Published on 2020-11-26 00:00:00

Humio 1.18.0

Repeating Queries, Search Result Caching and New Query Functions

Version

Type

Release Date

End of Support

Upgrades From

Data Migration

Config. Changes

1.18.0

Stable

2020-11-26

2021-11-26

1.16.0

No

Yes

JAR Checksum

Value

MD5

0525cf2284207efde5655fd9174c411f

SHA1

9d28fc3e60a033c27746584ac10fd5abedb2af69

SHA256

5f2a5cfa60bc13c859caa2e07a1dbd3a907d15483cc7d5829d02646f8350d61c

SHA512

be22b5126137fa75d0d5ac5a870c716fadee85155bb58822d710397e633de9acbb060c7500f46031a3996e826c5d3b3ee5c0b0c1d572b3944f1be5ebc05cffca

TGZ Checksum

Value

MD5

0525cf2284207efde5655fd9174c411f

SHA1

9d28fc3e60a033c27746584ac10fd5abedb2af69

SHA256

5f2a5cfa60bc13c859caa2e07a1dbd3a907d15483cc7d5829d02646f8350d61c

SHA512

be22b5126137fa75d0d5ac5a870c716fadee85155bb58822d710397e633de9acbb060c7500f46031a3996e826c5d3b3ee5c0b0c1d572b3944f1be5ebc05cffca

Important Information about Upgrading

This release promotes the latest 1.17 release from preview to stable.

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.18.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded to minimum 1.16.0 before trying to upgrade to 1.18.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer, rolling directly back to an earlier release can result in data loss.

Repeating Queries

Humio can now run repeating queries using the beta:repeating() function. These are live queries that are implemented by repeatedly making a query. This allows using functions in alerts and dashboards that typically do not work in live queries, such as selfJoin() or selfJoinFilter(). See the beta:repeating() reference page for more information.

Improved Security for Alerts

In order to prevent alert notifiers being used to probe services on the internal network (eg. Zookeeper or the AWS metadata service), Humio now has an IP filter on alert notifiers. The default is to block access to all link-local addresses and any addresses on the internal network; however, you can opt-in to the old behavior by setting the configuration option IP_FILTER_NOTIFIERS to allow all. See IP Filter documentation.

New Experimental Query Function series()

A new experimental query function called series() has been added. It needs to be explicitly enabled on the cluster using the config option SERIES_ENABLED=true.

The function series() improves upon session() and collect() for grouping events into transactions. What used to be done with: groupby(id, function=session(function=collect([fields, …]))) can now be done using: groupby(id, function=series([fields, ..])).

See series() reference page for more details.

Search Result Caching

This new feature stores a copy of live search results to the local disk in the server nodes, and reuses the relevant parts of that cached result when an identical live search is later started. Caching is controlled with the config option QUERY_CACHE_MIN_COST, which has a default value of 1000. To disable caching, set the config option to a very high number, such as 9223372036854775807 (max long value).

Details

To see more details, go through the individual 1.17.x release notes (links in the changelog).

Change Log

  • Major changes (see 1.17.0 release notes)

  • Removed config IDLE_POLL_TIME_BEFORE_DASHBOARD_QUERY_IS_CANCELLED_MINUTES. Queries on dashboards now have the same life cycle as other queries.

  • Changed behaviour when the config ZONE is set to the empty string. It is now considered the same as omitting ZONE.

  • Fixed a bug where TCP listener threads could take all resources from HTTP threads