Preview Release

Below is the latest Preview release of Humio. If you want to see the latest Stable release, go to the Stable Release page. For a list of all releases, Preview and Stable releases, go to the Release Notes page.

Note

Remember, the way to distinguish between Preview and Stable releases is based on the minor revision number for the release. Even numbers indicate stable releases; odd numbers a are a preview of the stable release that will follow it. See the Understanding Releases and Notes page for a more detailed explanation of this numbering system.

Humio 1.31.0

Scheduled search out of beta

Version

Type

Release Date

End of Support

Upgrades From

Data Migration

Config. Changes

1.31.0

Preview

2021-09-27

Next Stable Version

1.16.0

No

Yes

JAR Checksum

Value

MD5

4b4b4411d930d00275bc3a412c0c5c50

SHA1

ca22652ca303a162f81711f43977e14e528f6e85

SHA256

908a907b5c1ffbdce667b932daea0aab46a8ece4e164072f5bae0eb77d3bdd6f

SHA512

bbc65ea8641ac3d9910da4a9dcda0c1817d2a8acc2e81491a389d2671af7e57c12f019ad71af7309d4ad68b67997a6cbd3b0fba3a2048f07b7c7567abd05b8ae

Humio tarball

We now distribute Humio as a tarball in addition to the fat jar format we’ve previously used. We will continue to distribute the fat jar for the time being. The tarball includes a launcher script, which will set a number of JVM arguments for users automatically. We believe this will help users configure Humio for good performance out of the box.

Search performance via hashfilter-first on segments in buckets

Some searches, including regex and literal string matches, now allow searching without fetching the actual segment files from the bucket, in case the segment is only present in the bucket and not on any local disk. Humio now fetches the hash filter file and uses that to decide if the segment file may have a match before downloading the segment file in this case.

Packages are more powerful

Humio packages can now carry scheduled searches, all types of actions, and files with lookup data (either CSV or JSON formatted). Additionally, we have improved the UI for managing packages, to make it easier to find the package you are looking for. This also marks the point where packages are brought out of beta.

Change Log

  • Amended an internal limit on how many segments can be fetched from bucket storage concurrently. The old limit was based on the number of running queries. The new limit is 32.

  • Cloning an asset now redirects you to the edit page for the asset for all assets.

  • Creating a new dashboard now opens it after creation.

  • Fixed a bug causing the disk space job to use an expensive code path even when a cheaper one was available.

  • Fixed a bug on queries that triggered an error while executing due to the input (such as a regex that exceeds limits on execution time) could result in the client getting 404 as status on poll, where it should get 400.

  • Fixed a bug where a 404 Not Found status on an internal endpoint would be incorrectly reported as an 401 Unauthorized.

  • Fixed a bug where a hidden field named “#humioAutoShard” would sometimes show up in the field list.

  • Fixed a bug which potentially have caused alerts to not re-fire after the throttle period for field-based throttling had passed.

  • Fixed an issue that caused some errors to be hidden behind a message about “internal error”.

  • Fixed an issue that caused some metrics of type gauge to be reported with a wrong value.

  • Fixed an issue that could cause UploadedFileSyncJob to crash if an uploaded file went missing.

  • Fixed an issue that could cause cluster nodes to crash when growing the number of digest partitions.

  • Fixed an issue where Humio attempted to fetch global from other nodes before TLS was initialized.

  • Fixed an issue where Humio would create a broken hash file for the merge result when merging minisegments that did not originally have hash files.

  • Fixed an issue where Humio would create auxiliary files (hash files) for segments unnecessarily when moving segments between nodes.

  • Fixed an issue where Shift+Enter would select the current completion rather than adding a newline.

  • Fixed an issue where certain problems highlighted the first word in a query, not the location of the problem.

  • Fixed an issue where it was possible to submit queries to the Delete Events API that were not valid for that API. Only pure filtering queries are allowed.

  • Fixed an issue where metrics of type gauge with a double value were not reported to the humio-metrics repository, but only to the humio repository.

  • Fixed an issue where new groups added to a repository got a query prefix that disallowed search. The default is now to allow search with the queryprefix *.

  • Fixed an issue where the DiskSpaceJob could continue tracking segments if they were deleted from global, but the files were still present locally.

  • Fixed an issue where the DiskSpaceJob could mark segments accessed slightly out of order during boot.

  • Fixed an issue where the {time_zone} message template for actions would show a full description of the scheduled search instead of only the time zone.

  • Fixed an issue where the global consistency check job would fail to perform the consistency check, instead logging lines like “Global dump requested but global had expired”. This line can still occur, but only when the consistency check takes too long.

  • Fixed an issue where the job responsible for deleting segment files off nodes was not deleting as many segments as it should.

  • Fixed an issue where the job responsible for deleting segment files off nodes was not running as often as expected.

  • Fixed an issue where the query scheduler would spend too much time “shelving” queries, and not enough on getting them executed, leading to little progress on queries.

  • Fixed an issue where top() with max= can yield the same key multiple times (ei. …| top([queryId, query], max=totalSize)).

  • Fixed an issue where, looking at GraphiQL, the dropdown from the navigation menu was partially hidden.

  • Fixed an issue with the split() function which caused incorrect (usually, too few) query results in some cases where the output fields were refered to later in the query.

  • Fixed thread safety for a variable involved in fetching from bucket storage for queries.

  • Global snapshots are now uploaded to bucket storage more often when there are a lot of updates to it, leading to shorter replay times on startup.

  • Introduced a check for compatibility for packages and humio versions.

  • Removed an old Cloud Signups page. The page is not necessary since organizations were implemented for the Cloud environments.

  • Reworded a confusing error message when using the top() function with a limit parameter exceeding the limits configured with TOP_K_MAX_MAP_SIZE_HISTORICAL or TOP_K_MAX_MAP_SIZE_LIVE.

  • Security when viewing installed packages and packages on the marketplace are now less strict. Permissions are still required for installing and uninstalling packages.

  • Split package export page into dialog with multiple steps.

  • The DiskSpaceJob no longer initializes based off of the segment last-modified timestamp, this only happens if no access order snapshot is stored locally. If a snapshot is present, we trust that.

  • The DiskSpaceJob now removes newly written backfilled segments off the local disk before it chooses to remove non-backfilled segments.

  • The simple and advanced permission model has been merged, thus allowing users who were using the simple permission model to create their own permission roles and groups, create groups with default roles, and all other features that were previously only available in advanced permissions mode.

  • Truncate long user names on the Users page.

  • Updated Elastic ingest endpoint to accept ‘create’ operations in addition to ‘index’ operations. Both operation types result in the same ingest behavior. This update was added as Fluent-Bit v1.8.3 began using the ‘create’ operation rather than ‘index’ for ingest.

  • Updated Slack action for messaging multiple channels, so it propogates errors when triggered. Previously errors were ignored.

  • Updated dependencies with security fixes.

  • Updated the examples on how to use the Query Function match() query function in the inline documentation.

  • Updated the new asset dialog button text so that it will say ‘Continue’ when an asset will not be created directly.

  • When a search is able to filter out segments based on the hash filter files, and a segment file is not present locally on any node, fetch only the hash filter at first, evaluate that, and only if required, fetch the segment file. This speeds up searches that target segments only present in bucket storage and that have search filters that generate hash filter checks, such as regex and literal text comparisons.

  • When accessing Humio through a URL with either a repository or view name in it and using an ingest token, it is now checked that the view on the token matches the repository or view in the URL, and a 403 Forbidden status is returned, if not.

Improvements

  • Added loading and error states to the page where user selects to create a new repository or view.

  • Added Dark Mode for Query Monitor page.

  • Added a Data subprocessors page under account.

  • Added explicit distribution information for elastic bulk API for elasticsearch API compatibility.

  • Added focus states to text field, selection and text area components.

  • Added maximum width to tabs on the Group page, so they do not keep expanding forever.

  • Added support for importing packages with CSV and JSON files. Exporting packages with files is not fully supported yet, but will be in a future release.

  • Added support for including dashboard and alert labels when exporting a package.

  • Allow launching using JDK-16.

  • Humio docker images is now based on the Alpine linux.

  • Improved audit log for organization creation.

  • Improved handling of local disk space relative to LOCAL_STORAGE_MIN_AGE_DAYS: When the local disk would overflow by respecting that config, Humio can now delete the oldest local segments that are present in bucket storage, even when they are within that time range.

  • Improved search for users page.

  • Improved performance in IP database lookups for the functions ipLocation(), asn() and worldMap().

  • Package installation error messages are now much more readable.

  • You can now export and import packages containing any of the action types: Webhook, Email, Humio Repo, Pager Duty, Slack, Slack multi channel, Ops Genie and Victor Ops.

GraphQL API Changes

  • Added a GraphQL mutation “cancelDeleteEvents” that allows cancelling a previously submitted deletion. Cancellation is best-effort, and events that have already been deleted will not be restored.

  • Added information about the use of preview fields in the result from calling the GraphQL API. The information will be in the field extensions.preview and will be a list of objects with a name and reason field.

  • Extended ‘Relative’ field type for schema files to include support for the value ‘now’.

  • Deprecates the copyFile GraphQL mutation, as it is no longer used. If you use this mutation, please let us know.

  • Deprecates the installPackageFromRegistry and updatePackageFromRegistry GraphQL mutations in favor of installPackageFromRegistryV2 and updatePackageFromRegistryV2.

  • Deprecates the package field on the SearchDomain GraphQL type, in favor of packageV2. The new field has a simpler and more correct return type.

  • Deprecates the two GraphQL fields id and contentHash on the File type. The two fields are considered unused, so no alternatives are provided. If you rely on them, please let us know.

  • The GraphQL DateTime type now supports non-UTC time. Timestamps like 2021-07-18T14:13:09.517+02:00 are now legal, and will be converted to UTC time internally.

  • The fileName, displayName, and location GraphQL fields on the UploadedFileSnapshot type are deprecated in favor of the new nameAndPath field.

  • The name, displayName, and location GraphQL fields on the File type are deprecated in favor of the new nameAndPath field.

  • When using the GraphQL field allowedViewActions, the two previously deprecated actions ChangeAlertsAndNotifiers and ReadEvents are no longer returned. Look for their replacements ChangeTriggersAndActions and ReadContents instead.

Configuration Changes

  • Added compatibility mode for using IBM Cloud Object Storage as bucket storage via S3_STORAGE_IBM_COMPAT

  • The Scheduled Searches feature is no longer in beta and can be used by all users without enabling it first

  • On a node configured as USING_EPHEMERAL_DISKS=true allow the local disk management deleting files even if a query may need them later, as the system is able to re-fetch the files from bucket storage when required. This improves the situation when there are active queries that in total have requested access to more segments than the local disk can hold.

UI Changes

  • Breadcrumbs are aligned across all pages and show the package name with a link when viewing or editing an asset from a package.

  • Cluster management pages style updates.

  • Fixed some styling issue on Query Quotas page.

  • Identity provider pages style update.

  • Removed the pop-up link to edit an alert or scheduled search when on the form page. This link is only relevant when creating an entity from the search page via a dialog.

  • The left navigation menu hides, and can be opened again, for mobile devices, on organization settings pages and repository settings pages.

  • The signup path was removed, together with the corresponding pages.

  • Updated design for Package Marketplace and Installed Packages to make them easier to use and more consistent.

  • Updated the style of the email action template and made the wording used dependent on whether an alert or scheduled search was triggered.

Scheduled search

  • Fixed an issue with using the browser back button while “advanced editing” the query text of a scheduled search or an alert would hide the blue bar that allows saving the query.

  • Improved error handling when running scheduled searches, so that a failed schedules search will be retried as long as it is within the [backfill limit](https://library.humio.com/preview/docs/automated/scheduled-search/#backfill-limit).

  • Warnings when running scheduled searches now show up as errors in the scheduled search overview page if [SCHEDULED_SEARCH_DESPITE_WARNINGS](https://library.humio.com/preview/reference/environment-variables/#var-scheduled-search-despite-warnings) is set to ‘false’ (the default).

  • Scheduled search “schedule” field is now validated, showing accurate help for each part of the crontab expression.

  • Scheduled search “schedule” is explained using human readable text such as “At 9.30 on Tuesdays”.

  • The test action functionality no longer uses alert terminology, as actions can be invoked from both alerts and scheduled searches. Also, it is now possible to also test the scheduled search specific message templates using it.

  • When selecting actions for alerts or scheduled searches, the actions are now grouped by the package they were imported from.