Humio Server 1.34.0 Stable (2021-12-15)
|Version||Type||Release Date||End of Support||Upgrades From||Data Migration||Config. Changes|
1.34 REQUIRES minimum version 1.26.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.26.0+ first. After running 1.34.0 or later, you cannot run versions prior to 1.26.0.
Improvements, new features and functionality
Added autofocus to the first field when opening a dialog using the save as functionality from the Search page.
Validation error messages are now more precise and have improved formatting.
Added maximum width to tabs on the Group page, so they do not keep expanding forever.
Updated the links for Privacy Notice and Terms and Conditions.
Added buttons for stopping all queries, streaming queries, and historical queries from inside the query monitor.
The overall look of message boxes in Humio has been updated.
Dark mode is officially deemed stable enough to be out of beta.
Disable actions if permissions are handled externally.
Allow resize of columns in the event list by mouse.
Added three GraphQL mutations for stopping queries: stopAllQueries, stopStreamingQueries, and stopHistoricalQueries.
The GraphQL field isEventForwardingEnabled on the HumioMetadata type is deprecated, as it is no longer in use internally. If you rely on this, please let us know.
Changed old personal user token implementation to hash based.
Added 2-phase migration that will allow old user api tokens to be used and clean global from secrets after a 30 day period.
Renamed the deleteEvents related GraphQL mutations and queries to redactEvents. The redactEvents API is intended for redacting sensitive data from a repository, not for bulk deletion of events. We think the new name invites fewer misunderstandings.
Added GraphQL mutation clearRecentQueries which a user can run to clear their recent queries in a specific view or repository.
When checking if the ViewAction.EventForwarding action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if the event forwarding is not enabled on the server.
kvParse()query function can now parse unquoted empty values using the new parameter separatorPadding to specify if your data has whitespace around the key-value separator (typically =). The default is "Unknown", which will leave the functionality of the function unchanged.
Query validation has been improved to include several errors which used to first show up after submitting search.
It is now possible to create actions, alerts, scheduled searches, and parsers from Yaml template files.
A compressed segment with a size of 1GB will now always count for retention as 1 GB. Previously, a compressed segment with a size of 1GB might count for more than 1GB when calculating retention, if that segment had more replicas than configured. The effect on the retention policy was that if you had configured retention of .0GB compressed bytes, Humio might retain less than .0GB of compressed data if any of those segments had too many replicas.
Added validation and a more clear error message for queries with a time span of 0.
It is now possible to ingest logs into Humio using LogStash v.7.13 and upwards.
Added a communityID function for calculating hashes of network flow tuples according to the [Community ID Spec](https://github.com/corelight/community-id-spec).
Added a minSpan parameter to timechart() and bucket(), which can be used to specify a minimum span when using a short time interval.
Added metric for the number of currently running streaming queries.
Retention based on compressed size will no longer account for segment replication.
Improved handling of multiple nodes attempting to create views with the same names at the same time, as might happen when bootstrapping a cluster.
Improved the error reporting when installing, updating or exporting a package fails.
Added query function math:arctan2 to the query language.
Added Australian states to the States dropdown.
Node roles can now be assigned/removed at runtime.
Refactored query functions join, selfjoin, and selfjoinfilter into user-visible and internal implementations.
Added support in the humio event collector for organization- and system-wide ingest tokens and the ability to use a parser from a different repo than the one being ingested into.
Added a precondition that ensures that the number of ingest partitions cannot be reduced.
Improved partition layout auto-balancing algorithm.
Reword regular expression related error messages.
Prepopulate email field when invited user is filling in a form with this information.
Reduce limit on number of datasources for sandbox repositories created when a user is created to .0 by default.
Improved performance of the query functions drop() and rename() by quite a bit.
Added "export as yaml" function to the list pages of parsers, actions and scheduled searches.
Added checksum verification within hash filter files on read.
New metric: ingest-request-delay. Histogram of ingest request time spent being delayed due to exceeding limit on concurrent processing of ingest (milliseconds).
Minor optimization when using groupBy with a single field.
Added management API to put hosts in maintenance mode.
Query editor: improved code completion of function names.
Made the transfer coordinator display more clear errors instead of an internal server error for multinode clusters.
Create, update, and delete of dashboards is now audit logged.
Improved shutdown logic slightly, helping prevent thread pools from getting stuck or logging spurious errors during shutdown.
Improved error messages when an invalid regular expression is used in replace.
Added new metric: bucket-storage-upload-latency-max. It shows the amount of time spent for the event that that has been pending for upload to bucket storage the longest.
Fixed an issue on sandbox renaming, that would allow you to rename a sandbox and end up in a bad state.
Fixed a bug where query coordination partitions would not get updated.
Use a fresh (random) name for the tmp folder below the datadir to ensure that it is a proper subdir of the datadir and not a mount point.
Removed a spurious warning log when requesting a non-existent hash file from S3.
Alerts and scheduled searches are now enabled per default when created. The check disabling these entities if no actions are attached has been replaced with a warning, which informs a user that even though the entity is enabled, nothing will trigger since no actions are attached.
Fixed an issue on on-prem trial license that would use user count limits from cloud.
Changed field type for zip codes.
Fixed an issue when adding a group to a repository or view than an error message is displayed when the user is not the organization owner or root.
Fixed an issue where a digest node could be unable to rejoin the cluster after being shut down if all other digest nodes were also down at the time.
Updated dependencies to log4j 2.16 to remove of message lookups (CVE-2021-44228 and CVE-2021-45046)
Fixed styling issue on the search page where long errors would overflow the screen.
Fixed an issue where missing undersized segments in a datasource might cause Humio to repeatedly transfer undersized segments between nodes.
Support Java 17.
Remove the ability to create ingest tokens and ingest listeners on system repositories.
Fixed a bug where invalid UTF-16 characters could not be ingested. They are now converted to 'ufffd'.
Crash the node if any of a number of critical threads die. This should help prevent zombie nodes.
When a digester fails to start, rather than restarting the JVM as previous releases did, keep retrying to start assuming that the issue is transient, such as data for a single ingest partition being unavailable for a short while. While in this situation the process reports the metric for ingest latency on the affected partitions as being uptime of the JVM process at this point. The idea is to signal that data is not flowing on those partitions, so that a monitored metric can raise an alarm somewhere. In lack of a proper latency in this situation, it's better to have a growing non-zero metrics than having the metrics being zero.
Fixed an issue where certain problems would highlight the first word in a query.
Fixed an issue where error messages would show wrong input.
Fixed an issue where streaming (exporting) query results in JSON format could include extra "," characters within the output.
Fixed an issue where clicking on the counters of parsed events on the Parsers page would open an empty search page, except for built-in parsers. Now, it correctly shows the latest parsed events for all parsers (except package parsers).
Fixed an issue where the segment merger would write that the current node had a segment slightly before registering that segment in the local node.
Changes to the state of backend feature flags are now reflected in the audit log.
Fixed an issue in the interactive tutorial.
Fixed an issue where OIDC without a discovery endpoint would fail to configure if OIDC_TOKEN_ENDPOINT_AUTH_METHOD was not set.
When checking if the ViewAction.ChangeRepoConnections action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a repository, as the action only makes sense on views.
Fixed an issue causing Humio running on Java 16+ to return incorrect search results when the input query contains Unicode surrogate pairs (e.g. when searching for an emoji).
No longer return the "Query Plan" in responses, but return a hash in the new field hashedQueryOnView instead. The plan could leak information not otherwise visible to the user, such as query prefixes being applied.
Fixed an edge case where Humio might create multiple copies of the same datasource when the number of Kafka partitions is changed. The fix ensures only one copy will be created.
Alerts and scheduled searches are no longer run on cloud for organizations with an expired trial license, and on-prem for any expired license.
Changes to the state of IOC access on organizations are now reflected in the audit log.
Fixed a compatibility issue with Filebeat 7.16.0
When performing jobs triggered via the Redact Events API, Humio could restart queries for unrelated views until the delete job completed. This has been improved, so only views affected by the delete will be impacted.
Fixed an issue where some regexes could not be used.
Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
Fixed a number of stability issues with the event redaction job.
Fixed a bug where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there were too many datasources in the repo. This led to a crash loop when the affected node was restarted.
The field vhost in internal Humio logging is now reserved for denoting the host logging the message. Other uses of vhost now uses the field hostId.
Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.
Fixed an issue where an alert would not be throttled until after its actions had completed, which could make the alert trigger multiple times shortly after each other if an action was slow. Now, the alert is throttled as soon as it triggers.
Fixed an issue where comments spanning multiple lines wouldn't be colored correctly.
Prevent unauthorized analytics requests being sent.
Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
Fixed a bug in the validation of the ‘bits’ parameter of hashMatch() and hashRewrite().
Fixed an issue where sort() would cause events to be read ina non-optimal order for the entire query.
Fixed an issue where a scheduled search failed and was retried, if it had multiple actions and at least one action was unknown to Humio. Now, the unknown action is logged, but the scheduled search completes successfully and continues to the next scheduled run.
Fixed an issue where the web client could start queries from the beginning of time when scrolling backwards through events in the UI.
Fixed an issue where series() failed to serialize its state properly.
Include view+parser-name in thread dumps when time is spent inside a parser.
When an alert query encounters a warning and Humio is not configured to trigger alerts despite warnings (ALERT_DESPITE_WARNINGS=true, see [docs](https://library.humio.com/preview/docs/automated/alerts/throttle-period/#errors-warnings)), the warning text will now be shown as an error message on the alert in the UI.
Fixed an issue where release notes would not close when a release is open.
Fixed an issue where a failing event forwarder would be cached indefinitely and could negatively impact Humio performance.
Fixed a bug where only part of the Users page was loading when navigating from the All organizations page.
Fixed a bug with the cache not being populated between restarts on single node clusters.
Browser storage is now cleared when initiating while unauthenticated.
Fixed some widgets on dashboards reporting errors while waiting for data to load.
When checking if the ViewAction.ChangeS3ArchivingSettings action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a view, as the action only makes sense on repositories.
When creating or updating an action, the backend now verifies that the host url associated with the action is prefixed with either 'http://' or 'https://'. This affects Actions of the type: Webhook, OpsGenie, Single-Channel Slack and VictorOps.
Fixed an issue where a dashboard installed with a YAML file could be slightly different than what was specified in the file.
Changed default package type to "application" on the export package wizard.
Temporary fix of issue with live queries not having first aggregator as bucket() or timechart(), but then later in the query having those as a second aggregator. As a temporary fix, such queries will fail. In later releases, this will get fixed more properly.
Fixed an issue that in rare cases would cause login errors.
Fixed an issue where the segment merger could mishandle errors during merge.
Fixed a bug where shared lookup files could not be downloaded from the UI.
Removed error query param from URL when entering Humio.
Fixed incorrect results when searching through saved queries and recent queries.
Addressed an issue causing Humio to sometimes error log an ArrayIndexOutOfBoundsException during shutdown.