Humio Server 1.25.0 Preview (2021-04-29)
|Version||Type||Release Date||End of Support||Upgrades From||Data Migration||Config. Changes|
There is a serious issue affecting larger clusters in this
release. The global inconsistency checker job can cause the
thread responsible for reading changes from global to hang. It
is possible to work around this by disabling the job using
This is fixed in 1.25.2 (and 1.26.0).
Improvements, new features and functionality
The query scheduler now prioritizes new queries started by a user based on the cumulative cost of recent queries started by that user. Added new configuration QUERY_SPENT_FACTOR with the default value 0.5, which defines the weight of recent query costs when scheduling. Higher values mean that users with high recent query costs will see their queries penalized harder in the scheduling.
updateSettingsGraphQL mutation has been marked as unstable, as it can control unstable and ephemeral settings.
Deprecates GraphQL fields
UserSettings.settingssince they are not used for anything anymore, and will be removed in a future release.
SearchDomain.viewerCanChangeConnectionsGraphQL field has been deprecated. Use
Removes the deprecated
SearchDomain.queriesGraphQL field has been deprecated. Use
S3_ARCHIVING_IBM_COMPATfor compatility with S3 archiving to IBM Cloud Object Storage.
SEGMENTMOVER_EXECUTOR_CORESallows tuning number of concurrent fetches of segments from other nodes to this node. Defaults to vCPU/8, must be at least 2.
When installing an application package, you sometimes had to refresh the page to get the assets in the package linked to their installed counter parts.
Fixed a bug where a scheduled search would be executed repeatedly, as long as at least one out of multiple actions was failing. Now, execution is only repeated if all actions are failing.
Fixed an issue where clicking the label of a parser rerouted erroneously
Added audit logging when assigning a parser to an ingest token or unassigning a parser from an ingest token. Added the parser name to all audit logs for ingest tokens.
Allow user groups to be represented as a json string and not only as an array when logging in with oauth.
Refreshing actions while creating alerts and scheduled searches now happens automatically, but can also be triggered manually using a button.
Reworked initialization of Humio's async listener infrastructure, to ensure that listeners do not miss any updates. This fixes a number of flakiness issues that could arise when a node was rebooted.
parseleef()function more robust and optimize its memory usage.
Some minor performance improvements in the ingest pipeline
Rework how Humio caches data from global. This fixes a number of data races, where Humio nodes could temporarily get an incorrect view of global.
Added documentation link to autocomplete description in the Humio search field
Improved error logging for event forwarding
Query poll responses meta data now include Query Quota spent for current user across queries. The cost so far of the current query was there already.
Fixed a bug that made it impossible to copy a parser to override a built-in parser.
Added a warning to the Cluster Nodes page that warns you if not all Humio servers are running the same Humio version.
The HEC ingest endpoint is no longer implicitly running
kvParse. This used to be the case when ingesting events of the form
"event" : "Log line...". If the ingested data is to be key-value parsed, add
kvParse()to the relevant parser for the input data.
Added IP ASN Database license information to the Cluster Administration page
Added a new query function:
Added new parameters
parseJson()to control how null and empty string values are handled.
Fixed a bug where
cidr()did not respect the
When running alerts and scheduled searches, all logging related to a specific alert or scheduled search will now be logged to the humio-activity repository, instead of the humio repository. Error logs will still be logged to the humio repository as well.
Changed the built-in
audit-logparser so that null values are stored as an empty string value. Previously, they were stored as the string "null". The defaults are consistent with the old behavior, so that null values become a "null" string and empty string values are kept.
Made it possible to delete a parser overriding a built-in parser, even though it is used in an ingest token.
Bumped minimum supported versions of Chrome and Chromium from 60 to 69 due to updated dependencies
Fixed a bug that made it possible to rename a parser to an existing name and thereby overwriting the existing parser.
When a query is cancelled, a reason for canceling the query is now always logged. Previously, this was only done if the query was cancelled due to an internal exception. Look for log lines starting with query is cancelled.