checksum
humio8b20c3c128d786c6dd121bab5f6878129343d9d9967b855ed9d9825a13560cd6
humio-core3d03504a00022115b7a581938dd8d0d7f96a583c57d02efdf15b4127971914df
kafka6c9978f48ade34b4bb12f7e5862c556ba60e2650555db05ae36ac9abd44062ca
zookeepercad51c3f5959cd99609d6abdb28ea938b87942780567a462e897ba34e31d3679

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.6/server-1.63.6.tar.gz

Bug fix.

Bug Fixes

  • Other

    • Fixed an issue with API Explorer that could fail to load in some configurations when using cookie authentication.

Falcon LogScale 1.63.5 Stable (2023-03-06)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.63.5Stable2023-03-062024-03-061.30.011NoNo
TAR ChecksumValue
MD5e4684d95d5cf279a36f9581d395dbd6b
SHA1b179a38c49fb4d4c9b298ea867f69f97e1eb5dc8
SHA256a0bfa4e22b5800a5ca2f117914d30a68df66fd1ddfe5452cc97960832e3714b8
SHA512168dcec977536d77f3f793b811b41e483b6ca17b942d305953ce6099d1d01de7d7a14fa135681d330ef0ce5b9bff94457fba265064e838f1fedca49f8e032f3d
Docker ImageSHA256 Checksum
humioc78c2e3e9b3956346aa8ad0b90b68ad42c17e25e22b2b45ad0c9d564aa6f6e29
humio-core4811ddd5298fa41d7ccf123f83aa060d77a2583528208dfdfe6c98b298f931f3
kafkaadae65ce4cb90bf64fcef617d13d896a531f08cca8286b7241be62013f3c801a
zookeeper4e146244b375c139e49e3247b24cdfd8adfded7a07b9dba074ebb68878033619

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.5/server-1.63.5.tar.gz

Security fix.

Upgrades

Changes that may occur or be required during an upgrade.

Other

  • Upgrade Kafka client to 3.4.0.

    Upgrade Kafka broker to 3.4.0 in the Kafka container.

    The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.

Falcon LogScale 1.63.4 Stable (2023-02-01)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.63.4Stable2023-02-012024-02-011.30.011NoNo
TAR ChecksumValue
MD5b8b3067213532194d2510cc1b12b1ed8
SHA15418f0926f51fafb413500fbdbb41df496a7fb0d
SHA256994882158ac89800a9418fe8d2b51426dc794ec1fbc5dc1d365530c8449fefca
SHA512262f662af3647d77352e1abe990be003f98a2abf50be0350b538ca8cc13ff56ec6414f3a045758d64bbf4e137918877fe56d70a1b3ef01e1405da4514742d66e
Docker ImageSHA256 Checksum
humio8861250649894e744ecb070db48a50c5ffdf071f7bc26a3b1bc41970262da77e
humio-coreb310155c2958037385eb20527dad3bd10a0854c0761ef9991ca4c48d01074a42
kafka4d9fb7715fd851192005c1cf8180e9ff9a27b84f58e720b36f4d4f3baa5a4449
zookeeperd00d8999eb2880d7d0ef307210b7c5aa3949b2c16ec1d471af36d9344a8501c9

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.4/server-1.63.4.tar.gz

Bug fixes and updates.

Bug Fixes

Falcon LogScale 1.63.3 Stable (2022-12-21)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.63.3Stable2022-12-212023-12-211.30.011NoNo
JAR ChecksumValue
MD574b7a4bc3143245a361537e572c5afb2
SHA1ef312b1b71d041d1b9a4ebfd7ef5108c6fff24b3
SHA256c7fe720697a9c624db9cc26268883b7389092c3c0dbc5541b643ff12cf62226d
SHA5125fb5b6dee09abafc1f45b2cce0889e315cd1aa6fc79dd393bfb78eac5bd51047ada7670d65fe4bbc7908b0791c17048552eb03abf675fb70b74778b5142db523
Docker ImageSHA256 Checksum
humioba99848f525941344e972b9fddc437042aaaa851bbba6a10f3e54aebccafbe62
humio-coreef99f9f84bfd3258f4abc92e6b3f1ec300003caaf93cb330a1a52f419e9e6e76
kafkad96ae0f7043c57f0f1b0ae79a03d27fdb38854232f63dc341987158b6703b09f
zookeeper357e3e93a78cc19e7d8aad157e6b1416c36fbf31153897d40adc9aa02b9b9b61

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.3/server-1.63.3.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

  • Other

    • Add code to ensure all minisegments for the same target end up located on the same hosts. A change in 1.63 could create a situation where minisegments for the same merge target wound up on different nodes, which the query code currently assumes can't happen. This could cause Result is partial responses to user queries.

Bug Fixes

  • Security

    • Update Netty to address CVE-2022-41915.

  • Automation and Alerts

    • Fixed a bug where a link in the notification for a failed alert would link to a non-existing page.

  • Other

    • Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when version-for-bucket-writes=3. The bug did not allow to decrypt files larger than 2GB.

    • Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.

Known Issues

Falcon LogScale 1.63.2 Stable (2022-11-30)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.63.2Stable2022-11-302023-11-301.30.011NoNo
JAR ChecksumValue
MD54b6142d1443af26cbe05f794f8fb65ec
SHA12d21db39a7d4de74df05aea99baab1ad5d5def35
SHA256fe66c9be4aab6b027a5ebc5711fedaeee0aea088c7a20981dfdca07739325f1a
SHA512efb7e6aaa4dbbfd1662552fb3f07b6895bcb2220b69da34a6deb228bd13b286a38ac470f436a0378fa24701d13094da3d3524ebd0f9580a9a599ca5c
Docker ImageSHA256 Checksum
humiodd063817c4b302708422213deaa45ac8c799dfc199ae9dc8e80c18a12f882c28
humio-core2f52662a0191e3723c65ac344b8aedb8a0b4a31f324823857fc2dcd13262c5e4
kafkacfc1d3f130db496dff29c8c8bf3897253615b03521584bd1f3e17da7a398b67f
zookeeper3d485ef41d36cbc71b583bee7153f75d660c2d1bf42c88fa6dbc21557eac0123

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.2/server-1.63.2.tar.gz

Bug fixes and updates.

Bug Fixes

  • UI Changes

    • URL paths with repository name and no trailing /search resolved to Not Found. The URL /repoName will now again show the search page for the repoName repository.

Known Issues

Falcon LogScale 1.63.1 Stable (2022-11-14)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.63.1Stable2022-11-142023-11-141.3011NoNo

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.1/server-1.63.1.tar.gz

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • Deprecated feature removal: the file-based backup feature was deprecated in 1.42.0 and is now removed from Humio. The following configs are no longer supported and will do nothing if set:

    The DELETE_BACKUP_AFTER_MILLIS config is still supported, as it is used for configuring the delay between a file being marked for deletion in Humio, and that file being removed from bucket storage.

Improvements, new features and functionality

  • Security

    • The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.

  • Falcon Data Replicator

    • Added the new fileDownloadParallelism setting for FDR feeds to download files from the same SQS message in parallel. See Adjust Polling Nodes Per Feed for all the details.

  • UI Changes

    • Parsing JSON arrays in drill-down context menus no longer adds a trailing dot to the prefix field name.

    • Add Falcon LogScale announcement on login and signup pages.

    • Contextual drill-down menus for field interactions have been introduced, see Field Interactions. In particular:

      • Fields in the Inspection Panel are now provided with Drill down and Copy context menu items, replacing the former + - GroupBy buttons, see updates at Inspecting Events.

      • The Fields Panel on the left-hand side of the User Interface is now provided with Drill down and Copy context menu items, replacing the former drill-down buttons in the field details flyout (when clicking a field in the fields menu). See updates at Displaying Fields.

      • Fields that have JSON, URL and Timestamps content will have a Parse drill-down option which will parse the field as a LogScale field.

        Parsing JSON will automatically use the field name as prefix for the new field name.

      • Fields containing numbers (currently JSON only) will have Sum, Max, Min, Max values, and Percentiles drill-down options.

    • Interactions on JSON data now enabled for JSON arrays in the Event List.

    • Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.

    • Following its name change, mentions of Humio have been changed to Falcon LogScale.

    • The Single Value widget has updated properties:

      • New design for the toggle switch: it is now bigger and has a green/gray color profile instead of blue/gray.

      • The color profile of the displayed value by trend is now customizable.

    • Change Humio logo to Falcon LogScale on login and signup pages.

  • Automation and Alerts

    • Self-hosted only: the old implementation of how alert queries are run has been removed. As a consequence, the dynamic configuration UseLegacyAlertJob has also been removed.

    • Added two new message templates to actions, {query_start_s} and {query_end_s}. See Message Templates and Variables for details.

  • GraphQL API

    • Added new createDashboardFromTemplateV2 mutation with input parameters aligned with the rest of the create from template mutations.

  • Dashboards and Widgets

    • JSON in Log Line and JSON formats columns in Event List widgets now have fields underlined on hover and are clickable. This allows drill-downs and copying values easily.

  • Functions

    • QueryAPI — Added staticMetaData property to QueryJobStartedResult. At the moment it only contains the property executionMode, which can be used to communicate hints about the way the backend executes the query to the front-end.

    • QueryAPI — executionModeHint renamed to executionMode.

    • Introduced new valid array syntax in array:contains() and array:regex() functions:

      • Changed the expected format of the array parameter.

      • Changed these functions to no longer be experimental.

    • Improved the format():

      • Fixed an issue where the format() function would output the wrong amount of left padded zeros for decimal conversions.

      • Formatting large positive numbers as hex no longer causes a loss of bits for integers less than 2^63.

      • Formatting negative numbers as hex no longer produces unintelligible strings.

      • Fixed an issue where adding the # flag would not display the correct formatting string.

      • Fixed an issue where specifying the time/date modifier N would fail to parse.

      • Fixed an issue where supplying multiple fields required you to specify the index of the last field as an argument specifier.

      • Added a length specifier to allow for outputting fields as 32-bit integers instead of 64-bits.

      • Using the type specifier %F now tries to format the specified field as a floating point.

      See the format() reference documentation page for all the above mentioned updates on the supported formatting syntax.

  • Other

    • Added a new ingest endpoint for receiving metrics and traces via OpenTelemetry OTLP/http. See OpenTelemetry for all the details.

    • New background task that runs at startup. It verifies the checksums present in local segment files, traversing the most recently updated segment files on the local disk, using the timestamps they have when Humio status. If a file has invalid checksum it will be renamed to crc-error.X where X is the ID of the segment. An error will be logged as well.

    • Add an additional validation check when uploading files to S3-like bucket storage. Humio will now perform a HEAD request for the file's final location in the bucket to verify that the upload succeeded.

    • Created new test function for event forwarders, which takes as input an event forwarder configuration and tests whether it is possible to connect to the Kafka server. The current test function which takes an ID as input and tests an existing event forwarder by ID, is now marked as deprecated.

    • Added a new dynamic config UndersizedMergingRetentionPercentage, with a default value of 20. This configuration value is used when selecting undersized segments to merge, this setting controls how wide a time span can be merged together.

      The setting is interpreted as a percentage of the repository's retention by time setting. A reasonable range is 0 through to 90.

    • Added use of the HTTP Proxy Client Configuration, if configured, in a lot of places.

    • When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.

    • Empty datasource directories will be now removed from the local file system while starting the server.

    • Add a script in the tarball distribution's bin directory to check the execution environment, checking common permission issues and other requirements for an environment suitable for running Logscale.

    • It's now possible to expand multiple bell notifications.

    • Use latest version of Java 17 in Docker images.

Bug Fixes

  • UI Changes

  • Dashboards and Widgets

    • Bug fixed in Scatter Chart widget tooltip, so that the description of the actual point only is shown in the tooltip when hovering the mouse over one point, instead of multiple points.

    • Fixed a bug where query result containing no valid results was handled incorrectly in visualisation.

  • Functions

    • Fixed an issue where NaN values could cause groupBy() queries to fail.

    • Fixed an issue where match() would sometimes give errors when ignoreCase=true and events contained latin1 encoded characters.

    • Fixed a bug where the selfJoin() function would not apply the postfilter parameter.

  • Other

    • When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.

    • It is now possible for a user to use the same personal invite token after the user has been transferred to another organization.

    • Fixed an issue where nothing was displayed on the average ingest chart in case only one datapoint is present.

    • When a host is removed from global, a job tries to clean up any references to it from other places in global, such as segments. Fixed a bug in this job that meant it didn't clean up references on segments that were tombstoned but not yet gone from global. This could block cleanup of those segments.

    • Fix an issue causing a content-length check for bucket uploads to fail when encryption was enabled. The content-length check is not normally enabled, so this should only affect clusters that have disabled ETag-based validation.

    • Fix an issue that could cause event redaction tasks to fail to complete, if a segment having events redacted was deleted due to retention.

    • Fixed a regression causing a reflective method lookup to fail when Humio is running on a Java prior to 13.

Known Issues

Falcon LogScale 1.63.0 Preview (2022-10-25)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.63.0Preview2022-10-252022-11-141.3011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • GraphQL API

    • Added enableEventForwarder and disableEventForwarder mutations to enable/disable event forwarders.

  • Log Collector

    • Humio Log Collector is now Falcon LogScale Collector.

    • New FleetOverview functionality for the LogScale Collector 1.2.0 is available.

    • LogScale Collector download page has moved into the new top level tab LogScale Collector Fleet Management (Cloud-only).

  • Functions

    • The base64Decode() query function now accepts non-canonical encodings.

    • The holtwinters() query function will be deprecated with the release of future version 1.68. From then, it cannot be expected to work in alerts, and it will be removed entirely with the release of version 1.72.

    • The parseCsv() function has improved its performance, in particular in terms of memory pressure.

  • Other

    • Close all segments a node is working on when shutting down. This should help start later in Kafka after reboots.

Bug Fixes

  • Other

      • Fixed an issue with validations when creating a new Ingest Listener as Netflow/UDP.

      • The form validation for Ingest Listener will now clearly tell the user that the parser needs to be selected when you change between different protocols.

    • Fixed a race condition where the segment top offset wasn't removed when a datasource went idle due to a race. This could result in event redaction not running for such segments.

Humio Server 1.62.0 Preview (2022-10-18)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.62.0Preview2022-10-182022-11-141.3011NoNo

Updates.

Improvements, new features and functionality

  • UI Changes

    • Parsing JSON arrays in drill-down context menus no longer adds a trailing dot to the prefix field name.

    • Add Falcon LogScale announcement on login and signup pages.

    • Following its name change, mentions of Humio have been changed to Falcon LogScale.

    • Change Humio logo to Falcon LogScale on login and signup pages.

  • Functions

    • Introduced new valid array syntax in array:contains() and array:regex() functions:

      • Changed the expected format of the array parameter.

      • Changed these functions to no longer be experimental.

  • Other

    • Added a new ingest endpoint for receiving metrics and traces via OpenTelemetry OTLP/http. See OpenTelemetry for all the details.

    • Add a script in the tarball distribution's bin directory to check the execution environment, checking common permission issues and other requirements for an environment suitable for running Logscale.

Humio Server 1.61.0 Preview (2022-10-11)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.61.0Preview2022-10-112022-11-141.3011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Falcon Data Replicator

    • Added the new fileDownloadParallelism setting for FDR feeds to download files from the same SQS message in parallel. See Adjust Polling Nodes Per Feed for all the details.

  • UI Changes

    • Interactions on JSON data now enabled for JSON arrays in the Event List.

  • Functions

    • QueryAPI — Added staticMetaData property to QueryJobStartedResult. At the moment it only contains the property executionMode, which can be used to communicate hints about the way the backend executes the query to the front-end.

    • QueryAPI — executionModeHint renamed to executionMode.

Bug Fixes

  • Functions

    • Fixed a bug where the selfJoin() function would not apply the postfilter parameter.

  • Other

    • Fixed an issue where nothing was displayed on the average ingest chart in case only one datapoint is present.

    • Fix an issue that could cause event redaction tasks to fail to complete, if a segment having events redacted was deleted due to retention.

    • Fixed a regression causing a reflective method lookup to fail when Humio is running on a Java prior to 13.

Humio Server 1.60.0 Preview (2022-10-04)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.60.0Preview2022-10-042022-11-141.3011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • UI Changes

    • Contextual drill-down menus for field interactions have been introduced, see Field Interactions. In particular:

      • Fields in the Inspection Panel are now provided with Drill down and Copy context menu items, replacing the former + - GroupBy buttons, see updates at Inspecting Events.

      • The Fields Panel on the left-hand side of the User Interface is now provided with Drill down and Copy context menu items, replacing the former drill-down buttons in the field details flyout (when clicking a field in the fields menu). See updates at Displaying Fields.

      • Fields that have JSON, URL and Timestamps content will have a Parse drill-down option which will parse the field as a LogScale field.

        Parsing JSON will automatically use the field name as prefix for the new field name.

      • Fields containing numbers (currently JSON only) will have Sum, Max, Min, Max values, and Percentiles drill-down options.

  • GraphQL API

    • Added new createDashboardFromTemplateV2 mutation with input parameters aligned with the rest of the create from template mutations.

  • Dashboards and Widgets

    • JSON in Log Line and JSON formats columns in Event List widgets now have fields underlined on hover and are clickable. This allows drill-downs and copying values easily.

  • Other

    • New background task that runs at startup. It verifies the checksums present in local segment files, traversing the most recently updated segment files on the local disk, using the timestamps they have when Humio status. If a file has invalid checksum it will be renamed to crc-error.X where X is the ID of the segment. An error will be logged as well.

    • It's now possible to expand multiple bell notifications.

    • Use latest version of Java 17 in Docker images.

Bug Fixes

  • Dashboards and Widgets

    • Fixed a bug where query result containing no valid results was handled incorrectly in visualisation.

  • Functions

    • Fixed an issue where NaN values could cause groupBy() queries to fail.

Humio Server 1.59.0 Preview (2022-09-27)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.59.0Preview2022-09-272022-11-141.3011NoNo

Updates.

Improvements, new features and functionality

  • UI Changes

    • The Single Value widget has updated properties:

      • New design for the toggle switch: it is now bigger and has a green/gray color profile instead of blue/gray.

      • The color profile of the displayed value by trend is now customizable.

  • Automation and Alerts

Humio Server 1.58.0 Preview (2022-09-20)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.58.0Preview2022-09-202022-11-141.3011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • UI Changes

    • Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.

  • Functions

    • Improved the format():

      • Fixed an issue where the format() function would output the wrong amount of left padded zeros for decimal conversions.

      • Formatting large positive numbers as hex no longer causes a loss of bits for integers less than 2^63.

      • Formatting negative numbers as hex no longer produces unintelligible strings.

      • Fixed an issue where adding the # flag would not display the correct formatting string.

      • Fixed an issue where specifying the time/date modifier N would fail to parse.

      • Fixed an issue where supplying multiple fields required you to specify the index of the last field as an argument specifier.

      • Added a length specifier to allow for outputting fields as 32-bit integers instead of 64-bits.

      • Using the type specifier %F now tries to format the specified field as a floating point.

      See the format() reference documentation page for all the above mentioned updates on the supported formatting syntax.

  • Other

    • Add an additional validation check when uploading files to S3-like bucket storage. Humio will now perform a HEAD request for the file's final location in the bucket to verify that the upload succeeded.

    • Empty datasource directories will be now removed from the local file system while starting the server.

Bug Fixes

  • UI Changes

  • Other

    • Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.

    • Fix an issue causing a content-length check for bucket uploads to fail when encryption was enabled. The content-length check is not normally enabled, so this should only affect clusters that have disabled ETag-based validation.

Humio Server 1.57.0 Preview (2022-09-13)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.57.0Preview2022-09-132022-11-141.3011NoNo

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • Deprecated feature removal: the file-based backup feature was deprecated in 1.42.0 and is now removed from Humio. The following configs are no longer supported and will do nothing if set:

    The DELETE_BACKUP_AFTER_MILLIS config is still supported, as it is used for configuring the delay between a file being marked for deletion in Humio, and that file being removed from bucket storage.

Improvements, new features and functionality

  • UI Changes

    • Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.

  • Other

    • Created new test function for event forwarders, which takes as input an event forwarder configuration and tests whether it is possible to connect to the Kafka server. The current test function which takes an ID as input and tests an existing event forwarder by ID, is now marked as deprecated.

    • Added use of the HTTP Proxy Client Configuration, if configured, in a lot of places.

    • When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.

Bug Fixes

  • Dashboards and Widgets

    • Bug fixed in Scatter Chart widget tooltip, so that the description of the actual point only is shown in the tooltip when hovering the mouse over one point, instead of multiple points.

  • Functions

    • Fixed an issue where match() would sometimes give errors when ignoreCase=true and events contained latin1 encoded characters.

  • Other

    • When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.

    • It is now possible for a user to use the same personal invite token after the user has been transferred to another organization.

    • Fixed an issue where the HTTP threads (Akka pool) could get blocked while sending ingest requests to Kafka, which could result in Humio HTTP endpoints not responding.

Humio Server 1.56.4 Stable (2022-12-21)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.56.4Stable2022-12-212023-12-211.30.011NoNo
JAR ChecksumValue
MD52afb7131fc25ec5161869b348421a51d
SHA15c93d5bd0b065b2de49571f9285ab087c2b7b6fd
SHA256ca1b48a745b492dd2a580ff2efcd37a20440787dc150c65ae51ad3547bbc5528
SHA512c24ff5be15fd46b712de76d574d4b9e49464e3679cd8b5fe707442337fac6fc828cc9173663a3e2f3271a3ad6545c4b87c849ce75db27cfb5ed05795f998011f
Docker ImageSHA256 Checksum
humioc44efa344016b1e3750fbaa0c48aaf82a1a70400c7e5f84c230396143523fc94
humio-core0c5cc7251f855759999c61a259fc3b3dae5180b43f97296fe4ff0709c872af6b
kafka270d083cd4a0e1947e9f151396404bd77c3e6581dd3615e04814b9b4e0108743
zookeeper116ef60d3affef2415dfb3b25b6460b67bceebedc4b11070039aa3ba2dbcbb31

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.4/server-1.56.4.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

  • Security

    • The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.

Bug Fixes

  • Security

    • Update Netty to address CVE-2022-41915.

  • Other

    • Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when version-for-bucket-writes=3. The bug did not allow to decrypt files larger than 2GB.

    • Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.

Humio Server 1.56.3 Stable (2022-10-05)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.56.3Stable2022-10-052023-10-051.30.011NoNo
JAR ChecksumValue
MD5f58e3b5944609cb3331a54277b4bf9d6
SHA148c6bf3339693489e073cbac67ba799fbe48661f
SHA2560273a18b354b2844a48175b16fd88f02b1522281a94850a3cc6815430d9efea5
SHA5129ba1ef1ffc2f9d5d1a366b11f724bf24489e9f97c456104399b31d02b4da2903b6c1ac3903ecab862b305e530c19d12400748657cf096f35838ebab978b045e2
Docker ImageSHA256 Checksum
humio6de3bd848774503be64bc0ff6301afa5544bf379e58a8f485703d139ff13c2e1
humio-core7a15c633a82db8246a9d4a2e51bd3f802f11f7e08c53d88cb0f79a4886fd12ab
kafkae12d028592c8f92fc23413fc5c9eef903690d3f164b571d05cba3f6319101ceb
zookeeperf2e3390dd8552af9830c711f39c409f2ef668a457d377b38610e77d03f42cb2c

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.3/server-1.56.3.tar.gz

Bug fixes and updates.

Bug Fixes

  • Security

    • Update Scala to address CVE-2022-36944.

Humio Server 1.56.2 Stable (2022-09-26)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.56.2Stable2022-09-262023-09-261.3011NoNo
JAR ChecksumValue
MD5954f0d64fe9405b757c522a34c28c1cc
SHA114a5afe64517155bc6f7dd1da5d8a94ed42155a0
SHA256cd02dbf3ced3c551e13b1a39d621949770f4ade27b1c5c7f233791b339fd5aa5
SHA512a26172900cb29b89702bf2b61020850d6a24e739de046fc486e5b49b2b06296757086f00984a22d3950d70a0967105408acf8ce003bf5b8e7e2db9f8a0ba3b64
Docker ImageSHA256 Checksum
humio3d47b95b292f61d31e491ed7682d540675b62dda8693ed0a23b39a6dd55fdbba
humio-coreb13a27d6d39436469033fb8f69f5a6945283a71468ea2248c2902cb38c842501
kafkaeecc82f9fb8ad2cb7e890650ff8e20538905a33fa53da4272c0582b68d11937e
zookeeper0ab597706043240b1591e412a0b85b03737f583254148cd33bf5443039b368ad

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.2/server-1.56.2.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

  • Falcon Data Replicator

    • The feature flag for FDR feeds has been removed. FDR feeds are now generally available.

  • UI Changes

    • The Log line format type in the Event List will now render fully expanded JSON when a JSON structure starts with a square bracket or curly bracket followed by a newline.

    • It is now possible to interact directly with the JSON properties and values in the EventList.

    • Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.

    • In the Event List you can assign data types to a column field. You can now make the setting the default for a fields and the setting is remembered when even the field is added to the Event List, e.g. from the fields panel on the Search page. The button for assigning default data type to a field can be found in the Data type dropdown menu in the column headers of the event list widget. See Field Data Types.

    • It is now possible to scroll to the selected event on the Search page.

    • The event lists column header menus have been redesigned to be simpler:

      • You can now click the border between columns header in the event to fit the column to the content.

      • The Event List column Format Panel has been updated to make it easier to manage columns.

      See Formatting Columns.

  • Documentation

  • Automation and Alerts

    • When you create or edit an action it will now show a warning dialog if you have unsaved changes.

    • A major change has been made to how alert queries are run in order to better reuse live queries when nodes are restarted in a Humio cluster. Find more details at Alerts.

    • When creating new Actions, the new name will now stay when you change the Action Type without getting cleared. This also works when you want to change the New Action name while creating a New Action.

  • GraphQL API

    • Deprecates the defaultSharedTimeIsLive input field on the updateDashboard GraphQL mutation, in favor of updateFrequency.

  • Configuration

    • New dynamic configuration MinimumHumioVersion, default value is 0.0.0, that allows setting a minimum Humio version that this cluster will accept starting on. This allows protecting against inadvertently later rolling back too far for some other feature to be turned on, that has an implied minimum version for support of that feature.

    • Added environment variable ENABLE_SANDBOXES to make it possible to enable and disable sandbox repositories.

    • On cloud: added a configuration on dynamic identity providers to configure if users are allowed to be lazily created.

  • Dashboards and Widgets

    • Implemented support for widgets with a fixed time interval on dashboards.

  • Functions

    • BREAKING CHANGE: Changes to the serialization format of the Intermediate Language representation of queries.

      Description: The serialization format used to serialize the intermediate language representation of queries has changed to a JSON format. This has multiple consequences for on-prem customers. During upgrades to this version and rollbacks from this version you can expect the following:

      • Queries can be slower than usual initially as the query cache clears itself.

      • Queries may cause deserialization errors if they are run during upgrade and two or more nodes have different versions. It is recommended to block all queries upon upgrade and downgrade to and from this version and have all nodes upgrade at the same time.

    • Query functions selectFromMin() and selectFromMax() are now generally available for use.

    • Improved warning message when using groupBy() with limit=max and the limit is exceeded.

  • Other

    • Add UI for enabling and disabling social logins on the identity providers page.

    • Reduced memory usage for queries that include noResultUntilDone: true in their inputs. This reduces memory usage in queries that do "export" of an aggregate result via the Query API, as well as the "inner" queries in joins, and queries from scheduled searches.

    • Permit the first character in the field name of a field being turned into a tag to be anything. If the first character does not match [a-zA-Z] then strip that from the resulting tag name. This does not alter the set of allowed names for tags, but allows the field names being turned into tags to have any character as the leading one, e.g. permitting examples such as &path and *path as field names to turn into the tag #path.

    • With the new implementation for running alerts, alerts will now start faster after a node has been restarted, making it easier for alerts with a small search interval to be able to alert on events during the downtime.

    • It is now possible to select an entire permissions group when configuring permissions for a role.

    • When configuring SAML and OIDC for an organization, for users with the ManageOrganizations permission to enable/disable whether the IDP is Default and Humio managed.

    • Added new system permission, PatchGlobal, enabling access to the global patch API.

    • In the dialog for entering a name, when creating a new entity (Alerts, Actions, Scheduled Searches, Parsers), hitting Enter without filling out the name field will now show an error and will not let you go on to the next page.

    • In case view is not found we will try to fixup the cache on all cluster nodes.

    • When searching for queries using the Query Monitor in Cluster Administration you can now filter queries based on internal and external query IDs.

    • Added an option to make token hashing output in json format. See tokenhashing usage described at Hashed Root Access Token.

    • Allow any root user and any user with the PatchGlobal permission to use the global patch API. Previously required using the server-local special bootstraps root token, that would be valid only on the local node, thus hard to use via a load balancer.

    • Added support for writing H in place of minutes in the cron schedule of scheduled searches — see Cron Schedule Templates for details.

    • When saving a parser, validate that the fields designated as tag fields have names that are valid as tag field names. Since packages with invalid parsers cannot be installed, if you have an invalid parser in a package, you will need to edit it to keep being able to install it.

      • Added the possibility of creating a role that grants permissions on the system and organization levels from the UI.

      • Updated the flow of creating and editing roles in the Organization Settings pages.

Bug Fixes

  • Falcon Data Replicator

    • Removed the deprecated feature flag FdrFeeds

    • Fixed a bug where a dropdown for choosing a parser was not visible in a dialog when creating a new FDR feed.

  • UI Changes

    • Fixed a bug in the computation of query metadata that is used by the UI, which, for example, caused problems showing pie charts with queries containing both groupBy() and top().

  • GraphQL API

    • Fixed an error when querying for actions in GraphQL on a deleted view.

    • Marked all feature flags as preview in GraphQL, which means that once they are no longer needed, they will be removed without being deprecated first.

  • Dashboards and Widgets

    • The Apply Filter button on the dashboard correctly applies the typed filter again.

    • Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.

      Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.

    • The Single Value color threshold list could get into a state where you could not type threshold values into the four text fields.

    • Fixed an issue where wordwrap did not work in the Inspect Panel.

  • Functions

    • Fixed a recent bug which caused the category links from groupBy()-groups to be lost when a subsequent sort() was used, and also made grouping-based charts (bar, pie, heat map) unusable in such cases.

  • Other

    • Fixed an issue where the HTTP threads (Akka pool) could get blocked while sending ingest requests to Kafka, which could result in Humio HTTP endpoints not responding.

    • Fixes a bug where a placeholder would appear for the region selector on the login pages, even though it itself wouldn't be shown since it has no configured regions.

    • Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.

    • We have removed the @host field from the humio-activity logs and the #host tag from the humio-audit log, as we can no longer provide meaningful values for these. The @host field in the humio-metrics logs will remain, but its value will be changed to the vhost id (an integer number).

    • Fixed an issue with tags in Event Forwarding, so that it is now possible to filter on tags using event forwarding rules, and the tags are present in the forwarded events.

    • Fixing an issue, where the sessions of a user wasn't revoked when the user was deleted.

    • Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.

    • It is no longer possible to have an upload file action with a path in the file name. This would result in an unusable file being created.

    • Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with topOffset attribute being -1, and MiniSegmentMergeLatencyLoggerJob logging that some segments are not being merged.

    • Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.

  • Packages

    • Previously parsing packages was very strict, falling when detecting unsupported files. This is no longer the case, unsupported files will now be ignored and won't stop the package from installing.

Humio Server 1.56.1 Preview (2022-09-20)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.56.1Preview2022-09-202022-09-261.3011NoNo

Update.

Improvements, new features and functionality

  • UI Changes

    • Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.

Humio Server 1.56.0 Preview (2022-09-06)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.56.0Preview2022-09-062022-09-261.3011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • UI Changes

    • It is now possible to interact directly with the JSON properties and values in the EventList.

    • Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.

    • In the Event List you can assign data types to a column field. You can now make the setting the default for a fields and the setting is remembered when even the field is added to the Event List, e.g. from the fields panel on the Search page. The button for assigning default data type to a field can be found in the Data type dropdown menu in the column headers of the event list widget. See Field Data Types.

    • The event lists column header menus have been redesigned to be simpler:

      • You can now click the border between columns header in the event to fit the column to the content.

      • The Event List column Format Panel has been updated to make it easier to manage columns.

      See Formatting Columns.

  • Dashboards and Widgets

    • Implemented support for widgets with a fixed time interval on dashboards.

  • Functions

    • BREAKING CHANGE: Changes to the serialization format of the Intermediate Language representation of queries.

      Description: The serialization format used to serialize the intermediate language representation of queries has changed to a JSON format. This has multiple consequences for on-prem customers. During upgrades to this version and rollbacks from this version you can expect the following:

      • Queries can be slower than usual initially as the query cache clears itself.

      • Queries may cause deserialization errors if they are run during upgrade and two or more nodes have different versions. It is recommended to block all queries upon upgrade and downgrade to and from this version and have all nodes upgrade at the same time.

  • Other

      • Added the possibility of creating a role that grants permissions on the system and organization levels from the UI.

      • Updated the flow of creating and editing roles in the Organization Settings pages.

Bug Fixes

  • Falcon Data Replicator

    • Removed the deprecated feature flag FdrFeeds

  • GraphQL API

    • Marked all feature flags as preview in GraphQL, which means that once they are no longer needed, they will be removed without being deprecated first.

  • Dashboards and Widgets

    • Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.

      Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.

  • Other

    • Fixed an issue with tags in Event Forwarding, so that it is now possible to filter on tags using event forwarding rules, and the tags are present in the forwarded events.

    • It is no longer possible to have an upload file action with a path in the file name. This would result in an unusable file being created.

    • Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with topOffset attribute being -1, and MiniSegmentMergeLatencyLoggerJob logging that some segments are not being merged.

Humio Server 1.55.0 Preview (2022-08-30)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.55.0Preview2022-08-302022-09-261.3011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • UI Changes

    • It is now possible to scroll to the selected event on the Search page.

  • Automation and Alerts

    • When you create or edit an action it will now show a warning dialog if you have unsaved changes.

    • When creating new Actions, the new name will now stay when you change the Action Type without getting cleared. This also works when you want to change the New Action name while creating a New Action.

  • Functions

  • Other

    • It is now possible to select an entire permissions group when configuring permissions for a role.

    • In the dialog for entering a name, when creating a new entity (Alerts, Actions, Scheduled Searches, Parsers), hitting Enter without filling out the name field will now show an error and will not let you go on to the next page.

Bug Fixes

  • Other

    • Fixing an issue, where the sessions of a user wasn't revoked when the user was deleted.

Humio Server 1.54.0 Preview (2022-08-23)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.54.0Preview2022-08-232022-09-261.3011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • UI Changes

    • The Log line format type in the Event List will now render fully expanded JSON when a JSON structure starts with a square bracket or curly bracket followed by a newline.

  • Configuration

    • Added environment variable ENABLE_SANDBOXES to make it possible to enable and disable sandbox repositories.

  • Other

    • When configuring SAML and OIDC for an organization, for users with the ManageOrganizations permission to enable/disable whether the IDP is Default and Humio managed.

    • Added an option to make token hashing output in json format. See tokenhashing usage described at Hashed Root Access Token.

Bug Fixes

  • Functions

    • Fixed a recent bug which caused the category links from groupBy()-groups to be lost when a subsequent sort() was used, and also made grouping-based charts (bar, pie, heat map) unusable in such cases.

  • Other

    • Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.

  • Packages

    • Previously parsing packages was very strict, falling when detecting unsupported files. This is no longer the case, unsupported files will now be ignored and won't stop the package from installing.

Humio Server 1.53.0 Preview (2022-08-16)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.53.0Preview2022-08-162022-09-261.30.011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Other

    • Add UI for enabling and disabling social logins on the identity providers page.

    • Reduced memory usage for queries that include noResultUntilDone: true in their inputs. This reduces memory usage in queries that do "export" of an aggregate result via the Query API, as well as the "inner" queries in joins, and queries from scheduled searches.

    • When searching for queries using the Query Monitor in Cluster Administration you can now filter queries based on internal and external query IDs.

Bug Fixes

  • Dashboards and Widgets

    • The Apply Filter button on the dashboard correctly applies the typed filter again.

    • The Single Value color threshold list could get into a state where you could not type threshold values into the four text fields.

    • Fixed an issue where wordwrap did not work in the Inspect Panel.

  • Other

    • We have removed the @host field from the humio-activity logs and the #host tag from the humio-audit log, as we can no longer provide meaningful values for these. The @host field in the humio-metrics logs will remain, but its value will be changed to the vhost id (an integer number).

    • Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.

Humio Server 1.52.0 Preview (2022-08-09)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.52.0Preview2022-08-092022-09-261.3011NoNo

Bug fixes and updates.

Improvements, new features and functionality

  • Falcon Data Replicator

    • The feature flag for FDR feeds has been removed. FDR feeds are now generally available.

  • Documentation

  • Automation and Alerts

    • A major change has been made to how alert queries are run in order to better reuse live queries when nodes are restarted in a Humio cluster. Find more details at Alerts.

  • GraphQL API

    • Deprecates the defaultSharedTimeIsLive input field on the updateDashboard GraphQL mutation, in favor of updateFrequency.

  • Configuration

    • New dynamic configuration MinimumHumioVersion, default value is 0.0.0, that allows setting a minimum Humio version that this cluster will accept starting on. This allows protecting against inadvertently later rolling back too far for some other feature to be turned on, that has an implied minimum version for support of that feature.

    • On cloud: added a configuration on dynamic identity providers to configure if users are allowed to be lazily created.

  • Functions

    • Improved warning message when using groupBy() with limit=max and the limit is exceeded.

  • Other

    • Permit the first character in the field name of a field being turned into a tag to be anything. If the first character does not match [a-zA-Z] then strip that from the resulting tag name. This does not alter the set of allowed names for tags, but allows the field names being turned into tags to have any character as the leading one, e.g. permitting examples such as &path and *path as field names to turn into the tag #path.

    • With the new implementation for running alerts, alerts will now start faster after a node has been restarted, making it easier for alerts with a small search interval to be able to alert on events during the downtime.

    • Added new system permission, PatchGlobal, enabling access to the global patch API.

    • In case view is not found we will try to fixup the cache on all cluster nodes.

    • Allow any root user and any user with the PatchGlobal permission to use the global patch API. Previously required using the server-local special bootstraps root token, that would be valid only on the local node, thus hard to use via a load balancer.

    • Added support for writing H in place of minutes in the cron schedule of scheduled searches — see Cron Schedule Templates for details.

    • When saving a parser, validate that the fields designated as tag fields have names that are valid as tag field names. Since packages with invalid parsers cannot be installed, if you have an invalid parser in a package, you will need to edit it to keep being able to install it.

Bug Fixes

  • Falcon Data Replicator

    • Fixed a bug where a dropdown for choosing a parser was not visible in a dialog when creating a new FDR feed.

  • UI Changes

    • Fixed a bug in the computation of query metadata that is used by the UI, which, for example, caused problems showing pie charts with queries containing both groupBy() and top().

  • GraphQL API

    • Fixed an error when querying for actions in GraphQL on a deleted view.

  • Other

    • Fixes a bug where a placeholder would appear for the region selector on the login pages, even though it itself wouldn't be shown since it has no configured regions.

Humio Server 1.51.3 Stable (2022-12-21)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.51.3Stable2022-12-212023-12-211.30.011NoNo
JAR ChecksumValue
MD5905f743a0266a5a5263dab94b23bbbb5
SHA1e4e32ca0fe460e7d708418d8b42bf30939298706
SHA256d81ad776a869a90b199e405e51f71ba0861a5034045d0b17611564a689370af5
SHA51278f53b9ed42816638064fe3dc03d86e1667f13a60b45a13e32d55428ca1ecdcf88966d536224a999d95583c61390141b0d14fcb9643db80329f8a839da570e41
Docker ImageSHA256 Checksum
humio3400bf4a1e7304b5e904406d3c0ef8baa7d3feeb4a25d8b5607fc8a7fbdb2c60
humio-core7604f6e444a43be68d510023e34e2ebda393c48516f29baafd561876a5fa3c72
kafka1528fc8436b88d07d81e232ac9631a49e8d86ebe1911bf80477911262a3fe6fe
zookeeper55f5e094f8da5d9b4767b1b342b78dce32c67dc6e9112b049415dea79aa98444

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.3/server-1.51.3.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

  • Security

    • The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.

Bug Fixes

  • Security

    • Update Netty to address CVE-2022-41915.

  • Other

    • Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when version-for-bucket-writes=3. The bug did not allow to decrypt files larger than 2GB.

    • Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.

Humio Server 1.51.2 Stable (2022-10-05)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.51.2Stable2022-10-052023-10-051.30.011NoNo
JAR ChecksumValue
MD5e21bc8fda9250669b15d7d61521501f7
SHA150669930b6f27b097221b7e9a12cc9b061d70e52
SHA256aec3efe7a376ada047e813aad87cd68c43a8ea0de1cfb863190b77265b3f8d32
SHA5121b9cec3f814d207bcc49ce9c43bcfcd139f7ddfaedd293c9a20fdfee2898aa0ff5fb5c82374eef2371e31753e331e15f8a6646a0e23b326885a1105fbd6081d4
Docker ImageSHA256 Checksum
humioa63f552480e3e1ccaa22a095ff7b98efcbfc01d9e66fa7f1b40b45242226fc4en
humio-coreaf30f2076612b8e04a8c55172b3ff6cbd41d09b9be64b0267d9f8bd6d3b9efdc
kafka723d25e8ba4bfb7247c4d39021155681aefab20f584c2d7db786941aa9d1522d
zookeeper5878dbf9e32a0913da59d0b2e8dd13c5c7ba6043ba933a8b23d368f0d1241315

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.2/server-1.51.2.tar.gz

Bug fixes and updates.

Bug Fixes

  • Security

    • Update Scala to address CVE-2022-36944.

  • Dashboards and Widgets

    • Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.

      Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.

  • Other

    • Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.

    • Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with topOffset attribute being -1, and MiniSegmentMergeLatencyLoggerJob logging that some segments are not being merged.

Humio Server 1.51.1 Stable (2022-08-29)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.51.1Stable2022-08-292023-08-291.30.011NoNo
JAR ChecksumValue
MD56410ab777ec6d98066a3492f4a6b68af
SHA12b55844a4c4d5d613f091a7a753977e6b51477f4
SHA256a8beb23cfa0b00aebbd4a4a95665deedcce868c0be1de5c5383601fd55ba60f9
SHA512c37d2ee75d3b7ac4259fd453c24fa8ada18de360837ba475cf552747ac1b0b07dfce618ced2708e51ee9d66c5ff1a36081bb57a2531922930c385846ac80d73c
Docker ImageSHA256 Checksum
humio10c21dbc2eba33d4e401b0559ae0ecacfd1f80e9184b946164e674068380d286
humio-coref232ce1b182b74bb534249fbf8eba1ab41544242353e1fe4d21f69a0e6a7c190
kafka98fe1b8f3c6caadb6efb6de3e5be3215e9987f235c1134ac0e14eb8705d1d2d8
zookeeper97c571a338e94b9ecaf66c6e9625c593dff68fe62c04c1b2a1ffd44bf10d39ba

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.1/server-1.51.1.tar.gz

Bug fix.

Bug Fixes

  • Dashboards and Widgets

    • The Apply Filter button on the dashboard correctly applies the typed filter again.

  • Functions

    • Fixed a bug related to query result metadata for some functions when used as the last aggegate function in a query.

    • Fixed a recent bug which caused the category links from groupBy()-groups to be lost when a subsequent sort() was used, and also made grouping-based charts (bar, pie, heat map) unusable in such cases.

  • Other

    • Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.

    • Fixed an issue for ephemeral disk based installs where segment files could stay longer on local disks than they were required to, in cases where some nodes listed in the cluster were not alive for extended periods of time.

Humio Server 1.51.0 Stable (2022-08-15)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.51.0Stable2022-08-152023-08-151.30.011NoNo
JAR ChecksumValue
MD5af0041ec27647291086073dc83628bc2
SHA1210e924a2863c3b28d08659241c0a283482c12b8
SHA256fddcb2184d76d5cfefb2f6a02705f66764d8972fb2e664ef7115353344d05680
SHA5122b230a836e18d13a282ea28be23130897876e6cbe0bfa30a71a3795a7704255cbdf1c19eadc094cd970e58e0234c540a6b469266765d736fc6435c0a01bbda1e
Docker ImageSHA256 Checksum
humioc5db5fac0b03adf9039c31ef4ba69c49356b230b01e0eab0b16c477768dd52af
humio-core36dbe1d90534d2ca72bdadb4992397aa60d2315565ce7a3c7c272a48617cf759
kafka92de8c0d092fe5c04cc10e076a9bb183c8f3136b9813f3ae74b423ae090cb0d8
zookeeper85620182a8c5f91426e0d138ca21947975c99a16fbb00f9e7d0c0ca7a8e94d2a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.0/server-1.51.0.tar.gz

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • Deprecated enabledFeatures query. Use new featureFlags query instead.

  • The deprecated REST API for parsers has been removed.

  • The deprecated REST API for actions has been removed, except for the endpoint for testing an action.

Improvements, new features and functionality

  • Falcon Data Replicator

    • Added environment variable FDR_USE_PROXY which makes the fdr job use the proxy settings specified with: HTTP_PROXY_* environment variables.

    • FDR polling is now turned on by default. Whether FDR polling should be turned on or off on a node can be configured using the ENABLE_FDR_POLLING_ON_NODE configuration variable.

      • If an S3 file is found to be incorrectly formatted during FDR ingest, it will not be ingested completely, but an attempt is made to ingest the remaining S3 files of the SQS message.

      • If an S3 file cannot be found during FDR ingest, it will not be ingested, but an attempt is made to ingest the remaining S3 files of the SQS message.

  • UI Changes

    • The Live checkbox is now no longer checked automatically when changing the value of the time window in the Time Selector. See Expanding the Time Frame for details.

    • Toggle switches anywhere in the UI are now tabbable and can be accessed using the keyboard.

    • When editing an email action in the UI and adding multiple recipients, it is now possible to add a space after the comma in the comma-separated list of recipients.

    • Field columns now support multiple formatting options. See Formatting Columns for details.

    • If Humio fails to start because the cluster is being upgraded, a dedicated message will show when launching the UI.

    • Improved keyboard accessibility for creating repositories and views.

    • In lists of users, with user avatars containing user initials, the current user would sometimes appear to have an opening parenthesis as their last initial.

    • The design of the Time Selector has been updated, and it now features an Apply button on the dashboard page. See Time Interval Settings.

    • Add missing accessibility features to the login page.

    • The Save As... button is now always displayed on the Search page, see it described at Saving a Search.

    • New styling of errors on search and dashboard pages.

    • Adds an icon and a hint to a disabled side navigation menu item that tells the user the reason for it being disabled.

  • Documentation

    • All documentation links have been updated after the documentation site has been restructured. Please contact support, if you experience any broken links.

  • Automation and Alerts

    • Fixed a bug where an alert with name longer than 50 characters could not be edited.

  • GraphQL API

    • Improved error messaging of GraphQL queries and mutations for alerts, scheduled searches and actions in cases where a given repository or view cannot be found.

    • The GQL API mutation updateDashboard has been updated to take a new argument updateFrequency which can currently only be NEVER or REALTIME, which correspond respectively to "dashboard where queries are never updated after first completion" and "dashboard where query results are updated indefinitely".

    • Introduced new dynamic configuration LiveQueryMemoryLimit. It can be set using GraphQL. See Limits for details.

    • Introduced new dynamic configuration GroupMaxLimit. It can be set using GraphQL. See Limits for details.

    • Added a new dynamic configuration flag QueryResultRowCountLimit that globally limits how many results (events) a query can return. This flag can be set by administrators through GraphQL. See Limits for more details.

    • Added a GraphQL mutation for testing an action. It is still in preview, but it will replace the equivalent REST endpoint soon.

    • Expose a new GraphQL type with feature flag descriptions and whether they are experimental.

    • Introduced new dynamic configuration JoinRowLimit. It can be set using GraphQL and can be used as an alternative to the environment variable MAX_JOIN_LIMIT. If the JoinRowLimit is set, then its value will be used instead of MAX_JOIN_LIMIT. If it is not set, then MAX_JOIN_LIMIT will be used.

    • Introduced new dynamic configuration QueryMemoryLimit. It can be set using GraphQL. See also LiveQueryMemoryLimit for live queries. For more details, see Limits.

    • Added a new dynamic configuration GroupDefaultLimit. This can be done through GraphQL. See Limits for details. If you've changed the value of MAX_STATE_LIMIT, we recommend that you also change GroupDefaultLimit and GroupMaxLimit to the same value for a seamless upgrade, see groupBy() for details.

    • Introduced new dynamic configuration StateRowLimit. It can be set using GraphQL. See Limits for details.

    • Added preview fields isClusterBeingUpdated and minimumNodeVersion to the GraphQL Cluster object type.

  • Configuration

    • New file format for files uploaded to bucket storage that allows files larger than 2GB to be written to bucket storage. This may be turned on by setting the DynamicConfig BucketStorageWriteVersion to "3". When creating a new Humio clusters, the new format is the default. The new format is supported only on Humio version 1.41+.

    • Default value of configuration variable S3_ARCHIVING_WORKERCOUNT raised from 1 to (vCPU/4).

    • Change default value for configuration AUTOSHARDING_MAX from 16 to 128.

    • Detect need for higher autoshard count by monitoring ingest request flow in the cluster. Dynamically increase the number of autoshards for each datasource to keep flow on each resulting shard below approximately 2MB/s. New DynamicConfig for this that sets the target maximum rate of ingest for each shard of a datasource: TargetMaxRateForDatasource. Default value is 2000000 (2 MB).

    • Added a new environment variable GLOB_MATCH_LIMIT which sets the maximum number of rows for csv_file in match(..., file=csv_file, glob=true) function. Previously MAX_STATE_SIZE was used to determine this limit. The default value of this variable is 20000. If you've changed the value of MAX_STATE_SIZE, we recommend that you also change GLOB_MATCH_LIMIT to the same value for a seamless upgrade.

    • Add environment variable EULA_URL to specificy url for terms and conditions.

    • Support for KMS on S3 bucket for Bucket Storage. Specify full ARN of the key. The key_id is persisted in the internal BucketEntity so that a later change of the ID of the key to use for uploads will make Humio still refer the old keyID when downloading files uploaded using the previous key. Setting a new value for the target key results in a fresh internal bucket entity to track which files used kms and which did not. For simplicity it is recommended to not mix KMS and non-KMS configurations on the same S3 bucket.

    • New configurations BUCKET_STORAGE_SSE_COMPATIBLE that makes bucket storage not verify checksums of raw objects after uploading to an S3. This option is turned on automatically is KMS is enabled (see S3_STORAGE_KMS_KEY_ARN) but is available directly here for use with other S3 compatible providers where verfying even content length does not work.

      Mini segments usually get merged if their event timestamps span more than MAX_HOURS_SEGMENT_OPEN. Mini segments created as part of backfilling did not follow this rule, but will now get merged if their ingest timestamps span more than MAX_HOURS_SEGMENT_OPEN.

    • Added a link to humio-activity repository for debugging IDP configurations to the page for setting up the same.

    • Adds a new metric for measuring the merge latency, which is defined as the latency between the last minisegment being written in a sequence with the same merge target, and those minisegments being merged. The metric name is segment-merge-latency-ms.

    • Bucket storage now has support for a new format for the keys (file names) for the files placed in the bucket. When the new format is applied, listing of files only happens for the prefixes "tmp/" and "globalsnapshots/". This help products such a "HCP". The new format is applied only to buckets created after the DynamicConfig BucketStorageKeySchemeVersion has been set to "2". Existing cluster can start using the new format for new files by setting the DynamicConfig. The change will take effect after restarting the cluster. When creating a new Humio clusters, the new format is the default. The new format is supported only on Humio version 1.41+.

    • Improve the error message if Humio is configured to use bucket storage, but the credentials for the bucket are not configured.

    • Adds a new logger job that logs the age of an unmerged miniSegment if the age exceeds the threshold set by the env variable MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING. The default value of MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING is 2 x MAX_HOURS_SEGMENT_OPEN. MAX_HOURS_SEGMENT_OPEN defaults to 24 hours. The error log produced looks like: Oldest unmerged miniSegment is older than the threshold thresholdMs={value} miniSegmentAgeMs={value} segment={value}.

  • Dashboards and Widgets

    • Introducing the Heatmap widget that visualizes aggregated data as a colorised grid.

    • Added empty states for all widget types that will be rendered when there are no results.

    • The widget legend column width is now based on the custom series title (if specified) instead of the original series name.

    • Single Value widget new configuration: deprecated field use-colorised-thresholds in favor of color-method.

      Single Value widget Editor: the configuration option Enable Thresholds is being replaced by an option called Method under the Colors section.

    • Sorting of Pie Chart widget categories, descending by value. Categories grouped as Others will always be last.

    • When importing existing dashboard with a static Shared time, recent changes in the time selection would make those dashboards live.

    • Note widget:

      • Default background color is now Auto.

      • Introduced the text color configuration option.

    • Applied stylistic changes for the Inspect Panel used in Widget Editor.

    • The Normalize option for the World Map widget has been replaced by a third magnitude mode named None, which results in fixed size and opacity for all marks.

    • Dashboards can now be configured to not update after the initial search has completed. This mode is mainly meant to be used when a dashboard is interactive and not for wall-mounted monitors that should update continually. The feature can be accessed from the Dashboard properties panel when a dashboard is put in edit-mode. See Working in Edit Mode.

    • Single Value widget:

      • Missing buckets are now shown as gaps on the sparkline.

      • Isolated data points are now visualised as dots on the sparkline.

    • The Pie Chart widget now uses the first column for the series as a fall back option.

    • Table widgets will now break lines for newline characters in columns.

    • The Dashboard page now displays the current cluster status.

    • Pie Chart widget now uses the first column for the series as a fall back option.

    • Bar Chart widget:

      • The Y-axis can now start at smaller values than 1 for logarithmic scales, when the data contain small enough values.

      • It now has an Auto setting for the Input Data Format property, see Wide or Long Input Format for details.

      • Now works with bucket query results.

    • Better handling of dashboard connections issues during restarts and upgrades.

  • Log Collector

    • The Log Collector download page has been enabled for on-prem deployments.

  • Functions

    • The groupBy() function now accepts max as value for the limit parameter, which sets the limit to the largest allowed value (as configured by the dynamic configuration GroupMaxLimit).

    • Added validation to the field and key parameters of the join() function, so empty lists will be rejected with a meaningful error message.

    • Added validation to the field parameter of the kvParse() function, so empty lists will be rejected with a meaningful error message.

    • Improved the phrasing of the warning shown when groupBy() exceeds the max or default limit.

  • Other

    • Adds a new metric for the temp disk usage. The metric name is temp-disk-usage-bytes and denotes how many bytes are used.

    • Humio now logs digest partition assignments regularly. The logs can be found using the query class=*DigestLeadershipLoggerJob*.

    • Added a new action type that creates a CSV file from the query result and uploads it to Humio to be used with the match() query function. See Upload File.

    • Added a log of the approximate query result size before transmission to the frontend, captured by the approximateResultBeforeSerialization key.

    • All feature flags now contains a textual description about what features are hidden behind the flag.

    • Added detection and handling of all queries being blocked during Humio upgrades.

    • Fixed an issue where query auto-completion sometimes wouldn't show the documentation for the suggested functions.

    • Fix a bug that could cause Humio to spuriously log errors warning about segments not being merged for datasources doing backfilling.

    • Adds a logger job for cluster management stats it log the stats every 2 minutes, which makes them searchable in Humio.

      The logs belong to the class c.h.c.ClusterManagementStatsLoggerJob, logs for all segments contains globalSegmentStats log about singular segments starts with segmentStats.

    • Added a log line for when a query exceeds its allotted memory quota.

    • All users will not have access to the audit log or search all view by default anymore. Access can be granted with permissions.

    • Java in the docker images no longer has the cap_net_bind_service capability and thus Humio cannot bind directly to privileged ports when running as a non-root user.

    • Bump the version of the Monaco code editor.

    • The referrer meta tag for Humio has been changed from no-referrer to same-origin.

    • When unregistering a node from a cluster, return a validation error if it is still alive. Hosts should be shut down before attempting to remove them from the cluster. This validation can be skipped using the same accept-data-loss parameter that also disables other validations for the unregistration endpoint.

    • Include the requester in logs from QuerySessions when a live query is restarted or cancelled.

    • The audit log system repository on Cloud has been replaced with a view, so that dashboards etc. can be created on top of audit log data.

    • Fix a bug causing Humio's digest coordinator to allow nodes to take over digest without catching up to the current leader. This could cause the new leader to replay more data from Kafka than necessary.

    • Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.

    • Add warning when a multitenancy user is changing data retention on an unlimited repository.

    • Streaming queries that fail to validate now return a message of why validation failed.

    • Fix an unhandled IO exception from TempDirUsageJob. The consequence of the uncaught exception was only noise in the error log.

    • Improved performance of NDJSON format in S3 Archiving.

    • Add flag whether a feature is experimental.

    • Remove remains of default groups and roles. The concept was replaced with UserRoles.

    • Make a number of improvements to the digest partition coordinator. The coordinator now tries harder to avoid assigning digest to nodes that are not caught up on fetching segments from the other nodes. It also does a better job unassigning digest from dead nodes in edge cases.

    • Make BucketStorageUploadJob only log at info level rather than error if a segment upload fails because the segment has been removed from the host. This can happen if node X tries to upload a segment, but node Y beats it to the punch. Node X may then choose to remove its copy before the upload completes.

    • Added a log message with the maximum state size seen by the live part of live queries.

Bug Fixes

  • Security

    • Update Netty to address CVE-2022-24823.

    • Bump javax.el to address CVE-2021-28170.

  • Falcon Data Replicator

    • FDR Ingest will no longer fail on events that are larger than the maximum allowed event size. Instead, such messages will be truncated.

  • UI Changes

    • Prevent the UI showing errors for smaller connection issues while restarting.

    • Intermediate network issues are not reported immediately as an error in the UI.

    • Fixed a bug where the "=" and "/=" buttons did not appear on cells in the event list where they should.

    • When viewing the events behind e.g. a Time Chart, the events will now only display with the @timestamp and @rawstring columns.

    • Fix the dropdown menus closing too early on the home page.

    • Cloud: Updated the layout for license key page.

    • Fixed an issue where some warnings would show twice.

    • Websocket connections are now kept open when transitioning pages, and are used more efficiently for syntax highlighting.

  • GraphQL API

    • Fix the assets GraphQL query in organizations with views that are not 1-to-1 linked.

  • Configuration

    • Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.

      Index in block needs reading from blockwriter before adding each item.

      Fixed a bug where the @id field of events in live query were off by one.

    • Fixed a bug that could result in merging small ("undersized") segments even if the resulting segment would then have a wider than desired time span. The goal it to not produce segments that span more than the 10% of the retention setting for time for the repository. If no time-based retention is configured on the repository, then 3 times the value of configuration variable MAX_HOURS_SEGMENT_OPEN is applied as limit. For default settings, that results in 72 hours.

    • Fixed an issue where event forwarding still showed as beta.

  • Dashboards and Widgets

    • The theme toggle on a shared dashboard was moved to the header panel and no longer overlaps with any widgets.

    • The Time Chart widget regression line is no longer affected by the interpolation setting.

  • Functions

    • Fixed a bug where ioc:lookup() would sometimes give incorrect results when negated.

    • Revised some of the error messages and warnings regarding join() and selfJoin().

    • Fixed a bug where using eval as an argument to a function would result in a confusing error message.

    • Fixed a bug where the writeJson() function would write any field starting with a case-insensitive inf or infinity prefix as a null value in the resulting JSON.

  • Other

    • Fix an issue causing the event forwarding feature to incorrectly reject topic names that contained a dash (-).

    • Fix response entities not being discarded in error cases for the proxyqueryjobs endpoint, which could cause warnings in the log.

    • Fixed an issue where query auto-completion would sometimes delete existing parentheses.

    • Fix type in Unregisters node text on cluster admin UI.

    • Fix performance issue for users with access to many views.

    • Some errors messages wrongly pointed to the beginning of the query.

      • Fixed an issue where event forwarder properties were not properly validated.

      • Reduced the timeout used when testing event forwarders in order to get a better error when timeouts happen.

    • Fix an issue causing Humio to create a large number of temporary directories in the data directory.

    • Bump woodstox to address SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754.

    • Make streaming queries search segments newest-to-oldest rather than oldest-to-newest. Streaming queries do not ensure the order of exported events anyway, and searching newest-to-oldest is more efficient.

    • Fixed an issue where strings like Nana and Information could be interpreted as NaN (not-a-number) and infinity, respectively.

    • Humio will now clean up its tmp directories by deleting all "humiotmp" directories in the data directory when terminating gracefully.

      Fix a regression in the launcher script causing JVM_LOG_DIR to not be evaluated relative to the Humio base install path. All paths in the launcher script should now be relative to the base install path, which is the directory containing the bin folder.

      Fix a bug that could cause merge targets to be cached indefinitely if the associated minis had their mergeTarget unset. The effect was a minor memory leak.

      Fix a bug that could cause Humio to attempt to merge minisegments from one datasource into a segment in another datasource, causing an error to be thrown.

      When configuring thread priorities, Humio will no longer attempt to call the native setpriority function. It will instead only call the Java API for setting thread priority.

    • Improve file path handling in DiskSpaceJob to eliminate edge cases where the job might not have been able to tell if a file was on primary or secondary storage.

    • Centralise decision for names of files in bucket, allow more than one variant.

      Improved hover messages for strings.

    • Fix a bug where changing a role for a user under a repository would trigger infinite network requests.

    • Fix an issue that could rarely cause exceptions to be thrown from Segments.originalBytesWritten, causing noise in the log.

    • Fix a bug causing digesters to continue digesting even if the local disk is full. The digester will now pause digesting and error log if this occurs.

    • Fixed a bug where multiline comments weren't always highlighted correctly.

    • Fixes the placement of a confirmation dialog when attempting to change retention.

    • Update org.json:json to address a vulnerability that could cause stack overflows.

    • Upgrade Kafka to 3.2.0 in the docker images, and in the Humio dependencies.

    • Fix a bug that could cause a NumberFormatException to be thrown from ZookeeperStatsClient.

    • Fixed an issue where JSON parsing on ingest and in the query language was inefficient for large JSON objects.

    • If a segment is deleted or otherwise disappears from global while Humio is attempting to upload it to bucket storage, the upload will now be dropped with an info-level log, rather than requeued with an error log.

Humio Server 1.50.0 Preview (2022-08-02)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.50.0Preview2022-08-022022-08-151.30.011NoNo

Bug fixes and an updated dependency, released to cloud only.

Improvements, new features and functionality

  • UI Changes

    • When editing an email action in the UI and adding multiple recipients, it is now possible to add a space after the comma in the comma-separated list of recipients.

    • The design of the Time Selector has been updated, and it now features an Apply button on the dashboard page. See Time Interval Settings.

    • Adds an icon and a hint to a disabled side navigation menu item that tells the user the reason for it being disabled.

  • Documentation

    • All documentation links have been updated after the documentation site has been restructured. Please contact support, if you experience any broken links.

  • GraphQL API

    • The GQL API mutation updateDashboard has been updated to take a new argument updateFrequency which can currently only be NEVER or REALTIME, which correspond respectively to "dashboard where queries are never updated after first completion" and "dashboard where query results are updated indefinitely".

  • Dashboards and Widgets

    • Dashboards can now be configured to not update after the initial search has completed. This mode is mainly meant to be used when a dashboard is interactive and not for wall-mounted monitors that should update continually. The feature can be accessed from the Dashboard properties panel when a dashboard is put in edit-mode. See Working in Edit Mode.

  • Functions

    • Added validation to the field parameter of the top() function, so empty lists will be rejected with a meaningful error message.

    • Added validation to the field and key parameters of the join() function, so empty lists will be rejected with a meaningful error message.

    • Added validation to the field parameter of the kvParse() function, so empty lists will be rejected with a meaningful error message.

    • Improved the phrasing of the warning shown when groupBy() exceeds the max or default limit.

  • Other

    • Humio now logs digest partition assignments regularly. The logs can be found using the query class=*DigestLeadershipLoggerJob*.

    • Added a new action type that creates a CSV file from the query result and uploads it to Humio to be used with the match() query function. See Upload File.

    • Fixed an issue where query auto-completion sometimes wouldn't show the documentation for the suggested functions.

    • Streaming queries that fail to validate now return a message of why validation failed.

Bug Fixes

  • GraphQL API

    • Fix the assets GraphQL query in organizations with views that are not 1-to-1 linked.

  • Configuration

    • Fixed an issue where validation of +/- Infinity as integer arguments would crash.

    • Fixed an issue where event forwarding still showed as beta.

  • Functions

    • Fixed an issue where join() would not produce the correct results when mode=left was set.

  • Other

    • Fixed an issue where query auto-completion would sometimes delete existing parentheses.

    • Fix performance issue for users with access to many views.

    • Fix an issue causing Humio to create a large number of temporary directories in the data directory.

    • Fix an issue that could rarely cause exceptions to be thrown from Segments.originalBytesWritten, causing noise in the log.

    • Fixed an issue where JSON parsing on ingest and in the query language was inefficient for large JSON objects.

Humio Server 1.49.1 Preview (2022-07-26)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.49.1Preview2022-07-262022-08-151.30.011NoNo

Bug fixes and an updated dependency, released to cloud only.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The deprecated REST API for parsers has been removed.

Improvements, new features and functionality

  • UI Changes

    • The Save As... button is now always displayed on the Search page, see it described at Saving a Search.

  • Automation and Alerts

    • Fixed a bug where an alert with name longer than 50 characters could not be edited.

  • Functions

    • The groupBy() function now accepts max as value for the limit parameter, which sets the limit to the largest allowed value (as configured by the dynamic configuration GroupMaxLimit).

  • Other

    • Java in the docker images no longer has the cap_net_bind_service capability and thus Humio cannot bind directly to privileged ports when running as a non-root user.

    • Fix an unhandled IO exception from TempDirUsageJob. The consequence of the uncaught exception was only noise in the error log.

    • Parser installation will now be ignored when installing a package into a system repository.

    • Make BucketStorageUploadJob only log at info level rather than error if a segment upload fails because the segment has been removed from the host. This can happen if node X tries to upload a segment, but node Y beats it to the punch. Node X may then choose to remove its copy before the upload completes.

Bug Fixes

  • UI Changes

    • Fixed an issue where some warnings would show twice.

  • Functions

    • Revised some of the error messages and warnings regarding join() and selfJoin().

  • Other

    • Fixed an issue where strings like Nana and Information could be interpreted as NaN (not-a-number) and infinity, respectively.

    • Fix a bug that could cause a NumberFormatException to be thrown from ZookeeperStatsClient.

Humio Server 1.49.0 Not Released (2022-07-26)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.49.0Not Released2022-07-262022-08-151.30.011NoNo

Not released.

Humio Server 1.48.1 Preview (2022-07-19)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.48.1Preview2022-07-192022-08-151.30.011NoNo

Bug fixes and an updated dependency, released to cloud only.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • Deprecated enabledFeatures query. Use new featureFlags query instead.

  • Remove the following feature flags and their usage: EnterpriseLogin, OidcDynamicIdpProviders, UsagePage, RequestToActivity, CommunityNewDemoData.

Improvements, new features and functionality

  • UI Changes

    • The Live checkbox is now no longer checked automatically when changing the value of the time window in the Time Selector. See Expanding the Time Frame for details.

    • Updated styling on the log in pages.

    • Add missing accessibility features to the login page.

  • GraphQL API

    • Expose a new GraphQL type with feature flag descriptions and whether they are experimental.

  • Other

    • All feature flags now contains a textual description about what features are hidden behind the flag.

    • Added detection and handling of all queries being blocked during Humio upgrades.

    • Include the requester in logs from QuerySessions when a live query is restarted or cancelled.

    • Add flag whether a feature is experimental.

Bug Fixes

  • UI Changes

    • When viewing the events behind e.g. a Time Chart, the events will now only display with the @timestamp and @rawstring columns.

  • Dashboards and Widgets

    • The theme toggle on a shared dashboard was moved to the header panel and no longer overlaps with any widgets.

  • Other

    • Fix response entities not being discarded in error cases for the proxyqueryjobs endpoint, which could cause warnings in the log.

    • Fixes the placement of a confirmation dialog when attempting to change retention.

Humio Server 1.48.0 Not Released (2022-07-19)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.48.0Not Released2022-07-192022-08-151.30.011NoNo

Not released.

Humio Server 1.47.1 Preview (2022-07-12)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.47.1Preview2022-07-122022-08-151.30.011NoNo

Bug fixes and an updated dependency, released to cloud only.

Improvements, new features and functionality

  • Falcon Data Replicator

    • FDR polling is now turned on by default. Whether FDR polling should be turned on or off on a node can be configured using the ENABLE_FDR_POLLING_ON_NODE configuration variable.

  • UI Changes

    • If Humio fails to start because the cluster is being upgraded, a dedicated message will show when launching the UI.

  • GraphQL API

  • Configuration

    • Support for KMS on S3 bucket for Bucket Storage. Specify full ARN of the key. The key_id is persisted in the internal BucketEntity so that a later change of the ID of the key to use for uploads will make Humio still refer the old keyID when downloading files uploaded using the previous key. Setting a new value for the target key results in a fresh internal bucket entity to track which files used kms and which did not. For simplicity it is recommended to not mix KMS and non-KMS configurations on the same S3 bucket.

    • New configurations BUCKET_STORAGE_SSE_COMPATIBLE that makes bucket storage not verify checksums of raw objects after uploading to an S3. This option is turned on automatically is KMS is enabled (see S3_STORAGE_KMS_KEY_ARN) but is available directly here for use with other S3 compatible providers where verfying even content length does not work.

      Mini segments usually get merged if their event timestamps span more than MAX_HOURS_SEGMENT_OPEN. Mini segments created as part of backfilling did not follow this rule, but will now get merged if their ingest timestamps span more than MAX_HOURS_SEGMENT_OPEN.

  • Dashboards and Widgets

    • Applied stylistic changes for the Inspect Panel used in Widget Editor.

    • Table widgets will now break lines for newline characters in columns.

  • Other

    • Fix a bug that could cause Humio to spuriously log errors warning about segments not being merged for datasources doing backfilling.

    • Improved performance of validation of keys in tags.

    • All users will not have access to the audit log or search all view by default anymore. Access can be granted with permissions.

    • The referrer meta tag for Humio has been changed from no-referrer to same-origin.

    • The audit log system repository on Cloud has been replaced with a view, so that dashboards etc. can be created on top of audit log data.

    • Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.

Bug Fixes

  • Functions

    • Fixed a bug where using eval as an argument to a function would result in a confusing error message.

  • Other

    • Fix type in Unregisters node text on cluster admin UI.

Humio Server 1.47.0 Not Released (2022-07-12)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.47.0Not Released2022-07-122022-08-151.30.011NoNo

Not released.

Humio Server 1.46.0 Preview (2022-07-05)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.46.0Preview2022-07-052022-08-151.30.011NoNo

Bug fixes and an updated dependency, released to cloud only.

Improvements, new features and functionality

  • UI Changes

    • In lists of users, with user avatars containing user initials, the current user would sometimes appear to have an opening parenthesis as their last initial.

    • New styling of errors on search and dashboard pages.

  • GraphQL API

    • Improved error messaging of GraphQL queries and mutations for alerts, scheduled searches and actions in cases where a given repository or view cannot be found.

  • Dashboards and Widgets

    • Introducing the Heatmap widget that visualizes aggregated data as a colorised grid.

    • Added empty states for all widget types that will be rendered when there are no results.

    • The widget legend column width is now based on the custom series title (if specified) instead of the original series name.

    • Sorting of Pie Chart widget categories, descending by value. Categories grouped as Others will always be last.

    • Better handling of dashboard connections issues during restarts and upgrades.

  • Other

    • When unregistering a node from a cluster, return a validation error if it is still alive. Hosts should be shut down before attempting to remove them from the cluster. This validation can be skipped using the same accept-data-loss parameter that also disables other validations for the unregistration endpoint.

    • Fix a bug causing Humio's digest coordinator to allow nodes to take over digest without catching up to the current leader. This could cause the new leader to replay more data from Kafka than necessary.

    • Remove remains of default groups and roles. The concept was replaced with UserRoles.

    • Make a number of improvements to the digest partition coordinator. The coordinator now tries harder to avoid assigning digest to nodes that are not caught up on fetching segments from the other nodes. It also does a better job unassigning digest from dead nodes in edge cases.

Bug Fixes

  • Falcon Data Replicator

    • FDR Ingest will no longer fail on events that are larger than the maximum allowed event size. Instead, such messages will be truncated.

  • UI Changes

    • Intermediate network issues are not reported immediately as an error in the UI.

  • Configuration

    • Fixed a bug that could result in merging small ("undersized") segments even if the resulting segment would then have a wider than desired time span. The goal it to not produce segments that span more than the 10% of the retention setting for time for the repository. If no time-based retention is configured on the repository, then 3 times the value of configuration variable MAX_HOURS_SEGMENT_OPEN is applied as limit. For default settings, that results in 72 hours.

  • Functions

    • Fixed a bug where the writeJson() function would write any field starting with a case-insensitive inf or infinity prefix as a null value in the resulting JSON.

  • Other

    • Upgrade Kafka to 3.2.0 in the docker images, and in the Humio dependencies.

Humio Server 1.45.0 Preview (2022-06-28)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.45.0Preview2022-06-282022-08-151.30.011NoNo

Bug fixes and an updated dependency, released to cloud only.

Improvements, new features and functionality

  • Configuration

    • Adds a new metric for measuring the merge latency, which is defined as the latency between the last minisegment being written in a sequence with the same merge target, and those minisegments being merged. The metric name is segment-merge-latency-ms.

    • Adds a new logger job that logs the age of an unmerged miniSegment if the age exceeds the threshold set by the env variable MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING. The default value of MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING is 2 x MAX_HOURS_SEGMENT_OPEN. MAX_HOURS_SEGMENT_OPEN defaults to 24 hours. The error log produced looks like: Oldest unmerged miniSegment is older than the threshold thresholdMs={value} miniSegmentAgeMs={value} segment={value}.

  • Dashboards and Widgets

    • The Bar Chart widget now works with bucket query results.

    • Note widget:

      • Default background color is now Auto.

      • Introduced the text color configuration option.

    • The Pie Chart widget now uses the first column for the series as a fall back option.

  • Other

    • Bump the version of the Monaco code editor.

    • Added a log message with the maximum state size seen by the live part of live queries.

Bug Fixes

  • UI Changes

    • Fix the dropdown menus closing too early on the home page.

    • Websocket connections are now kept open when transitioning pages, and are used more efficiently for syntax highlighting.

  • Dashboards and Widgets

    • The Time Chart widget regression line is no longer affected by the interpolation setting.

  • Other

    • Some errors messages wrongly pointed to the beginning of the query.

    • Bump woodstox to address SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754.

    • Make streaming queries search segments newest-to-oldest rather than oldest-to-newest. Streaming queries do not ensure the order of exported events anyway, and searching newest-to-oldest is more efficient.

    • Fix a bug causing digesters to continue digesting even if the local disk is full. The digester will now pause digesting and error log if this occurs.

Humio Server 1.44.0 Preview (2022-06-21)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.44.0Preview2022-06-212022-08-151.30.011NoNo

Bug fixes and an updated dependency, released to cloud only.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The deprecated REST API for actions has been removed, except for the endpoint for testing an action.

Improvements, new features and functionality

  • UI Changes

    • Toggle switches anywhere in the UI are now tabbable and can be accessed using the keyboard.

    • Improved keyboard accessibility for creating repositories and views.

  • GraphQL API

    • Introduced new dynamic configuration flags query-memory-limit. It can be set using GraphQL. The flag replaces the environment variable MAX_MEMORY_FOR_REDUCE, so if you have changed the value of MAX_MEMORY_FOR_REDUCE, please use query-memory-limit now instead. See Limits for more details.

    • Introduced new dynamic configuration flag state-row-limit. It can be set using GraphQL. The flag can be used as an alternative to the environment variable MAX_STATE_LIMIT. If state-row-limit is set, then its value will be used instead of MAX_STATE_LIMIT. If it is not set, then MAX_STATE_LIMIT will be used.

    • Introduced new dynamic configuration flag join-row-limit. It can be set using GraphQL. The flag can be used as an alternative to the environment variable MAX_JOIN_LIMIT. If the join-row-limit flag is set, then its value will be used instead of MAX_JOIN_LIMIT. If it is not set, then MAX_JOIN_LIMIT will be used.

  • Configuration

    • Default value of configuration variable S3_ARCHIVING_WORKERCOUNT raised from 1 to (vCPU/4).

    • Added a new environment variable GROUPBY_DEFAULT_LIMIT which sets the default value for the limit parameter of groupBy(). See groupBy() documentation for details.

    • Added a link to humio-activity repository for debugging IDP configurations to the page for setting up the same.

  • Dashboards and Widgets

    • The Normalize option for the World Map widget has been replaced by a third magnitude mode named None, which results in fixed size and opacity for all marks.

    • Single Value widget:

      • Missing buckets are now shown as gaps on the sparkline.

      • Isolated data points are now visualised as dots on the sparkline.

    • The dashboards page now displays the current cluster status.

    • Bar Chart widget:

      • The Y-axis can now start at smaller values than 1 for logarithmic scales, when the data contain small enough values.

      • It now has an Auto setting for the Input Data Format property, see Wide or Long Input Format for details.

      • Now works with bucket query results.

  • Log Collector

    • The Log Collector download page has been enabled for on-prem deployments.

  • Other

    • Adds a new metric for the temp disk usage. The metric name is temp-disk-usage-bytes and denotes how many bytes are used.

    • Added a log of the approximate query result size before transmission to the frontend, captured by the approximateResultBeforeSerialization key.

    • Adds a logger job for cluster management stats it log the stats every 2 minutes, which makes them searchable in Humio.

      The logs belong to the class c.h.c.ClusterManagementStatsLoggerJob, logs for all segments contains globalSegmentStats log about singular segments starts with segmentStats.

    • Add warning when a multitenancy user is changing data retention on an unlimited repository.

    • Improved performance of NDJSON format in S3 Archiving.

Bug Fixes

  • Security

    • Update Netty to address CVE-2022-24823.

    • Bump javax.el to address CVE-2021-28170.

  • Other

    • Fix an issue causing the event forwarding feature to incorrectly reject topic names that contained a dash (-).

    • Improve file path handling in DiskSpaceJob to eliminate edge cases where the job might not have been able to tell if a file was on primary or secondary storage.

    • Fix a bug where changing a role for a user under a repository would trigger infinite network requests.

    • Fixed a bug where multiline comments weren't always highlighted correctly.

    • Update org.json:json to address a vulnerability that could cause stack overflows.

    • If a segment is deleted or otherwise disappears from global while Humio is attempting to upload it to bucket storage, the upload will now be dropped with an info-level log, rather than requeued with an error log.

Humio Server 1.42.2 Stable (2022-10-05)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.42.2Stable2022-10-052023-10-051.30.011NoNo
JAR ChecksumValue
MD5c129f5c1d5d5cf469abdfd604267b6d6
SHA1737393d0e02fc6a3e5599a20d3b7f640d0ce3347
SHA256e283e268d4d268a21f0e7fe2f6ff08582a96cb6d37dd28b020670eb3600a8e86
SHA5126cc3f4ad41b46d71ff67db7a4720e1a027583938ec1158b1fa45de8943030caf70e4b7b50dea9c42c92b3bb6d9ab335783a9b5f12dd9b79e240e4eadceac17ba
Docker ImageSHA256 Checksum
humio4a5399bb43705c9e2f95d745fd87766552d9f1ef74d459feb3e10244b958d37e
humio-core070dff4cd2a472994ad4999d36b98c1592fb6be703c9f2ae590f278dc47339e4
kafkaa5447202b222b70d6569e03668056e6059621894d3287f6d92f0e4ecbfb50a34
zookeeper6487f4600d004f1ea797a86bef307781ac8840b438c28c8405ffdfd334205f99

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.2/server-1.42.2.tar.gz

Bug fixes and updates.

Bug Fixes

  • Security

    • Update Scala to address CVE-2022-36944.

  • Other

    • Fix performance issue for users with access to many views.

Humio Server 1.42.1 Stable (2022-07-18)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.42.1Stable2022-07-182023-07-181.30.011NoNo
JAR ChecksumValue
MD50d84ae2bac065c74f033b3f510812cf6
SHA1aa21f410e29c6189b56526c42d4414398544f3e3
SHA2566b59d546a2f271d499b857b290f6c283b90282a5d9a213bc037652367f258c4d
SHA512688242a795f9526828841faabc34e59e048439a1c748842d0a0fdf8eb8dffa99ce2f5281fa1c067dbbbac3db0494af006f46d3917de4f85c73372d536a102d97
Docker ImageSHA256 Checksum
humiod83d0ea9247637ce91d2b84123659858624fe329583e1c6fe6900bd4eaa4acae
humio-core14ec97ed7bf950b0e0669627babebfb3e5ca67b38cc40d116254567ee4e9199d
kafkae9a4ee28381265a1b80071257996003a9bea0e29234a6394477d8859cb546e68
zookeeperb377e734d662fe80b4dbc6b355965694464e437a2e0855272b9652ac9225b050

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.1/server-1.42.1.tar.gz

Bug fixes and an updated dependency.

Improvements, new features and functionality

  • UI Changes

    • The Save As... button is now always displayed on the Search page.

Bug Fixes

  • Other

    • Updated dependencies to woodstox to fix a vulnerability.

    • Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.

Humio Server 1.42.0 Stable (2022-06-17)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.42.0Stable2022-06-172023-06-171.30.011NoYes
JAR ChecksumValue
MD56f0306d98c1f4931a083fe9211841ea1
SHA1afee8f0c7c705b0c6b54c5a3321cf7ed6bbfc6f2
SHA2560167bd6ae46368db74434133b9881380fd6c389c9ea35ac5612d9a643366d3ac
SHA512e66acd012641e19d6c8c7613a56302c66138902912eb3aaa2157fef4199b6e77b20367be49bd90f2b430573b6317bd7214600436edfaf52cbffc108c0c414fd6
Docker ImageSHA256 Checksum
humio37cb34cccd8e0b749308f96bc49cd67c92ca6af537e5c01cec0ecf4d26d2712f
humio-core958fc373d5cf0da75861981cbf6fb3cead3c41388480d72b4bb7ad85734bc0cd
kafkaaea9942f9b789b058984dc348fa91657c8be210ad9d6f85ed8e0fdd6f09e408d
zookeeperd52cd8f48f55cf09db7426a746b536face085b8b919ed1cdc1ce57f7e74d450e

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.0/server-1.42.0.tar.gz

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The Feature Flag, CookieAuthServerSide, has been deprecated as cookie authentication is now enabled by default. Instead, the configuration field ENABLE_BEARER_TOKEN_AUTHORIZATION has been introduced.

  • The local disk based backup feature described at Making Back-Ups is deprecated, and is planned for removal in September 2022. We have found that restoring backups using this feature is difficult in practice, it is not commonly used, and the backup/restore functionality is covered by the bucket storage feature as well. For these reasons, we are deprecating this feature in favour of bucket storage.

    The DELETE_BACKUP_AFTER_MILLIS configuration parameter, which controls the delay between data being deleted in Humio and removed from backup, will be retained, since it controls a similar delay for bucket storage. Customers using local disk based backups should migrate to using bucket storage instead. Systems not wishing to use a cloud bucket storage solution can keep backup support by instead installing an on-prem S3- or GCS-compatible solution, such as MinIO.

Improvements, new features and functionality

  • Falcon Data Replicator

    • Added the fdr-invisible-message-count metric, which contains the approximate number of invisible messages on an FDR feed's SQS queue.

    • Improved error logging, when an FDR feed fails to download data from an S3 bucket. It now clearly states when a download failed because the S3 bucket is located in a different region than the SQS queue.

    • Added the fdr-message-count metric, which contains the approximate number of messages on an FDR feed's SQS queue.

  • UI Changes

    • The Format Panel is now available for changing the style of the data displayed in the Event list — see Changing the Data Display.

    • Both the Scatter Chart and the Bar Chart widgets now support automatically adding/toggling axis and legend titles based on the mapped data.

    • The Fields Panel now enables you to fetch fields beyond those from the last 200 events — see Adding and Removing Fields.

  • Configuration

    • Improve the error message if Humio is configured to use bucket storage, but the credentials for the bucket are not configured.

  • Dashboards and Widgets

    • The Single Value widget is now available. Construct a query which returns any single value, or use the timeChart() query function to create a single-value widget instance with sparkline and trend indicators.

    • The Gauge widget is being deprecated in favour of the Single Value widget. Configurations of the former widget are compatible with the latter. This means that persisted configurations of the Gauge widget (url / dashboard widgets / saved queries / recent queries) are still valid, but are visualised using the Single Value widget instead.

  • Log Collector

    • The Humio Log Collector can now be downloaded from the Organizational Settings page, see the Log Collector Documentation for a complete list of the supported logs formats and operating systems.

  • Functions

    • worldMap() will warn about licensing issues with IP database.

    • sankey() now accepts more weight functions such as anonymous functions and the percentile() function.

    • ioc:lookup() would sometimes give incorrect results when negated.

    • worldMap() accepts more magnitude functions, anonymous functions and the percentile() function.

  • Other

    • Fixed an issue that if download of IOCs took more than an hour, Humio would indefinitely start a new download every hour which would eventually fail.

    • Logging to the humio-activity repository is now also done for events in sandbox repositories.

    • Ensured that errors during view tombstone removal are logged and don't prevent the RetentionJob from performing other cleanup tasks.

    • Fixed an issue where Humio's Zookeeper monitoring page would show X/0 followers in sync.

    • Email actions can now add the result set as a CSV attachment.

    • When cleaning up a deleted data space, don't error log if two nodes race to delete the data space metadata from global.

    • Fixed an issue where a scheduled search could trigger actions multiple times for the same time period if actions took a long time to finish.

    • Fixed an underlying bug causing addToExistingJob did not find the existing job to be error logged unnecessarily. Humio may decide to fetch a segment from bucket storage for querying. If this decision is made right as the query is cancelled, Humio could log the message above. With this fix, Humio will instead skip downloading the segment, and not log the error.

    • Specifying a versionless packageId will load the newest version of that package.

Humio Server 1.40.0 Stable (2022-05-12)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.40.0Stable2022-05-122023-05-121.30.011NoYes
JAR ChecksumValue
MD58a733e1201103eeef32e63b0bf4c8977
SHA15b217fb48f1b5684330ec70fc5d20d322b0a75f8
SHA2568838d422459feb6a56d1f15578c581fec7983165635fb4e74f312c2cc4da8046
SHA51294bb617a37475918313decc3bf56696890c90d3e3f91de78dccb9431fee0b1bba8d90f60f0d591f5acbea7c6e09c5cb57ddf95fba088a34efc92a0899ac4aef9
Docker ImageSHA256 Checksum
humio7c9b77b32fc84e31ecc57461ae3e8bfac9b584fb6fb3af0b909bd7e05903d0d8
humio-core9326081840d3f852df54702c9d5e72ea492d49c55aab51ed83b1b234439c4ec7
kafka344a06f56ada7ea9af2c7c5d146fa07f6fda87be750a7283e6f753189b42a0b5
zookeeper42cdbca9d0ce73516a27beda618390a40db3e086580ce3d6ab2779c1952980ee

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.40.0/server-1.40.0.tar.gz

1.40 REQUIRES minimum version 1.30.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.30.0+ first. After running 1.40.0 or later, you cannot run versions prior to 1.30.0.

Behavior Changes

Scripts or environment which make use of these tools should be checked and update for the new configuration:

  • The selfJoin() query function was observed to cause memory problems, so we have set a limit of .0.0 output events (there was previously no bound). This limit can be adjusted with the GraphQL mutation setDynamicConfig with config flag SelfJoinLimit. A value of -1 returns selfJoin to its old, unbounded version.

Improvements, new features and functionality

  • Falcon Data Replicator

    • Fixed an issue where exceptions in FDR were not properly logged.

    • The static configuration variable ENABLE_FDR_POLLING_ON_NODE is no longer supported, as its functionality has been replaced with the dynamic configurations listed above.

    • Introduced dynamic configuration options for changing FDR polling behaviour at runtime. FDR polling is not enabled by default, so you should take care to set up these new configurations after upgrading, or you will risk that your FDR data isn't ingested into Humio before it is deleted from Falcon.

    • It is now possible to test an FDR feed in the UI, which will test that Humio can connect to the SQS queue and the S3 bucket.

    • Using the dynamic configuration option FdrMaxNodes, administrators can put a cap on how many nodes should at most simultaneously poll data from the same FDR feed. Defaults to 5 nodes.

    • Using the dynamic configuration option FdrExcludedNodes, administrators can now exclude specific nodes from polling from FDR. Defaults to the empty list, so all nodes will be used for polling.

    • Using the dynamic configuration option FdrEnable, administrators can now turn FDR polling on/off on the entire cluster with a single update. Defaults to false.

  • UI Changes

    • Improvements to the Sankey Diagram widget, it now has multiple style options; show/hide the y-axis, sorting type, label position, and colors plus labels for series.

    • Keep empty lines in queries when exporting assets as templates or to packages.

    • Added style options to either truncate or show full legend labels in widgets.

    • The widget dropdown can now be navigated with the keyboard.

    • Introducing the new Scatter Chart widget (previously known as XY):

      • It supports long data format (one field for the series name and one field for the y values) as well as wide format (one field per series value).

      • You can now visualize data in the Scatter Chart when queried with the timeChart(), bucket() and groupBy() functions, as well as the table() function like before.

    • Syntax highlighting for XML, JSON and accesslog data now uses more distinguishable colors.

    • Added support in fieldstats() query function for skipping events. This is used by the UI, but only in situations where we know an approximate result is acceptable and where processing all events would be too costly.

    • The @timestamp column is now allowed to be moved amongst the other columns in the event list.

    • When using a widget that is not compatible with the current data, the Reset Widget Type button now works again.

    • Improvements to the Pie Chart widget, it now has a max series setting similar to the Time Chart widget.

    • Events with JSON data can now be collapsed and expanded in the Json panel.

  • GraphQL API

    • Removed the following deprecated GraphQL fields: UserSettings.settings, UserSettings.isEventListOrderChangedMessageDismissed, and UserSettings.isNewRepoHelpDismissed.

    • Marked experimental language features as preview in GraphQL API.

    • It is now possible to refer a parser by name when creating an ingest token or assigning a parser to an existing ingest token using the GraphQL API mutations addIngestTokenV3 and assignParserToIngestTokenV2. The old mutations addIngestTokenV2 and assignParserToIngestToken have been deprecated.

    • Added a new GraphQL mutation to rename views or repositories by ID.

    • It is now possible to refer a parser by name when creating or updating an ingest listener using the GraphQL API mutations createIngestListenerV3 and updateIngestListenerV3. It is now also possible to change the repository on an ingest listener using updateIngestListenerV3. The old mutations createIngestListenerV2 and updateIngestListenerV2 have been deprecated.

    • Added a GraphQL mutation deleteSearchDomainById that deletes views or repositories by ID.

    • Added two new organization level permissions: DeleteAllRepositories and DeleteAllViews that allow repository and view deletion, respectively, inside an organization.

    • The GraphQL queries and mutations for FDR feeds are no longer in preview.

    • Removed the deprecated clientMutationId argument from the GraphQL mutation updateSettings.

    • Changed permission token related GraphQL endpoints to use enumerations instead of strings.

  • Configuration

    • Amended how Humio chooses segments to download from bucket storage when prefetching. If S3_STORAGE_PREFERRED_COPY_SOURCE is false, the prefetcher will only download segments that are not already on another host. Otherwise, it will download as many hosts as necessary to follow the configured replication factor. This should help avoid excessive bucket downloads when nodes in the cluster have lots of empty disk space.

    • Added a new config NATIVE_FADVICE_SUPPORT (default true) to allow turning off the use of fadvice internally.

    • Added a new config NATIVE_FALLOCATE_SUPPORT (default true) to allow turning off the use of fallocate and ftruncate internally.

    • Added a new configuration variable BUCKET_STORAGE_TRUST_POLICY for the dual-bucket use case. This setting configures which bucket is considered the "trusted" bucket when two buckets are configured, which impacts when Humio considers data to be safely replicated. Supported values are Primary for trusting the primary bucket, Secondary for trusting the secondary bucket, TrustEither for considering data safely replicated if it is in either bucket, and RequireBoth for considering data safely replicated only if it is in both buckets. This config replaces the BUCKET_STORAGE_2_TRUSTED configuration, true in the old configuration equates to Secondary in the new configuration. The default value of the new configuration is Secondary.

    • Require that {S3/GCS}_STORAGE config must be set before {S3/GCS}_STORAGE_2 is set.

    • Validate block CRCs before uploading segment files to bucket storage. Can be disabled by setting VALIDATE_BLOCK_CRCS_BEFORE_UPLOAD to false.

  • Dashboards and Widgets

    • Improvements to the Bar Chart widget:

      • Added style options to name the x and y axis.

      • Added option for interpreting the resulting query data as either wide or long format data.

      • Added option to set a max label length for the x-axis, instead of the bottom padding option. With auto-padding and this style option, it is easier to fit the wanted information in the view.

      • It is now possible to configure bar charts to have a logarithmic y axis.

      • Introduced the stacked bar charts option.

      • It no longer has an artificial minimum height for bars, as this may distort at a glance interpretations of the chart.

      • It no longer has sorting by default, which means that the order will be identical to the query result. You can now sort the x axis of the bar chart by using the sort() query function, if sort by series in the style options is not set.

      • It now has a max series setting similar to the Time Chart widget.

    • Improvements to the Time Chart widget:

      • It now has an option to show the underlying data points, which makes it possible to inspect the behaviour of the different interpolation methods.

      • Trend lines can now be added in the chart.

    • Introducing the Single Value widget. Construct a query which returns any single value, or use the timeChart() query function to create a single-value widget instance with sparkline and trend indicators.

  • Functions

    • The findTimestamp() function now supports date formats like 23FEB2022, that is date, literal month and year without any separators in between. Other formats still require separators between the parts.

  • Other

    • Added more visibility on organization limits when changing the retention settings on a repository.

    • When calculating the starting offset in Kafka for digest, Humio will now trust that if a segment in global is listed as being in bucket storage, that segment is actually present in bucket storage. Humio no longer double checks by asking bucket storage directly.

    • Fixed a bug with UTF-8 serialization of 4-byte codepoints (emojis etc.).

    • Fixed a race condition between nodes creating the merge result for the same target segment, and also transferring it among the nodes concurrently. If a query read the file during that race, an in-memory cache of the file header might hold contents that did not match the local file, resulting in Broken segment warnings in queries.

    • It is no longer possible to delete a parser that is used by an ingest listener. You must first assign another parser to the ingest listener.

    • It is now validated, that the parser supplied when creating or updating an ingest listener, exists.

    • Improved the flow of creating a blocked query.

    • If the query scheduler attempts to read a broken segment file, it may be able to fetch a new copy from bucket storage in some cases. Humio will now only allow this if it can be guaranteed that no events from the broken segment have been added to the query result. Otherwise the query will receive a warning.

    • Fixed an issue where non-default log formats such as log4j2-json-stdout.xml that logs to STDOUT were not fully in control of their output stream, as log entries of level ERROR were also printed directly to stderr from within the code. The default log4j2 configuration now includes a Console appender that prints errors to stdout, achieving the same result, while allowing the other formats to fully control their output stream.

    • Added a feature that allows regular users with delete permissions on cloud to rename views and repositories.

    • It is now possible to create a view with the same name as a deleted view.

    • Fixed an issue when using bucket storage alongside secondary storage, where Humio would download files to the secondary storage but register them as present in the primary. It will now download and register them as present on the secondary storage.

    • Updating alert labels using the addAlertLabel and removeAlertLabel mutations now requires the ChangeTriggersAndActions permission.

    • Fixed an issue where Filebeat 8.1 would not be compatible unless output.elasticsearch.allow_older_versions was set to true.

    • Fixed an issue where Filebeat 8.0 would not be compatible unless setup.ilm.enabled was set to false.

    • Improved the phrasing of some error messages.

    • Added a feature that allows deletion of repositories and views on cloud.

    • Made changes to Humio's tracking of bucket storage downloads. This should avoid some rare cases where downloads could get stuck.

    • Fixed bugs related to repository deletes.

    • Fixed an issue where the UI would not detect parameters in a query when using saved queries from a package.

    • Fixed an issue where NetFlow parsing would crash if it received an options data record.

    • The query scheduler improperly handled regex limits being hit, it should result in a warning on the query. In some cases it was handled by retrying the segment read.

    • It is no longer possible to create ingest listeners on system repositories using the APIs. Previously, it was only prohibited in the UI.

    • During ingest, if an event has too many fields we now sort the fields lexicographically and remove fields from the end. Before, there was no system to which fields were retained, it was effectively random.

    • Fixed an issue where audit logging of alerts, scheduled searches and actions residing on views would yield incomplete or missing audit logs.

    • It is no longer possible to use experimental functions in Alerts, Parsers, and Event Forwarding. They are now only available on the search page.

    • Humio is now more strict during a Kafka reset to avoid global desyncs. Only one node will be allowed to boot on the new epoch, remaining nodes won't be allowed to use their snapshots, and will need to fetch a fresh global snapshot from that node.

    • Fixed an issue that could cause an exception to be thrown in the ingest code if digest assignment changed while a local segment file being written was still empty.

    • When logging Kafka consumer and producer metrics, Humio will now log repeated metrics like records-lag-max once per partition, with the partition specified in the partition field.

    • Fixed an ingest bug where sometimes we wouldn't turn event fields into tags if we fell back to using the key-value parser. Now we always turn fields into tags.

    • Reduced the amount of time Humio will spend during shutdown waiting for in-progress data to flush to disk to 60 seconds from 150 seconds.

    • Improved distribution onto partitions of tag combinations (datasources) that are affected by auto sharding, resulting in less collisions.

    • Fixed an issue where download of IOCs from another node in the cluster could start before the previous download had finished, resulting in too many open connections between nodes in the cluster.

    • Added support for restoring deleted repositories and views when using bucket storage. See Delete a Repository or View.

    • Fixed an ingest bug where, when truncating an event with too many fields, we wouldn't count error fields, leading to the event still being larger than the maximum size.

    • Fixed an issue where OrganizationStatsUpdaterJob would repeatedly post the error com.humio.entities.organization.OrganizationSingleModeNotSupported: Not supported when using organizations in single mode when the cluster was configured for only one organization.

    • Improved performance of formatting action messages, when the query result for an alert or scheduled search contains large events.

    • Fixed an issue where some errors showed wrong positions in the search page query field.

    • Fixed an issue that links in alerts from OpsGenie actions were not clickable.

    • Added humio-token-hashing.sh to the Humio bin directory. This invokes a utility for generating root tokens.

    • Fixed a bug where accessing a csv file with records spanning multiple lines would fail with an exception.

    • Renamed the Humio tarball distribution to humio-1.39.0.tar.gz instead of humio-release-1.39.0.tar.gz. The file now contains a directory named humio-1.39.0 instead of humio-release-1.39.0.

    • Fixed an issue that could cause creation of two datasources for the same tag set if messages with the same tags happened to arrive on different Kafka partitions.

    • When Humio detects multiple datasources for the same set of tags, it will not deduplicate them by selecting one source to keep and marking the others replaced.

    • Fixed an issue that could cause the query scheduler to erroneously retry searching a bucketed segment.

    • Added humio-decrypt-bucket-file.sh to the Humio bin directory. This invokes a utility for decrypting files downloaded from bucket storage.

    • Ingest listeners are now only stopped, not deleted, when a user deletes a repository. If the repository is restored, the ingest listener will be restarted automatically. When it is no longer possible to restore the repository, the ingest listener will be deleted.

    • When shared dashboards are disabled or become inaccessible because of IP filters, they will now be completely unreachable, and any dashboards already open will show an informative error message.

    • Webhook action has been updated to only allow the following HTTP verbs: GET, HEAD, POST, PUT, PATCH, DELETE and OPTIONS.

    • Fixed how relative time is displayed.

    • Adding and removing queries from the query blocklist is now audit logged as two separate audit log event types, query-blocklist-add and query-blocklist-remove, rather than the single event type blocklist.

    • Improved distribution of new autosharded datasources.

    • Fixed an issue where an exception in rare cases could cause ingest requests to fail intermittently.

    • Fixed duplicate Change triggers and actions entry in view permission token page.

    • Fixed an ingest bug where, under some circumstances, we would reverse the order of events in a batch.

    • Fixed an ingest bug where if multiple types of errors occurred for an event we would only add error fields describing one of them. Now we always report all errors.

    • The REST API for ingest listeners has been deprecated.

    • Fixed an ingest bug where we might discard @timezone and @error fields in events with too many fields. Now we always retain those and only discard other fields.

    • Fixed a caching-related issue with groupBy() in live queries that would briefly cause inconsistent results.

    • Fixed an issue where the set-replication-defaults config endpoint could attempt to assign storage to nodes configured not to store segments.

    • Webhook action now includes the 'Message Body Template' for PATCH and DELETE requests as well if it is not empty.

    • Create, update and delete operations on ingest listeners are now always audit logged. Previously, they were only logged when performed through the REST API. Also, the audit log format has been updated to be similar to the format of other assets. Look for events with the type field set to ingestlistener.create, ingestlistener.update, and ingestlistener.delete.

    • Fixed an issue where query cancellation could in rare cases cause the query scheduler to throw exceptions.

    • Added a new system-level permission allowing changing the user name of a user.

    • Automatic system removals of queries expired from the blocklist are now audit logged as well.

    • Humio will now periodically log node configs to the debug log, in addition to the existing log of config on node boot. These logs will come from com.humio.jobs.ConfigLoggerJob.

Humio Server 1.38.2 Stable (2022-06-13)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.38.2Stable2022-06-132023-06-131.26.011NoNo
JAR ChecksumValue
MD5c00de7af24633422654b3d16a764d753
SHA16c3043c27e5c7b3c7353f0f0e5e3e5b876319314
SHA2566770856e5dcf19eee5384eecc40617fed15d92e2c2872ff7432f63bf43867c4a
SHA5127660d46ca1700336ce6fd2390e4b6de5b15963693499a6313513ff63ee9cedb6f99e1f595465ae3b1c420d0ba9b4626abe0ba81450f3bd7e92d528b0b1f51c6d
Docker ImageSHA256 Checksum
humio1290b8e98ae3553b092879867a433077a1eb7ff626c989d01d14f71218644072
humio-core4a9c5aa23b7842034e34dda4aaffcb12f6f23a8e1c2cf04933b44a8cdafbe74d
kafka04d14b84378ac9f6787af1b8477a0d2cbd6979da283bde177470d1af85a01637
zookeeper46aa8bbcaa2c64cfa7afdb6e07df0783658b4983a6727ca6670989364e687477

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.2/server-1.38.2.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

  • Security

    • Updated dependencies to fix vulnerabilities to CVE-2021-22573.

  • Summary

    • Updated java script dependencies to fix vulnerabilities.

Humio Server 1.38.1 Stable (2022-04-27)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.38.1Stable2022-04-272023-04-271.26.011NoNo
JAR ChecksumValue
MD5fcaf2c288bd1f7c0fbc63deca59aa53d
SHA1aec8d78eb49ee4954f2e542f614c89595da0ec39
SHA256d31c13fcecfd380562faddb7ba4662484aa2254f1f0f54591241341870c7ae83
SHA51298134b241d67029255018c24032897623e91a3f54627c53e1c801bd4528b9ea13ab48abe328f2b76f40048bf4cb7dd45480a9398f6bd8dea4edb5db1d296b3da
Docker ImageSHA256 Checksum
humio2d33f1706e053414996c9ac5d3533a15b637d3b321ad91362ac1a2fb4e54d722
humio-core7c1a2c853c4d7c348cfe948340a0f4101eb92a9ce365943897bf6c34cf393312
kafkae3fc06aca9f5df2e628fb6a2b78c39aaf1c1b682728eb74bbd87d018aa83b49a
zookeeper73746eff47c136fc01bf5898c4fecf43d459d3f103ccd29e10edf2ce7c79255d

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.1/server-1.38.1.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

  • Summary

    • Updated dependencies to Jackson to fix a vulnerability.

    • Updated java script dependencies to fix vulnerabilities.

  • Other

    • Use latest version of Alpine on Docker image.

    • Use latest version of Java 1.13 on Docker image.

Humio Server 1.38.0 Stable (2022-03-15)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.38.0Stable2022-03-152023-03-151.26.011NoYes
JAR ChecksumValue
MD583afa7f6d2c55efbb88387474efd1264
SHA15587c3365fcfb22e1a45ea96b9503497b705125e
SHA256357591952ed12d0d9f93b084cff4b0ff6848d7a464071ff27edee9f921e23174
SHA5127a88658b07d69f6a2fe151da8fe94ebfe0a1259ffa48c45df6154dcce4f6453fac8f78087cefdf869fb6322fa4e31a01f830d9db998293ebeabb0f2c8e3e5cfb
Docker ImageSHA256 Checksum
humio9cd0f6a91b150bb51f9407451bd70c40dc49f730f76840e061a6570008d88453
humio-corecff83e3a3ea8c455040ca31d4e8071a0f1c80be894fdde4cad768e69e1c449e5
kafkad960ac292f781baa54c1388f4bbc94c77c1ae06b94a082a214777844f1435120
zookeeperb2ab322170bfab4d221f6f5e4a4cca5751b2d97bcf75d451de4d24a00c775206

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.0/server-1.38.0.tar.gz

Humio can now poll and ingest data from the Falcon platform's Falcon Data Replicator(FDR) service. This feature can be used as an alternative to the standalone fdr2humio project. See the Ingesting FDR Data for more information.

Improvements, new features and functionality

  • Falcon Data Replicator

    • Improved performance of FDRJob.

  • UI Changes

    • Added a quick-fix for unknown escape sequences in the search field.

    • First row entry in the statistics table on the repo page is now a table header and added hidden content to the empty table header in the new view page.

    • Pop-ups and drop-downs will now close automatically when focus leaves them.

    • Hover over parameter names and arguments in the search field now includes the default value.

    • On the time, bar and pie charts you can hold the ALT/OPTION key to display long legend titles.

    • The search page now has focus states on the Language Syntax, Event List Widget and Save As buttons.

    • Reworked the hover message layout and changed the hover information on text (in the search field).

    • The bar and pie charts now support holding the SHIFT key to display unformatted numeric values.

    • Hover information in the search field is shown despite an overlapping warning.

    • When changing focus inside a dialog with the keyboard, the focus will no longer move outside the dialog while it is open.

    • The Cluster Nodes table has been redesigned to allow for easier overview and copying the version-number.

    • Fixed an issue where queries with tail() would behave in an unexpected manner when an event is focused.

    • Visually hidden clipboard field is now hidden for assistive technologies/keyboard users.

    • Better accessibility for queries panel. You can now tab to focus individual queries, and open a details panel. From here you can also access all actions in the details panel by tabbing.

    • Fixed a bug where the Package Marketplace would redirect to unsupported package versions on older Humio instances.

    • Added a warning for unknown escape sequences in the search field.

    • When using the table visualisation in dark mode, empty table cells are now clearly discernible.

    • Added a quick-fix to convert non-ASCII quotes to ASCII quotes in the search field.

    • Minor UX improvements (ie. accessibility) on the queries panel.

  • GraphQL API

    • The PERMISSION_MODEL_MODE config option has been removed. All graphql related schema has also been removed.

    • Deprecates the ReadContents view action, in favor of ReadEvents. This also means ReadEvents has been undeprecated, as we have slightly changed how we consider read rights, and want the action names to match this.

    • Fixed a bug in the response from calling the installPackageFromZip graphql mutation. Previously the response type exposed a deprecated clientmutationid that could not be selected. Also now if form fields are missing they are properly reported in the response.

  • Configuration

    • Added config IP_FILTER_RDNS for specifying what IP addresses can be queried using the rdns query function.

    • The Property inter.broker.protocol.version in kafka.properties now defaults to 2.4 if not specified. Users upgrading Kafka can either set inter.broker.protocol.version manually in kafka.properties, or pass DEFAULT_INTER_BROKER_PROTOCOL_VERSION as an environment variable to Docker when launching the container. Please follow Kafka's upgrade guidelines when upgrading a Kafka cluster to avoid data loss https://kafka.apache.org/documentation/#upgrade_3_1_0.

    • Added config IP_FILTER_RDNS_SERVER for specifying what DNS servers can be allowed in the rdns() query function.

    • Added config RDNS_DEFAULT_SERVER for specifying what DNS server is the default for the rdns query function.

    • Added new configuration NATIVE_FADVICE_SUPPORT (default true) to allow turning off the use of fadvice internally.

    • Added the config CORS_ALLOWED_ORIGINS a comma separated list for CORS allowed origins, default allows all origins.

    • Fixed a bug where TLS_KEYSTORE_TYPE and TLS_TRUSTSTORE_TYPE would only recognize lower-case values.

    • Added new settings for how uploads to bucket storage are validated. In the case that validation with etags are not available, content length can be used instead.

    • Added new configuration NATIVE_FALLOCATE_SUPPORT (default true) to allow turning off the use of fallocate and ftruncate internally.

    • When Kafka topic configuration is managed by Humio (default true) set max.message.bytes on the topics to the value of Config TOPIC_MAX_MESSAGE_BYTES, default is 8388608 (8 MB). Minimum value is 2 MB.

    • Reduce default value of INGESTQUEUE_COMPRESSION_LEVEL, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.

  • Functions

    • Fixed an issue where tail() could produce results inconsistent with other query functions, when used in a live query.

  • Other

    • Fixed an issue where live queries would sometimes double-count parts of the historic data.

    • Fixed several issues where users could add invalid query filters via the Add filter context button after selecting text in the Event List.

    • Fixed an ingest bug where under some circumstances we would reverse the order of events in a batch.

    • Fixed a bug in the Sankey chart such that it now updates on updated query results.

    • Fixed an issue with epoch and offsets not always being stripped from segments.

    • Improved the performance of deletes from global.

    • Previously a package could be updated with another package with the same name and version, but with different content. This is no longer allowed, and any attempt do so will be rejected and fail.

    • Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.

    • Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.

    • Fixed a compatibility issue with LogStash 7.16+ and 8.0.0 when using the Elasticsearch output plugin.

    • Fixed an issue where users could be shown in-development feature on the client when running a local installation of Humio.

    • Fixed a compatibility issue with FileBeat 8.0.0.

    • Added tombstoning to uploaded files, which helps with avoiding data loss.

    • Ensure only a cluster leader that still holds cluster leadership can force digesters to release partition leadership. This could cause spurious reboots in clusters where leadership was under contention.

    • Ensure a digester can only acquire or release partition leadership if no other digester has leadership of that partition. This could cause spurious reboots if digester leadership became contended.

    • Fixed an issue where negated functions could lose their negation.

    • Fixed an issue where top(max) could throw an exception when given values large enough to be represented as positive infinity.

    • Added a new system-level permission that allows changing usernames of users.

    • Fixed an issue where percentile() would crash on inputs larger than ~1.76e308.

    • Warn at startup if CORES > AvailableProcessorCount as seen by the JVM.

    • During identity provider configuration, it's possible to fetch SAML configuration from an endpoint.

    • During Digest startup, abort fetching segments from other nodes if the assigned partition set changes while fetching.

    • Fixed a bug where providing a bad view/repository name when blocking queries would block the query in all views and repositories.

    • LSP warnings don't crash queries any more.

    • Allow cluster managers access to settings for personal sandboxes and to block and kill queries in them.

    • Do not run the Global snapshot consistency check on stateless ingest nodes.

    • Fixed a bug where the Add Column button on the Fields panel would do nothing

    • For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.

    • Published new versions of the Humio Kafka Docker containers for Kafka 3.1.0.

    • Upgrades the Kafka client to 3.1.0 from 2.8.1. 3.1.0 enables the idempotent producer by default, which implies acks=all. Clusters that set acks to a different number via EXTRA_KAFKA_CONFIGS_FILE should update their config to also specify enable.idempotence=false

Humio Server 1.37.1 Preview (2022-02-25)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.37.1Preview2022-02-252022-03-151.26.011NoNo
JAR ChecksumValue
MD5e46117f38ef25afde602a458e5266b4b
SHA13b0f5a30a7918a5f08ae8492bf855fadfc36fb90
SHA256014420dfb22f8521a687eac1179c528afe0477fbb9284dc5381d9f91fd5329d1
SHA512ee13258be363f1b2103b864517ea4b9de9d6a78dcee0c4fcba95af2ea873dacebb298f6410f12cf68ecde3d17210256f85713ada7f5988726dc4440f5fbeee21
Docker ImageSHA256 Checksum
humioe131f664f67e5ce98a397431b1f1a9d3c134d47dd24a24ed8ad76ae9e6d79eb0
humio-coree0de42791dd3e83c2aa9bea871cb6e7a62bf51c835de2142adfd51aa863625a3
kafka9ab50e070047406cd6316fa2017d15ca24caa6e7a9b20ba741114b9cc1c3feec
zookeeper47aa1a18a57652f156406021dc61f8bb1042bc2bd23c89e715e14a8be4fb07f9

Minor fixes and improvements.

Improvements, new features and functionality

  • Falcon Data Replicator

    • Improved performance of FDRJob.

  • Other

    • Added a new system-level permission that allows changing usernames of users.

    • Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.

Bug Fixes

  • Other

    • Fixed an issue where QueryFunctionValidator failed giving the error scala.MatchError.

    • Fixed an issue where some queries using regex would use an unbounded regex engine.

    • Fixed an issue where users could be shown in-development feature on the client when running a local installation of Humio.

Humio Server 1.37.0 Preview (2022-02-14)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.37.0Preview2022-02-142022-03-151.26.011NoYes
JAR ChecksumValue
MD5f5c25eee6d9efb0ddf9d86ca74c84a3c
SHA16026cc511279e9089bc49d8e5a0dd320e5397712
SHA256097886ea8a6d2eece7980c46ba0b1002b7f7edf6d68109f91374b002a61e4975
SHA5127c8fb7d2c53c5aab60ddf54250e47d41289cd9635005d3a765742298a20eb7f35426955a7388caf48fbc044747e917cfdd93003ce252c42358d947a504f73c29
Docker ImageSHA256 Checksum
humioc27d93d4fd87d253117b1442a7391ea3cd28366a960727482b27b58706211435
humio-coref43d4a206d9386d601798029df5c02d9b1e1b35bb6ae0f666aa6d8d36bcc60e3
kafka291d25337324ab70a3490f9b06ed2860215f37b84ced203b26cfa5d10877ce42
zookeeper606ebc2ffcd28bc36d7d091ad649743f22de21b891f7a75c9048343e019372ef

Humio can now poll and ingest data from the Falcon platform's Falcon Data Replicator (FDR) service. This feature can be used as an alternative to the standalone fdr2humio project. See the Ingesting FDR Data for more information.

Improvements, new features and functionality

  • UI Changes

    • When using the table visualisation in dark mode, empty table cells are now clearly discernible.

    • Added a quick-fix for unknown escape sequences in the search field.

    • The Cluster Nodes table has been redesigned to allow for easier overview and copying the version-number.

    • On the time, bar and pie charts you can hold the ALT/OPTION key to display long legend titles.

    • Added a warning for unknown escape sequences in the search field.

    • The bar and pie charts now support holding the SHIFT key to display unformatted numeric values.

    • Minor UX improvements (ie. accessibility) on the queries panel.

    • The search page now has focus states on the Language Syntax, Event List Widget and Save As buttons.

    • First row entry in the statistics table on the repo page is now a table header and added hidden content to the empty table header in the new view page.

    • Hover over parameter names and arguments in the search field now includes the default value.

    • Pop-ups and drop-downs will now close automatically when focus leaves them.

    • Better accessibility for queries panel. You can now tab to focus individual queries, and open a details panel. From here you can also access all actions in the details panel by tabbing.

    • When changing focus inside a dialog with the keyboard, the focus will no longer move outside the dialog while it is open.

    • Added a quick-fix to convert non-ASCII quotes to ASCII quotes in the search field.

    • Reworked the hover message layout and changed the hover information on text (in the search field).

    • Hover information in the search field is shown despite an overlapping warning.

    • Visually hidden clipboard field is now hidden for assistive technologies/keyboard users.

  • GraphQL API

    • Deprecates the ReadContents view action, in favor of ReadEvents. This also means ReadEvents has been undeprecated, as we have slightly changed how we consider read rights, and want the action names to match this.

    • Fixed a bug in the response from calling the installPackageFromZip graphql mutation. Previously the response type exposed a deprecated clientmutationid that could not be selected. Also now if form fields are missing they are properly reported in the response.

  • Configuration

    • The Property inter.broker.protocol.version in kafka.properties now defaults to 2.4 if not specified. Users upgrading Kafka can either set inter.broker.protocol.version manually in kafka.properties, or pass DEFAULT_INTER_BROKER_PROTOCOL_VERSION as an environment variable to Docker when launching the container. Please follow Kafka's upgrade guidelines when upgrading a Kafka cluster to avoid data loss https://kafka.apache.org/documentation/#upgrade_3_1_0.

    • Added config IP_FILTER_RDNS_SERVER for specifying what DNS servers can be allowed in the rdns() query function.

    • Added config RDNS_DEFAULT_SERVER for specifying what DNS server is the default for the rdns() query function.

    • Fixed a bug where TLS_KEYSTORE_TYPE and TLS_TRUSTSTORE_TYPE would only recognize lower-case values.

    • Reduce default value of INGESTQUEUE_COMPRESSION_LEVEL, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.

    • The PERMISSION_MODEL_MODE configuration option has been removed. All graphql related schema has also been removed.

    • Added new settings for how uploads to bucket storage are validated. In the case that validation with etags are not available, content length can be used instead.

    • When Kafka topic configuration is managed by Humio (default true) set max.message.bytes on the topics to the value of Config TOPIC_MAX_MESSAGE_BYTES, default is 8388608 (8 MB). Minimum value is 2 MB.

    • Added config IP_FILTER_RDNS for specifying what IP addresses can be queried using the rdns() query function.

    • Added the config CORS_ALLOWED_ORIGINS a comma separated list for CORS allowed origins, default allows all origins.

  • Other

    • During identity provider configuration, it's possible to fetch SAML configuration from an endpoint.

    • Do not run the Global snapshot consistency check on stateless ingest nodes.

    • Allow cluster managers access to settings for personal sandboxes and to block and kill queries in them.

    • Ensure only a cluster leader that still holds cluster leadership can force digesters to release partition leadership. This could cause spurious reboots in clusters where leadership was under contention.

    • Improve the performance of deletes from global.

    • Ensure a digester can only acquire or release partition leadership if no other digester has leadership of that partition. This could cause spurious reboots if digester leadership became contended.

    • Added tombstoning to uploaded files, which helps with avoiding data loss.

    • Published new versions of the Humio Kafka Docker containers for Kafka 3.1.0.

    • Upgrades the Kafka client to 3.1.0 from 2.8.1. 3.1.0 enables the idempotent producer by default, which implies acks=all. Clusters that set acks to a different number via EXTRA_KAFKA_CONFIGS_FILE should update their config to also specify enable.idempotence=false

    • During Digest startup, abort fetching segments from other nodes if the assigned partition set changes while fetching.

Bug Fixes

  • UI Changes

    • Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.

    • Fixed a compatibility issue with LogStash 7.16+ and 8.0.0 when using the Elasticsearch output plugin.

    • Fixed a bug where the Add Column button on the Fields panel would do nothing

    • Fixed an issue where percentile() would crash on inputs larger than ~1.76e308.

    • Fixed an issue where tail() could produce results inconsistent with other query functions, when used in a live query.

    • Fixes an issue with epoch and offsets not always being stripped from segments.

    • Fixed a bug where the Package Marketplace would redirect to unsupported package versions on older Humio instances.

    • Warn at startup if CORES > AvailableProcessorCount as seen by the JVM.

    • For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.

    • Fixed an issue where negated functions could lose their negation.

    • Fixed an issue where queries with tail() would behave in an unexpected manner when an event is focused.

    • Fixed several issues where users could add invalid query filters via the Add filter context button after selecting text in the Event List.

    • LSP warnings don't crash queries any more.

    • Fixed a bug in the Sankey chart such that it now updates on updated query results.

    • Fixed an issue where live queries would sometimes double-count parts of the historic data.

    • Fixed an issue where top(max) could throw an exception when given values large enough to be represented as positive infinity.

    • Fixed a compatibility issue with FileBeat 8.0.0.

    • Fixed a bug where providing a bad view/repository name when blocking queries would block the query in all views and repositories.

    • Previously a package could be updated with another package with the same name and version, but with different content. This is no longer allowed, and any attempt do so will be rejected and fail.

Humio Server 1.36.4 Stable (2022-06-13)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.36.4Stable2022-06-132023-06-131.26.011NoNo
JAR ChecksumValue
MD5ec11e6c40052ff89c3f7a2a2b1fddc95
SHA1fafb29f0c7fe9638ad0b136ae0e7d1402a750912
SHA2563b8496c25ac0704d8e42f9261ec93877c7c9148f1f85d8bf0b5a6eaaf83e1820
SHA512205f646e1a700d38c95916a69830ab2b4f14b7839d8eaefa61cbdaf4404759e3ed8f6b9279b0050008cdaacddad6222cb8a91f730753b84a1fc029e4a5207ab4
Docker ImageSHA256 Checksum
humio5c7189dfae8441322eea8eddbd25962dfc7e68f26eae3c7516e5a46f5b6313f0
humio-core57ab8aaa9ce90575fd037da08f2be15df18286e74480594f08dd3c5ae81f39fa
kafka4a03a4e0cb9aab9a0c3f626c8b49daa64dafb54eafb8ae67298dd86b45624c33
zookeeper24ba0f7cdcaca8d841dba4ba2cdc7348e82c6c44c1ffff5537ba13d066c7c180

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.4/server-1.36.4.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

  • Security

    • Updated java script dependencies to fix vulnerabilities to CVE-2021-22573.

Humio Server 1.36.3 Stable (2022-04-27)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.36.3Stable2022-04-272023-04-271.26.011NoNo
JAR ChecksumValue
MD5868ce151355a55e1793513eee4af54e2
SHA1a3e57e2fdbadcbfde4625d46084f25d84c5c2514
SHA25659792217be1bf5d12ba47e1049df45778c6cefcabbc57d6f7126b5bc98f093c0
SHA512a93f931491b8c77050adde3c1aa983d3c949ad6708f8be932cfb901ea6e69a03cdd06a62394627f80e593afaa354f2f30edf596a23300f5c3b16faee80afb09c
Docker ImageSHA256 Checksum
humiobe443af484a4131b93cdee2e7a5449fcfa8320a344d2f81f7b432dea89365a65
humio-core1f3a36d2f6a0d97bc9d4462072e3fafa2355c5bc8352e1bc47a526332c1ec01c
kafkaef6819d75f850b26a886b67e4e80f2d623eab268c4d2b4f85f7f47aa8daf9ecb
zookeepera0edb279463029310c1f43555045297f54882082a70753916394a38b56c3e5be

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.3/server-1.36.3.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

  • Summary

    • Use latest version of Alpine on Docker image.

    • Use latest version of Java 1.13 on Docker image.

    • Updated dependencies to Jackson to fix a vulnerability.

    • Updated java script dependencies to fix vulnerabilities.

  • Configuration

    • Added new configuration NATIVE_FADVICE_SUPPORT (default true) to allow turning off the use of fadvice internally.

    • Added new config NATIVE_FALLOCATE_SUPPORT (default true) to allow turning off the use of fallocate and ftruncate internally.

  • Other

    • Fix ingest bug where under some circumstances we would reverse the order of events in a batch.

Humio Server 1.36.2 Stable (2022-03-01)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.36.2Stable2022-03-012023-03-011.26.011NoNo
JAR ChecksumValue
MD54949fefd4012efb53b92595c364a4c7a
SHA15350c5df3d0d43a5c08c2766003b28c959c912b1
SHA2562fac7cb6e1216790893ec0759f697736a9ca2605313bcef53b7af54ee72257d5
SHA51231fcdae45f52a263d5340b961a6e0feb98ea1fbb4ced0388216add576db9747995150112dee88d9ec3ea49cfc1367da1ca57bff13399d8d665fe9cdb80e9a1d8
Docker ImageSHA256 Checksum
humio4a80cd68778a6d5ccd734982c46e0355f0acf5c68ad564dd67cdb6e949750970
humio-core7a3e262871585d8a43df8c4c4dbcf706327cade2f683ffaa9a543afccc3e8687
kafka6e362a4827f9a41d37b19bdfa63f3cad7f77d2786f6b0366e410474de99113ce
zookeeperdeac05cfaa4762eaf079afa3063cf9271eff7080157d0e785a4c345d280f5d24

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.2/server-1.36.2.tar.gz

Performance and stability improvements.

Bug Fixes

  • Summary

    • Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.

  • Other

    • Fixed a race condition between nodes creating the merge result for the same target segment, and also transferring it among the nodes concurrently. If a query read the file during that race condition, an in-memory cache of the file header might hold contents that did not match the local file, resulting in "Broken segment" warnings in queries.

Humio Server 1.36.1 Stable (2022-02-14)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.36.1Stable2022-02-142023-02-141.26.011NoNo
JAR ChecksumValue
MD50aee460ed84a4acda917ce6cd61c433d
SHA19ea746229c3f1f0f780d356b7ce4b6f6e1bbb78d
SHA25656a3a2e7ba88e1f5a019184a0d68e83f25b319d54e3aaee3eba4a37f0ef8950c
SHA512aa3117230e866ae621c3f72e1517a9629f45520ea2fa00b6dc8c2ad3a6a1589ffbde36f38b3b1ec0ad927f89da4a9df7f3e6b59f1e844796553b5675608304e9
Docker ImageSHA256 Checksum
humio2671bacddfe88f34eaba196332b08659e79eab40c2ce26a0e6c2f7e58a78a213
humio-coreecfa5dd303d12725f754b4afabc44196ba37df739f04c30432401eb3149874ee
kafka0d50f27e33bf61f8b76f482fa7b2c4237227af7e429b1080e65daa877c65b457
zookeeper62a511127a0eaa4ba0f5a29c421063d4c6822371ba6ee16e96ae1b930ca0e7ce

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.1/server-1.36.1.tar.gz

Performance and stability improvements.

Bug Fixes

  • Summary

    • Improve the performance of deletes from global.

    • Reading hashfilter in chunks to avoid having huge off heap buffers.

    • Performance improvements of IngestPartitionCoordinator.

    • Downgrade to Java 1.13 on Docker image to fix rare cases of JVM crashes.

Humio Server 1.36.0 Stable (2022-01-31)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.36.0Stable2022-01-312023-01-311.26.011NoYes
JAR ChecksumValue
MD587cdf81b183bf1a065596181b873d813
SHA18425487e7e3b566ed2eae42cac4cbb6010eb1825
SHA25676af04b53a689411f4048e743e0491cb437b99503630a87cf5aba2eb0281231f
SHA5129dca89bf4097b1c4949c458b9010fff12edd25248c2f0f2e18835466e852d6c5fa6981c8763125b769c5a6673bd00a1a385bfb22f7241aeeadf9e826ef208c99
Docker ImageSHA256 Checksum
humio-core2641650964190056ac10ad0225b712c3a01d844bf2c5f517663187d45adf846c
kafka99e3a00c93308aa92a8363c65644748d6ace602c1c6e425dcfc32be12432dee7
zookeeper45c911346e3b58501e1a1b264c178debd33edd692cd901dd9e87cbcd2f93e60a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.0/server-1.36.0.tar.gz

Beta: Bucket storage support for dual targets

Support for dual targets to allow using one as the preferred download and the other to trust for durability. One example of this is to save on cost (on traffic) by using a local bucket implementation, such as MinIO, in the local datacenter as the preferred bucket storage target, while using a remote Amazon S3 bucket as the trusted bucket for durability. If the local MinIO bucket is lost (or just not responding for a while) the Humio cluster still works using the AWS S3 bucket with no reconfiguration or restart required. Configuration of the second bucket is via configuration entries similar to the existing STORAGE keys, but using the prefix STORAGE_2 for the extra bucket.

When using dual targets, bucket storage backends may need different proxy configurations for each backend - or not. The new configuration BUCKET_STORAGE_MULTIPLE_ENDPOINTS (default false) controls whether the proxy configuration in the environment is applied to all bucket storage backends. When set to true, each bucket preserves the active proxy/endpoint configuration and a change to those will trigger creation of a fresh internally persisted bucket storage access configuration.

Improvements, new features and functionality

  • UI Changes

    • Improved accessibility when choosing a theme.

    • Hovering over text within a query now shows the result of interpreting escape characters.

    • Disable the option to creating a view if the user does not have Connect a view permission on any repository. This is more intuitive than getting an empty dropdown of repositories to choose from.

    • Allow more dialogs in the UI to be closed with the Esc key.

    • Time Selector is now accessible by keyboard.

    • Added ability to resize search page query field by dragging or fitting to query.

    • New feature to select text in the search page event list and include/exclude that in the search query.

    • Improved dark mode toggle button's accessibility.

    • New dialogs for creation of parsers and dashboards.

  • GraphQL API

    • Improved the error messages when the GraphQL queries SearchDomain.alert, SearchDomain.action, and SearchDomain.savedQuery do not find the entity with the given ID.

  • Configuration

    • Reduce default value of INGESTQUEUE_COMPRESSION_LEVEL, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.

    • Make ZOOKEEPER_URL optional. When not set, the zookeeper-status-logger job does not run, and the cluster administration page does not display information about a Zookeeper cluster.

    • When using ZOOKEEPER_URL_FOR_NODE_UUID for assignment of node ID to Humio nodes, and value of ZOOKEEPER_PREFIX_FOR_NODE_UUID (default /humio_autouuid) does not match contents of local UUID file, acquire a fresh node uuid.

    • Added the config CORS_ALLOWED_ORIGINS a comma separated list for CORS allowed origins, default allows all origins.

    • Added INITIAL_FEATURE_FLAGS which lets you enable/disable feature flags on startup. For instance, setting

      INITIAL_FEATURE_FLAGS=+UserRoles,-UsagePage

      Enables UserRoles and disables UsagePage.

    • New configuration BUCKET_STORAGE_MULTIPLE_ENDPOINTS and many configurations using STORAGE_2 as prefix. See Bucket Storage.

  • Functions

    • Added job which will periodically run a query and record how long it took. By default the query is count().

    • Added a limit parameter to the fieldstats() function. This parameter limits the number of fields to include in the result.

  • Other

    • Improved usability of the groups page.

    • Added analytics on query language feature use to the audit-log under the fields queryParserMetrics.

    • Added a job that scans segments which are waiting to be archived, this value is recorded in the metric:s3-archiving-latency-max.

    • Improved the error message when an ingest request times out.

    • Added warning logs when errors are rendered to browser during oAuth flows.

    • Allow the same view name across organizations.

    • Added exceptions to the Humio logs from AlertJob and ScheduledSearchJob.

    • Added granular IP Filter support for shared dashboards (BETA - API only).

    • Added ability to override max auto shard count for a specific repository.

    • Remove caching of API calls to prevent caching of potential sensitive data.

    • Added option to specify an IP Filter for which addresses hostname verification should not be made.

    • Improved the default permissions on the group page by leaving their view expanded once the user cancels update.

    • Improved caching of UI static assets.

    • Improved Humio's detection of Kafka resets. We now load the Kafka cluster id once on boot. If it changes after that, the node will crash.

    • Allow the query scheduler to enqueue segments and aux files for download from bucket storage more regularly. This should ensure that queries fetching small aux files can more reliably keep the download job busy.

Bug Fixes

  • UI Changes

    • Fixed an issue where the digest coordinator could consider a host to be alive if the coordinator hadn't seen any timestamps from that host.

    • From the alerts overview and the scheduled searches overview, it is now possible to clear the error status on an alert or a scheduled search.

    • Fixed an issue in the Export to file dialog on the search page. It is now possible to export fields with spaces.

    • Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.

    • Code completion in the query editor now also works on the right hand side of :=.

    • Reenable a feature to make Humio delete local copies of bucketed segments, even if they are involved in a query.

    • When bootstrapping a new cluster, set the cluster version in global right away. Since nodes will not boot on a snapshot that doesn't specify a cluster version, it is important that this field exists in all snapshots.

    • No longer allow requests to /hec to specify organizations by name. We now only accept IDs.

    • Fixed an issue where top would fail if the sum of the values exceeded 2^63-1. Exceeding sums are now pegged to 2^63-1.

    • Fixed an issue in the Table widget. It will no longer insert 0-values for missing fields in integer columns. Empty fields will be shown consistently, independent of the column data type.

    • Reduce noise in the log when the bucket storage upload job attempts to upload a file that is deleted concurrently.

    • Make Humio handle missing aux files a little faster when downloading segments from bucket storage.

    • The query endpoint API now supports languageVersion for specifying Humio query language versions.

    • When creating ingest and chatter topic, reduce desired max.message.bytes to what Kafka cluster allows, if that is lower than our desired values.

    • Fixed an issue that repeatedly tried to restart live queries from a given user upon the deletion of the user.

    • When starting ingest, Humio checks that the computed starting position in Kafka is below the Kafka end offset. Ensure that the end offset is requested after the starting position is computed, not before. This might prevent a very rare spurious boot failure.

    • Removed a spurious warning log when requesting a non-existent hash file from S3.

    • Bumped the Humio Docker containers to Java 17. If you manually set any --add-opens flags in your JVM config, you should remove them. The container should set the right flags automatically.

    • Fixed an issue where, if a custom parser was overriding a built-in parser, then the custom parser could accidentally be overwritten by creating a new parser with the same name.

    • Fixed an issue where live queries would sometimes double-count parts of the historic data.

    • The /hec endpoint no longer responds to OPTIONS requests saying it supports GET requests. It doesn't and never has.

    • Fixed an issue where MaxMind databases would only update if a license was present at startup and not if it was added later.

    • The action message templates {events_str} and {query_result_summary} always evaluate to the same string. To reflect this, the UI has been updated so that these templates are combined into the same item in the template overview for Email, Slack and Webhook actions.

    • Fixed session() such that it works when events arrive out of time order.

    • Fixed a race condition that could cause digesters to calculate two different offsets during startup when determining where to start consuming, and which partially written segments to discard, which could lead to data loss when partially written segments were replayed from Kafka.

    • Query partition tables updates are now rejected if written by a node that is no longer the cluster leader.

    • Make writes to Kafka's chatter topic block in a similar manner as writes to global.

    • Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.

    • The AlertJob and ScheduledSearchJob now only log validation errors from running the queries as warnings, previously, some of these were logged as errors.

    • Humio now tries to avoid interrupting threads during shutdown, instead allowing them to finish their work. This should reduce log noise when shutting down.

    • When interacting with the REST API for files, errors now have detailed error messages.

    • Errors on scheduled searches are now cleared more granularly. Errors when starting a query are cleared as soon as another query is successfully started, errors from polling a query are cleared when a query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.

    • For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.

    • Fixed an issue where nodes could request partitions from the query partitioning table that were not present.

    • Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.

    • Remove script-src: unsafe-eval from content security policy.

    • No longer allow organization- and system-level ingest tokens to ingest into sandbox and system repos.

    • Reenable a feature to make Humio fetch and check hash files from bucket storage before fetching the segments.

    • Fixed an issue where repeating queries could cause other queries to fail.

    • Queries on views no longer restart when the ordering of the view's connections is changed.

    • Fixed a compatibility issue with Filebeat 7.16.0.

    • Fixed a number of instability issues in the query scheduler. The scheduler should now more reliably ensure that each query either completes, or is cancelled.

    • Fixed an issue where the Humio query URLs sent by actions would land users on the search page in editing mode for the alert or scheduled search that had triggered. Now, they still land on the search page, but not in editing mode.

    • Errors on alerts are now cleared more granularly. Errors when starting the alert query are cleared as soon as the query is successfully started, errors from polling the query are cleared when the query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.

    • The repository/.../query endpoint now returns a status code of .0 (BadRequest) when given an invalid query in some cases where previously it returned 503 (ServiceUnavailable).

    • Fixed Humio always reading and discarding an already processed message from the ingest queue on boot.

    • SAML and OIDC only - During signout, Humio background tabs will be redirected to a signout landing page instead of to the login page.

    • Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.

Humio Server 1.35.0 Preview (2022-01-17)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.35.0Preview2022-01-172022-01-311.26.011NoYes
JAR ChecksumValue
MD583b164ea22cbc8a347ee22a4e49d87fb
SHA1cde673dc3026cf8455e980a7f1ffc17de2a92072
SHA256a43b1f86fe2f610eadaacfcff50264de578be56959125d24d27e51e1eacc403d
SHA512a0897d2b8acb1ad888c1f0128bc46a9f3a425cc87adc40192ea3089533f247ce0ddff23971b1298d58cdb9f0e93f1bb24ae3392587de3a313fa4bbd89a32747b
Docker ImageSHA256 Checksum
humio2f6d1b42b5d2d519bd0152bf6e28952a8f5d9e711bfc6c8c50fb58d917d033f0
humio-core56193b2add6ece05561e058ffcd1706989b9633cb1da857b26582df7d7bf210a
kafka149bce1bfa2e9c3e8eb6ff3d8c9416fad058b392134cab5958bf405f2553d264
zookeeper9393097554e28403372ef38f87eab200292a41f75d8d38a8d102f926e7919eae

Beta: Bucket storage support for dual targets

Support for dual targets to allow using one as the preferred download and the other to trust for durability. One example of this is to save on cost (on traffic) by using a local bucket implementation, such as MinIO, in the local datacenter as the preferred bucket storage target, while using a remote Amazon S3 bucket as the trusted bucket for durability. If the local MinIO bucket is lost (or just not responding for a while) the Humio cluster still works using the AWS S3 bucket with no reconfiguration or restart required. Configuration of the second bucket is via configuration entries similar to the existing STORAGE keys, but using the prefix STORAGE_2 for the extra bucket.

When using dual targets, bucket storage backends may need different proxy configurations for each backend - or not. The new configuration BUCKET_STORAGE_MULTIPLE_ENDPOINTS (default false) controls whether the proxy configuration in the environment is applied to all bucket storage backends. When set to true, each bucket preserves the active proxy/endpoint configuration and a change to those will trigger creation of a fresh internally persisted bucket storage access configuration.

Improvements, new features and functionality

  • UI Changes

    • Allow more dialogs in the UI to be closed with the Esc key.

    • Improved accessibility when choosing a theme.

    • New dialogs for creation of parsers and dashboards.

    • New feature to select text in the search page event list and include/exclude that in the search query.

    • Hovering over text within a query now shows the result of interpreting escape characters.

    • Time Selector is now accessible by keyboard.

    • Disable the option to creating a view if the user does not have Connect a view permission on any repository. This is more intuitive than getting an empty dropdown of repositories to choose from.

    • Improved dark mode toggle button's accessibility.

    • Added ability to resize search page query field by dragging or fitting to query.

  • GraphQL API

    • Improved the error messages when the GraphQL queries SearchDomain.alert, SearchDomain.action, and SearchDomain.savedQuery do not find the entity with the given ID.

  • Configuration

    • Added INITIAL_FEATURE_FLAGS which lets you enable/disable feature flags on startup. For instance, setting

      INITIAL_FEATURE_FLAGS=+UserRoles,-UsagePage enables

      UserRoles and disables UsagePage.

    • Reduce default value of INGESTQUEUE_COMPRESSION_LEVEL, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.

    • Make ZOOKEEPER_URL optional. When not set, the zookeeper-status-logger job does not run, and the cluster administration page does not display information about a Zookeeper cluster.

    • When using ZOOKEEPER_URL_FOR_NODE_UUID for assignment of node ID to Humio nodes, and value of ZOOKEEPER_PREFIX_FOR_NODE_UUID (default /humio_autouuid) does not match contents of local UUID file, acquire a fresh node uuid.

    • New configuration BUCKET_STORAGE_MULTIPLE_ENDPOINTS and many configurations using STORAGE_2 as prefix. See Bucket Storage

  • Functions

    • Added a limit parameter to the fieldstats() function. This parameter limits the number of fields to include in the result.

  • Other

    • Added a job that scans segments which are waiting to be archived, this value is recorded in the metric:s3-archiving-latency-max.

    • Improved the error message when an ingest request times out.

    • Allow the same view name across organizations.

    • Allow the query scheduler to enqueue segments and aux files for download from bucket storage more regularly. This should ensure that queries fetching small aux files can more reliably keep the download job busy.

    • Improved the default permissions on the group page by leaving their view expanded once the user cancels update.

    • Improved usability of the groups page.

    • Added warning logs when errors are rendered to browser during oAuth flows.

    • Added ability to override max auto shard count for a specific repository.

    • Added granular IP Filter support for shared dashboards (BETA - API only).

    • Improved Humio's detection of Kafka resets. We now load the Kafka cluster id once on boot. If it changes after that, the node will crash.

    • Added analytics on query language feature use to the audit-log under the fields queryParserMetrics.

    • Added option to specify an IP Filter for which addresses hostname verification should not be made.

    • Added job which will periodically run a query and record how long it took. By default the query is count().

    • Added exceptions to the Humio logs from AlertJob and ScheduledSearchJob.

Bug Fixes

  • UI Changes

    • Fixed a race condition that could cause digesters to calculate two different offsets during startup when determining where to start consuming, and which partially written segments to discard, which could lead to data loss when partially written segments were replayed from Kafka.

    • When bootstrapping a new cluster, set the cluster version in global right away. Since nodes will not boot on a snapshot that doesn't specify a cluster version, it is important that this field exists in all snapshots.

    • Fixed an issue where the Humio query URLs sent by actions would land users on the search page in editing mode for the alert or scheduled search that had triggered. Now, they still land on the search page, but not in editing mode.

    • Fixed an issue where the digest coordinator could consider a host to be alive if the coordinator hadn't seen any timestamps from that host.

    • Reduce noise in the log when the bucket storage upload job attempts to upload a file that is deleted concurrently.

    • The repository/.../query endpoint now returns a status code of .0 (BadRequest) when given an invalid query in some cases where previously it returned 503 (ServiceUnavailable).

    • Humio now tries to avoid interrupting threads during shutdown, instead allowing them to finish their work. This should reduce log noise when shutting down.

    • When creating ingest and chatter topic, reduce desired max.message.bytes to what Kafka cluster allows, if that is lower than our desired values.

    • Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.

    • Fixed an issue where, if a custom parser was overriding a built-in parser, then the custom parser could accidentally be overwritten by creating a new parser with the same name.

    • Code completion in the query editor now also works on the right hand side of :=.

    • Fixed an issue in the Export to file dialog on the search page. It is now possible to export fields with spaces.

    • Reenable a feature to make Humio delete local copies of bucketed segments, even if they are involved in a query.

    • The action message templates {events_str} and {query_result_summary} always evaluate to the same string. To reflect this, the UI has been updated so that these templates are combined into the same item in the template overview for Email, Slack and Webhook actions.

    • Queries on views no longer restart when the ordering of the view's connections is changed.

    • Make Humio handle missing aux files a little faster when downloading segments from bucket storage.

    • Fixed Humio always reading and discarding an already processed message from the ingest queue on boot.

    • Fixed an issue where live queries would sometimes double-count parts of the historic data.

    • Fixed an issue that repeatedly tried to restart live queries from a given user upon the deletion of the user.

    • Reenable a feature to make Humio fetch and check hash files from bucket storage before fetching the segments.

    • Fixed a compatibility issue with Filebeat 7.16.0.

    • The /hec endpoint no longer responds to OPTIONS requests saying it supports GET requests. It doesn't and never has.

    • Bumped the Humio Docker containers to Java 17. If you manually set any --add-opens flags in your JVM config, you should remove them. The container should set the right flags automatically.

    • Fixed an issue where MaxMind databases would only update if a license was present at startup and not if it was added later.

    • From the alerts overview and the scheduled searches overview, it is now possible to clear the error status on an alert or a scheduled search.

    • Fixed a number of instability issues in the query scheduler. The scheduler should now more reliably ensure that each query either completes, or is cancelled.

    • SAML and OIDC only - During signout, Humio background tabs will be redirected to a signout landing page instead of to the login page.

    • Removed a spurious warning log when requesting a non-existent hash file from S3.

    • Errors on scheduled searches are now cleared more granularly. Errors when starting a query are cleared as soon as another query is successfully started, errors from polling a query are cleared when a query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.

    • Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.

    • No longer allow requests to /hec to specify organizations by name. We now only accept IDs.

    • Errors on alerts are now cleared more granularly. Errors when starting the alert query are cleared as soon as the query is successfully started, errors from polling the query are cleared when the query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.

    • Remove script-src: unsafe-eval from content security policy.

    • The AlertJob and ScheduledSearchJob now only log validation errors from running the queries as warnings, previously, some of these were logged as errors.

    • For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.

    • Fixed an issue where repeating queries could cause other queries to fail.

    • Fixed session() function such that it works when events arrive out of time order.

    • Fixed an issue in the Table widget. It will no longer insert 0-values for missing fields in integer columns. Empty fields will be shown consistently, independent of the column data type.

    • The query endpoint API now supports languageVersion for specifying Humio query language versions.

    • Query partition tables updates are now rejected if written by a node that is no longer the cluster leader.

    • Fixed an issue where nodes could request partitions from the query partitioning table that were not present.

    • No longer allow organization- and system-level ingest tokens to ingest into sandbox and system repos.

    • Make writes to Kafka's chatter topic block in a similar manner as writes to global.

    • Fixed an issue where top would fail if the sum of the values exceeded 2^63-1. Exceeding sums are now pegged to 2^63-1.

    • When starting ingest, Humio checks that the computed starting position in Kafka is below the Kafka end offset. Ensure that the end offset is requested after the starting position is computed, not before. This might prevent a very rare spurious boot failure.

    • Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.

Humio Server 1.34.3 Stable (2022-03-09)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.34.3Stable2022-03-092023-03-091.26.011NoNo
JAR ChecksumValue
MD57184f2582bed56c0b29ffb2d39f508a5
SHA19d7beb007f9ec9e7603bcbf164b3006dce0932ef
SHA256ac95c6538dc88b6af31f0c55aaa46740503860ea90ad41d330593402915d885b
SHA512d4738190dfd9b100ac896969e70a541f1d0242fb822f312142636cb5055009f13f0dbca6193f6cb8ce89d36d9f3f8b9ebec5a684570a4f9500bd8ffc3379ee6a
Docker ImageSHA256 Checksum
humio955acd05d628a4da69a546ea58134a786c77349bfc21e10631b3f5b2934140ab
humio-core64547f071a29e5df7eb945f369b28cf6d365b1590f577163fd18fe8b76ce63ce
kafkab3318e88aa3aaaae09d88fae2bd37882d1a41738983a1ef783f9f07c30c73101
zookeeper049489e9fcda7ca0ea11d96e45d8dde8d9a6582e0b9740b6865a952ec13332e5

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.3/server-1.34.3.tar.gz

Performance improvements of Ingest and internal caching.

Bug Fixes

  • Summary

    • Performance improvements of Ingest and internal caching.

Humio Server 1.34.2 Stable (2022-02-01)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.34.2Stable2022-02-012023-02-011.26.011NoNo
JAR ChecksumValue
MD5ebca829a100a92c4b96f05f421c9e5d2
SHA1f9d21990e4ae6f64eac6bd6aa6d65899583d1311
SHA2562141bd8fb2537f0242b30998938d780bd53cedbf2b04622b956923f677a56350
SHA51202d33bdfb65bf5ab949da8ae0a1bb9f04a509564c8d4a74cc08f5033040987152abd42743b0720290304f4bd5c4e50550327117efb6eda01d3b0ed8ef357938e
Docker ImageSHA256 Checksum
humio426715cb9faedce379d6a6add003cfcaa3fe9ce5b5ce706fab202b89eb5c8c45
humio-corea927eb85f709561b659e3a566a5b0fd3e6b3be84b19db2832d70722897265cbb
kafkaf181a5a1668d6c3f1ebe5e5216a00b393ee20eb0f1845d1a93309fdbfac8406d
zookeeper361063a0a2eb0361209781f7dff9d5f0067b33806f14882fc4a0a0ff9f434b66

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.2/server-1.34.2.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

  • Security

    • Updated dependencies to follow-redirects for CVE-2022-0155.

    • Updated dependencies to nanoid for CVE-2021-23566.

    • Updated dependencies to Akka for CVE-2021-42697.

    • Updated dependencies to Jawn for CVE-2022-21653.

    • Updated dependencies to node-fetch for CVE-2022-0235.

  • Summary

    • Fixed an issue where live queries would sometimes double-count parts of the historic data.

    • Fixes an issue with epoch and offsets not always being stripped from segments.

    • Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.

Humio Server 1.34.1 Stable (2022-01-06)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.34.1Stable2022-01-062023-01-061.26.011NoNo
JAR ChecksumValue
MD51d6b54fc6b4f52abff6c1106a904e4d1
SHA167e6e0cd4e6eb59a0d88f85dc0f511aefacef1dc
SHA25623f50f620fd5e51755521aba8185b76e4ca0187206fd55e8ed5fbbe14e42578b
SHA5126ad8fe4040b7c2e80643071e05b1d305f6d66e74c4041d3a4ac56f84ec6fd3f2b63c04c421029c436f081b8ab22e8a60bf17c5330f7fe117d178c596526a344f
Docker ImageSHA256 Checksum
humioe66c6b3fcf45bd36502c877e8a4a617f9f662c5cf672e6c6c73b45445d41ad20
humio-corefa7e9355cd4f41e64b404e65e33166c28fdc6c2ce5ceeea382007778f9ff64ce
kafka459b3a6df8a678493bfb3266d243b867ed3ae4251464276c854afa0b2f784dac
zookeeper748cfc151533e1e2efc870299bc5c2b10fda97ec0c6f522dd8c8576d9aea315e

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.1/server-1.34.1.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

  • Security

    • Updated dependencies to Netty to fix CVE-2021-43797

    • Updated dependencies to log4j 2.17.1 to fix CVE-2021-44832 and CVE-2021-45105

  • Summary

    • Updated dependencies to Jackson to fix a weakness

Humio Server 1.34.0 Stable (2021-12-15)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.34.0Stable2021-12-152022-12-151.26.011NoYes
JAR ChecksumValue
MD54dc3b67c42b44e59e0ad6cc02a220f12
SHA1099a9ae07d5595fb06c145aaa80b46ba9f74dd10
SHA25622cd6f60f030d56bcae159b853efe6dcd76f7add127e64c37bcca58c66d1a155
SHA5122645369a9ec989c1b40b190993ecbd4eca8be63b60318a1b1259124819446c06c3bbba92a9c22f1e194133b9da5d05b6c0346369c33e8c33a9777a2a168ae524

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.0/server-1.34.0.tar.gz

Humio Server 1.34 REQUIRES minimum previous version 1.26.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.26.0+ first. After running 1.34.0 or later, you cannot downgrade to versions prior to 1.26.0.

You can now use the mouse to resize columns in the event list. Previously you had to click the column header and use the Increase / Decrease Width buttons.

Improvements, new features and functionality

  • UI Changes

    • Added buttons for stopping all queries, streaming queries, and historical queries from inside the query monitor.

    • Disable actions if permissions are handled externally.

    • Added maximum width to tabs on the Group page, so they do not keep expanding forever.

    • Added autofocus to the first field when opening a dialog using the save as functionality from the Search page.

    • Updated the links for Privacy Notice and Terms and Conditions.

    • Allow resize of columns in the event list by mouse.

    • Dark mode is officially deemed stable enough to be out of beta.

    • Validation error messages are now more precise and have improved formatting.

    • The overall look of message boxes in Humio has been updated.

  • GraphQL API

    • The GraphQL field isEventForwardingEnabled on the HumioMetadata type is deprecated, as it is no longer in use internally. If you rely on this, please let us know.

    • Renamed the deleteEvents related GraphQL mutations and queries to redactEvents. The redactEvents API is intended for redacting sensitive data from a repository, not for bulk deletion of events. We think the new name invites fewer misunderstandings.

    • Added 2-phase migration that will allow old user api tokens to be used and clean global from secrets after a 30 day period.

    • Added three GraphQL mutations for stopping queries: stopAllQueries, stopStreamingQueries, and stopHistoricalQueries.

    • Added GraphQL mutation clearRecentQueries which a user can run to clear their recent queries in a specific view or repository.

    • Changed old personal user token implementation to hash based.

  • Configuration

    • When checking if the ViewAction.EventForwarding action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if the event forwarding is not enabled on the server.

  • Functions

    • Refactored query functions join(), selfJoin(), and selfJoinFilter() into user-visible and internal implementations.

    • The kvParse() query function can now parse unquoted empty values using the new parameter separatorPadding to specify if your data has whitespace around the key-value separator (typically =). The default is "Unknown", which will leave the functionality of the function unchanged.

    • Added query function math:arctan2()to the query language.

    • Added the communityId() function for calculating hashes of network flow tuples according to the (Community ID Spec).

    • Improved performance of the query functions drop() and rename() by quite a bit.

    • Added a minSpan parameter to timeChart() and bucket(), which can be used to specify a minimum span when using a short time interval.

  • Other

    • Made the transfer coordinator display more clear errors instead of an internal server error for multinode clusters.

    • Retention based on compressed size will no longer account for segment replication.

    • Improved error messages when an invalid regular expression is used in replace.

    • Improved the error reporting when installing, updating or exporting a package fails.

    • Reduce limit on number of datasources for sandbox repositories created when a user is created to .0 by default.

    • New metric: ingest-request-delay. Histogram of ingest request time spent being delayed due to exceeding limit on concurrent processing of ingest (milliseconds).

    • Improved handling of multiple nodes attempting to create views with the same names at the same time, as might happen when bootstrapping a cluster.

    • Added checksum verification within hash filter files on read.

    • Improved shutdown logic slightly, helping prevent thread pools from getting stuck or logging spurious errors during shutdown.

    • Added Australian states to the States dropdown.

    • Added support in the humio event collector for organization- and system-wide ingest tokens and the ability to use a parser from a different repo than the one being ingested into.

    • Reword regular expression related error messages.

    • Minor optimization when using groupBy with a single field.

    • It is now possible to create actions, alerts, scheduled searches, and parsers from Yaml template files.

    • Added management API to put hosts in maintenance mode.

    • Added a precondition that ensures that the number of ingest partitions cannot be reduced.

    • Improved partition layout auto-balancing algorithm.

    • Query validation has been improved to include several errors which used to first show up after submitting search.

    • It is now possible to ingest logs into Humio using LogStash v.7.13 and upwards.

    • Added metric for the number of currently running streaming queries.

    • Node roles can now be assigned/removed at runtime.

    • Added new metric: bucket-storage-upload-latency-max. It shows the amount of time spent for the event that that has been pending for upload to bucket storage the longest.

    • Added "export as yaml" function to the list pages of parsers, actions and scheduled searches.

    • Create, update, and delete of dashboards is now audit logged.

    • Query editor: improved code completion of function names.

    • Added validation and a more clear error message for queries with a time span of 0.

    • A compressed segment with a size of 1GB will now always count for retention as 1 GB. Previously, a compressed segment with a size of 1GB might count for more than 1GB when calculating retention, if that segment had more replicas than configured. The effect on the retention policy was that if you had configured retention of .0GB compressed bytes, Humio might retain less than .0GB of compressed data if any of those segments had too many replicas.

    • Prepopulate email field when invited user is filling in a form with this information.

Bug Fixes

  • Security

    • Updated dependencies to log4j 2.16 to remove of message lookups (CVE-2021-44228 and CVE-2021-45046)

  • Automation and Alerts

    • Alerts and scheduled searches are now enabled per default when created. The check disabling these entities if no actions are attached has been replaced with a warning, which informs a user that even though the entity is enabled, nothing will trigger since no actions are attached.

    • Fixed an issue where an alert would not be throttled until after its actions had completed, which could make the alert trigger multiple times shortly after each other if an action was slow. Now, the alert is throttled as soon as it triggers.

    • Alerts and scheduled searches are no longer run on cloud for organizations with an expired trial license, and on-prem for any expired license.

  • Functions

  • Other

    • Fixed a bug where only part of the Users page was loading when navigating from the All organizations page.

    • Use a fresh (random) name for the tmp folder below the datadir to ensure that it is a proper subdir of the datadir and not a mount point.

    • When performing jobs triggered via the Redact Events API, Humio could restart queries for unrelated views until the delete job completed. This has been improved, so only views affected by the delete will be impacted.

    • Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.

    • Changes to the state of IOC access on organizations are now reflected in the audit log.

    • Fixed an issue where sort() would cause events to be read ina non-optimal order for the entire query.

    • Fixed an edge case where Humio might create multiple copies of the same datasource when the number of Kafka partitions is changed. The fix ensures only one copy will be created.

    • Fixed a compatibility issue with Filebeat 7.16.0

    • Prevent unauthorized analytics requests being sent.

    • Remove the ability to create ingest tokens and ingest listeners on system repositories.

    • Fixed an issue on sandbox renaming, that would allow you to rename a sandbox and end up in a bad state.

    • Addressed an issue causing Humio to sometimes error log an ArrayIndexOutOfBoundsException during shutdown.

    • Fixed a bug with the cache not being populated between restarts on single node clusters.

    • The field vhost in internal Humio logging is now reserved for denoting the host logging the message. Other uses of vhost now uses the field hostId.

    • Fixed an issue in the interactive tutorial.

    • Removed a spurious warning log when requesting a non-existent hash file from S3.

    • Fixed incorrect results when searching through saved queries and recent queries.

    • Changed field type for zip codes.

    • When checking if the ViewAction.ChangeRepoConnections action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a repository, as the action only makes sense on views.

    • When an alert query encounters a warning and Humio is not configured to trigger alerts despite warnings ALERT_DESPITE_WARNINGS=true the warning text will now be shown as an error message on the alert in the UI.

    • Fixed an issue where the web client could start queries from the beginning of time when scrolling backwards through events in the UI.

    • Fixed an issue where a failing event forwarder would be cached indefinitely and could negatively impact Humio performance.

    • Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.

    • Browser storage is now cleared when initiating while unauthenticated.

    • Fixed an issue where some regexes could not be used.

    • Fixed an issue where series() failed to serialize its state properly.

    • Temporary fix of issue with live queries not having first aggregator as bucket() or timeChart(), but then later in the query having those as a second aggregator. As a temporary fix, such queries will fail. In later releases, this will get fixed more properly.

    • Fixed an issue where missing undersized segments in a datasource might cause Humio to repeatedly transfer undersized segments between nodes.

    • Fixed an issue where a scheduled search failed and was retried, if it had multiple actions and at least one action was unknown to Humio. Now, the unknown action is logged, but the scheduled search completes successfully and continues to the next scheduled run.

    • Fixed an issue where OIDC without a discovery endpoint would fail to configure if OIDC_TOKEN_ENDPOINT_AUTH_METHOD was not set.

    • Fixed a number of stability issues with the event redaction job.

    • Changed default package type to "application" on the export package wizard.

    • Fixed styling issue on the search page where long errors would overflow the screen.

    • Fixed a bug where invalid UTF-16 characters could not be ingested. They are now converted to 'ufffd'.

    • Fixed an issue where the segment merger would write that the current node had a segment slightly before registering that segment in the local node.

    • When a digester fails to start, rather than restarting the JVM as previous releases did, keep retrying to start assuming that the issue is transient, such as data for a single ingest partition being unavailable for a short while. While in this situation the process reports the metric for ingest latency on the affected partitions as being uptime of the JVM process at this point. The idea is to signal that data is not flowing on those partitions, so that a monitored metric can raise an alarm somewhere. In lack of a proper latency in this situation, it's better to have a growing non-zero metrics than having the metrics being zero.

    • Fixed an issue where the segment merger could mishandle errors during merge.

    • Fixed an issue on on-prem trial license that would use user count limits from cloud.

    • Fixed an issue causing Humio running on Java 16+ to return incorrect search results when the input query contains Unicode surrogate pairs (e.g. when searching for an emoji).

    • Fixed an issue that in rare cases would cause login errors.

    • Removed error query param from URL when entering Humio.

    • Fixed an issue where comments spanning multiple lines wouldn't be colored correctly.

    • When checking if the ViewAction.ChangeS3ArchivingSettings action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a view, as the action only makes sense on repositories.

    • Fixed a bug where query coordination partitions would not get updated.

    • Fixed an issue where release notes would not close when a release is open.

    • Fixed an issue where error messages would show wrong input.

    • Crash the node if any of a number of critical threads die. This should help prevent zombie nodes.

    • Fixed an issue where certain problems would highlight the first word in a query.

    • Fixed an issue where streaming (exporting) query results in JSON format could include extra "," characters within the output.

    • Fixed an issue where clicking on the counters of parsed events on the Parsers page would open an empty search page, except for built-in parsers. Now, it correctly shows the latest parsed events for all parsers (except package parsers).

    • Fixed an issue when adding a group to a repository or view than an error message is displayed when the user is not the organization owner or root.

    • Fixed an issue where a digest node could be unable to rejoin the cluster after being shut down if all other digest nodes were also down at the time.

    • Include view+parser-name in thread dumps when time is spent inside a parser.

    • Fixed a bug where shared lookup files could not be downloaded from the UI.

    • Changes to the state of backend feature flags are now reflected in the audit log.

    • Fixed an issue where a dashboard installed with a YAML file could be slightly different than what was specified in the file.

    • Fixed some widgets on dashboards reporting errors while waiting for data to load.

    • No longer return the "Query Plan" in responses, but return a hash in the new field hashedQueryOnView instead. The plan could leak information not otherwise visible to the user, such as query prefixes being applied.

    • When creating or updating an action, the backend now verifies that the host url associated with the action is prefixed with either 'http://' or 'https://'. This affects Actions of the type: Webhook, OpsGenie, Single-Channel Slack and VictorOps.

    • Fixed a bug where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there were too many datasources in the repo. This led to a crash loop when the affected node was restarted.

    • Support Java 17.

    • Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.

Humio Server 1.33.3 Preview (2021-12-10)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.33.3Preview2021-12-102021-12-151.26.011NoNo
JAR ChecksumValue
MD510d2ee69d0bcdc6313fb3529912007ba
SHA15be098e4f3f6500704e85c0763c918763b90aa34
SHA256eaefa5ce2c162fbd9d0a57d3b7c47dee828848eabdd7e96d885a812208c20a46
SHA512a9268b87f416d9b857eccb506c304ba7ca552cd6408ac13791b160e0d17c3d82e67213025ec7bca820e970676e4a24d1a1f4d20ff27e3cbc5bc30edf874e58a0

More security fixes related to log4j logging.

Bug Fixes

  • Security

    • Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).

Humio Server 1.33.2 Preview (2021-12-10)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.33.2Preview2021-12-102021-12-151.26.011NoNo
JAR ChecksumValue
MD5393be03445adbf84f63ef93b522b85fa
SHA136454936dfe7c3863656043a8ee1d8639c1c198e
SHA256e03616ba1d8d92e80031231ad7e2b7666121e7ccf7eee10f7a816241a90706ac
SHA5125d0504538cfa1db51f7188d4f6fef03aeb5a69b466f2e8367e91208745c4bf9050f271ffdf52ed6027796487ac11106726fbf3d7c3d6e259efa49f369793aa96

Security fix related to log4j logging, and fix compatibility with Filebeat.

Bug Fixes

  • Security

    • Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).

  • Summary

    • Fixed a compatibility issue with Filebeat 7.16.0

Humio Server 1.33.1 Preview (2021-11-23)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.33.1Preview2021-11-232021-12-151.26.011NoNo
JAR ChecksumValue
MD5d9f270df38f2ce472801c81a06fa67af
SHA1c5740a06b4b86a8615767c388a7cf6d3e3a8ccf1
SHA256ed3c03b5dcb8fe2c7230bae2775346283d7cdc143854260672a5ba66f11d612b
SHA512d2762a9fa648af32e85205b4d972ad15d47870fc030c111d31ca4d048ce9459ce6e50a3bce0063f0c7347a6640181b4e3c41d1273a4c82b297fd8d3c844c529a

Critical bug fixes related to version dependencies, alert throttling, etc.; Improve Interactive Tutorial.

Bug Fixes

  • Summary

    • Fixed an issue that in rare cases would cause login errors.

    • Updated a dependency to a version fixing a critical bug.

    • Fixed an issue in the interactive tutorial.

    • Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.

  • Automation and Alerts

    • Reverted from 1.33.0 Errors on alerts, which are shown in the alert overview, are now only cleared when either the alert query is updated by a user or the alert triggers. Previously, errors that occurred when actions were triggered would be removed when the alert no longer triggered. Now, they will be displayed until the actions trigger successfully. Conversely, errors that occur when running the query may now remain until the next time the alert triggers, where they would previously be removed as soon as the query run again without errors.

      See original release note entry in 1.33.0

    • Fixed an issue where an alert would not be throttled until after its actions had completed, which could make the alert trigger multiple times shortly after each other if an action was slow. Now, the alert is throttled as soon as it triggers.

Humio Server 1.33.0 Preview (2021-11-15)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.33.0Preview2021-11-152021-12-151.26.011NoYes
JAR ChecksumValue
MD52964782694b82a39cc5b644d040fae68
SHA1b520dbabec0321b953c496b960710ba5fb6614a7
SHA2568b8de633ca08c9592ee2441b0498de1a86aa4093a505821923be7e8501b62526
SHA512be827349bf450d51b4c42c55c13120ba735196f598eaec798a7eb11b8e1320a6ad86caefca3841a3560013311e30347dc595a96ed59d4cb5c0cf946e72208ac2

1.33 REQUIRES minimum version 1.26.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.26.0+ first. After running 1.33.0 or later, you cannot run versions prior to 1.26.0.

Once the release has been deployed, all existing personal api tokens will be hashed so they still can be used, but you will not be able to retrieve them again. If you want to preserve the tokens, be sure to copy it into a secrets vault before the release is deployed. The api-token field on the User type in GraphQL has been removed.

You can now use the mouse to resize columns in the event list. Previously you had to click the column header and use the "Increase / Decrease Width" buttons.

Improvements, new features and functionality

  • UI Changes

    • Allow resize of columns in the event list by mouse.

    • Added autofocus to the first field when opening a dialog using the save as functionality from the Search page.

    • Added maximum width to tabs on the Group page, so they do not keep expanding forever.

    • Validation error messages are now more precise and have improved formatting.

    • The overall look of message boxes in Humio has been updated.

    • Dark mode is officially deemed stable enough to be out of beta.

    • Updated the links for Privacy Notice and Terms and Conditions.

    • Disable actions if permissions are handled externally.

    • Added buttons for stopping all queries, streaming queries, and historical queries from inside the query monitor.

  • GraphQL API

    • Renamed the deleteEvents related GraphQL mutations and queries to redactEvents. The redactEvents API is intended for redacting sensitive data from a repository, not for bulk deletion of events. We think the new name invites fewer misunderstandings.

    • Added three GraphQL mutations for stopping queries: stopAllQueries, stopStreamingQueries, and stopHistoricalQueries.

    • Changed old personal user token implementation to hash based.

    • Added GraphQL mutation clearRecentQueries which a user can run to clear their recent queries in a specific view or repository.

    • The GraphQL field isEventForwardingEnabled on the HumioMetadata type is deprecated, as it is no longer in use internally. If you rely on this, please let us know.

    • Added 2-phase migration that will allow old user api tokens to be used and clean global from secrets after a 30 day period.

  • Configuration

    • When checking if the ViewAction.EventForwarding action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if the event forwarding is not enabled on the server.

  • Functions

    • Added the communityId() function for calculating hashes of network flow tuples according to the Community ID Spec.

    • The kvParse() query function can now parse unquoted empty values using the new parameter separatorPadding to specify if your data has whitespace around the key-value separator (typically =). The default is "Unknown", which will leave the functionality of the function unchanged.

    • Added query function math:arctan2() to the query language.

    • Improved performance of the query functions drop() and rename() by quite a bit.

    • Refactored query functions join(), selfJoin(), and selfJoinFilter() into user-visible and internal implementations.

    • Added a minSpan parameter to timeChart() and bucket(), which can be used to specify a minimum span when using a short time interval.

  • Other

    • Retention based on compressed size will no longer account for segment replication.

    • Added checksum verification within hash filter files on read.

    • Added "export as yaml" function to the list pages of parsers, actions and scheduled searches.

    • Made the transfer coordinator display more clear errors instead of an internal server error for multinode clusters.

    • Query editor: improved code completion of function names.

    • Reduce limit on number of datasources for sandbox repositories created when a user is created to .0 by default.

    • Added validation and a more clear error message for queries with a time span of 0.

    • Added management API to put hosts in maintenance mode.

    • It is now possible to ingest logs into Humio using LogStash v.7.13 and upwards.

    • Query validation has been improved to include several errors which used to first show up after submitting search.

    • Minor optimization when using groupBy with a single field.

    • Node roles can now be assigned/removed at runtime.

    • Reword regular expression related error messages.

    • A compressed segment with a size of 1GB will now always count for retention as 1 GB. Previously, a compressed segment with a size of 1GB might count for more than 1GB when calculating retention, if that segment had more replicas than configured. The effect on the retention policy was that if you had configured retention of .0GB compressed bytes, Humio might retain less than .0GB of compressed data if any of those segments had too many replicas.

    • Improved error messages when an invalid regular expression is used in replace.

    • Prepopulate email field when invited user is filling in a form with this information.

    • New metric: ingest-request-delay. Histogram of ingest request time spent being delayed due to exceeding limit on concurrent processing of ingest (milliseconds).

    • Added Australian states to the States dropdown.

    • Improved shutdown logic slightly, helping prevent thread pools from getting stuck or logging spurious errors during shutdown.

    • Improved the error reporting when installing, updating or exporting a package fails.

    • Added metric for the number of currently running streaming queries.

    • Added a precondition that ensures that the number of ingest partitions cannot be reduced.

    • Improved partition layout auto-balancing algorithm.

    • Create, update, and delete of dashboards is now audit logged.

    • Added support in the humio event collector for organization- and system-wide ingest tokens and the ability to use a parser from a different repo than the one being ingested into.

    • It is now possible to create actions, alerts, scheduled searches, and parsers from Yaml template files.

    • Added new metric: bucket-storage-upload-latency-max. It shows the amount of time spent for the event that that has been pending for upload to bucket storage the longest.

    • Improved handling of multiple nodes attempting to create views with the same names at the same time, as might happen when bootstrapping a cluster.

Bug Fixes

  • UI Changes

    • When an alert query encounters a warning and Humio is not configured to trigger alerts despite warnings ALERT_DESPITE_WARNINGS the warning text will now be shown as an error message on the alert in the UI.

  • Automation and Alerts

    • Alerts and scheduled searches are now enabled per default when created. The check disabling these entities if no actions are attached has been replaced with a warning, which informs a user that even though the entity is enabled, nothing will trigger since no actions are attached.

    • Alerts and scheduled searches are no longer run on cloud for organizations with an expired trial license, and on-prem for any expired license.

  • Functions

    • Fixed an issue where sort() would cause events to be read ina non-optimal order for the entire query.

    • Fixed an issue where series() failed to serialize its state properly.

    • Fixed a bug in the validation of the bits parameter of hashMatch() and hashRewrite().

  • Other

    • Fixed an issue where OIDC without a discovery endpoint would fail to configure if OIDC_TOKEN_ENDPOINT_AUTH_METHOD was not set.

    • Temporary fix of issue with live queries not having first aggregator as bucket() or timeChart(), but then later in the query having those as a second aggregator. As a temporary fix, such queries will fail. In later releases, this will get fixed more properly.

    • Fixed a bug where only part of the Users page was loading when navigating from the All organizations page.

    • Fixed a bug where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there were too many datasources in the repo. This led to a crash loop when the affected node was restarted.

    • When checking if the ViewAction.ChangeRepoConnections action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a repository, as the action only makes sense on views.

    • Fixed a number of stability issues with the event redaction job.

    • Removed error query param from URL when entering Humio.

    • Fixed a bug where query coordination partitions would not get updated.

    • Fixed an edge case where Humio might create multiple copies of the same datasource when the number of Kafka partitions is changed. The fix ensures only one copy will be created.

    • Fixed an issue where the segment merger would write that the current node had a segment slightly before registering that segment in the local node.

    • The field vhost in internal Humio logging is now reserved for denoting the host logging the message. Other uses of vhost now uses the field hostId.

    • Removed a spurious warning log when requesting a non-existent hash file from S3.

    • Fixed an issue when adding a group to a repository or view than an error message is displayed when the user is not the organization owner or root.

    • Changed default package type to "application" on the export package wizard.

    • Fixed an issue where a scheduled search failed and was retried, if it had multiple actions and at least one action was unknown to Humio. Now, the unknown action is logged, but the scheduled search completes successfully and continues to the next scheduled run.

    • Fixed styling issue on the search page where long errors would overflow the screen.

    • Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.

    • When checking if the ViewAction.ChangeS3ArchivingSettings action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a view, as the action only makes sense on repositories.

    • Fixed a bug where invalid UTF-16 characters could not be ingested. They are now converted to 'ufffd'.

    • Fixed an issue on on-prem trial license that would use user count limits from cloud.

    • Fixed an issue where the segment merger could mishandle errors during merge.

    • Changes to the state of backend feature flags are now reflected in the audit log.

    • Include view+parser-name in thread dumps when time is spent inside a parser.

    • When a digester fails to start, rather than restarting the JVM as previous releases did, keep retrying to start assuming that the issue is transient, such as data for a single ingest partition being unavailable for a short while. While in this situation the process reports the metric for ingest latency on the affected partitions as being uptime of the JVM process at this point. The idea is to signal that data is not flowing on those partitions, so that a monitored metric can raise an alarm somewhere. In lack of a proper latency in this situation, it's better to have a growing non-zero metrics than having the metrics being zero.

    • Fixed a bug where shared lookup files could not be downloaded from the UI.

    • Fixed an issue where error messages would show wrong input.

    • Fixed some widgets on dashboards reporting errors while waiting for data to load.

    • Fixed a bug with the cache not being populated between restarts on single node clusters.

    • Fixed an issue on sandbox renaming, that would allow you to rename a sandbox and end up in a bad state.

    • Fixed an issue where missing undersized segments in a datasource might cause Humio to repeatedly transfer undersized segments between nodes.

    • Support Java 17.

    • Fixed an issue where a digest node could be unable to rejoin the cluster after being shut down if all other digest nodes were also down at the time.

    • Changes to the state of IOC access on organizations are now reflected in the audit log.

    • Fixed an issue where release notes would not close when a release is open.

    • Browser storage is now cleared when initiating while unauthenticated.

    • Prevent unauthorized analytics requests being sent.

    • Fixed incorrect results when searching through saved queries and recent queries.

    • Fixed an issue where some regexes could not be used.

    • Fixed an issue where a failing event forwarder would be cached indefinitely and could negatively impact Humio performance.

    • Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.

    • Addressed an issue causing Humio to sometimes error log an ArrayIndexOutOfBoundsException during shutdown.

    • Fixed an issue where a dashboard installed with a YAML file could be slightly different than what was specified in the file.

    • Fixed an issue where comments spanning multiple lines wouldn't be colored correctly.

    • When creating or updating an action, the backend now verifies that the host url associated with the action is prefixed with either 'http://' or 'https://'. This affects Actions of the type: Webhook, OpsGenie, Single-Channel Slack and VictorOps.

    • Fixed an issue where certain problems would highlight the first word in a query.

    • No longer return the "Query Plan" in responses, but return a hash in the new field hashedQueryOnView instead. The plan could leak information not otherwise visible to the user, such as query prefixes being applied.

    • Fixed an issue causing Humio running on Java 16+ to return incorrect search results when the input query contains Unicode surrogate pairs (e.g. when searching for an emoji).

    • When performing jobs triggered via the Redact Events API, Humio could restart queries for unrelated views until the delete job completed. This has been improved, so only views affected by the delete will be impacted.

    • Changed field type for zip codes.

    • Fixed an issue where the web client could start queries from the beginning of time when scrolling backwards through events in the UI.

    • Errors on alerts, which are shown in the alert overview, are now only cleared when either the alert query is updated by a user or the alert triggers. Previously, errors that occurred when actions were triggered would be removed when the alert no longer triggered. Now, they will be displayed until the actions trigger successfully. On the other hand, errors that occur when running the query may now remain until the next time the alert triggers, where they would previously be removed as soon as the query run again without errors. This change was reverted in 1.33.1.

    • Use a fresh (random) name for the tmp folder below the datadir to ensure that it is a proper subdir of the datadir and not a mount point.

    • Fixed an issue where clicking on the counters of parsed events on the Parsers page would open an empty search page, except for built-in parsers. Now, it correctly shows the latest parsed events for all parsers (except package parsers).

    • Crash the node if any of a number of critical threads die. This should help prevent zombie nodes.

    • Remove the ability to create ingest tokens and ingest listeners on system repositories.

Humio Server 1.32.8 Stable (2022-03-09)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.32.8Stable2022-03-092023-03-091.16.011NoNo
JAR ChecksumValue
MD594782d07a7feda72ffc831747e6740f1
SHA18c1afb6e1b4fe6e5eabe30823e7705b7a03a7af5
SHA25676eaa3581ad45443af93dd9e6f92f51142bdc082ba8af234b0ffc7f4346ef630
SHA5126929950a72ee073402aea63a3acc016b15ae435ba5c9cf4c24b94fbf51af01c4ccfa4da223374527b597c154f0ca72a114feb0ec45bfae55fad8be17645bccf5
Docker ImageSHA256 Checksum
humiod8f1892f444ab53d2e94419a096978da0eba8d7a995096d9b6f031162fd3bb3c
humio-core49d2631113684a8fc8b3ad53e5545a661961607a3033357ee977ce50d0b49f0a
kafka3bbbaec63eb2ca089800172d94e95f6bb84266dcbac3e76217f50c4169133546
zookeeper9830902ac961b08c778f38b8714dcfab6be076c1acc5366db459a8560cb6eb61

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.8/server-1.32.8.tar.gz

Updated dependencies with security fixes and weakness and improved performance.

Bug Fixes

  • Security

    • Updated dependencies to Akka to fix CVE-2021-42697.

    • Updated dependencies to jawn to fix CVE-2022-21653.

  • Summary

    • Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.

    • Performance improvements of Ingest and internal caching.

    • Fixes issue with epoch and offsets not always being stripped from segments.

Humio Server 1.32.7 Stable (2022-01-06)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.32.7Stable2022-01-062023-01-061.16.011NoNo
JAR ChecksumValue
MD530080b4b84bb4aba37eb11023019bd78
SHA1c53f4ac43beee249a68c90cae62d0b768b1284d7
SHA256192b0554f6cbdfd5853cc90d8a418497df800da85bc0795238fc359aae8fa309
SHA5120119341a2d041b0143a849881279274b7aef6589e8f90730907401562d03c631065bdb6f3e567b9cdffe31e572c570414f9386ef12e39ffaefdb4a8a5d70f479
Docker ImageSHA256 Checksum
humioc286be555ee8e333acaa87ff010a8b6ecda18cd57c57b2925513b300792c021c
humio-corec1efbc9ae9dd76ccbaa674e63ff0029625724c1bb82f3b759cf692f65b3861fc
kafkae0d67223acc40bc46d9205286655b28e5c5adfdacbd86441e57e4939113805ee
zookeeperc5a7a9ab2dc6be82defe163499b943b727697a3e5d06fc8ead128240e596beb9

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.7/server-1.32.7.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

  • Security

    • Updated dependencies to log4j 2.17.1 to fix CVE-2021-44832 and CVE-2021-45105

    • Updated dependencies to Netty to fix CVE-2021-43797

  • Summary

    • Updated dependencies to Jackson to fix a weakness

Humio Server 1.32.6 Stable (2021-12-15)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.32.6Stable2021-12-152022-12-151.16.011NoNo
JAR ChecksumValue
MD57faf420472dbc06536e7478f9b62ab9b
SHA177ab5617ec6a9ea24d5db93d82e44a6baa9b8bc2
SHA256f77c2758074e6ed3b0543531e8ad8ca8a62b934484ee2ac820eabcdd9c572b20
SHA512777a8f6e1f2371aea2f9aaeed46633c5c0837e96b1a902433adb7ad8fd98efdaf0f1b21fbae5c8ddb9b5099c4f85e70a0d5a7e9ca00a47b2f2293c9b37c129fe

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.6/server-1.32.6.tar.gz

Security fix related to log4j logging, and fix compatibility with Filebeat.

Bug Fixes

  • Security

    • Updated dependencies to log4j 2.16 to remove of message lookups (CVE-2021-45046)

  • Summary

    • Fixed issue where streaming (exporting) query results in JSON format could include extra "," characters within the output.

Humio Server 1.32.5 Stable (2021-12-10)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.32.5Stable2021-12-102022-12-101.16.011NoNo
JAR ChecksumValue
MD5e4475e8c2f6623ff22465ccd59bbfb8a
SHA15affbdbd10674259ec178db75171d73eb2835f1d
SHA25692c0261e328c43f0ba46ffaa72fc5e8a1ef075438759286ab00ea5dbb5b5ca30
SHA512e698dd4a2aa8c85ca3d89cc596e05677106d509082f816e46b3dca6b4b3313690d4c41c3a5b5529d08d91e51ebbfb3f9217e7830d1f4ade54fd79b40f366f449

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.5/server-1.32.5.tar.gz

Security fix related to log4j logging.

Bug Fixes

  • Security

    • Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).

Humio Server 1.32.4 Stable (2021-12-10)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.32.4Stable2021-12-102022-12-101.16.011NoNo
JAR ChecksumValue
MD5237975851200cd2a21b749ea3994f307
SHA10e6acfcbc13150c83861af51798d8f4510de7bb4
SHA25699a86034dc2e26f0779a64a11633563f59dbc94959b85f80f996e5c267053ae4
SHA512aba67fee43c26d832cc9fb0a5ce3af0faabb596bc33c597eaba83f8f7d3e7da1ec61f6554c257ca7063991a802fdd4149f90e25db856751ca538c1d2f5262a40

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.4/server-1.32.4.tar.gz

Security fix related to log4j logging, and fix compatibility with Filebeat.

Bug Fixes

  • Security

    • Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).

    • Fixed a compatibility issue with Filebeat 7.16.0

Humio Server 1.32.3 Stable (2021-12-01)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.32.3Stable2021-12-012022-12-011.16.011NoNo
JAR ChecksumValue
MD5a930565c1e42104fcf6b963089db33ec
SHA1b4818b51348ae64bf79104813d89fb34ec183a71
SHA256a100e4eb4161b0dc01ac745dffd5bb22839c557fd120f2ddb8359981558af5d5
SHA512fb2439171324b098a870bb143e4442bacd007c0f18c2fce9ead458e6f05d8672f3f4309e4c59c7b74a6c74763b6936707f67f36eb645847f0daaee75badd4f9a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.3/server-1.32.3.tar.gz

Bug fix to resolve problem with clusters using bucket storage.

Bug Fixes

  • Summary

    • Fixed an issue that would result in a query not completing when one of the involved segments was deleted locally while the query was running. This could happen on clusters using bucket storage with more data than fits the local disks.

Humio Server 1.32.2 Stable (2021-11-19)

VersionTypeRelease DateEnd of SupportUpgrades FromJDK CompatibilityData MigrationConfig. Changes
1.32.2Stable2021-11-192022-11-191.16.011NoNo
JAR ChecksumValue
MD5098c372a532df86516d89e7d257f86b6
SHA1ea67955c0cad253a0278fe408fcce7d300491455
SHA256f2289d4bf0321e0dde905a8d4148d709e5ac846fdd055c7133172f5d33ef9fe0
SHA5121bb52a2333339201a7c56f2d0d93997e60ea5b62d5b2ec1dc9f84d812b50c3e5ebca8039de029ecdb14e00885f9e9965532acc13dd339589a45a836a5548b849

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.2/server-1.32.2.tar.gz

Critical bug fix regarding version dependency, and race conditions.

Bug Fixes

  • Summary

    • Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.

    • Updated a dependency to a version fixing a critical bug.

Humio Server 1.32.1 Stable (2021-11-16)