Humio Server 1.2.5 Archive (2019-01-09)

VersionTypeRelease DateEnd of SupportUpgrades FromData MigrationConfig. Changes
1.2.5Archive2019-01-092019-11-191.2.0NoNo
JAR ChecksumValue
MD57d419a81a0a59bcfb2dc0b6cc02bbdb3
SHA107d793802c31377f8a60ea0bec52a351176ed948
SHA256419cadb92f32a3c4f8275c5d2b303c979e4f7fbe5c676d6396f6f40710771f9c
SHA512cbe4a472c820225a4dff2c8145bf485b819172af6b0295a18593c4e90e7b16233bc069af9a2c030bef586bd32f38bbd60fa33b5be2fac798bfe17c4716bc1e7c

Maintenance Build

Bug Fixes

  • Summary

    • Allow * as fields for lowercase function to allow lower casing all field names and values. Recommended use case is in the ingest pipeline as this is an expensive operation.

    • Humio will by default write threaddumps to the file humio-threaddumps.log every 10 seconds. This is configurable using the configuration parameter DUMP_THREADS_SECONDS. Before this was disabled by default.

    • HEC protocol now accepts data at "/services/collector" url too. And accepts authorization in the form of a "Authorization" header with any realm name, as long as the token is a valid Humio token. This allows using e.g fluentd and other software to ship to Humio using HEC.

    • If the parser ends up setting a timestamp before 1971, or does not set a timestamp, use now as timestamp for the ingested event. Same for timestamps more than 10 seconds into the future.

    • Added new query functions lower and upper.

    • Query performance improved by fixing a bottleneck that was noticeable on CPUs with more than 16 cores.

    • Basic auth (used mostly on ingest endpoints) now allows putting the token into the password field instead of the username field. Use of the password field is recommended as some software treats the password as secret and the username as public.

    • Segments with blocks where all timestamps are zero were reported as broken when trying to read them.

    • Timeouts on the http endpoint have been changed from 60s to infinite. This allows exporting from queries that hit very little data, e.g. a live query that receives one event every hour.

    • Audit-logging did not happen for queries using the "/query" endpoint i.e. using the export button in the UI.

    • When running with PREFIX_AUTHORIZATION_ENABLED=true Alerts and Shared dashboards now run as the user who saved them, restricted to those prefixes that the users has at the time the query starts.