Full Release Notes Index

Falcon LogScale 1.137.0 Preview (2024-05-07)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.137.0	Preview	2024-05-07	Cloud	Next Stable	Yes	1.112	17-21	No	No

Bug fixes and updates.

Breaking Changes
The following items create a breaking change in the behavior, response or operation of this release.
Functions
The limit parameter has been added to the rdns() function. It is controlled by dynamic configurations RdnsMaxLimit and RdnsDefaultLimit. This is a breaking change addition due to incidents caused by the large implicit limit used before.
For more information, see rdns().

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
The following API endpoints are deprecated and marked for removal in 1.148.0:
POST /api/v1/clusterconfig/kafka-queues/partition-assignment
GET /api/v1/clusterconfig/kafka-queues/partition-assignment
POST /api/v1/clusterconfig/kafka-queues/partition-assignment/set-replication-defaults
The deprecated methods are used for viewing and changing the partition assignment in Kafka for the ingest queue. Administrators should use Kafka's own tools for editing partition assignments instead, such as the bin/kafka-reassign-partitions.sh and bin/kafka-topics.sh scripts that ship with the Kafka install.
The following GraphQL queries and mutations for interacting with parsers are deprecated and scheduled for removal in version 1.142.
Deprecated createParser mutation is replaced by createParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
fieldsToBeRemovedBeforeParsing can now be specified as part of the parser creation.
force field is renamed to allowOverwritingExistingParser.
sourceCode field is renamed to script.
tagFields field is renamed to fieldsToTag.
languageVersion is no longer an enum, but a LanguageVersionInputType instead.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
Deprecated removeParser mutation is replaced by deleteParser. The difference between the old and new mutation is:
The mutation returns boolean to represent success or failure, instead of a Parser wrapped in an object.
Deprecated testParser mutation is replaced by testParserV2(). The differences between the old and new mutation are:
The test cases are now structured types, instead of just being strings. To emulate the old API, take the test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
The new test cases can contain assertions about the contents of the output.
The mutation output is significantly different from before, as it provides more detailed information on how a test case has failed.
The mutation now accepts both a language version and list of fields to be removed before parsing.
The parserScript field is renamed to script.
The tagFields field is renamed to fieldsToTag.
Deprecated updateParser mutation is replaced by updateParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the `ParserTestEventInput` inside the `ParserTestCaseInput`, and they will behave the same as before.
sourceCode field, used to updating the parser script, is changed to the script field, which takes a UpdateParserScriptInput object. This updates the parser script and the language version together.
tagFields field is renamed to fieldsToTag.
The languageVersion is located inside the UpdateParserScriptInput object, and is no longer an enum, but a LanguageVersionInputType instead.
The repositoryName and id fields are now correctly marked as mandatory in the schema. Previously this wasn't the case, even though the mutation would fail without them.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The old mutation had a bug where it would overwrite the languageVersion with a default value in some cases, which is fixed in the new one.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
On the Parser type:
testData field is deprecated and replaced by testCases.
sourceCode field is deprecated and replaced by script.
tagFields field is deprecated and replaced by fieldsToTag.
For more information, see Parser, DeleteParserInput, LanguageVersionInputType, createParserV2(), testParserV2(), updateParserV2().
The HUMIO_JVM_ARGS environment variable in the Launcher Script script will be removed in 1.154.0.
The variable existed for migration from older deployments where the launcher script was not available. The launcher script replaces the need for manually setting parameters in this variable, so the use of this variable is no longer required. Using the launcher script is now the recommended method of launching LogScale. For more details on the launcher script, see Launcher Script. Clusters that still set this configuration should migrate to the other variables described at Override garbage collection configuration within the launcher script.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.

Improvements, new features and functionality

UI Changes
- Time zone data has been updated to IANA 2024a and has been trimmed to +/- 5 years from the release date of IANA 2024a.
Dashboards and Widgets
- A parameter panel widget type has been added to allow users to drag parameters from the top panel and into these panels. Also, a parameter's width is now adjustable in the settings.
Log Collector
- Fleet Management now supports ephemeral hosts. If a collector is enrolled with the parameter --ephemeralTimeout, after being offline for the specified duration in hours it will disappear from the Fleet Overview interface and be unenrolled. The feature requires LogScale Collector version 1.7.0 or above.
- Live and Historic options for Fleet Overview are introduced. When Live, the overview will show online collectors and continuously be updated with e.g. new CPU metrics or status changes. The Historic view will display all records of collectors for the last 30 days. In this case the overview will not be updated with new information.
  For more information, see Switching between Live and Historic overview.

Bug Fixes

Functions
- The query editor would mark the entire query as erroneous when count() was given with distinct=true parameter but missing an argument for the field parameter. This issue has been fixed.
- The query editor has been fixed as field auto-completions would sometimes not be suggested.

Falcon LogScale 1.136.0 Preview (2024-04-30)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.136.0	Preview	2024-04-30	Cloud	Next Stable	Yes	1.112	17-21	No	No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Removed
Items that have been removed as of this release.
Storage
The full JDK has been removed from the Docker images, leaving only the bundled JDK that is part of LogScale release tarballs.

Deprecation
Items that have been deprecated and may be removed in a future release.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
The following API endpoints are deprecated and marked for removal in 1.148.0:
POST /api/v1/clusterconfig/kafka-queues/partition-assignment
GET /api/v1/clusterconfig/kafka-queues/partition-assignment
POST /api/v1/clusterconfig/kafka-queues/partition-assignment/set-replication-defaults
The deprecated methods are used for viewing and changing the partition assignment in Kafka for the ingest queue. Administrators should use Kafka's own tools for editing partition assignments instead, such as the bin/kafka-reassign-partitions.sh and bin/kafka-topics.sh scripts that ship with the Kafka install.
The following GraphQL queries and mutations for interacting with parsers are deprecated and scheduled for removal in version 1.142.
Deprecated createParser mutation is replaced by createParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
fieldsToBeRemovedBeforeParsing can now be specified as part of the parser creation.
force field is renamed to allowOverwritingExistingParser.
sourceCode field is renamed to script.
tagFields field is renamed to fieldsToTag.
languageVersion is no longer an enum, but a LanguageVersionInputType instead.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
Deprecated removeParser mutation is replaced by deleteParser. The difference between the old and new mutation is:
The mutation returns boolean to represent success or failure, instead of a Parser wrapped in an object.
Deprecated testParser mutation is replaced by testParserV2(). The differences between the old and new mutation are:
The test cases are now structured types, instead of just being strings. To emulate the old API, take the test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
The new test cases can contain assertions about the contents of the output.
The mutation output is significantly different from before, as it provides more detailed information on how a test case has failed.
The mutation now accepts both a language version and list of fields to be removed before parsing.
The parserScript field is renamed to script.
The tagFields field is renamed to fieldsToTag.
Deprecated updateParser mutation is replaced by updateParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the `ParserTestEventInput` inside the `ParserTestCaseInput`, and they will behave the same as before.
sourceCode field, used to updating the parser script, is changed to the script field, which takes a UpdateParserScriptInput object. This updates the parser script and the language version together.
tagFields field is renamed to fieldsToTag.
The languageVersion is located inside the UpdateParserScriptInput object, and is no longer an enum, but a LanguageVersionInputType instead.
The repositoryName and id fields are now correctly marked as mandatory in the schema. Previously this wasn't the case, even though the mutation would fail without them.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The old mutation had a bug where it would overwrite the languageVersion with a default value in some cases, which is fixed in the new one.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
On the Parser type:
testData field is deprecated and replaced by testCases.
sourceCode field is deprecated and replaced by script.
tagFields field is deprecated and replaced by fieldsToTag.
For more information, see Parser, DeleteParserInput, LanguageVersionInputType, createParserV2(), testParserV2(), updateParserV2().
The HUMIO_JVM_ARGS environment variable in the Launcher Script script will be removed in 1.154.0.
The variable existed for migration from older deployments where the launcher script was not available. The launcher script replaces the need for manually setting parameters in this variable, so the use of this variable is no longer required. Using the launcher script is now the recommended method of launching LogScale. For more details on the launcher script, see Launcher Script. Clusters that still set this configuration should migrate to the other variables described at Override garbage collection configuration within the launcher script.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.

Improvements, new features and functionality

GraphQL API
- The querySearchDomains() query has been extended with the option to filter results by limit name as well as ordering results by limit name.
  For more information, see querySearchDomains().
Ingestion
- Parser test cases can now include assertions. This allows you to specify that you expect certain fields to have certain values in a test case after parsing, or that you expect certain fields to not be present at all. Note that the assertions are not exported as part of the YAML template yet.
  For more information, see Writing a Parser.
Log Collector
- Introducing Fleet Management Remote Updates allowing users to install the LogScale Collector via curl / PowerShell, and manage upgrades and downgrades centrally from Fleet Management.
  For more information, see Managing LogScale Collector Versions - Instances, Managing Versions - Groups, Installing the LogScale Collector.

Bug Fixes

UI Changes
- Still existing Humio occurrences have been replaced with LogScale in a lot of places, primarily in GraphQL documentation and error messages.
Functions
- The table() function has been fixed as it would wrongly accept a limit of 0, causing serialisation to break between cluster nodes.
Other
- DNS lookup was blocked by heavy disk IO when using a HTTP proxy, causing timeouts. This issue has been fixed.

Falcon LogScale 1.135.0 Preview (2024-04-23)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.135.0	Preview	2024-04-23	Cloud	Next Stable	Yes	1.112	17-21	No	No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
The following API endpoints are deprecated and marked for removal in 1.148.0:
POST /api/v1/clusterconfig/kafka-queues/partition-assignment
GET /api/v1/clusterconfig/kafka-queues/partition-assignment
POST /api/v1/clusterconfig/kafka-queues/partition-assignment/set-replication-defaults
The deprecated methods are used for viewing and changing the partition assignment in Kafka for the ingest queue. Administrators should use Kafka's own tools for editing partition assignments instead, such as the bin/kafka-reassign-partitions.sh and bin/kafka-topics.sh scripts that ship with the Kafka install.
The following GraphQL queries and mutations for interacting with parsers are deprecated and scheduled for removal in version 1.142.
Deprecated createParser mutation is replaced by createParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
fieldsToBeRemovedBeforeParsing can now be specified as part of the parser creation.
force field is renamed to allowOverwritingExistingParser.
sourceCode field is renamed to script.
tagFields field is renamed to fieldsToTag.
languageVersion is no longer an enum, but a LanguageVersionInputType instead.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
Deprecated removeParser mutation is replaced by deleteParser. The difference between the old and new mutation is:
The mutation returns boolean to represent success or failure, instead of a Parser wrapped in an object.
Deprecated testParser mutation is replaced by testParserV2(). The differences between the old and new mutation are:
The test cases are now structured types, instead of just being strings. To emulate the old API, take the test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
The new test cases can contain assertions about the contents of the output.
The mutation output is significantly different from before, as it provides more detailed information on how a test case has failed.
The mutation now accepts both a language version and list of fields to be removed before parsing.
The parserScript field is renamed to script.
The tagFields field is renamed to fieldsToTag.
Deprecated updateParser mutation is replaced by updateParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the `ParserTestEventInput` inside the `ParserTestCaseInput`, and they will behave the same as before.
sourceCode field, used to updating the parser script, is changed to the script field, which takes a UpdateParserScriptInput object. This updates the parser script and the language version together.
tagFields field is renamed to fieldsToTag.
The languageVersion is located inside the UpdateParserScriptInput object, and is no longer an enum, but a LanguageVersionInputType instead.
The repositoryName and id fields are now correctly marked as mandatory in the schema. Previously this wasn't the case, even though the mutation would fail without them.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The old mutation had a bug where it would overwrite the languageVersion with a default value in some cases, which is fixed in the new one.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
On the Parser type:
testData field is deprecated and replaced by testCases.
sourceCode field is deprecated and replaced by script.
tagFields field is deprecated and replaced by fieldsToTag.
For more information, see Parser, DeleteParserInput, LanguageVersionInputType, createParserV2(), testParserV2(), updateParserV2().
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The HUMIO_JVM_ARGS environment variable in the Launcher Script script will be removed in 1.154.0.
The variable existed for migration from older deployments where the launcher script was not available. The launcher script replaces the need for manually setting parameters in this variable, so the use of this variable is no longer required. Using the launcher script is now the recommended method of launching LogScale. For more details on the launcher script, see Launcher Script. Clusters that still set this configuration should migrate to the other variables described at Override garbage collection configuration within the launcher script.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Upgrades
Changes that may occur or be required during an upgrade.
Storage
Docker images have been upgraded to Java 22.
Added new deployment artifacts. The published tarballs (e.g. server.tar.gz) are now available with a bundled JDK. The platforms currently supported are linux_x64 for 64-bit Linux, and alpine_x64 for 64-bit Alpine Linux and other musl-based Linuxes. The Docker images have been updated to use this bundled JDK internally. We encourage users to migrate to using the tarballs with bundled JDKs.

Improvements, new features and functionality

UI Changes
- The Query Editor now shows completions for known field values that have previously been observed in results. For instance, #repo = m may show completions for repositories starting with m seen in previous results.
Automation and Alerts
- Added logging when Alerts with Field-Based Throttling discard values and thus potentially trigger again before the throttle period expires.
  For more information, see Field-Based Throttling.
Storage
- We reverted a change introduced in 1.131.0 intended to cause fewer minisegments to move in the cluster when digest reassignment occurs. The change could cause minisegments to not be balanced across cluster nodes in the expected way.
Configuration
- The default values for the following configuration parameters have changed:
  - FLUSH_BLOCK_SECONDS = 900 (was 1,800)
  - MAX_HOURS_SEGMENT_OPEN = 720 (was 24, maximum is now 24,000)
- The amount of global meta data required for retention spans of over 30 days has been reduced. The amount of global meta data required in clusters with high number of active datasources has also been reduced, as well as the global size of mini segments, by combining them into larger mini segments.
  Pre-merging mini segments now reduces the number of segment files on disk (and in bucket) and reduces the amount of meta data for segment targets in progress. This allows getting larger target segment files and reduces the amount of "undersized" merging of "completed" segments. It also allows a smaller flush interval for mini segments without incurring in a larger number of mini segments.
  This feature is only supported from v1.112.0. To safely enable it by default, we are now raising to v1.112.0 the minimum version to upgrade from, to disallow rollback to versions older than this version.
  The feature is on by default. It can be disabled using the feature flag PreMergeMiniSegments. Disabling the feature stops future merges of mini segments into larger mini segment files, but does not alter the defaults below, nor modify how already merged minisegments behave.
  For more information, see Global Database, Ingestion: Digest Phase.
- The following configuration parameters have been introduced:
Dashboards and Widgets
- Dashboard parameters have gotten the following updates:
  - The name of the parameter is on top of the input field, so more space is available for both parts.
  - A Clear all button has been added to multi-value parameters so that all values can be removed in one click.
  - The parameter's configuration form has been moved to the side panel.
  - Multiple values can be added at once to a multi-value parameter by inputting a comma separated list of values, which can be used as individual values.
  For more information, see Multi-value Parameters.
- The automatic rendering of URLs as links has been disabled for the Table widget. Only URLs appearing in queries with the markdown style e.g. [CrowdStrike](https://crowdstrike.com) will be automatically rendered as links in the Table widget columns. Content, including plain URLs e.g. https://crowdstrike.com, can still be rendered as links, but this should now be explicitly configured using the Show as→Link widget property.
  For more information, see Table Widget Properties.
Functions
- onDuplicate parameter has been added to kvParse() to specify how to handle duplicate fields.

Bug Fixes

Dashboards and Widgets
- Other options than exporting to CSV file were not possible on the Dashboard page for a widget and on the Search page for a query result. This issue is now fixed.
Functions
- The error message when providing a non-existing query function in an anonymous query e.g. bucket(function=[{_noFunction()}]) has been fixed.

Falcon LogScale 1.134.0 Preview (2024-04-16)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.134.0	Preview	2024-04-16	Cloud	Next Stable	Yes	1.106	17-21	No	No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
The following API endpoints are deprecated and marked for removal in 1.148.0:
POST /api/v1/clusterconfig/kafka-queues/partition-assignment
GET /api/v1/clusterconfig/kafka-queues/partition-assignment
POST /api/v1/clusterconfig/kafka-queues/partition-assignment/set-replication-defaults
The deprecated methods are used for viewing and changing the partition assignment in Kafka for the ingest queue. Administrators should use Kafka's own tools for editing partition assignments instead, such as the bin/kafka-reassign-partitions.sh and bin/kafka-topics.sh scripts that ship with the Kafka install.
The following GraphQL queries and mutations for interacting with parsers are deprecated and scheduled for removal in version 1.142.
Deprecated createParser mutation is replaced by createParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
fieldsToBeRemovedBeforeParsing can now be specified as part of the parser creation.
force field is renamed to allowOverwritingExistingParser.
sourceCode field is renamed to script.
tagFields field is renamed to fieldsToTag.
languageVersion is no longer an enum, but a LanguageVersionInputType instead.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
Deprecated removeParser mutation is replaced by deleteParser. The difference between the old and new mutation is:
The mutation returns boolean to represent success or failure, instead of a Parser wrapped in an object.
Deprecated testParser mutation is replaced by testParserV2(). The differences between the old and new mutation are:
The test cases are now structured types, instead of just being strings. To emulate the old API, take the test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
The new test cases can contain assertions about the contents of the output.
The mutation output is significantly different from before, as it provides more detailed information on how a test case has failed.
The mutation now accepts both a language version and list of fields to be removed before parsing.
The parserScript field is renamed to script.
The tagFields field is renamed to fieldsToTag.
Deprecated updateParser mutation is replaced by updateParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the `ParserTestEventInput` inside the `ParserTestCaseInput`, and they will behave the same as before.
sourceCode field, used to updating the parser script, is changed to the script field, which takes a UpdateParserScriptInput object. This updates the parser script and the language version together.
tagFields field is renamed to fieldsToTag.
The languageVersion is located inside the UpdateParserScriptInput object, and is no longer an enum, but a LanguageVersionInputType instead.
The repositoryName and id fields are now correctly marked as mandatory in the schema. Previously this wasn't the case, even though the mutation would fail without them.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The old mutation had a bug where it would overwrite the languageVersion with a default value in some cases, which is fixed in the new one.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
On the Parser type:
testData field is deprecated and replaced by testCases.
sourceCode field is deprecated and replaced by script.
tagFields field is deprecated and replaced by fieldsToTag.
For more information, see Parser, DeleteParserInput, LanguageVersionInputType, createParserV2(), testParserV2(), updateParserV2().
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The HUMIO_JVM_ARGS environment variable in the Launcher Script script will be removed in 1.154.0.
The variable existed for migration from older deployments where the launcher script was not available. The launcher script replaces the need for manually setting parameters in this variable, so the use of this variable is no longer required. Using the launcher script is now the recommended method of launching LogScale. For more details on the launcher script, see Launcher Script. Clusters that still set this configuration should migrate to the other variables described at Override garbage collection configuration within the launcher script.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Other
Hitting the query count quota no longer cancels existing queries, but only disallows starting new ones.
For more information, see Query Count.

Improvements, new features and functionality

UI Changes
- Sign up to LogScale Community Edition is no longer available for new users. Links, pages and UI flows to access it have been removed.
- The number of events in the current window has been added to Metric Types as window_count.
Functions
- The readFile() function will show a warning when the results are truncated due to reaching global result row limit. This behaviour was previously silent.
- The geography:distance() function is now generally available. The default value for the as parameter has been changed to _distance.
  For more information, see geography:distance().
Other
- The ConfigLoggerJob now also logs digestReplicationFactor, segmentReplicationFactor, minHostAlivePercentageToEnableClusterRebalancing, allowUpdateDesiredDigesters and allowRebalanceExistingSegments.

Bug Fixes

UI Changes
- The formatting of @timestamp has been improved to make time-based vizualisations fully compatible with time zones when selecting time zones other than the browser default's.
- Data statistics in the Organizations overview page could not be populated in some cases.
Dashboards and Widgets
- A visualization issue has been fixed as the dropdown menu for saving a dashboard widget was showing a wrong title in dashboards not belonging to a package.
Other
- Multiple clients might trigger concurrent computation of the result step for a shared query. This issue has been fixed: now only one pending computation is allowed at a time.

Falcon LogScale 1.133.0 Preview (2024-04-09)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.133.0	Preview	2024-04-09	Cloud	Next Stable	Yes	1.106	17-21	No	No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
The following API endpoints are deprecated and marked for removal in 1.148.0:
POST /api/v1/clusterconfig/kafka-queues/partition-assignment
GET /api/v1/clusterconfig/kafka-queues/partition-assignment
POST /api/v1/clusterconfig/kafka-queues/partition-assignment/set-replication-defaults
The deprecated methods are used for viewing and changing the partition assignment in Kafka for the ingest queue. Administrators should use Kafka's own tools for editing partition assignments instead, such as the bin/kafka-reassign-partitions.sh and bin/kafka-topics.sh scripts that ship with the Kafka install.
The following GraphQL queries and mutations for interacting with parsers are deprecated and scheduled for removal in version 1.142.
Deprecated createParser mutation is replaced by createParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
fieldsToBeRemovedBeforeParsing can now be specified as part of the parser creation.
force field is renamed to allowOverwritingExistingParser.
sourceCode field is renamed to script.
tagFields field is renamed to fieldsToTag.
languageVersion is no longer an enum, but a LanguageVersionInputType instead.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
Deprecated removeParser mutation is replaced by deleteParser. The difference between the old and new mutation is:
The mutation returns boolean to represent success or failure, instead of a Parser wrapped in an object.
Deprecated testParser mutation is replaced by testParserV2(). The differences between the old and new mutation are:
The test cases are now structured types, instead of just being strings. To emulate the old API, take the test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
The new test cases can contain assertions about the contents of the output.
The mutation output is significantly different from before, as it provides more detailed information on how a test case has failed.
The mutation now accepts both a language version and list of fields to be removed before parsing.
The parserScript field is renamed to script.
The tagFields field is renamed to fieldsToTag.
Deprecated updateParser mutation is replaced by updateParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the `ParserTestEventInput` inside the `ParserTestCaseInput`, and they will behave the same as before.
sourceCode field, used to updating the parser script, is changed to the script field, which takes a UpdateParserScriptInput object. This updates the parser script and the language version together.
tagFields field is renamed to fieldsToTag.
The languageVersion is located inside the UpdateParserScriptInput object, and is no longer an enum, but a LanguageVersionInputType instead.
The repositoryName and id fields are now correctly marked as mandatory in the schema. Previously this wasn't the case, even though the mutation would fail without them.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The old mutation had a bug where it would overwrite the languageVersion with a default value in some cases, which is fixed in the new one.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
On the Parser type:
testData field is deprecated and replaced by testCases.
sourceCode field is deprecated and replaced by script.
tagFields field is deprecated and replaced by fieldsToTag.
For more information, see Parser, DeleteParserInput, LanguageVersionInputType, createParserV2(), testParserV2(), updateParserV2().
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The HUMIO_JVM_ARGS environment variable in the Launcher Script script will be removed in 1.154.0.
The variable existed for migration from older deployments where the launcher script was not available. The launcher script replaces the need for manually setting parameters in this variable, so the use of this variable is no longer required. Using the launcher script is now the recommended method of launching LogScale. For more details on the launcher script, see Launcher Script. Clusters that still set this configuration should migrate to the other variables described at Override garbage collection configuration within the launcher script.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Improvements, new features and functionality

Installation and Deployment
- The Launcher Script now sets -XX:+UseTransparentHugePages as part of the mandatory flags. THP is already enabled for all processes on many Linux distributions by default. This flag enables THP on systems where processes must opt into THP via madvise. We strongly recommend enabling THP for LogScale.
Automation and Alerts
- The limit of 50 characters when naming a scheduled search is now removed.
Storage
- The bucket transfer prioritization has been adjusted. When behind on both uploads and downloads, 75% of the S3_STORAGE_CONCURRENCY capacity is reserved for uploads, and 25% for downloads, rather than using all slots for downloads.
Functions
- The optional limit parameter has been added to the readFile() function to limit the number of rows of the file returned.
Other
- Queries are now allowed to be queued for start by the query coordinator for a maximum of 10 minutes.
  For more information, see Query Coordination.

Bug Fixes

UI Changes
- The error Failed to fetch data for aliased fields would sometimes appear on the Search page of the sandbox repository. This issue has been fixed.
- Fixed an issue that prevented users from copying the query string from the flyout in the Recent / Saved queries panel.
Dashboards and Widgets
- Parameters appearing between a string containing \\ and any other string would not be correctly detected. This issue has been fixed.
Packages
- Uploading a package zip would fail on Windows devices. This issue has been fixed.

Improvement

Storage
- Removed some work from the thread scheduling bucket transfers that could be slightly expensive in cases where the cluster had fallen behind on uploads.
Configuration
- Whenever a SAML or OIDC IdP is created or updated, any leading or trailing whitespace will be trimmed from its fields. This is to avoid configuration errors.

Falcon LogScale 1.132.0 Preview (2024-04-02)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.132.0	Preview	2024-04-02	Cloud	Next Stable	Yes	1.106	17-21	No	No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
The Launcher Script script for starting LogScale will be modified to change the way CPU core usage can be configured. The -XX:ActiveProcessorCount=n command-line option will be ignored if set. Users that need to configure the core count manually should set CORES=n environmant variable instead. This will cause the launcher to configure both LogScale and the JVM properly.
This change is scheduled for 1.148.0.
For more information, see Configuring available CPUs.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
The following API endpoints are deprecated and marked for removal in 1.148.0:
POST /api/v1/clusterconfig/kafka-queues/partition-assignment
GET /api/v1/clusterconfig/kafka-queues/partition-assignment
POST /api/v1/clusterconfig/kafka-queues/partition-assignment/set-replication-defaults
The deprecated methods are used for viewing and changing the partition assignment in Kafka for the ingest queue. Administrators should use Kafka's own tools for editing partition assignments instead, such as the bin/kafka-reassign-partitions.sh and bin/kafka-topics.sh scripts that ship with the Kafka install.
The following GraphQL queries and mutations for interacting with parsers are deprecated and scheduled for removal in version 1.142.
Deprecated createParser mutation is replaced by createParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
fieldsToBeRemovedBeforeParsing can now be specified as part of the parser creation.
force field is renamed to allowOverwritingExistingParser.
sourceCode field is renamed to script.
tagFields field is renamed to fieldsToTag.
languageVersion is no longer an enum, but a LanguageVersionInputType instead.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
Deprecated removeParser mutation is replaced by deleteParser. The difference between the old and new mutation is:
The mutation returns boolean to represent success or failure, instead of a Parser wrapped in an object.
Deprecated testParser mutation is replaced by testParserV2(). The differences between the old and new mutation are:
The test cases are now structured types, instead of just being strings. To emulate the old API, take the test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
The new test cases can contain assertions about the contents of the output.
The mutation output is significantly different from before, as it provides more detailed information on how a test case has failed.
The mutation now accepts both a language version and list of fields to be removed before parsing.
The parserScript field is renamed to script.
The tagFields field is renamed to fieldsToTag.
Deprecated updateParser mutation is replaced by updateParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the `ParserTestEventInput` inside the `ParserTestCaseInput`, and they will behave the same as before.
sourceCode field, used to updating the parser script, is changed to the script field, which takes a UpdateParserScriptInput object. This updates the parser script and the language version together.
tagFields field is renamed to fieldsToTag.
The languageVersion is located inside the UpdateParserScriptInput object, and is no longer an enum, but a LanguageVersionInputType instead.
The repositoryName and id fields are now correctly marked as mandatory in the schema. Previously this wasn't the case, even though the mutation would fail without them.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The old mutation had a bug where it would overwrite the languageVersion with a default value in some cases, which is fixed in the new one.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
On the Parser type:
testData field is deprecated and replaced by testCases.
sourceCode field is deprecated and replaced by script.
tagFields field is deprecated and replaced by fieldsToTag.
For more information, see Parser, DeleteParserInput, LanguageVersionInputType, createParserV2(), testParserV2(), updateParserV2().
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The HUMIO_JVM_ARGS environment variable in the Launcher Script script will be removed in 1.154.0.
The variable existed for migration from older deployments where the launcher script was not available. The launcher script replaces the need for manually setting parameters in this variable, so the use of this variable is no longer required. Using the launcher script is now the recommended method of launching LogScale. For more details on the launcher script, see Launcher Script. Clusters that still set this configuration should migrate to the other variables described at Override garbage collection configuration within the launcher script.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Improvements, new features and functionality

Ingestion
- Ingest feed scheduling has been changed to be more gradual in ramping up concurrency and will also reduce concurrency in response to failures. This will make high-pressure failing ingest feeds fall back to periodic retries instead of constantly retrying.
  For more information, see Ingesting Data from AWS S3.
Functions
- For Cloud customers: the maximum value of the limit parameter for tail() and head() functions has been increased to 20,000.
- For Self-Hosted solutions: the maximum value of the limit parameter for tail() and head() functions has been aligned with the StateRowLimit dynamic configuration. This means that the upper value of limit is now adjustable for these two functions.
Other
- New metrics ingest-queue-write-offset and ingest-queue-read-offset have been added, reporting the Kafka offsets of the most recently written and read events on the ingest queue.
- New metric events-parsed has been added, serving as an indicator for how many input events a parser has been applied to.

Bug Fixes

Security
- Various OIDC caching issues have been fixed including ensuring refresh of the JWKS cache once per hour by default.

Improvement

Installation and Deployment
- An error log is displayed if the latency on global-events exceeds 150 seconds, to prevent nodes from crashing.

Falcon LogScale 1.131.1 Stable (2024-04-17)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.131.1	Stable	2024-04-17	Cloud On-Prem	2025-04-30	Yes	1.106	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.131.1

Stable

2024-04-17

Cloud

On-Prem

2025-04-30

Yes

1.106

17-21

No

TAR Checksum	Value
MD5	4a9223ff7d628a52257783b70b084726
SHA1	3666c2ac1eea45e07ea9a89f0c16eafffebc1e01
SHA256	5eb83a4ee2c9a8792f1ac1ec9ddad9282a5e9e98d523a77556762eded9fd50ad
SHA512	86000582f6b4134f85943ae2385b0b17113f241f988864c9113f2df639f4a2f97a6eba69edb305ec57e2e0db53578a79fb7f54aa15b9acd909092d8cc88f1438

Docker Image	Included JDK	SHA256 Checksum
humio	21	adcf2fea3d8f9c10b764a73577959eeb5c58cdb2955e69846b26effc5758e0b9
humio-core	21	2985c7ec6bde2f3c8904f71d238e7fdd70547c9d71488aea997acb89cf2d15ec
kafka	21	262c7e74062a32cecee9119836752ee6310662d570f80926e7dd36dcb785d380
zookeeper	21	b9b0349704cc996701c65cf713c1584c0b5db7f70cb00d53bf1051c50e0e99ab

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.131.1/server-1.131.1.tar.gz

Bug fixes and updates.

Removed
Items that have been removed as of this release.
GraphQL API
The enabledFeatures() query has been removed from GraphQL schema. Use featureFlags() query instead.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
The following GraphQL queries and mutations for interacting with parsers are deprecated and scheduled for removal in version 1.142.
Deprecated createParser mutation is replaced by createParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
fieldsToBeRemovedBeforeParsing can now be specified as part of the parser creation.
force field is renamed to allowOverwritingExistingParser.
sourceCode field is renamed to script.
tagFields field is renamed to fieldsToTag.
languageVersion is no longer an enum, but a LanguageVersionInputType instead.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
Deprecated removeParser mutation is replaced by deleteParser. The difference between the old and new mutation is:
The mutation returns boolean to represent success or failure, instead of a Parser wrapped in an object.
Deprecated testParser mutation is replaced by testParserV2(). The differences between the old and new mutation are:
The test cases are now structured types, instead of just being strings. To emulate the old API, take the test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
The new test cases can contain assertions about the contents of the output.
The mutation output is significantly different from before, as it provides more detailed information on how a test case has failed.
The mutation now accepts both a language version and list of fields to be removed before parsing.
The parserScript field is renamed to script.
The tagFields field is renamed to fieldsToTag.
Deprecated updateParser mutation is replaced by updateParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the `ParserTestEventInput` inside the `ParserTestCaseInput`, and they will behave the same as before.
sourceCode field, used to updating the parser script, is changed to the script field, which takes a UpdateParserScriptInput object. This updates the parser script and the language version together.
tagFields field is renamed to fieldsToTag.
The languageVersion is located inside the UpdateParserScriptInput object, and is no longer an enum, but a LanguageVersionInputType instead.
The repositoryName and id fields are now correctly marked as mandatory in the schema. Previously this wasn't the case, even though the mutation would fail without them.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The old mutation had a bug where it would overwrite the languageVersion with a default value in some cases, which is fixed in the new one.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
On the Parser type:
testData field is deprecated and replaced by testCases.
sourceCode field is deprecated and replaced by script.
tagFields field is deprecated and replaced by fieldsToTag.
For more information, see Parser, DeleteParserInput, LanguageVersionInputType, createParserV2(), testParserV2(), updateParserV2().
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Security
DNS caches are now invalidated after 60 seconds instead of never. To override this behavior, set the security policy networkaddress.cache.ttl in the security manager of the JRE (see Java Networking Properties).
Ingestion
It is no longer possible to delete a parser that is being used in an ingest feed. The parser must first be removed from the ingest feed.
For more information, see Deleting an Ingest Feed.

Improvements, new features and functionality

Upgrades
- The minimum version required to upgrade from has been raised to 1.106, in order to allow removing some workarounds for compatibility with old versions.
Security
- Added support for authorizing with an external JWT from an IdP setup in our cloud environment.
- The audience for dynamic OIDC IdPs in our cloud environments are now logscale-$orgId, where $orgId is the ID of your organization.
- Added support for Oktas federated IdP OIDC extension to identity providers setup in cloud.
Automation and Alerts
- Throttling and field-based throttling are introduced as optional functionalities in Filter Alerts. The minimum throttling period is 1 minute.
- The customizable trigger limit for Filter Alerts is removed. The trigger limit is now automatically determined based on the associated actions. If one or more email actions are associated, the trigger limit will be 15, otherwise, the trigger limit will be 100. Any existing customizable trigger limit of 1 will be treated as a throttling period of 1 minute, all other custom trigger limits will be ignored. This is a non-backwards compatible change to the GraphQL APIs for Filter Alerts, so any automation for these alerts must be updated.
GraphQL API
- The new scopeClaim input argument has been added to OidcConfigurationInput and UpdateOidcConfigurationInput for dynamic OIDC configurations in our clouds.
  If the IdP is dynamic, we will try to grab the scope claim based on the value given as an input to either newOIDCIdentityProvider() or updateOIDCIdentityProvider() mutations. It will fallback to the cluster configuration.
Configuration
- The new dynamic configuration MaxOpenSegmentsOnWorker is implemented to control hard cap on open segment files for the scheduler. The scheduler should in most cases not reach this limit and it only acts as a backstop. Therefore, we recommend that administrators do not modify this setting unless advised to do so by CrowdStrike Support.
- Authorization attempted via JWT tokens will now only try to grab user information from the user info endpoint if the scope in the access token contains any of the following: profile, email, openid. If no such scope is located in the token, LogScale will try to extract the username from the token and no other user details will be added. We will extract the scope claim based on the new environment variable OIDC_SCOPE_CLAIM, whose default is scope.
Ingestion
- New parser APIs have been introduced for more extensive parser testing. In the API, parser test cases now have a new structure.
  For more information, see createParserV2(), DeleteParserInput, testParserV2(), updateParserV2(), and Parser.
- Ingest feeds can read from an AWS SQS queue that has been populated with AWS SNS subscription events.
  For more information, see Ingesting Data from AWS S3.
Functions
- The parseTimestamp() function is now able to parse timestamps with nanosecond precision.
- The setField() query function is introduced. It takes two expressions, target and value and sets the field named by the result of the target expression to the result of the value expression. This function can be used to manipulate fields whose names are not statically known, but computed at runtime.
  For more information, see setField().
- The getField() query function is introduced. It takes an expression, source, and sets the field defined by as to the result of the source expression. This function can be used to manipulate fields whose names are not statically known, but computed at runtime.
  For more information, see getField().
Other
- The default IP filter for IdP and RDNS operations is now more restrictive: the rdns() now defaults to denying lookups of reserved IP ranges and the filter has been updated to deny additional reserved IP ranges, as specified by the IANA. Self hosted administrators can specify their own filters by using the environment variables IP_FILTER_IDP, IP_FILTER_RDNS, and IP_FILTER_RDNS_SERVER respectively.
- The split by AWS record setting within ingest feeds will now accept numbers with leading zeros.
- The missing-cluster-nodes metric will now track the nodes that are missing heartbeat data in addition to the nodes that have outdated heartbeat data. The new missing-cluster-nodes-stateful metric will track the registered nodes with outdated/missing heartbeat data that can write to global.
  For more information, see Node-Level Metrics.
- Queries are now allowed to be queued for start by the query coordinator for a maximum of 10 minutes.
  For more information, see Query Coordination.

Bug Fixes

UI Changes
- Field aliases could not be read on the sandbox repository. This issue is now fixed.
- CSV files produced by LogScale for sending as attachments from email actions or uploaded through a LogScale Repository action could contain values where part of the text was duplicated. This would only happen for values that needed to be quoted. This issue is now fixed.
Automation and Alerts
- Filter Alerts with field-based throttling could trigger on two events with the same value for the throttle field, if actions were slow. This issue is now fixed.
Dashboards and Widgets
- A dashboard with fixed shared time as default would not update correctly when selecting a new relative time. This issue is now fixed.
Ingestion
- Cloning a parser from the UI would not clone the fields to be removed before parsing. This issue is now fixed.
- Fixed an issue that prevented the creation of Netflow/UDP protocol ingest listeners.
Other
- An issue with the IOC Configuration causing the local database to update too often has now been fixed.
- Multiple clients might trigger concurrent computation of the result step for a shared query. This issue has been fixed: now only one pending computation is allowed at a time.
Packages
- Updating a package could fail, if one of the assets from the package had been deleted from the view where the package was installed. This issue has been fixed.
- When attempting to upload a package disguised as a folder, some browsers would get a generic error messages. To fix this issue, only zip files are accepted now.

Public Preview

Functions
- A new query function readFile() is released in Public Preview. It allows using a CSV Lookup File as data input for a query.
  For more information, see readFile().

Improvement

Storage
- Moved the work of creating a global snapshot for upload to bucket storage from the thread coordinating segment uploads/downloads to a separate thread. This improves the reliability of uploading and download the global snapshot to/from bucket storage.
- SegmentChangesJobTrigger has been disabled on nodes configured to not be able to store segments, thus saving some CPU time.
Configuration
- The default value for AUTOSHARDING_MAX has changed from 128 to 1,024.
- The default maximum limit for groupBy() has been increased from 200,000 to 1,000,000, meaning that this function can now be asked to collect up to a million groups. However, due to stability concerns it will not allow groupBy() to return the full million rows as a result when this function is the last aggregator: this is governed by the QueryResultRowCountLimit dynamic configuration, which remains unchanged. Therefore, this new limit is best utilized when groupBy() is used as a computational tool for creating groups that are then later aggressively filtered and/or aggregated down in size. If you experience resource strain or starvation on your cluster, you can reduce the maximum limit via the GroupMaxLimit dynamic configuration.
- The default value for AUTOSHARDING_TRIGGER_DELAY_MS has changed from 1 hour to 4 hours.
- The default memory limit for the query coordinator node has been increased from 400 MB to 4 GB. This new limit allows each query to use up to 1 GB of memory and thus produce more results, at the cost of taking up more resources. This in turn indirectly limits the amount of concurrent queries as the query scheduler may choose not to run a given query before existing queries have completed. If you experience resource strain or starvation on your cluster, you can reduce the memory limit by setting the QueryCoordinatorMemoryLimit dynamic configuration to 400,000,000.
Functions
- Live queries now restart and run with the updated version of a saved query when the saved query changes.
  For more information, see User Functions (Saved Searches).
- Reduction of memory requirements when processing empty arrays in functions that accept them. This helps reduce the memory required to use these functions with empty arrays.
Other
- Improved handling of segments being replaced due to either merging or event redaction, to address rare cases of event duplication when segments are replaced multiple times shortly after each other.

Falcon LogScale 1.131.0 Preview (2024-03-26)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.131.0	Preview	2024-03-26	Cloud On-Prem	2025-04-30	Yes	1.106	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.131.0

Preview

2024-03-26

Cloud

On-Prem

2025-04-30

Yes

1.106

17-21

No

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
The following GraphQL queries and mutations for interacting with parsers are deprecated and scheduled for removal in version 1.142.
Deprecated createParser mutation is replaced by createParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
fieldsToBeRemovedBeforeParsing can now be specified as part of the parser creation.
force field is renamed to allowOverwritingExistingParser.
sourceCode field is renamed to script.
tagFields field is renamed to fieldsToTag.
languageVersion is no longer an enum, but a LanguageVersionInputType instead.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
Deprecated removeParser mutation is replaced by deleteParser. The difference between the old and new mutation is:
The mutation returns boolean to represent success or failure, instead of a Parser wrapped in an object.
Deprecated testParser mutation is replaced by testParserV2(). The differences between the old and new mutation are:
The test cases are now structured types, instead of just being strings. To emulate the old API, take the test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
The new test cases can contain assertions about the contents of the output.
The mutation output is significantly different from before, as it provides more detailed information on how a test case has failed.
The mutation now accepts both a language version and list of fields to be removed before parsing.
The parserScript field is renamed to script.
The tagFields field is renamed to fieldsToTag.
Deprecated updateParser mutation is replaced by updateParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the `ParserTestEventInput` inside the `ParserTestCaseInput`, and they will behave the same as before.
sourceCode field, used to updating the parser script, is changed to the script field, which takes a UpdateParserScriptInput object. This updates the parser script and the language version together.
tagFields field is renamed to fieldsToTag.
The languageVersion is located inside the UpdateParserScriptInput object, and is no longer an enum, but a LanguageVersionInputType instead.
The repositoryName and id fields are now correctly marked as mandatory in the schema. Previously this wasn't the case, even though the mutation would fail without them.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The old mutation had a bug where it would overwrite the languageVersion with a default value in some cases, which is fixed in the new one.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
On the Parser type:
testData field is deprecated and replaced by testCases.
sourceCode field is deprecated and replaced by script.
tagFields field is deprecated and replaced by fieldsToTag.
For more information, see Parser, DeleteParserInput, LanguageVersionInputType, createParserV2(), testParserV2(), updateParserV2().
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Storage
We've removed a throttling behavior that prevented background merges of minisegments from running when digest load is high. Such throttling can cause global in the LogScale cluster to grow over time if the digest load isn't transient, which is undesirable.
Registering local segment files is skipped on nodes that are configured to not have storage via their node role.
When booting a node, wait until we've caught up to the top of global before publishing the start message. This should help avoid global publish timeouts on boot when global has a lot of traffic.
Moving minisegments to the digest leader in cases where it is not necessary is now avoided. This new behavior reduces global traffic on digest reassignment.

Improvements, new features and functionality

UI Changes
- The parser test window width can now be resized.
Other
- The metrics endpoint for the scheduled report render node has been updated to output the Prometheus text based format.

Bug Fixes

UI Changes
- Duplicate HTML escape has been removed to prevent recursive field references having double escaped formatting in emails.
Storage
- We've fixed a rarely hit error in the query scheduler causing a ClassCastException for scala.runtime.Nothing..
Functions
- join() function has been fixed as warnings of the sub-query would not propagate to the main-query result.
- Serialization of very large query states would crash nodes by requesting an array larger than what the JVM can allocate. This issue has been fixed.

Public Preview

Functions
- The readFile() function no longer supports JSON files. The function is currently labeled as Public Preview.

Improvement

Storage
- Concurrency for segment merging is improved, thus avoiding some unnecessary and inefficient pauses in execution.
- We've switched to running the RetentionJob in a separate thread from DataSyncJob. This should enable more consistent merging.
- The RetentionJob work is now divided among nodes such that there's no overlap. This reduces traffic in global.
- An internal limit on use of off-heap memory has been adjusted to allow more threads to perform segment merging in parallel.
Functions
- Some performance improvements have been made to the join() function, allowing it to skip blocks that do not contain the specified fields of the main and sub-query.

Falcon LogScale 1.130.0 Preview (2024-03-19)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.130.0	Preview	2024-03-19	Cloud On-Prem	2025-04-30	Yes	1.106	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.130.0

Preview

2024-03-19

Cloud

On-Prem

2025-04-30

Yes

1.106

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
The following GraphQL queries and mutations for interacting with parsers are deprecated and scheduled for removal in version 1.142.
Deprecated createParser mutation is replaced by createParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
fieldsToBeRemovedBeforeParsing can now be specified as part of the parser creation.
force field is renamed to allowOverwritingExistingParser.
sourceCode field is renamed to script.
tagFields field is renamed to fieldsToTag.
languageVersion is no longer an enum, but a LanguageVersionInputType instead.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
Deprecated removeParser mutation is replaced by deleteParser. The difference between the old and new mutation is:
The mutation returns boolean to represent success or failure, instead of a Parser wrapped in an object.
Deprecated testParser mutation is replaced by testParserV2(). The differences between the old and new mutation are:
The test cases are now structured types, instead of just being strings. To emulate the old API, take the test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
The new test cases can contain assertions about the contents of the output.
The mutation output is significantly different from before, as it provides more detailed information on how a test case has failed.
The mutation now accepts both a language version and list of fields to be removed before parsing.
The parserScript field is renamed to script.
The tagFields field is renamed to fieldsToTag.
Deprecated updateParser mutation is replaced by updateParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the `ParserTestEventInput` inside the `ParserTestCaseInput`, and they will behave the same as before.
sourceCode field, used to updating the parser script, is changed to the script field, which takes a UpdateParserScriptInput object. This updates the parser script and the language version together.
tagFields field is renamed to fieldsToTag.
The languageVersion is located inside the UpdateParserScriptInput object, and is no longer an enum, but a LanguageVersionInputType instead.
The repositoryName and id fields are now correctly marked as mandatory in the schema. Previously this wasn't the case, even though the mutation would fail without them.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The old mutation had a bug where it would overwrite the languageVersion with a default value in some cases, which is fixed in the new one.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
On the Parser type:
testData field is deprecated and replaced by testCases.
sourceCode field is deprecated and replaced by script.
tagFields field is deprecated and replaced by fieldsToTag.
For more information, see Parser, DeleteParserInput, LanguageVersionInputType, createParserV2(), testParserV2(), updateParserV2().
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The humio Docker image is deprecated in favor of humio-core. humio is no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release of humio Docker image will be in version 1.130.0.
The new humio-single-node-demo image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.
For more information, see LogScale Docker Core Container.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Security
DNS caches are now invalidated after 60 seconds instead of never. To override this behavior, set the security policy networkaddress.cache.ttl in the security manager of the JRE (see Java Networking Properties).

Improvements, new features and functionality

Functions
- The parseTimestamp() function is now able to parse timestamps with nanosecond precision.

Bug Fixes

Automation and Alerts
- Filter Alerts with field-based throttling could trigger on two events with the same value for the throttle field, if actions were slow. This issue is now fixed.
Dashboards and Widgets
- A dashboard with fixed shared time as default would not update correctly when selecting a new relative time. This issue is now fixed.

Public Preview

Functions
- A new query function readFile() is released in Public Preview. It allows using a CSV Lookup File as data input for a query.
  For more information, see readFile().

Improvement

Storage
- Moved the work of creating a global snapshot for upload to bucket storage from the thread coordinating segment uploads/downloads to a separate thread. This improves the reliability of uploading and download the global snapshot to/from bucket storage.
Functions
- Reduction of memory requirements when processing empty arrays in functions that accept them. This helps reduce the memory required to use these functions with empty arrays.

Falcon LogScale 1.129.0 Preview (2024-03-12)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.129.0	Preview	2024-03-12	Cloud On-Prem	2025-04-30	Yes	1.106	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.129.0

Preview

2024-03-12

Cloud

On-Prem

2025-04-30

Yes

1.106

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Removed
Items that have been removed as of this release.
GraphQL API
The enabledFeatures() query has been removed from GraphQL schema. Use featureFlags() query instead.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
The following GraphQL queries and mutations for interacting with parsers are deprecated and scheduled for removal in version 1.142.
Deprecated createParser mutation is replaced by createParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
fieldsToBeRemovedBeforeParsing can now be specified as part of the parser creation.
force field is renamed to allowOverwritingExistingParser.
sourceCode field is renamed to script.
tagFields field is renamed to fieldsToTag.
languageVersion is no longer an enum, but a LanguageVersionInputType instead.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
Deprecated removeParser mutation is replaced by deleteParser. The difference between the old and new mutation is:
The mutation returns boolean to represent success or failure, instead of a Parser wrapped in an object.
Deprecated testParser mutation is replaced by testParserV2(). The differences between the old and new mutation are:
The test cases are now structured types, instead of just being strings. To emulate the old API, take the test string and put it in the ParserTestEventInput inside the ParserTestCaseInput, and they will behave the same as before.
The new test cases can contain assertions about the contents of the output.
The mutation output is significantly different from before, as it provides more detailed information on how a test case has failed.
The mutation now accepts both a language version and list of fields to be removed before parsing.
The parserScript field is renamed to script.
The tagFields field is renamed to fieldsToTag.
Deprecated updateParser mutation is replaced by updateParserV2(). The differences between the old and new mutation are:
testData input field is replaced by testCases, which can contain more data than the old tests could. This includes adding assertions to the output of a test. These assertions are not displayed in the UI yet. To emulate the old API, you can take the old test string and put it in the `ParserTestEventInput` inside the `ParserTestCaseInput`, and they will behave the same as before.
sourceCode field, used to updating the parser script, is changed to the script field, which takes a UpdateParserScriptInput object. This updates the parser script and the language version together.
tagFields field is renamed to fieldsToTag.
The languageVersion is located inside the UpdateParserScriptInput object, and is no longer an enum, but a LanguageVersionInputType instead.
The repositoryName and id fields are now correctly marked as mandatory in the schema. Previously this wasn't the case, even though the mutation would fail without them.
The mutation returns a Parser, instead of a Parser wrapped in an object.
The old mutation had a bug where it would overwrite the languageVersion with a default value in some cases, which is fixed in the new one.
The mutation fails when a parser has more than 2,000 test cases, or the test input in a single test case exceeds 40,000 characters.
On the Parser type:
testData field is deprecated and replaced by testCases.
sourceCode field is deprecated and replaced by script.
tagFields field is deprecated and replaced by fieldsToTag.
For more information, see Parser, DeleteParserInput, LanguageVersionInputType, createParserV2(), testParserV2(), updateParserV2().
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The humio Docker image is deprecated in favor of humio-core. humio is no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release of humio Docker image will be in version 1.130.0.
The new humio-single-node-demo image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.
For more information, see LogScale Docker Core Container.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Ingestion
We have reverted the behavior of blocking heavy queries in case of high ingest, and returned to the behavior of only stopping the query, due to issues caused by the blockage. Heavy queries causing ingest delay will be handled differently in a future version release.

Improvements, new features and functionality

Upgrades
- The minimum version required to upgrade from has been raised to 1.106, in order to allow removing some workarounds for compatibility with old versions.
Security
- Added support for authorizing with an external JWT from an IdP setup in our cloud environment.
- The audience for dynamic OIDC IdPs in our cloud environments are now logscale-$orgId, where $orgId is the ID of your organization.
- Added support for Oktas federated IdP OIDC extension to identity providers setup in cloud.
Automation and Alerts
- Throttling and field-based throttling are introduced as optional functionalities in Filter Alerts. The minimum throttling period is 1 minute.
- The customizable trigger limit for Filter Alerts is removed. The trigger limit is now automatically determined based on the associated actions. If one or more email actions are associated, the trigger limit will be 15, otherwise, the trigger limit will be 100. Any existing customizable trigger limit of 1 will be treated as a throttling period of 1 minute, all other custom trigger limits will be ignored. This is a non-backwards compatible change to the GraphQL APIs for Filter Alerts, so any automation for these alerts must be updated.
GraphQL API
- The new scopeClaim input argument has been added to OidcConfigurationInput and UpdateOidcConfigurationInput for dynamic OIDC configurations in our clouds.
  If the IdP is dynamic, we will try to grab the scope claim based on the value given as an input to either newOIDCIdentityProvider() or updateOIDCIdentityProvider() mutations. It will fallback to the cluster configuration.
Configuration
- Authorization attempted via JWT tokens will now only try to grab user information from the user info endpoint if the scope in the access token contains any of the following: profile, email, openid. If no such scope is located in the token, LogScale will try to extract the username from the token and no other user details will be added. We will extract the scope claim based on the new environment variable OIDC_SCOPE_CLAIM, whose default is scope.
Ingestion
- New parser APIs have been introduced for more extensive parser testing. In the API, parser test cases now have a new structure.
  For more information, see createParserV2(), DeleteParserInput, testParserV2(), updateParserV2(), and Parser.
Other
- The default IP filter for IdP and RDNS operations is now more restrictive: the rdns() now defaults to denying lookups of reserved IP ranges and the filter has been updated to deny additional reserved IP ranges, as specified by the IANA. Self hosted administrators can specify their own filters by using the environment variables IP_FILTER_IDP, IP_FILTER_RDNS, and IP_FILTER_RDNS_SERVER respectively.
- The split by AWS record setting within ingest feeds will now accept numbers with leading zeros.

Bug Fixes

Ingestion
- Cloning a parser from the UI would not clone the fields to be removed before parsing. This issue is now fixed.

Improvement

Other
- Improved handling of segments being replaced due to either merging or event redaction, to address rare cases of event duplication when segments are replaced multiple times shortly after each other.

Falcon LogScale 1.128.0 Preview (2024-03-05)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.128.0	Preview	2024-03-05	Cloud On-Prem	2025-04-30	Yes	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.128.0

Preview

2024-03-05

Cloud

On-Prem

2025-04-30

Yes

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The humio Docker image is deprecated in favor of humio-core. humio is no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release of humio Docker image will be in version 1.130.0.
The new humio-single-node-demo image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.
For more information, see LogScale Docker Core Container.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Improvements, new features and functionality

Configuration
- The new dynamic configuration MaxOpenSegmentsOnWorker is implemented to control hard cap on open segment files for the scheduler. The scheduler should in most cases not reach this limit and it only acts as a backstop. Therefore, we recommend that administrators do not modify this setting unless advised to do so by CrowdStrike Support.

Bug Fixes

UI Changes
- CSV files produced by LogScale for sending as attachments from email actions or uploaded through a LogScale Repository action could contain values where part of the text was duplicated. This would only happen for values that needed to be quoted. This issue is now fixed.
Packages
- When attempting to upload a package disguised as a folder, some browsers would get a generic error messages. To fix this issue, only zip files are accepted now.

Improvement

Configuration
- The default value for AUTOSHARDING_MAX has changed from 128 to 1,024.
- The default value for AUTOSHARDING_TRIGGER_DELAY_MS has changed from 1 hour to 4 hours.

Falcon LogScale 1.127.0 Preview (2024-02-27)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.127.0	Preview	2024-02-27	Cloud On-Prem	2025-04-30	Yes	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.127.0

Preview

2024-02-27

Cloud

On-Prem

2025-04-30

Yes

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The humio Docker image is deprecated in favor of humio-core. humio is no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release of humio Docker image will be in version 1.130.0.
The new humio-single-node-demo image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.
For more information, see LogScale Docker Core Container.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Improvements, new features and functionality

Functions
- The setField() query function is introduced. It takes two expressions, target and value and sets the field named by the result of the target expression to the result of the value expression. This function can be used to manipulate fields whose names are not statically known, but computed at runtime.
  For more information, see setField().
- The getField() query function is introduced. It takes an expression, source, and sets the field defined by as to the result of the source expression. This function can be used to manipulate fields whose names are not statically known, but computed at runtime.
  For more information, see getField().

Bug Fixes

Ingestion
- Fixed an issue that prevented the creation of Netflow/UDP protocol ingest listeners.

Improvement

Configuration
- The default maximum limit for groupBy() has been increased from 200,000 to 1,000,000, meaning that this function can now be asked to collect up to a million groups. However, due to stability concerns it will not allow groupBy() to return the full million rows as a result when this function is the last aggregator: this is governed by the QueryResultRowCountLimit dynamic configuration, which remains unchanged. Therefore, this new limit is best utilized when groupBy() is used as a computational tool for creating groups that are then later aggressively filtered and/or aggregated down in size. If you experience resource strain or starvation on your cluster, you can reduce the maximum limit via the GroupMaxLimit dynamic configuration.
- The default memory limit for the query coordinator node has been increased from 400 MB to 4 GB. This new limit allows each query to use up to 1 GB of memory and thus produce more results, at the cost of taking up more resources. This in turn indirectly limits the amount of concurrent queries as the query scheduler may choose not to run a given query before existing queries have completed. If you experience resource strain or starvation on your cluster, you can reduce the memory limit by setting the QueryCoordinatorMemoryLimit dynamic configuration to 400,000,000.
Functions
- Live queries now restart and run with the updated version of a saved query when the saved query changes.
  For more information, see User Functions (Saved Searches).

Falcon LogScale 1.126.0 Preview (2024-02-20)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.126.0	Preview	2024-02-20	Cloud On-Prem	2025-04-30	Yes	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.126.0

Preview

2024-02-20

Cloud

On-Prem

2025-04-30

Yes

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The humio Docker image is deprecated in favor of humio-core. humio is no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release of humio Docker image will be in version 1.130.0.
The new humio-single-node-demo image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.
For more information, see LogScale Docker Core Container.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Improvements, new features and functionality

Configuration
- Ingest rate monitoring for autosharding improved. For clusters with more than 10 nodes, only a subset of the nodes will be reporting their ingest rate for any given datasource, and the total rate for each datasource estimated based on that. The dynamic configuration TargetMaxRateForDatasource still sets the threshold for sharding; however, once the rate is exceeded, it is no longer needed to be twice the TargetMaxRateForDatasource configuration before shards are added.
Ingestion
- Ingest feeds can read from an AWS SQS queue that has been populated with AWS SNS subscription events.
  For more information, see Ingesting Data from AWS S3.

Bug Fixes

UI Changes
- Field aliases could not be read on the sandbox repository. This issue is now fixed.
Other
- An issue with the IOC Configuration causing the local database to update too often has now been fixed.
Packages
- Updating a package could fail, if one of the assets from the package had been deleted from the view where the package was installed. This issue has been fixed.

Falcon LogScale 1.125.0 Preview (2024-02-13)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.125.0	Preview	2024-02-13	Cloud On-Prem	2025-04-30	Yes	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.125.0

Preview

2024-02-13

Cloud

On-Prem

2025-04-30

Yes

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.
Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.
If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).
In all other cases, no action is needed.
The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The humio Docker image is deprecated in favor of humio-core. humio is no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release of humio Docker image will be in version 1.130.0.
The new humio-single-node-demo image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.
For more information, see LogScale Docker Core Container.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Ingestion
It is no longer possible to delete a parser that is being used in an ingest feed. The parser must first be removed from the ingest feed.
For more information, see Deleting an Ingest Feed.

Improvements, new features and functionality

Other
- The missing-cluster-nodes metric will now track the nodes that are missing heartbeat data in addition to the nodes that have outdated heartbeat data. The new missing-cluster-nodes-stateful metric will track the registered nodes with outdated/missing heartbeat data that can write to global.
  For more information, see Node-Level Metrics.

Improvement

Storage
- Allowed reassignment of digest that assigns partitions unevenly to hosts. This is to support clusters where hosts are not evenly sized, and so an even partition assignment is not expected.
- SegmentChangesJobTrigger has been disabled on nodes configured to not be able to store segments, thus saving some CPU time.

Falcon LogScale 1.124.2 Stable (2024-03-20)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.124.2	Stable	2024-03-20	Cloud On-Prem	2025-03-01	Yes	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.124.2

Stable

2024-03-20

Cloud

On-Prem

2025-03-01

Yes

1.70.0

17-21

No

TAR Checksum	Value
MD5	b66d180a49887e3cbb65b5315e835579
SHA1	3be945d1557a751eb690f5c0a6dca940095aa1f3
SHA256	588f89b0de65413dad67c96653d4debdeb2f9012299a1c237040f64c8c48bf5c
SHA512	a5504f59b9d42a6c28d9ad6cc3e98c0ef1db16286412cc15d4f9114f01c0249ba152b92ab5c8c94d3a1155f80209042891a23a1780feaa2928fab9c2a5c14390

Docker Image	Included JDK	SHA256 Checksum
humio	21	b75ee983542ee41303143cd18e2b7dab0ac0e9a06a667a027f1eb4cfb3e40c23
humio-core	21	89a299ad54f71b0dce43e3149362c336739bc3002e5f45decd1512282bcf4ef9
kafka	21	9e170eff22a95031a763af235b1cb11ff560a07167136ceaa2e31bb127bc9779
zookeeper	21	5809022af39312ef3352365ab63aeaa81844f74717411a9338e32516b0be91d7

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.124.2/server-1.124.2.tar.gz

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The humio Docker image is deprecated in favor of humio-core. humio is no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release of humio Docker image will be in version 1.130.0.
The new humio-single-node-demo image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.
For more information, see LogScale Docker Core Container.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Ingestion
We have reverted the behavior of blocking heavy queries in case of high ingest, and returned to the behavior of only stopping the query, due to issues caused by the blockage. Heavy queries causing ingest delay will be handled differently in a future version release.

Bug Fixes

Other
- Fixed a bug in which the second poll inside the cluster could be delayed by upwards of 10 seconds. This fix ensures that the time between polls will never be later than the start time of the query, this means that early polls will not be delayed too much, enabling faster query responses.

Falcon LogScale 1.124.1 Stable (2024-02-29)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.124.1	Stable	2024-02-29	Cloud On-Prem	2025-03-01	Yes	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.124.1

Stable

2024-02-29

Cloud

On-Prem

2025-03-01

Yes

1.70.0

17-21

No

TAR Checksum	Value
MD5	7cb9867805e79bf88d9a8824b94bd717
SHA1	45e7db8dc5e8371351d8abea91b0d0b8c3560cf0
SHA256	4dd76bb4abd36b13350a509d57d7d3867f317cd1910a50e677c52db86e377b79
SHA512	bc02e36be4a077b4cd3c210f2fe8eda63674334c9c47847fa1a0df0cdc21d24973daab9ab2078187f35093238a0932fcb19fd06b89aa4238d5a70b88066174b4

Docker Image	Included JDK	SHA256 Checksum
humio	21	fef66d15aed2ee6f2b5e48a332b7d08119ed6901450a165a8f78de0f452a9ac6
humio-core	21	afafad52ac55c06fbd841a025a917b4445fd458b501797ed02886808773d2fa1
kafka	21	9390b66e795e152a6bc70055603e14a41ae2d5064e4942de16c8ec3eb65d9dd4
zookeeper	21	c7fec5d72136886e971acf69a1faa8bfd81b126c426d77b1e6a992b82fc3b64b

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.124.1/server-1.124.1.tar.gz

Bug fixes and updates.

Breaking Changes
The following items create a breaking change in the behavior, response or operation of this release.
Functions
The default accuracy of the percentile() function has been adjusted. This means that any query that does not explicitly set the accuracy may see a change in reported percentile. Specifically, the percentile() function may now deviate by up to one 100th of the true percentile, meaning that if a given percentile has a true value of 1000, percentile() may report a percentile in the range of [990; 1010].
On the flip side, percentile() now uses less memory by default, which should allow for additional series or groups when this function is used with either timeChart() or groupBy() and the default accuracy is used.

Advanced Warning
The following items are due to change in a future release.

Removed
Items that have been removed as of this release.
GraphQL API
Removed the Asset interface type in GraphQL that Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes implemented. It was not used as a type for any field. All fields from the Asset interface type are still present in the implementing types.
Configuration
The DEFAULT_PARTITION_COUNT configuration parameter has been removed, as it was unused by the system due to earlier changes to partition handling.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The humio Docker image is deprecated in favor of humio-core. humio is no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release of humio Docker image will be in version 1.130.0.
The new humio-single-node-demo image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.
For more information, see LogScale Docker Core Container.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
The QUERY_COORDINATOR environment variable is deprecated. To control whether a node should be allowed to be a query coordinator, use the query node task instead. Node tasks can be assigned and unassigned at runtime using the assignTasks() and unassignTasks() graphQL mutations respectively, or controlled using the INITIAL_DISABLED_NODE_TASKS environment variable.
For more information, see INITIAL_DISABLED_NODE_TASK.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Storage
We have adjusted the code that calculates where to start reading from the ingest queue to be more conservative. It will no longer allow for skipping past segments that are not fully replicated when later segments on the same datasource are fully replicated. This fixes a very rare edge case that could cause data loss on clusters using ephemeral disks. Due to the changed behavior, any segment failing to properly replicate will now cause LogScale to stop deleting data from the affected Kafka partition. Cluster administrators are strongly encouraged to monitor this case, by keeping under observation Kafka's disk usage.

Upgrades
Changes that may occur or be required during an upgrade.
Other
Kafka client library has been upgraded to 3.6.1. Some minor changes have been made to serializers used by LogScale to reduce memory copying.

Improvements, new features and functionality

UI Changes
- Time zone data has been updated to IANA 2023d.
- Deletion of a file that is actively used by live queries will now stop those queries.
  For more information, see Exporting or Deleting a File.
- Multi-Cluster Search — early adopter release for Self-hosted LogScale.
  - Keep the data close to the source, search from single UI
  - Search across multiple LogScale clusters in a single view
  - Support key functionalities like alerts & dashboards
  The functionality is limited to LogScale self-hosted versions at this point.
  For more information, see LogScale Multi-Cluster Search.
- When Managing Users, it is now possible to filter users based also on their assigned roles (for example, type admin in the Users search field).
- The Field Aliasing feature is introduced. Implementing Field Aliasing in your workflow simplifies data correlation from various sources. With this feature, users can give alternative names — aliases — to fields created at parse time, across a view, or the entire organization. It makes data interpretation more intuitive and provides analysts with a smoother search experience.
  For more information, see Field Aliasing.
Automation and Alerts
- The following changes affects the UI for Standard Alerts:
  - A minimum time window of 1 minute is introduced, since anything smaller will not produce reliable results. Any existing standard alert with a time window smaller than 1 minute will not run, instead an error notification will be shown.
  - It is no longer possible to specify the time window and the throttle period in milliseconds. Any existing standard alerts with a time window or throttle period specified in milliseconds will have it rounded to the nearest second.
  - When saving the alert, the query window is automatically changed to the largest unit in the Relative Time Syntax that can represent it. For example 24h is changed to 1d and 60s is changed to 1m.
- The ChangeTriggersAndActions permission is now replaced by two new permissions:
  - ChangeTriggers permission is needed to edit alerts or scheduled searches.
  - ChangeActions permission is needed to edit actions as well as viewing them. Viewing the name and type of actions when editing triggers is still possible without this permission.
  Any user with the legacy ChangeTriggersAndActions permissions will by default have both. It is possible to remove one of them for more granular access controls.
- A slow-query logging has been added when an alert is slow to start due to the query not having finished the historical part.
Storage
- The following validation constraints are added on boot:
  - LOCAL_STORAGE_PERCENTAGE is less than SECONDARY_STORAGE_MAX_FILL_PERCENTAGE on nodes with secondary storage configured.
  - LOCAL_STORAGE_PERCENTAGE is less than PRIMARY_STORAGE_MAX_FILL_PERCENTAGE on nodes without secondary storage configured.
  Nodes will crash on boot if these constraints are violated.
- We have changed how LogScale handles being temporarily bottlenecked by bucket storage. Uploads are now prioritized ahead of downloads, which reduces the impact on ingest work.
GraphQL API
- Added limits for GraphQL queries on the total number of selected fields and fragments. Defaults are 1000 for authenticated and 150 for unauthenticated users.
  Cluster administrators can adjust these limits with the GraphQLSelectionSizeLimit and UnauthenticatedGraphQLSelectionSizeLimit dynamic configurations.
Configuration
- The meaning of S3_STORAGE_CONCURRENCY and GCP_STORAGE_CONCURRENCY configuration variables has slightly changed. The settings are used for throttling downloads and uploads for bucket storage. Previously, a setting of S3_STORAGE_CONCURRENCY=10 for example, meant that LogScale would allow 10 concurrent uploads, and 10 concurrent downloads. Now, it means that LogScale will allow a total of 10 transfers at a time, disregarding the transfer direction.
- New dynamic configurations have been added:
  - defaultDigestReplicationFactor dynamic configuration defaults to 2 if the value is not explicitly set and there is more than 1 node in the cluster performing digest.
    If necessary, a different default can be explicitly set using the DEFAULT_DIGEST_REPLICATION_FACTOR environment variable.
  - defaultSegmentReplicationFactor dynamic configuration defaults to 2 if the value is not explicitly set, unless there is only 1 node in the cluster storing segments, or if USING_EPHEMERAL_DISKS environment variable is set to true.
    If necessary, a different default can be explicitly set using the DEFAULT_SEGMENT_REPLICATION_FACTOR environment variable.
- Ingest rate monitoring for autosharding improved. For clusters with more than 10 nodes, only a subset of the nodes will be reporting their ingest rate for any given datasource, and the total rate for each datasource estimated based on that. The dynamic configuration TargetMaxRateForDatasource still sets the threshold for sharding; however, once the rate is exceeded, it is no longer needed to be twice the TargetMaxRateForDatasource configuration before shards are added.
Dashboards and Widgets
- A series of improvements has been added to the dashboard layout experience:
  - New widgets will be added in the topmost available space
  - When you drag widgets up, all widgets in the same column will move together
  - Improved experience when swapping the order of widgets (horizontally or vertically)
Ingestion
- Introducing Ingest Feeds, a new pull-based ingest source that ingests logs stored in AWS S3. The files within the AWS S3 bucket can be Gzip compressed and we currently support newline delimited files and the JSON object format in which CloudTrail logs are stored in. Ingest Feeds require some configuration setup on the AWS side to get started.
  This feature is part of a gradual rollout process and may not be available on your cloud instance, but will be available to all customers in the following weeks.
  For more information, see Ingesting Data from AWS S3.
- The limits on the size of parser test cases when exporting as templates or packages has been increased.
- The amount of logging produced by DigestLeadershipLoggerJob has been reduced in clusters with many ingest queue partitions.
Log Collector
- Groups have been added to Fleet Management for the LogScale Collector. This feature makes it possible to define dynamic groups using a filter based upon a subset of the LogScale Query Language Syntax. New Collectors enrolled into the fleet will automatically be configured based upon the groups filters they match, eliminating the need for manually assigning a configuration to every new LogScale Collector. Groups also allow you to combine multiple reusable configuration snippets.
  Additionally the management of instances has been simplified and merged into this new feature, and therefore the Assigned Instances page has been removed to favor use of the Group functions.
  For more information, see Managing Groups.
Functions
- The new array:length() function has been introduced. It finds the length of an array by counting the number of array entries.
  For more information, see array:length().
Other
- Live query cost metrics corrections:
  - livequeries-rate metric has changed from long to double.
  - livequeries-rate-canceled-due-to-digest-delay metric has changed from long to double.
  For more information, see Node-Level Metrics.
- The worker-level prioritization of queries has been changed. The new prioritization will attempt to divide time evenly between all users, and divide the time given to each user evenly among that user's queries.

Bug Fixes

UI Changes
- When hovering over a query function in the query editor, the link to the function's documentation now always points to the latest version of the page.
Automation and Alerts
- After updating Scheduled searches where the action was failing, they would constantly fail with a None.get error until they were disabled and enabled again, or the LogScale cluster was restarted. This issue is now fixed.
Storage
- Fixed an issue that could cause repositories undeleted using the mechanism described at Restoring a Repository or View to be only partially restored. Some deleted datasources within the repositories could erroneously be skipped during restoration.
  For more information, see Restoring a Repository or View.
Dashboards and Widgets
- Users were prevented from exporting results of queries containing multi value parameters. This issue is now fixed.
Functions
- selectLast() has been fixed for an issue that could cause this query function to miss events in certain cases.
Other
- Queries in some cases would be killed as if they were blocked even though they did not match the criteria of the block. This issue is now fixed.
- It was not possible to create a new repository with a time retention greater than 365 days. Now, the UI limit is the one that is set on the customer's organization.
  Input validation on fields when creating new repositories is now also improved.

Improvement

Storage
- Allowed reassignment of digest that assigns partitions unevenly to hosts. This is to support clusters where hosts are not evenly sized, and so an even partition assignment is not expected.
Configuration
- The default limit for uploading CSV Lookup Files set by MaxCsvFileUploadSizeBytes dynamic configuration has been increased from 100MB to 200MB. If MAX_FILEUPLOAD_SIZE is set, its value will be the default for both MaxCsvFileUploadSizeBytes and MaxJsonFileUploadSizeBytes.
Ingestion
- The cancelling mechanism for specific costly queries has been improved to solve cases where those queries got restarted anyway: the query with the exact match on the query string is now blocked for 5 minutes. This will free enough CPU for ingest to catch up and avoid blocking queries for too long.

Falcon LogScale 1.124.0 Preview (2024-02-06)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.124.0	Preview	2024-02-06	Cloud On-Prem	2025-03-01	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.124.0

Preview

2024-02-06

Cloud

On-Prem

2025-03-01

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The humio Docker image is deprecated in favor of humio-core. humio is no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release of humio Docker image will be in version 1.130.0.
The new humio-single-node-demo image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.
For more information, see LogScale Docker Core Container.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Storage
We have adjusted the code that calculates where to start reading from the ingest queue to be more conservative. It will no longer allow for skipping past segments that are not fully replicated when later segments on the same datasource are fully replicated. This fixes a very rare edge case that could cause data loss on clusters using ephemeral disks. Due to the changed behavior, any segment failing to properly replicate will now cause LogScale to stop deleting data from the affected Kafka partition. Cluster administrators are strongly encouraged to monitor this case, by keeping under observation Kafka's disk usage.

Improvements, new features and functionality

UI Changes
- Multi-Cluster Search — early adopter release for Self-hosted LogScale.
  - Keep the data close to the source, search from single UI
  - Search across multiple LogScale clusters in a single view
  - Support key functionalities like alerts & dashboards
  The functionality is limited to LogScale self-hosted versions at this point.
  For more information, see LogScale Multi-Cluster Search.
- The Field Aliasing feature is introduced. Implementing Field Aliasing in your workflow simplifies data correlation from various sources. With this feature, users can give alternative names — aliases — to fields created at parse time, across a view, or the entire organization. It makes data interpretation more intuitive and provides analysts with a smoother search experience.
  For more information, see Field Aliasing.

Bug Fixes

Storage
- Fixed an issue that could cause repositories undeleted using the mechanism described at Restoring a Repository or View to be only partially restored. Some deleted datasources within the repositories could erroneously be skipped during restoration.
  For more information, see Restoring a Repository or View.

Improvement

Storage
- Allowed reassignment of digest that assigns partitions unevenly to hosts. This is to support clusters where hosts are not evenly sized, and so an even partition assignment is not expected.
Configuration
- The default limit for uploading CSV Lookup Files set by MaxCsvFileUploadSizeBytes dynamic configuration has been increased from 100MB to 200MB. If MAX_FILEUPLOAD_SIZE is set, its value will be the default for both MaxCsvFileUploadSizeBytes and MaxJsonFileUploadSizeBytes.

Falcon LogScale 1.123.0 Preview (2024-01-30)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.123.0	Preview	2024-01-30	Cloud On-Prem	2025-03-01	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.123.0

Preview

2024-01-30

Cloud

On-Prem

2025-03-01

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The humio Docker image is deprecated in favor of humio-core. humio is no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release of humio Docker image will be in version 1.130.0.
The new humio-single-node-demo image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.
For more information, see LogScale Docker Core Container.
We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.
Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Improvements, new features and functionality

UI Changes
- When Managing Users, it is now possible to filter users based also on their assigned roles (for example, type admin in the Users search field).
Automation and Alerts
- A slow-query logging has been added when an alert is slow to start due to the query not having finished the historical part.
Storage
- We have changed how LogScale handles being temporarily bottlenecked by bucket storage. Uploads are now prioritized ahead of downloads, which reduces the impact on ingest work.
Configuration
- The meaning of S3_STORAGE_CONCURRENCY and GCP_STORAGE_CONCURRENCY configuration variables has slightly changed. The settings are used for throttling downloads and uploads for bucket storage. Previously, a setting of S3_STORAGE_CONCURRENCY=10 for example, meant that LogScale would allow 10 concurrent uploads, and 10 concurrent downloads. Now, it means that LogScale will allow a total of 10 transfers at a time, disregarding the transfer direction.
Log Collector
- Groups have been added to Fleet Management for the LogScale Collector. This feature makes it possible to define dynamic groups using a filter based upon a subset of the LogScale Query Language Syntax. New Collectors enrolled into the fleet will automatically be configured based upon the groups filters they match, eliminating the need for manually assigning a configuration to every new LogScale Collector. Groups also allow you to combine multiple reusable configuration snippets.
  Additionally the management of instances has been simplified and merged into this new feature, and therefore the Assigned Instances page has been removed to favor use of the Group functions.
  For more information, see Managing Groups.

Bug Fixes

Automation and Alerts
- After updating Scheduled searches where the action was failing, they would constantly fail with a None.get error until they were disabled and enabled again, or the LogScale cluster was restarted. This issue is now fixed.
Other
- Queries in some cases would be killed as if they were blocked even though they did not match the criteria of the block. This issue is now fixed.
- It was not possible to create a new repository with a time retention greater than 365 days. Now, the UI limit is the one that is set on the customer's organization.
  Input validation on fields when creating new repositories is now also improved.

Improvement

Ingestion
- The cancelling mechanism for specific costly queries has been improved to solve cases where those queries got restarted anyway: the query with the exact match on the query string is now blocked for 5 minutes. This will free enough CPU for ingest to catch up and avoid blocking queries for too long.

Falcon LogScale 1.122.0 Preview (2024-01-23)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.122.0	Preview	2024-01-23	Cloud On-Prem	2025-03-01	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.122.0

Preview

2024-01-23

Cloud

On-Prem

2025-03-01

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
The humio Docker image is deprecated in favor of humio-core. humio is no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release of humio Docker image will be in version 1.130.0.
The new humio-single-node-demo image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.
For more information, see LogScale Docker Core Container.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Improvements, new features and functionality

UI Changes
- Time zone data has been updated to IANA 2023d.
- Deletion of a file that is actively used by live queries will now stop those queries.
  For more information, see Exporting or Deleting a File.
Automation and Alerts
- The following changes affects the UI for Standard Alerts:
  - A minimum time window of 1 minute is introduced, since anything smaller will not produce reliable results. Any existing standard alert with a time window smaller than 1 minute will not run, instead an error notification will be shown.
  - It is no longer possible to specify the time window and the throttle period in milliseconds. Any existing standard alerts with a time window or throttle period specified in milliseconds will have it rounded to the nearest second.
  - When saving the alert, the query window is automatically changed to the largest unit in the Relative Time Syntax that can represent it. For example 24h is changed to 1d and 60s is changed to 1m.
Configuration
- New dynamic configurations have been added:
  - defaultDigestReplicationFactor dynamic configuration defaults to 2 if the value is not explicitly set and there is more than 1 node in the cluster performing digest.
    If necessary, a different default can be explicitly set using the DEFAULT_DIGEST_REPLICATION_FACTOR environment variable.
  - defaultSegmentReplicationFactor dynamic configuration defaults to 2 if the value is not explicitly set, unless there is only 1 node in the cluster storing segments, or if USING_EPHEMERAL_DISKS environment variable is set to true.
    If necessary, a different default can be explicitly set using the DEFAULT_SEGMENT_REPLICATION_FACTOR environment variable.
Dashboards and Widgets
- A series of improvements has been added to the dashboard layout experience:
  - New widgets will be added in the topmost available space
  - When you drag widgets up, all widgets in the same column will move together
  - Improved experience when swapping the order of widgets (horizontally or vertically)
Other
- Live query cost metrics corrections:
  - livequeries-rate metric has changed from long to double.
  - livequeries-rate-canceled-due-to-digest-delay metric has changed from long to double.
  For more information, see Node-Level Metrics.

Falcon LogScale 1.121.0 Preview (2024-01-16)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.121.0	Preview	2024-01-16	Cloud On-Prem	2025-03-01	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.121.0

Preview

2024-01-16

Cloud

On-Prem

2025-03-01

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Removed
Items that have been removed as of this release.
Configuration
The DEFAULT_PARTITION_COUNT configuration parameter has been removed, as it was unused by the system due to earlier changes to partition handling.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Improvements, new features and functionality

GraphQL API
- Added limits for GraphQL queries on the total number of selected fields and fragments. Defaults are 1000 for authenticated and 150 for unauthenticated users.
  Cluster administrators can adjust these limits with the GraphQLSelectionSizeLimit and UnauthenticatedGraphQLSelectionSizeLimit dynamic configurations.
Ingestion
- The amount of logging produced by DigestLeadershipLoggerJob has been reduced in clusters with many ingest queue partitions.
Functions
- The new array:length() function has been introduced. It finds the length of an array by counting the number of array entries.
  For more information, see array:length().

Bug Fixes

UI Changes
- When hovering over a query function in the query editor, the link to the function's documentation now always points to the latest version of the page.

Falcon LogScale 1.120.0 Preview (2024-01-09)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.120.0	Preview	2024-01-09	Cloud On-Prem	2025-03-01	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.120.0

Preview

2024-01-09

Cloud

On-Prem

2025-03-01

No

1.70.0

17-21

No

Bug fixes and updates.

Breaking Changes
The following items create a breaking change in the behavior, response or operation of this release.
Functions
The default accuracy of the percentile() function has been adjusted. This means that any query that does not explicitly set the accuracy may see a change in reported percentile. Specifically, the percentile() function may now deviate by up to one 100th of the true percentile, meaning that if a given percentile has a true value of 1000, percentile() may report a percentile in the range of [990; 1010].
On the flip side, percentile() now uses less memory by default, which should allow for additional series or groups when this function is used with either timeChart() or groupBy() and the default accuracy is used.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
We aim to stop publishing the jar distribution of LogScale (e.g. server-1.117.jar) as of LogScale version 1.130.0.
Users deploying via Docker images are not affected. Users deploying on bare metal should ensure they deploy the tar artifact, and not the jar artifact.
A migration guide for bare metal deployments is available at How-To: Migrating from server.jar to Launcher Startup.
We intend to drop support for Java 17, making Java 21 the minimum. We plan to make this change in March 2024.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.
In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Upgrades
Changes that may occur or be required during an upgrade.
Other
Kafka client library has been upgraded to 3.6.1. Some minor changes have been made to serializers used by LogScale to reduce memory copying.

Improvements, new features and functionality

Automation and Alerts
- The ChangeTriggersAndActions permission is now replaced by two new permissions:
  - ChangeTriggers permission is needed to edit alerts or scheduled searches.
  - ChangeActions permission is needed to edit actions as well as viewing them. Viewing the name and type of actions when editing triggers is still possible without this permission.
  Any user with the legacy ChangeTriggersAndActions permissions will by default have both. It is possible to remove one of them for more granular access controls.
Storage
- The following validation constraints are added on boot:
  - LOCAL_STORAGE_PERCENTAGE is less than SECONDARY_STORAGE_MAX_FILL_PERCENTAGE on nodes with secondary storage configured.
  - LOCAL_STORAGE_PERCENTAGE is less than PRIMARY_STORAGE_MAX_FILL_PERCENTAGE on nodes without secondary storage configured.
  Nodes will crash on boot if these constraints are violated.
Ingestion
- Introducing Ingest Feeds, a new pull-based ingest source that ingests logs stored in AWS S3. The files within the AWS S3 bucket can be Gzip compressed and we currently support newline delimited files and the JSON object format in which CloudTrail logs are stored in. Ingest Feeds require some configuration setup on the AWS side to get started.
  This feature is part of a gradual rollout process and may not be available on your cloud instance, but will be available to all customers in the following weeks.
  For more information, see Ingesting Data from AWS S3.

Bug Fixes

Dashboards and Widgets
- Users were prevented from exporting results of queries containing multi value parameters. This issue is now fixed.
Functions
- selectLast() has been fixed for an issue that could cause this query function to miss events in certain cases.

Falcon LogScale 1.119.0 Preview (2023-12-19)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.119.0	Preview	2023-12-19	Cloud On-Prem	2025-03-01	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.119.0

Preview

2023-12-19

Cloud

On-Prem

2025-03-01

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Removed
Items that have been removed as of this release.
GraphQL API
Removed the Asset interface type in GraphQL that Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes implemented. It was not used as a type for any field. All fields from the Asset interface type are still present in the implementing types.

Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.
The QUERY_COORDINATOR environment variable is deprecated. To control whether a node should be allowed to be a query coordinator, use the query node task instead. Node tasks can be assigned and unassigned at runtime using the assignTasks() and unassignTasks() graphQL mutations respectively, or controlled using the INITIAL_DISABLED_NODE_TASKS environment variable.
For more information, see INITIAL_DISABLED_NODE_TASK.

Improvements, new features and functionality

Ingestion
- The limits on the size of parser test cases when exporting as templates or packages has been increased.
Other
- The worker-level prioritization of queries has been changed. The new prioritization will attempt to divide time evenly between all users, and divide the time given to each user evenly among that user's queries.

Falcon LogScale 1.118.4 Stable (2024-02-23)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.118.4	Stable	2024-02-23	Cloud On-Prem	2025-01-31	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.118.4

Stable

2024-02-23

Cloud

On-Prem

2025-01-31

No

1.70.0

17-21

No

TAR Checksum	Value
MD5	c5be7194bc05d24ab75bf25713489193
SHA1	2897fbe6a80dcc312d7fc554691b7ce66f8f8530
SHA256	3a841235ddecd9371e25f5982bc1928c4531f5e1a97c852c0e72236b42c229af
SHA512	cf26d6782eae95f177a343f46442408201b5335006227f50f6c1a2224e9036cd12f7fdd6fb6e3bc54c08b829fb90339fe400e1599f9b36fe6ff6a4fdbf93a726

Docker Image	Included JDK	SHA256 Checksum
humio	21	33877a390533ca48e8e4e6d116bb2dfb71d60832686ab02eae74b557872f0c1e
humio-core	21	041e91dd7869fadd60878c5610ad33a8942890f7e7014b4c90230b4661a4d362
kafka	21	49a9fd9441382170e71f5720a64e2841e69a77abfd7667dfe43e6cac4f38186a
zookeeper	21	220fe6e43ed70478b737ce98e2738d9065399b4a053771fcab66666f27a4bc13

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.118.4/server-1.118.4.tar.gz

Bug fixes and performance improvements.

Advanced Warning
The following items are due to change in a future release.

Improvement

Storage
- Allowed reassignment of digest that assigns partitions unevenly to hosts. This is to support clusters where hosts are not evenly sized, and so an even partition assignment is not expected.

Falcon LogScale 1.118.3 Stable (2024-02-06)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.118.3	Stable	2024-02-06	Cloud On-Prem	2025-01-31	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.118.3

Stable

2024-02-06

Cloud

On-Prem

2025-01-31

No

1.70.0

17-21

No

TAR Checksum	Value
MD5	bd20b91e48cfe6dddc10b7554d6a3ad1
SHA1	bba9db6f0ed1dbe63991004479e140fd88162151
SHA256	05868147bf56827b465b5acb8a264e8e0ec3db29c58449002b01f2a7cdc483c4
SHA512	53961c1fafa99f0075915582d221c41f8281d50050b5bb11193a4e315053c9bc0267d3dd040837245b2309f481a17807a9bacca03ce9ad3e8f5368c7be21191a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.118.3/server-1.118.3.tar.gz

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Removed
Items that have been removed as of this release.
API
The deprecated REST endpoints api/v1/dataspaces/(id)/deleteevents and /api/v1/repositories/(id)/deleteevents have been removed. You can use the redactEvents GraphQL mutation and query instead.
For more information, see redactEvents().

Improvements, new features and functionality

UI Changes
- We have improved the navigation on the page for Alerts, Scheduled Searches and Actions and the page is now called Automation.
  For more information, see Automation.
GraphQL API
- Added limits for GraphQL queries on the total number of selected fields and fragments. Defaults are 1000 for authenticated and 150 for unauthenticated users.
  Cluster administrators can adjust these limits with the GraphQLSelectionSizeLimit and UnauthenticatedGraphQLSelectionSizeLimit dynamic configurations.
Configuration
- New configuration variables KAFKA_CLIENT_RACK_GLOBAL_TOPIC and KAFKA_CLIENT_RACK_GLOBAL_TOPIC_ENV_VAR are introduced to allow setting specific client.rack for the Kafka consumer for the global-events topic independent of the other consumers in LogScale.
  For more information, see KAFKA_CLIENT_RACK_GLOBAL_TOPIC, KAFKA_CLIENT_RACK_GLOBAL_TOPIC_ENV_VAR.
Dashboards and Widgets
- Small multiples functionality is introduced for the Single Value, Gauge, and Pie Chart widgets. This feature allows you to partition your query result on a single dimension into multiple visuals of the same widget type for easy comparison.
  For more information, see Widgets.
- We have added the new width option Fit to content for Event List columns. With this option selected, the width of the column depends on the content in the column.
Ingestion
- The amount of logging produced by DigestLeadershipLoggerJob has been reduced in clusters with many ingest queue partitions.

Bug Fixes

Storage
- Fixed an issue that could cause repositories undeleted using the mechanism described at Restoring a Repository or View to be only partially restored. Some deleted datasources within the repositories could erroneously be skipped during restoration.
  For more information, see Restoring a Repository or View.
Dashboards and Widgets
- Users were prevented from exporting results of queries containing multi value parameters. This issue is now fixed.

Falcon LogScale 1.118.2 Stable (2024-01-17)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.118.2	Stable	2024-01-17	Cloud On-Prem	2025-01-31	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.118.2

Stable

2024-01-17

Cloud

On-Prem

2025-01-31

No

1.70.0

17-21

No

TAR Checksum	Value
MD5	3017ca48346bd2f8144d5a5d5f2b36e9
SHA1	e58c6996a2c689441c40b83ca0ac79e3d145de8b
SHA256	2253c36be65768e920270970189c78c8c290e416526cf596bf9f26f057506d74
SHA512	7d54033d4d3cbc830b33c94275f4296f0d7d8457042bb6358a91b5770f7a295b96c16bb52b34f75fab4cf0c64f7512a83881298d8411f49aa1ba10002a68c8e9

Docker Image	Included JDK	SHA256 Checksum
humio	21	ea03778fc8ac15a2a8f8a457faf6c2172534b2b56d402bda84b0c7b5aa9404f9
humio-core	21	91bbcdb27c5f21d6e693716a248376efe28938ee670b6906a2552a74c744bf3e

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.118.2/server-1.118.2.tar.gz

Bug fixes and updates.

Breaking Changes
The following items create a breaking change in the behavior, response or operation of this release.
Functions
The new parameter unit is added to formatTime() to specify whether the input field is in seconds or milliseconds, or if it should be auto-detected by the system.
This is a breaking change: if you want to ensure fully backward-compatible behavior, set unit=milliseconds.
For more information, see formatTime().

Advanced Warning
The following items are due to change in a future release.

Removed
Items that have been removed as of this release.
API
The deprecated REST endpoints api/v1/dataspaces/(id)/deleteevents and /api/v1/repositories/(id)/deleteevents have been removed. You can use the redactEvents GraphQL mutation and query instead.
For more information, see redactEvents().

Deprecation
Items that have been deprecated and may be removed in a future release.
GraphQL mutation updateOrganizationMutability is deprecated in favor of the new setBlockIngest mutation.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Automation and Alerts
We have changed how Scheduled Searches handle query warnings, similar to what was done for Standard Alerts (see Falcon LogScale 1.112.0 Preview (2023-10-24)). Previously, LogScale only triggered Scheduled Searches if there were no query warnings. Now, scheduled searches will trigger despite most query warnings, and the scheduled search status will show a warning instead of an error.
For query warnings about missing data, either due to ingest delay or some existing data that is currently unavailable, the scheduled search will retry for up to 10 minutes by default. This waiting time is configurable, see SCHEDULED_SEARCH_MAX_WAIT_FOR_MISSING_DATA for more information.
Up until now, all query warnings were treated as errors: the scheduled search did not trigger even though it produced results, and the scheduled search was shown with an error in LogScale. Most query warnings meant that not all data was queried. The previous behaviour prevented the scheduled search from triggering in cases where it would not have, if all data had been available. For instance, a scheduled search that would trigger if a count of events dropped below a threshold. On the other hand, it made some scheduled searches not trigger, even though they would still have if all data was available. That meant that previously you would almost never have a scheduled search trigger when it should not, but you would sometimes have a scheduled search not trigger, when it should have. We have reverted this behavior.
With this change, we no longer recommend to set the configuration option SCHEDULED_SEARCH_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the scheduled search fail.

Upgrades
Changes that may occur or be required during an upgrade.
Configuration
We've migrated from Akka dependency component to Apache Pekko. This means that all internal logs referencing Akka will be substituted with the Pekko counterpart. Users will need to update any triggers or dashboards that rely on such logs.
On Prem only: be aware that the Akka to Pekko migration also affects configuration field names in application.conf. Clusters that are using a custom application.conf will need to update their configuration to use the Pekko configuration names instead of the Akka configuration names.

Improvements, new features and functionality

UI Changes
- The Files page has a new layout and changes:
  - It has been split into two pages: one containing a list of files and one with details of each file.
  - A view limit of 100 MB has been added and you'll get an error in the UI if you try to view files larger than this size.
  - It displays information on the size limits and the step needed for syncing the imported files.
  For more information, see Files.
- Parser test cases will automatically expand to the height of their content when loading the parser page now.
- When selecting a parser test case, there is now a button to scroll to that test case again if you scroll away from it.
- We have improved the navigation on the page for Alerts, Scheduled Searches and Actions and the page is now called Automation.
  For more information, see Automation.
- Lookup Files require unique column headers to work as expected, which was previously validated when attempting to use the file. You could still install an invalid file into LogScale however, but now lookup files with duplicate header names are also blocked from being installed.
Automation and Alerts
- LogScale now creates notifications for alerts and scheduled searches with warnings in addition to notifications for errors. The notifications for warnings will have a severity of warning.
- When Filter Alerts encounter a query warning that could potentially affect the result of the alert, the warning is now saved with the alert, so that it is visible in the alerts overview, same as for Standard Alerts.
- When clearing errors on alerts or scheduled searches, all notifications about the problem are now automatically deleted right when the error is cleared. Previously, notifications were only updated every 15 minutes. Note, that if the error returns, a new notification will be created.
Storage
- Handling of IOExceptions in part of the segment reading code has been improved. Such exceptions will cause the segment to be excluded from the query, and potentially refetched from bucket storage, and a warning to be shown to the user, rather than cancelling the query.
GraphQL API
- The redactEvents() mutation will no longer be allowed for users who have a limiting query prefix.
- Added limits for GraphQL queries on the total number of selected fields and fragments. Defaults are 1000 for authenticated and 150 for unauthenticated users.
  Cluster administrators can adjust these limits with the GraphQLSelectionSizeLimit and UnauthenticatedGraphQLSelectionSizeLimit dynamic configurations.
- The new setBlockIngest GraphQL mutation is introduced to block ingest for the organization and set ingest to paused in the dataspaces owned by the organization.
Configuration
- Added validation for LOCAL_STORAGE_PERCENTAGE configuration against the targetDiskUsagePercentage, that might be set on runtime, to enforce that the LOCAL_STORAGE_PERCENTAGE variable is at least 5 percentage points larger than targetDiskUsagePercentage. Nodes that are violating this constraint will not be able to start. In addition, the setTargetDiskUsagePercentage mutation will not allow violating the constraint.
- QueryMemoryLimit and LiveQueryMemoryLimit dynamic configurations have been replaced with QueryCoordinatorMemoryLimit, which controls the maximum memory usage of the coordinating node. This memory limit will, in turn, determine the limits of the static query state size and the live query state size. QueryCoordinatorMemoryLimit defaults to 400MB; QueryMemoryLimit and LiveQueryMemoryLimit defaults to 100MB regardless of their previous configuration.
  For more information, see General Limits & Parameters.
- New configuration variables KAFKA_CLIENT_RACK_GLOBAL_TOPIC and KAFKA_CLIENT_RACK_GLOBAL_TOPIC_ENV_VAR are introduced to allow setting specific client.rack for the Kafka consumer for the global-events topic independent of the other consumers in LogScale.
  For more information, see KAFKA_CLIENT_RACK_GLOBAL_TOPIC, KAFKA_CLIENT_RACK_GLOBAL_TOPIC_ENV_VAR.
- The new INITIAL_DISABLED_NODE_TASK environment variable is introduced.
  For more information, see INITIAL_DISABLED_NODE_TASK.
Dashboards and Widgets
- Small multiples functionality is introduced for the Single Value, Gauge, and Pie Chart widgets. This feature allows you to partition your query result on a single dimension into multiple visuals of the same widget type for easy comparison.
  For more information, see Widgets.
- We have added the new width option Fit to content for Event List columns. With this option selected, the width of the column depends on the content in the column.
- Show thousands separator has been added as a configuration option of format Number for the Table widget.
Ingestion
- When navigating between parser test cases, the table showing the outputs for the test case will now scroll to the top when you select a new test case.
- A new mechanism is introduced that delays the response to a HTTP ingest request from nodes that also do digest when the digest node locally experiences digest lag. The following new dynamic configurations control this mechanism:
  - DelayIngestResponseDueToIngestLagMaxFactor limits how much longer than the actual execution it may be, measured as a factor on top of the actual time spent (default is 2).
  - DelayIngestResponseDueToIngestLagThreshold sets the number of milliseconds of digest lag where the feature starts to kick in (default is 20,000).
  - DelayIngestResponseDueToIngestLagScale sets the numer of milliseconds of lag that adds 1 to the factor applied (default is 300,000).
Functions
- The new query function duration() is introduced: it can be helpful in computations involving timestamps.
- Live queries that use files in either match(), cidr(), or lookup() functions are no longer restarted when the file is updated. Instead the files are swapped while the queries are still running.
  For more information, see Lookup Files Operations.
- The new query function parseUri() is introduced to support parsing of URIs without a scheme.
- The new query function if() is introduced to compute one of two expressions depending on the outcome of a test.

Bug Fixes

UI Changes
- Turned the dropdown menu in the TablePage upwards and set it to the front to fix a bug where the menu would be hidden.
- The page for creating repository or view tokens would fail to load if the user didn't have a Change IP filters Organization settings permission.
Automation and Alerts
- If a filter alert, standard alert or scheduled search was assigned to run on another node in the cluster, due to changes to the available cluster nodes, they would be wrongly marked as failing with an error like The alert is broken. Save the alert again to fix it and an error log. This issue is now fixed.
- If an error occurred where the error message was huge, the error would not be stored on the failing alert or scheduled search. This issue has been fixed.
Storage
- A case where we might ignore LOCAL_STORAGE_PREFILL_PERCENTAGE and prefetch bucketed segments even if above the limit has been fixed.
- The setTargetDiskUsagePercentage mutation has been removed. The functionality that used this value has been updated to instead base decision-making on PRIMARY_STORAGE_MAX_FILL_PERCENTAGE, and on SECONDARY_STORAGE_MAX_FILL_PERCENTAGE for nodes with secondary storage configured.
GraphQL API
- Swapped parameters in graphQL mutation updateOrganizationMutability have been fixed.
Dashboards and Widgets
- The Gauge widget has been fixed as the Styling panel would not display configured thresholds.
- The options for precision and thousands separators in Table widget have been fixed as they would not be saved correctly when editing other widgets on the Search page.
- The hovered series in TimeChart widget have been fixed as they would not be highlighted in the tooltip.
- The legend title in widget charts has been fixed as it would offset the content when positioned to the right.
- The Styling panel in the Table widget has been fixed as threshold coloring could be assigned unintentionally.
Ingestion
- Parser timeout errors on ingested events that would occur at shutdown have now been fixed.
- A gap in the statistics of ingest per day experienced by some organizations on the Usage Page and in humio-usage repository, causing the graph to drop to zero, has now been fixed. As a consequence of this fix, the first measurement performed with version 1.114 will result in the graph showing a peak, since it would include statistics from the period where calculations were skipped.
- A parser that failed to construct would sometimes result in events receiving a null error. This issue has been fixed.
- A digest coordination issue has been fixed: it could cause minisegments to stay behind on old digest leaders when leadership changes.
Functions
- cidr() query function would fail to find some events when parameter negate=true was set. This incorrect behavior has now been fixed.
- The cidr() function would handle a validation error incorrectly. This issue has been fixed.
- The count() function with distinct parameter would give an incorrect count for utf8 strings. This issue has been fixed.
- timeChart() and bucket() functions have been fixed as they would give slightly different results depending on whether their limit argument was left out or explicitly set to the default value.
Other
- Occasional error logging from QueryScheduler.reduceAndSetSnapshot has been fixed.

Falcon LogScale 1.118.1 Internal (2023-12-20)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.118.1	Internal	2023-12-20	Cloud On-Prem	2025-01-31	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.118.1

Internal

2023-12-20

Cloud

On-Prem

2025-01-31

No

1.70.0

17-21

No

Internal only release.

Advanced Warning
The following items are due to change in a future release.

Falcon LogScale 1.118.0 Preview (2023-12-12)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.118.0	Preview	2023-12-12	Cloud On-Prem	2025-01-31	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.118.0

Preview

2023-12-12

Cloud

On-Prem

2025-01-31

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Removed
Items that have been removed as of this release.
API
The deprecated REST endpoints api/v1/dataspaces/(id)/deleteevents and /api/v1/repositories/(id)/deleteevents have been removed. You can use the redactEvents GraphQL mutation and query instead.
For more information, see redactEvents().

Improvements, new features and functionality

UI Changes
- We have improved the navigation on the page for Alerts, Scheduled Searches and Actions and the page is now called Automation.
  For more information, see Automation.
Configuration
- New configuration variables KAFKA_CLIENT_RACK_GLOBAL_TOPIC and KAFKA_CLIENT_RACK_GLOBAL_TOPIC_ENV_VAR are introduced to allow setting specific client.rack for the Kafka consumer for the global-events topic independent of the other consumers in LogScale.
  For more information, see KAFKA_CLIENT_RACK_GLOBAL_TOPIC, KAFKA_CLIENT_RACK_GLOBAL_TOPIC_ENV_VAR.
Dashboards and Widgets
- Small multiples functionality is introduced for the Single Value, Gauge, and Pie Chart widgets. This feature allows you to partition your query result on a single dimension into multiple visuals of the same widget type for easy comparison.
  For more information, see Widgets.
- We have added the new width option Fit to content for Event List columns. With this option selected, the width of the column depends on the content in the column.

Falcon LogScale 1.117.0 Preview (2023-12-05)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.117.0	Preview	2023-12-05	Cloud On-Prem	2025-01-31	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.117.0

Preview

2023-12-05

Cloud

On-Prem

2025-01-31

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Deprecation
Items that have been deprecated and may be removed in a future release.
GraphQL mutation updateOrganizationMutability is deprecated in favor of the new setBlockIngest mutation.

Improvements, new features and functionality

GraphQL API
- The new setBlockIngest GraphQL mutation is introduced to block ingest for the organization and set ingest to paused in the dataspaces owned by the organization.
Configuration
- The new INITIAL_DISABLED_NODE_TASK environment variable is introduced.
  For more information, see INITIAL_DISABLED_NODE_TASK.
Functions
- Live queries that use files in either match(), cidr(), or lookup() functions are no longer restarted when the file is updated. Instead the files are swapped while the queries are still running.
  For more information, see Lookup Files Operations.

Bug Fixes

GraphQL API
- Swapped parameters in graphQL mutation updateOrganizationMutability have been fixed.
Dashboards and Widgets
- The Styling panel in the Table widget has been fixed as threshold coloring could be assigned unintentionally.
Functions
- timeChart() and bucket() functions have been fixed as they would give slightly different results depending on whether their limit argument was left out or explicitly set to the default value.

Falcon LogScale 1.116.0 Preview (2023-11-28)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.116.0	Preview	2023-11-28	Cloud On-Prem	2025-01-31	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.116.0

Preview

2023-11-28

Cloud

On-Prem

2025-01-31

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Upgrades
Changes that may occur or be required during an upgrade.
Configuration
We've migrated from Akka dependency component to Apache Pekko. This means that all internal logs referencing Akka will be substituted with the Pekko counterpart. Users will need to update any triggers or dashboards that rely on such logs.
On Prem only: be aware that the Akka to Pekko migration also affects configuration field names in application.conf. Clusters that are using a custom application.conf will need to update their configuration to use the Pekko configuration names instead of the Akka configuration names.

Improvements, new features and functionality

Storage
- Handling of IOExceptions in part of the segment reading code has been improved. Such exceptions will cause the segment to be excluded from the query, and potentially refetched from bucket storage, and a warning to be shown to the user, rather than cancelling the query.
Configuration
- QueryMemoryLimit and LiveQueryMemoryLimit dynamic configurations have been replaced with QueryCoordinatorMemoryLimit, which controls the maximum memory usage of the coordinating node. This memory limit will, in turn, determine the limits of the static query state size and the live query state size. QueryCoordinatorMemoryLimit defaults to 400MB; QueryMemoryLimit and LiveQueryMemoryLimit defaults to 100MB regardless of their previous configuration.
  For more information, see General Limits & Parameters.

Bug Fixes

Dashboards and Widgets
- The options for precision and thousands separators in Table widget have been fixed as they would not be saved correctly when editing other widgets on the Search page.
- The hovered series in TimeChart widget have been fixed as they would not be highlighted in the tooltip.
- The legend title in widget charts has been fixed as it would offset the content when positioned to the right.
Functions
- The cidr() function would handle a validation error incorrectly. This issue has been fixed.
- The count() function with distinct parameter would give an incorrect count for utf8 strings. This issue has been fixed.

Falcon LogScale 1.115.0 Preview (2023-11-21)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.115.0	Preview	2023-11-21	Cloud On-Prem	2025-01-31	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.115.0

Preview

2023-11-21

Cloud

On-Prem

2025-01-31

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Improvements, new features and functionality

UI Changes
- The Files page has a new layout and changes:
  - It has been split into two pages: one containing a list of files and one with details of each file.
  - A view limit of 100 MB has been added and you'll get an error in the UI if you try to view files larger than this size.
  - It displays information on the size limits and the step needed for syncing the imported files.
  For more information, see Files.
- Parser test cases will automatically expand to the height of their content when loading the parser page now.
- When selecting a parser test case, there is now a button to scroll to that test case again if you scroll away from it.
Automation and Alerts
- LogScale now creates notifications for alerts and scheduled searches with warnings in addition to notifications for errors. The notifications for warnings will have a severity of warning.
Ingestion
- A new mechanism is introduced that delays the response to a HTTP ingest request from nodes that also do digest when the digest node locally experiences digest lag. The following new dynamic configurations control this mechanism:
  - DelayIngestResponseDueToIngestLagMaxFactor limits how much longer than the actual execution it may be, measured as a factor on top of the actual time spent (default is 2).
  - DelayIngestResponseDueToIngestLagThreshold sets the number of milliseconds of digest lag where the feature starts to kick in (default is 20,000).
  - DelayIngestResponseDueToIngestLagScale sets the numer of milliseconds of lag that adds 1 to the factor applied (default is 300,000).

Bug Fixes

UI Changes
- Turned the dropdown menu in the TablePage upwards and set it to the front to fix a bug where the menu would be hidden.
Storage
- The setTargetDiskUsagePercentage mutation has been removed. The functionality that used this value has been updated to instead base decision-making on PRIMARY_STORAGE_MAX_FILL_PERCENTAGE, and on SECONDARY_STORAGE_MAX_FILL_PERCENTAGE for nodes with secondary storage configured.
Dashboards and Widgets
- The Gauge widget has been fixed as the Styling panel would not display configured thresholds.
Ingestion
- A parser that failed to construct would sometimes result in events receiving a null error. This issue has been fixed.
- A digest coordination issue has been fixed: it could cause minisegments to stay behind on old digest leaders when leadership changes.
Other
- Occasional error logging from QueryScheduler.reduceAndSetSnapshot has been fixed.

Falcon LogScale 1.114.0 Preview (2023-11-14)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.114.0	Preview	2023-11-14	Cloud On-Prem	2025-01-31	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.114.0

Preview

2023-11-14

Cloud

On-Prem

2025-01-31

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Improvements, new features and functionality

Automation and Alerts
- When Filter Alerts encounter a query warning that could potentially affect the result of the alert, the warning is now saved with the alert, so that it is visible in the alerts overview, same as for Standard Alerts.

Bug Fixes

Automation and Alerts
- If an error occurred where the error message was huge, the error would not be stored on the failing alert or scheduled search. This issue has been fixed.
Storage
- A case where we might ignore LOCAL_STORAGE_PREFILL_PERCENTAGE and prefetch bucketed segments even if above the limit has been fixed.
Ingestion
- A gap in the statistics of ingest per day experienced by some organizations on the Usage Page and in humio-usage repository, causing the graph to drop to zero, has now been fixed. As a consequence of this fix, the first measurement performed with version 1.114 will result in the graph showing a peak, since it would include statistics from the period where calculations were skipped.

Falcon LogScale 1.113.0 Preview (2023-11-09)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.113.0	Preview	2023-11-09	Cloud On-Prem	2025-01-31	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.113.0

Preview

2023-11-09

Cloud

On-Prem

2025-01-31

No

1.70.0

17-21

No

Bug fixes and updates.

Breaking Changes
The following items create a breaking change in the behavior, response or operation of this release.
Functions
The new parameter unit is added to formatTime() to specify whether the input field is in seconds or milliseconds, or if it should be auto-detected by the system.
This is a breaking change: if you want to ensure fully backward-compatible behavior, set unit=milliseconds.
For more information, see formatTime().

Advanced Warning
The following items are due to change in a future release.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Automation and Alerts
We have changed how Scheduled Searches handle query warnings, similar to what was done for Standard Alerts (see Falcon LogScale 1.112.0 Preview (2023-10-24)). Previously, LogScale only triggered Scheduled Searches if there were no query warnings. Now, scheduled searches will trigger despite most query warnings, and the scheduled search status will show a warning instead of an error.
For query warnings about missing data, either due to ingest delay or some existing data that is currently unavailable, the scheduled search will retry for up to 10 minutes by default. This waiting time is configurable, see SCHEDULED_SEARCH_MAX_WAIT_FOR_MISSING_DATA for more information.
Up until now, all query warnings were treated as errors: the scheduled search did not trigger even though it produced results, and the scheduled search was shown with an error in LogScale. Most query warnings meant that not all data was queried. The previous behaviour prevented the scheduled search from triggering in cases where it would not have, if all data had been available. For instance, a scheduled search that would trigger if a count of events dropped below a threshold. On the other hand, it made some scheduled searches not trigger, even though they would still have if all data was available. That meant that previously you would almost never have a scheduled search trigger when it should not, but you would sometimes have a scheduled search not trigger, when it should have. We have reverted this behavior.
With this change, we no longer recommend to set the configuration option SCHEDULED_SEARCH_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the scheduled search fail.

Improvements, new features and functionality

UI Changes
- Lookup Files require unique column headers to work as expected, which was previously validated when attempting to use the file. You could still install an invalid file into LogScale however, but now lookup files with duplicate header names are also blocked from being installed.
Automation and Alerts
- When clearing errors on alerts or scheduled searches, all notifications about the problem are now automatically deleted right when the error is cleared. Previously, notifications were only updated every 15 minutes. Note, that if the error returns, a new notification will be created.
GraphQL API
- The redactEvents() mutation will no longer be allowed for users who have a limiting query prefix.
Configuration
- Added validation for LOCAL_STORAGE_PERCENTAGE configuration against the targetDiskUsagePercentage, that might be set on runtime, to enforce that the LOCAL_STORAGE_PERCENTAGE variable is at least 5 percentage points larger than targetDiskUsagePercentage. Nodes that are violating this constraint will not be able to start. In addition, the setTargetDiskUsagePercentage mutation will not allow violating the constraint.
Dashboards and Widgets
- Show thousands separator has been added as a configuration option of format Number for the Table widget.
Ingestion
- When navigating between parser test cases, the table showing the outputs for the test case will now scroll to the top when you select a new test case.
Functions
- The new query function duration() is introduced: it can be helpful in computations involving timestamps.
- The new query function parseUri() is introduced to support parsing of URIs without a scheme.
- The new query function if() is introduced to compute one of two expressions depending on the outcome of a test.

Bug Fixes

UI Changes
- The page for creating repository or view tokens would fail to load if the user didn't have a Change IP filters Organization settings permission.
Automation and Alerts
- If a filter alert, standard alert or scheduled search was assigned to run on another node in the cluster, due to changes to the available cluster nodes, they would be wrongly marked as failing with an error like The alert is broken. Save the alert again to fix it and an error log. This issue is now fixed.
Ingestion
- Parser timeout errors on ingested events that would occur at shutdown have now been fixed.
Functions
- cidr() query function would fail to find some events when parameter negate=true was set. This incorrect behavior has now been fixed.

Falcon LogScale 1.112.4 Stable (2024-02-23)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.112.4	Stable	2024-02-23	Cloud On-Prem	2024-11-30	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.112.4

Stable

2024-02-23

Cloud

On-Prem

2024-11-30

No

1.70.0

17-21

No

TAR Checksum	Value
MD5	cbc7e33e67707121ad4dfb1fa126eb32
SHA1	5ba9b1cd3980020460310ad8bbb774e62ac6448c
SHA256	ee470562fe07a4fa1d418da3cdf691b7524e2892c21d9ca70157704810d19087
SHA512	2a332c85c34bdaa07d366284e88b7c94dd6bd8507a36590d350a102555a7266a597a323e36a51bc58ba16c16b642588b0a6dfe8f85ace8cbce10b889276921a2

Docker Image	Included JDK	SHA256 Checksum
humio	21	a02bf037577746f41bac7b384311d314fd4bb578a7103b49f738c91d3966fae7
humio-core	21	f21a0bce3e07878bef68cf60d63123301e46c57ac9a3d9b6005fff0f12a221dd
kafka	21	b03f209bcb2c4ea31c4beedd41f0395ddd5e3b6b183c965ab98f0025d235fbde
zookeeper	21	779c0bddd23417d07b45d68b829e58ec64b2c484e95012f0d6924a9afdbda3b9

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.112.4/server-1.112.4.tar.gz

Bug fixes and performance improvements.

Advanced Warning
The following items are due to change in a future release.

Bug Fixes

Storage
- Fixed an issue that could cause repositories undeleted using the mechanism described at Restoring a Repository or View to be only partially restored. Some deleted datasources within the repositories could erroneously be skipped during restoration.
  For more information, see Restoring a Repository or View.

Improvement

Storage
- Allowed reassignment of digest that assigns partitions unevenly to hosts. This is to support clusters where hosts are not evenly sized, and so an even partition assignment is not expected.

Falcon LogScale 1.112.3 Stable (2024-01-30)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.112.3	Stable	2024-01-30	Cloud On-Prem	2024-11-30	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.112.3

Stable

2024-01-30

Cloud

On-Prem

2024-11-30

No

1.70.0

17-21

No

TAR Checksum	Value
MD5	88000e0267f6ceb570e47647d6bd9fe4
SHA1	fc20e83976d56a7ed16822798afe4ef0f2b62982
SHA256	beeb00d0ca09227f97bde119bbbc55b2cd48a2a35756de28c2a12f4ece7b906d
SHA512	723b19908f9147efc9d6c4ab0a6974c0af2b5e78f2575416d004100929e21b566f39cc80f7ede449640ef2dfc75706c56d047c3e5b06ad31028edf9e0f3ad8c9

Docker Image	Included JDK	SHA256 Checksum
humio	21	b2118a56091ac892ccadba636845cf524dbe6033b128b6ae0f59aacad4fdecd8
humio-core	21	d127e5606cd70b6ba851faa22e0f8a9ba964d48d7c72d1e1e294df138dc4748e
kafka	21	3da6f48ddd0335f6d29ee0215d07a6e199a93acd528061ca59226243ebd8031e
zookeeper	21	503cf46cb2e18df07459f0a2bfa911cf150cd3753393c5a051ed6ec44a0152ea

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.112.3/server-1.112.3.tar.gz

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Falcon LogScale 1.112.2 Stable (2024-01-22)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	JDK Compatibility^?	Req. Data Migration	Config. Changes^?
1.112.2	Stable	2024-01-22	Cloud On-Prem	2024-11-30	No	1.70.0	17-21	No	No

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.112.2

Stable

2024-01-22

Cloud

On-Prem

2024-11-30

No

1.70.0

17-21

No

TAR Checksum	Value
MD5	bb1877af748c84bba281516a911b0823
SHA1	297c770af75cfc5700a069878eb08d85e817ece8
SHA256	6113922ff798079c87265ae4f7e7ecc3c3b8a94b2feeaf4ea2d6e81201d2fc83
SHA512	bc789a19665d430281cfbe1241e0c5a5f4e01edbc5060295cb1215d65d2917a058c9616735ff210e2eaa5c41bba406aa63e17ba973e3cdf5760484e946e75ded

Docker Image	Included JDK	SHA256 Checksum
humio	21	7a37137d187338bc1bf46e3b4daa5659914fbd15758158f33a88db1f268cac81
humio-core	21	dddd6f2ed3ab4a5b21c40074cbc7a61526887415999273933bdc950740cb3a1b
kafka	21	0572df2b7ac4c78e495fde4180c099375c8e33e8fd20dbec8befd0554c706c7a
zookeeper	21	b920b2354194c91f3e6acee62d205ed6b02379dd780458fda9bddfaf58ac4b23

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.112.2/server-1.112.2.tar.gz

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Improvements, new features and functionality

GraphQL API
- Added limits for GraphQL queries on the total number of selected fields and fragments. Defaults are 1000 for authenticated and 150 for unauthenticated users.
  Cluster administrators can adjust these limits with the GraphQLSelectionSizeLimit and UnauthenticatedGraphQLSelectionSizeLimit dynamic configurations.

Falcon LogScale 1.112.1 Stable (2023-11-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.112.1

Stable

2023-11-15

Cloud

On-Prem

2024-11-30

No

1.70.0

17-21

No

TAR Checksum	Value
MD5	adc304d42f49666a11a9343ce0b1cf45
SHA1	2d46f12e23448be8e966780e3bbefb8c24706615
SHA256	ee624502c5a88774ac03ca56984c4a1aa76186f4d848b878106189c45d4855e0
SHA512	9231d4e6a250d7d9eaeaaf67b99979c5cbfe070d0a8f57b816e9cb0a76c3d76a93957268ece8a6ad0d296816a4a08c3259f85dd7e075b739f8d7351243ec9842

Docker Image	Included JDK	SHA256 Checksum
humio	21	307d54f45c193743e6ef1e6b81cb6e278b77460351a9f1a4b1b3c4b14c9dd198
humio-core	21	73ff5f4ce9f0b4d5a7dace1f7858d06948ff9ea05cda2acd45ffd1c2ff1e055b
kafka	21	39b5cf13a792c55b935bfbff81de9c384bd8555fe0ebf572debb639eb5638390
zookeeper	21	ccb43bdf0b2ca238b79b98069b9cf050fc39a60a5bd55f5e7709e76b6bab72ea

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.112.1/server-1.112.1.tar.gz

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
We intend to drop support for Java 17, making Java 21 the minimum. We plan to make this change in March 2024.

Removed
Items that have been removed as of this release.
Installation and Deployment
All Zookeeper-related functionality for LogScale was deprecated in December 2022, and is now removed:
Removed the Zookeeper status page from the User Interface
Removed the Zookeeper related GraphQL mutations
Removed the migration support for node IDs created by Zookeeper, as we no longer support upgrading from version prior to 1.70.
Depending on your chosen Kafka deployment, ZooKeeper may still be required to support Kafka.
Running on Java 11, 12, 13, 14, 15 and 16 is no longer supported. The minimum supported Java version is 17 starting from this LogScale release.
Storage
The unused humio-backup symlink inside Docker containers has been removed.
GraphQL API
The deprecated client mutation ID concept is now being removed from the GraphQL API:
Removed the clientMutationId argument for a lot of mutations.
Removed the clientMutationId field from the returned type for a lot of mutations.
Renamed the ClientMutationID datatype, that was returned from some mutations to BooleanResultType datatype. Removed the clientMutationId field on the returned type and replaced it by a boolean field named result.
Most deprecated queries, mutations and fields have now been removed from the GraphQL API.
Configuration
Some deprecated configuration variables have now been removed:
S3_STORAGE_UPLOAD_CONCURRENCY
GCP_STORAGE_UPLOAD_CONCURRENCY
S3_STORAGE_DOWNLOAD_CONCURRENCY
GCP_STORAGE_DOWNLOAD_CONCURRENCY
They have been replaced by S3_STORAGE_CONCURRENCY and GCP_STORAGE_CONCURRENCY settings that internally handle rate-limiting responses from the bucket provider.

Deprecation
Items that have been deprecated and may be removed in a future release.
The following REST endpoints for deleting events have been deprecated:
/api/v1/dataspaces/(Id)/deleteevents
/api/v1/repositories/(id)/deleteevents
The new GraphQL mutation redactEvents should be used instead.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Automation and Alerts
We have changed how Standard Alerts handle query warnings. Previously, LogScale only triggered alerts if there were no query warnings. Now, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error. Up until now, all query warnings were treated as errors. This meant that the alert did not trigger even though it produced results, and the alert was shown with an error in LogScale. Most query warnings mean that not all data was queried. The previous behaviour prevented the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it made some alerts not trigger, even though they would still have if all data was available. That meant that previously you would almost never get an alert that you should not have gotten, but you would sometime not get an alert that you should have gotten. We have reverted this. With this change, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.
For more information, see Diagnosing Alerts.

Upgrades
Changes that may occur or be required during an upgrade.
Security
xmlsec has been upgraded to 2.3.4 to address CVE-2023-44483 issue.
Configuration
Docker containers have been upgraded to Java 21.

Improvements, new features and functionality

Installation and Deployment
- Configure LogScale to write fatal JVM error logs in the JVM logging directory, which is specified using JVM_LOG_DIR variable. The default directory is /logs/humio.
UI Changes
- Most tables inside the LogScale UI now supports resizing columns, except the Table widget used during search.
- The behavior of the ComboBox has changed: the drop-down is not filtered until the text in the filter field has been edited, allowing you to easily copy, alter or clear the text.
- The list of permissions now has a specific custom order in the UI, as follows.
  - Organization:
    Organization settings
    Repository and view management
    Permissions and user management
    Fleet management
    Query monitoring
    Other
  - Cluster management:
    Cluster management
    Organization management
    Subdomains
    Others
- A combined view of permissions is now available to show all roles listed together when there is more than one role under each repository, organization, or system.
  For more information, see Aggregate Permissions.
- It is now possible to highlight results based on the filters applied in queries. This helps significantly when trying to understand why a query matches the results or when looking for a specific part of the events text.
  For more information, see Filter Match Highlighting.
Automation and Alerts
- The new button Import from has been added to the Scheduled Searches form allowing importing a Scheduled Search from template or package.
- When creating or updating Scheduled Searches using the GraphQL API, it is now possible to refer to actions in Packages using a qualified name of \"packagescope/packagename:actionname\". Actions in packages will no longer be found if using an unqualified name.
- When generating CSV files for attaching to emails or uploading to LogScale in actions, or when using the message template {events_html}, the field @ingesttimestamp is now formatted similar to how @timestamp is.
- The UI flow for Scheduled Searches has been updated: when you click on New Scheduled Search it will directly go to the New Scheduled Search form.
- The Alert forms will not show any errors when the alert is disabled.
Storage
- JVM_TMP_DIR has been added to the launcher script. This option is used for configuring java.io.tmpdir and jna.tmpdir for the JVM. The directory will default to jvm-tmp inside the directory specified by the DIRECTORY setting. This default should alleviate issues starting LogScale on some systems due to the /tmp directory being marked as noexec.
  For more information, see Troubleshooting: Error Starting LogScale due to Exec permissions on /tmp.
- Bucket storage cleaning of tmp files now only runs on a few nodes in the cluster rather than on all nodes.
GraphQL API
- The contentHash field on the File output type has been reintroduced.
Configuration
- LOCAL_STORAGE_PREFILL_PERCENTAGE new configuration option has been added.
  For more information, see LOCAL_STORAGE_PREFILL_PERCENTAGE.
- Query queueing based on the available memory in query coordinator is enabled by default by treating dynamic configuration QueryCoordinatorMaxHeapFraction as 0.5, if it has not been set. To disable queing, set QueryCoordinatorMaxHeapFraction to 1000.
- Set the default value of LOCAL_STORAGE_PERCENTAGE to 85, and the minimum value to 0. The default was previously to leave this unset, which is not safe in clusters where bucket storage contains more data than will fit on local drives.
- The new environment variable DISABLE_BUCKET_CLEANING_TMP_FILES has been introduced. It allows to reduce the amount of listing of tmp files in bucket.
Dashboards and Widgets
- You can enable the export of Dashboards to a PDF file, with many options available to control the output layout and formatting.
  The feature is available to all users who already have access to dashboard data. This is the first of two feature releases, aiming to provide full schedulable PDF reporting capabilities to LogScale.
  For more information, see Exporting Dashboards as PDF.
- The new Gauge widget is introduced: it allows you to represent values on a fixed scale, offering a visual and intuitive way to monitor key performance metrics.
  For more information, see Gauge Widget.
- A parameter configuration option has been added to support invalidation of parameter inputs. The format for this is a comma separated list of invalid input patterns (regexes).
- Introduced a new style option Show 'Others' to the Time Chart Widget: it allows you to show/hide other series when there are more series than the maximum allowed in the chart.
- A parameter configuration option has been added to allow setting a custom message when a parameter input is invalid.
- New formatting options have been introduced for the Table widget, to get actionable insights from your data faster:
  - Conditional formatting of table cells
  - Text wrapping and column resizing
  - Row numbering
  - Number formatting
  - Link formatting
  - Columns hiding
  For more information, see Table Widget.
Ingestion
- When writing parsers, the fields produced by a test case are now available for autocompletion in the editor.
  For more information, see Using the Parser Code Editor.
Log Collector
- The Fleet Management tab on Fleet Overview page is now renamed to Data Ingest.
Functions
- parseCEF() and parseLEEF() functions now have an option to change the prefix of the header fields.
- Field names with special characters are now supported in Array Query Functions using backtick quoting.
  For more information, see Common Recommendations for Array Query Functions.
Packages
- Filter alerts and Standard alerts are now shown in the same tab Alerts under Assets when installing or viewing installed Packages.
- It is now possible to see the type of action in Packages (Marketplace, Installed and Create a package).

Bug Fixes

UI Changes
- Queries could "flicker" for a short period causing "negative alerts" to trigger for no reason (negative alerts are alerts that check for the absence of events). This issue has been fixed.
- The following issue has been fixed on the Search page: if regular expressions contained named groups with special characters (underscore _ for example) a recent change with the introduction of Filter Match Highlighting would cause a server error and hang the UI.
- The following items about Saving Queries have been fixed:
  - The Search... field for saved queries did not return what would be expected.
  - Upon reopening the Queries dropdown after having filled out the Search... field, the text would still be present in the Search... field but not filter on the queries.
  - Added focus on the Search... field when reopening the Queries dropdown.
Automation and Alerts
- Notifications on problems with Filter Alerts where not automatically removed when the problem was solved. This issue is now fixed.
- Filter alerts that could fail right after a cluster restart have now been fixed.
- When used with Filter Alerts, the {events_html} message template would not keep the order of the fields from the Alert query.
Storage
- A workaround solution has been identified for those cases where segment files on local disk no longer pass their internal checksum test and are detected as "broken" by the background merge process.
  1. Ensure a copy of the local file is present in the bucket storage, backing up the cluster
  2. Delete the local copy
  As a result, any merge attempt involving that file will succeed after the next restart of LogScale.
GraphQL API
- When trying to delete an Alert, Scheduled Search or Dashboard using a mutation for one of the other types, it would end up in a state where it was not deleted, but could not run either. This issue is now fixed.
Dashboards and Widgets
- Field values containing % would not be resolved correctly in interactions. This issue has been fixed.
Ingestion
- The buttons used for editing and deleting an ingest listener were overlapping in Safari on the Ingest Listeners page under a repository. This issue has been fixed.
Functions
- Results for empty buckets didn't include the steps after the first aggregator of the subquery. This issue has now been fixed.
- match() function using a json file and containing an object with a missing field, could lead to an internal error.
- The regex() function has been fixed for cases where \Q...\E could cause problems for named capturing groups.
- The array:filter() function has been fixed for an issue that caused incorrect output element values in certain circumstances.
Other
- A cluster with very little disk space left could result in excessive logging from com.humio.distribution.RendezvousSegmentDistribution.
- Fixing a race that can leave a query in a state where it will cause an excessive amount of 404 HTTP requests. This adds unnecessary noise and a bit of extra load to the system.
- A minor logging issue has been fixed: ClusterHostAliveStats would log that hosts were "changed from being considered dead to alive" on hosts that had just rebooted, when such hosts actually consider all other nodes alive for a little while, to allow the booting node some time to hear heartbeats from others.
- A boot-time version checking issue could cause LogScale to crash on boot, if joining a fresh cluster, and the first node to join that cluster would crash.
Packages
- Updating of a Package failed when using anything other than a personal user token. This issue has been fixed.
- Updating a package with a lookup file and a parser/scheduled search/filter alert/alert containing match would fail if the new column parameter did not exist in the old lookup file. This issue has now been fixed.
- Aligned the requirements to allow all tokens (with the correct permissions) to install and update Packages.
- Fixed a broken link from saved query asset in Packages to Search page.
- The alert types in Package Marketplace were showing twice — this is now fixed so it properly shows one type as expected.

Falcon LogScale 1.112.0 Preview (2023-10-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.112.0

Preview

2023-10-24

Cloud

On-Prem

2024-11-30

No

1.70.0

17-21

No

Bug fixes and updates.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Automation and Alerts
We have changed how Standard Alerts handle query warnings. Previously, LogScale only triggered alerts if there were no query warnings. Now, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error. Up until now, all query warnings were treated as errors. This meant that the alert did not trigger even though it produced results, and the alert was shown with an error in LogScale. Most query warnings mean that not all data was queried. The previous behaviour prevented the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it made some alerts not trigger, even though they would still have if all data was available. That meant that previously you would almost never get an alert that you should not have gotten, but you would sometime not get an alert that you should have gotten. We have reverted this. With this change, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.
For more information, see Diagnosing Alerts.

Improvements, new features and functionality

Installation and Deployment
- Configure LogScale to write fatal JVM error logs in the JVM logging directory, which is specified using JVM_LOG_DIR variable. The default directory is /logs/humio.
UI Changes
- The behavior of the ComboBox has changed: the drop-down is not filtered until the text in the filter field has been edited, allowing you to easily copy, alter or clear the text.
- The list of permissions now has a specific custom order in the UI, as follows.
  - Organization:
    Organization settings
    Repository and view management
    Permissions and user management
    Fleet management
    Query monitoring
    Other
  - Cluster management:
    Cluster management
    Organization management
    Subdomains
    Others
- A combined view of permissions is now available to show all roles listed together when there is more than one role under each repository, organization, or system.
  For more information, see Aggregate Permissions.
Automation and Alerts
- The Alert forms will not show any errors when the alert is disabled.
Dashboards and Widgets
- You can enable the export of Dashboards to a PDF file, with many options available to control the output layout and formatting.
  The feature is available to all users who already have access to dashboard data. This is the first of two feature releases, aiming to provide full schedulable PDF reporting capabilities to LogScale.
  For more information, see Exporting Dashboards as PDF.
- The new Gauge widget is introduced: it allows you to represent values on a fixed scale, offering a visual and intuitive way to monitor key performance metrics.
  For more information, see Gauge Widget.

Bug Fixes

UI Changes
- Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.
- Queries could "flicker" for a short period causing "negative alerts" to trigger for no reason (negative alerts are alerts that check for the absence of events). This issue has been fixed.
Automation and Alerts
- Notifications on problems with Filter Alerts where not automatically removed when the problem was solved. This issue is now fixed.
GraphQL API
- When trying to delete an Alert, Scheduled Search or Dashboard using a mutation for one of the other types, it would end up in a state where it was not deleted, but could not run either. This issue is now fixed.
Other
- A minor logging issue has been fixed: ClusterHostAliveStats would log that hosts were "changed from being considered dead to alive" on hosts that had just rebooted, when such hosts actually consider all other nodes alive for a little while, to allow the booting node some time to hear heartbeats from others.
Packages
- The alert types in Package Marketplace were showing twice — this is now fixed so it properly shows one type as expected.

Falcon LogScale 1.111.1 Preview (2023-10-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.111.1

Preview

2023-10-28

Cloud

On-Prem

2024-11-30

No

1.70.0

17-21

No

Bug fixes and updates.

Bug Fixes

UI Changes
- Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.

Falcon LogScale 1.111.0 Preview (2023-10-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.111.0

Preview

2023-10-10

Cloud

On-Prem

2024-11-30

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Automation and Alerts
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.

Removed
Items that have been removed as of this release.
Storage
The unused humio-backup symlink inside Docker containers has been removed.
Configuration
Some deprecated configuration variables have now been removed:
S3_STORAGE_UPLOAD_CONCURRENCY
GCP_STORAGE_UPLOAD_CONCURRENCY
S3_STORAGE_DOWNLOAD_CONCURRENCY
GCP_STORAGE_DOWNLOAD_CONCURRENCY
They have been replaced by S3_STORAGE_CONCURRENCY and GCP_STORAGE_CONCURRENCY settings that internally handle rate-limiting responses from the bucket provider.

Deprecation
Items that have been deprecated and may be removed in a future release.
The following REST endpoints for deleting events have been deprecated:
/api/v1/dataspaces/(Id)/deleteevents
/api/v1/repositories/(id)/deleteevents
The new GraphQL mutation redactEvents should be used instead.

Improvements, new features and functionality

Storage
- JVM_TMP_DIR has been added to the launcher script. This option is used for configuring java.io.tmpdir and jna.tmpdir for the JVM. The directory will default to jvm-tmp inside the directory specified by the DIRECTORY setting. This default should alleviate issues starting LogScale on some systems due to the /tmp directory being marked as noexec.
  For more information, see Troubleshooting: Error Starting LogScale due to Exec permissions on /tmp.
- Bucket storage cleaning of tmp files now only runs on a few nodes in the cluster rather than on all nodes.
Configuration
- The new environment variable DISABLE_BUCKET_CLEANING_TMP_FILES has been introduced. It allows to reduce the amount of listing of tmp files in bucket.
Dashboards and Widgets
- New formatting options have been introduced for the Table widget, to get actionable insights from your data faster:
  - Conditional formatting of table cells
  - Text wrapping and column resizing
  - Row numbering
  - Number formatting
  - Link formatting
  - Columns hiding
  For more information, see Table Widget.
Ingestion
- When writing parsers, the fields produced by a test case are now available for autocompletion in the editor.
  For more information, see Using the Parser Code Editor.
Functions
- Field names with special characters are now supported in Array Query Functions using backtick quoting.
  For more information, see Common Recommendations for Array Query Functions.

Bug Fixes

UI Changes
- The following issue has been fixed on the Search page: if regular expressions contained named groups with special characters (underscore _ for example) a recent change with the introduction of Filter Match Highlighting would cause a server error and hang the UI.
- The following items about Saving Queries have been fixed:
  - The Search... field for saved queries did not return what would be expected.
  - Upon reopening the Queries dropdown after having filled out the Search... field, the text would still be present in the Search... field but not filter on the queries.
  - Added focus on the Search... field when reopening the Queries dropdown.
Automation and Alerts
- When used with Filter Alerts, the {events_html} message template would not keep the order of the fields from the Alert query.
Dashboards and Widgets
- Field values containing % would not be resolved correctly in interactions. This issue has been fixed.
Functions
- Results for empty buckets didn't include the steps after the first aggregator of the subquery. This issue has now been fixed.
Packages
- Updating of a Package failed when using anything other than a personal user token. This issue has been fixed.
- Aligned the requirements to allow all tokens (with the correct permissions) to install and update Packages.

Falcon LogScale 1.110.1 Preview (2023-10-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.110.1

Preview

2023-10-28

Cloud

On-Prem

2024-11-30

No

1.70.0

17-21

No

Bug fixes and updates.

Bug Fixes

UI Changes
- Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.

Falcon LogScale 1.110.0 Preview (2023-10-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.110.0

Preview

2023-10-03

Cloud

On-Prem

2024-11-30

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Automation and Alerts
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.

Improvements, new features and functionality

GraphQL API
- The contentHash field on the File output type has been reintroduced.
Dashboards and Widgets
- A parameter configuration option has been added to support invalidation of parameter inputs. The format for this is a comma separated list of invalid input patterns (regexes).
- A parameter configuration option has been added to allow setting a custom message when a parameter input is invalid.
Packages
- Filter alerts and Standard alerts are now shown in the same tab Alerts under Assets when installing or viewing installed Packages.
- It is now possible to see the type of action in Packages (Marketplace, Installed and Create a package).

Bug Fixes

Storage
- A workaround solution has been identified for those cases where segment files on local disk no longer pass their internal checksum test and are detected as "broken" by the background merge process.
  1. Ensure a copy of the local file is present in the bucket storage, backing up the cluster
  2. Delete the local copy
  As a result, any merge attempt involving that file will succeed after the next restart of LogScale.
Ingestion
- The buttons used for editing and deleting an ingest listener were overlapping in Safari on the Ingest Listeners page under a repository. This issue has been fixed.
Functions
- The regex() function has been fixed for cases where \Q...\E could cause problems for named capturing groups.
- The array:filter() function has been fixed for an issue that caused incorrect output element values in certain circumstances.
Other
- A boot-time version checking issue could cause LogScale to crash on boot, if joining a fresh cluster, and the first node to join that cluster would crash.
Packages
- Fixed a broken link from saved query asset in Packages to Search page.

Falcon LogScale 1.109.1 Preview (2023-10-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.109.1

Preview

2023-10-28

Cloud

On-Prem

2024-11-30

No

1.70.0

17-21

No

Bug fixes and updates.

Bug Fixes

UI Changes
- Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.

Falcon LogScale 1.109.0 Preview (2023-09-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.109.0

Preview

2023-09-26

Cloud

On-Prem

2024-11-30

No

1.70.0

17-21

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Automation and Alerts
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.

Upgrades
Changes that may occur or be required during an upgrade.
Configuration
Docker containers have been upgraded to Java 21.

Improvements, new features and functionality

Automation and Alerts
- The new button Import from has been added to the Scheduled Searches form allowing importing a Scheduled Search from template or package.
- When creating or updating Scheduled Searches using the GraphQL API, it is now possible to refer to actions in Packages using a qualified name of \"packagescope/packagename:actionname\". Actions in packages will no longer be found if using an unqualified name.
- When generating CSV files for attaching to emails or uploading to LogScale in actions, or when using the message template {events_html}, the field @ingesttimestamp is now formatted similar to how @timestamp is.
- The UI flow for Scheduled Searches has been updated: when you click on New Scheduled Search it will directly go to the New Scheduled Search form.
Configuration
- LOCAL_STORAGE_PREFILL_PERCENTAGE new configuration option has been added.
  For more information, see LOCAL_STORAGE_PREFILL_PERCENTAGE.
- Set the default value of LOCAL_STORAGE_PERCENTAGE to 85, and the minimum value to 0. The default was previously to leave this unset, which is not safe in clusters where bucket storage contains more data than will fit on local drives.
Log Collector
- The Fleet Management tab on Fleet Overview page is now renamed to Data Ingest.
Functions
- parseCEF() and parseLEEF() functions now have an option to change the prefix of the header fields.

Bug Fixes

Automation and Alerts
- Filter alerts that could fail right after a cluster restart have now been fixed.
Other
- A cluster with very little disk space left could result in excessive logging from com.humio.distribution.RendezvousSegmentDistribution.
Packages
- Updating a package with a lookup file and a parser/scheduled search/filter alert/alert containing match would fail if the new column parameter did not exist in the old lookup file. This issue has now been fixed.

Falcon LogScale 1.108.0 Preview (2023-09-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.108.0

Preview

2023-09-19

Cloud

On-Prem

2024-11-30

No

1.70.0

17

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Automation and Alerts
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.

Removed
Items that have been removed as of this release.
Installation and Deployment
All Zookeeper-related functionality for LogScale was deprecated in December 2022, and is now removed:
Removed the Zookeeper status page from the User Interface
Removed the Zookeeper related GraphQL mutations
Removed the migration support for node IDs created by Zookeeper, as we no longer support upgrading from version prior to 1.70.
Depending on your chosen Kafka deployment, ZooKeeper may still be required to support Kafka.
GraphQL API
The deprecated client mutation ID concept is now being removed from the GraphQL API:
Removed the clientMutationId argument for a lot of mutations.
Removed the clientMutationId field from the returned type for a lot of mutations.
Renamed the ClientMutationID datatype, that was returned from some mutations to BooleanResultType datatype. Removed the clientMutationId field on the returned type and replaced it by a boolean field named result.
Most deprecated queries, mutations and fields have now been removed from the GraphQL API.

Improvements, new features and functionality

Installation and Deployment
- The following adjustments have been made to the launcher script:
  - Removed UnlockDiagnosticVMOptions
  - Raised default heap size to 75% of host memory, up from 50%
  - Move -XX:CompileCommand settings into the mandatory launch options, to prevent accidentally removing them when customizing HUMIO_JVM_PERFORMANCE_OPTS
  - Set -XX:MaxDirectMemorySize to 1/5GB per CPU core as a default.
  - Print a warning if the sum of the heap size and the direct memory setting exceeds the total available memory.
Configuration
- Query queueing based on the available memory in query coordinator is enabled by default by treating dynamic configuration QueryCoordinatorMaxHeapFraction as 0.5, if it has not been set. To disable queing, set QueryCoordinatorMaxHeapFraction to 1000.
Dashboards and Widgets
- Introduced a new style option Show 'Others' to the Time Chart Widget: it allows you to show/hide other series when there are more series than the maximum allowed in the chart.

Bug Fixes

Functions
- Fixed a bug where join() queries could result in a memory leak from their sub queries not being properly cleaned up.

Falcon LogScale 1.107.0 Preview (2023-09-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.107.0

Preview

2023-09-12

Cloud

On-Prem

2024-11-30

No

1.70.0

17

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
We intend to drop support for Java 17, making Java 21 the minimum. We plan to make this change in March 2024.
Automation and Alerts
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.

Removed
Items that have been removed as of this release.
Installation and Deployment
Running on Java 11, 12, 13, 14, 15 and 16 is no longer supported. The minimum supported Java version is 17 starting from this LogScale release.

Improvements, new features and functionality

UI Changes
- Most tables inside the LogScale UI now supports resizing columns, except the Table widget used during search.
- It is now possible to highlight results based on the filters applied in queries. This helps significantly when trying to understand why a query matches the results or when looking for a specific part of the events text.
  For more information, see Filter Match Highlighting.
Configuration
- GCS bucketing and query streaming now use the same proxy configuration as overall system proxy and S3 proxy. Example: HTTP_PROXY_HOST, HTTP_PROXY_PORT, HTTP_PROXY_USERNAME, HTTP_PROXY_PASSWORD

Bug Fixes

Functions
- match() function using a json file and containing an object with a missing field, could lead to an internal error.

Falcon LogScale 1.106.6 Stable (2024-01-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.106.6

Stable

2024-01-22

Cloud

On-Prem

2024-09-30

No

1.70.0

11

No

TAR Checksum	Value
MD5	731ff35cbdf1b8239240a23e960f61b1
SHA1	98de7c0b7ce4c381065b74806ac78fd6cdee32ba
SHA256	92392ab60d33e766199ad07c00e9f55020cca33711580ec5b637350608530db3
SHA512	06d18de13a169cb89811abaa0f89a4824ee208bb9efb76cad950ba770758dbc7c42297eec6cf982d48abadbfd76af3e51b558a0b26ce4e5f75b1e32280545d51

Docker Image	SHA256 Checksum
humio	c6000d8e21b4670a537992438d38db8e6912679a1bb8ab5fae3850271c174ed3
humio-core	9f8d3e32abe2c2ca4402d0a91adf4780556f40041fdd5a385387bfcbf205d9df
kafka	b955111d2e83b1838cb3d266f3b121424de82114189fd5d4f6001f38619304c4
zookeeper	05f6801ef1035b76a7224dd0b088c549708d3c88d176854330b6f068a00e4b7d

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.106.6/server-1.106.6.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

GraphQL API
- Added limits for GraphQL queries on the total number of selected fields and fragments. Defaults are 1000 for authenticated and 150 for unauthenticated users.
  Cluster administrators can adjust these limits with the GraphQLSelectionSizeLimit and UnauthenticatedGraphQLSelectionSizeLimit dynamic configurations.

Falcon LogScale 1.106.5 Stable (2023-11-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.106.5

Stable

2023-11-15

Cloud

On-Prem

2024-09-30

No

1.70.0

11

No

TAR Checksum	Value
MD5	dddd2f72fc2570f6545f59472f11fe6c
SHA1	e57584aad90a7b1ac21c4e28c9ad09ec626dd648
SHA256	6af935589fd8bd3747a4f461e550ccac82d4ffa3e7f27f871cd14ea7e5bf8a49
SHA512	699e45b16ec8afee195cd718d43f507e2c8365d7cd8ddd7561462f43c0e7d0970fd2de5259f8c3ae3b95305416cef906581299668594c37e0834828bb3662cb1

Docker Image	SHA256 Checksum
humio	b3d38ec90dcdad1839ce9e7c384e29c5049ecc8c5e20ef4826c6232524015bfa
humio-core	9ad2f73627069c87f45e39c55b622bf81707fc3d0a795aaeaedf7550b601e9c4
kafka	1b7862afa2ae5e25e7c187c51106c7da68c64df1cbbc8e020bd155f85e560580
zookeeper	f39e5dd61ec2a0a65b50e0ea5dd6670ed5babf4eab2b85923678fb1f3fef7241

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.106.5/server-1.106.5.tar.gz

Bug fixes and updates.

Upgrades
Changes that may occur or be required during an upgrade.
Security
xmlsec has been upgraded to 2.3.4 to address CVE-2023-44483 issue.

Bug Fixes

Other
- Fixing a race that can leave a query in a state where it will cause an excessive amount of 404 HTTP requests. This adds unnecessary noise and a bit of extra load to the system.

Falcon LogScale 1.106.4 Stable (2023-10-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.106.4

Stable

2023-10-28

Cloud

On-Prem

2024-09-30

No

1.70.0

11

No

TAR Checksum	Value
MD5	6cd245d416e5a117199c20b0ee8806a3
SHA1	642252be4f22397d72ad1c34d2e7724b5cf4cd09
SHA256	cd2aa9be2d02daaff60f89742e82bc92b20017de95b74c3c96b70323382290af
SHA512	eed3d4f6c68902b401f0006cc07eafb33b24e8cbe87bb632281dcb51269f11f153fe58f68d244b107209254860bf54e68e763ce9afec1201f20c2ea30970ffb8

Docker Image	SHA256 Checksum
humio	effaba4975f3ca3ab75e07853c4bf4cc9936b694e8b632f74151e2ac45057c50
humio-core	cf6104f1b607f8a8a21ae5e6d73c3639fdade6e95bdbd1ee2cc236725f6d0860
kafka	c071905918a20309c0292e978e57ac1f382e578af01e5a0b7ec748508cd1c31f
zookeeper	30e4aa0ec27f29e480c5158778dae29f01894a2f307eeaffe9049a3d74a5f072

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.106.4/server-1.106.4.tar.gz

Bug fixes and updates.

Bug Fixes

UI Changes
- Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.

Falcon LogScale 1.106.3 Not Released (2023-10-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.106.3

Not Released

2023-10-28

Cloud

On-Prem

2024-09-30

No

1.70.0

11

No

Not released.

Falcon LogScale 1.106.2 Stable (2023-09-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.106.2

Stable

2023-09-27

Cloud

On-Prem

2024-09-30

No

1.70.0

11

No

TAR Checksum	Value
MD5	c8dec3b68f22324e82506bb409f9a70e
SHA1	1b4fdf70a60b32ef37f815dd3a3f6db587a6dedc
SHA256	2c7ea89974973d9b96a5618186c8a79943aa6b266e7c59ee4a219c6b407d6fc9
SHA512	ed03c0e0501baf77dd67a18dec85610de2432463205482535e4ff6316351d49643c87e0de1c16e3c0b9ebbdd8962f06acddfeb36c2d57e80d7adad5b25e84eb0

Docker Image	SHA256 Checksum
humio	2c3f8914be314d8b149b958073fe5b55299f5ead0b79ec57982f4724a81adfef
humio-core	9d621536c495cc79bb75dfc4ec355f2a617174722fd22da9625347f7b84d6d41
kafka	468ea5a11fedbe97b33de836030b052be7052ee0a622efaa072e2ba19b70b2f7
zookeeper	b437dc0eb991f17a3a99d8a230ad77f620e600a8b0800a5863e9be8d2a2c7945

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.106.2/server-1.106.2.tar.gz

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.
Automation and Alerts
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.

Improvements, new features and functionality

Installation and Deployment
- The following adjustments have been made to the launcher script:
  - Removed UnlockDiagnosticVMOptions
  - Raised default heap size to 75% of host memory, up from 50%
  - Move -XX:CompileCommand settings into the mandatory launch options, to prevent accidentally removing them when customizing HUMIO_JVM_PERFORMANCE_OPTS
  - Set -XX:MaxDirectMemorySize to 1/5GB per CPU core as a default.
  - Print a warning if the sum of the heap size and the direct memory setting exceeds the total available memory.
UI Changes
- The Show in context dialog now closes when the Search button in the dialog is clicked.
- The fields and values in the Fields Panel and in the Event List are now sorted case-insensitively.
Automation and Alerts
- It is now possible to import and export Filter Alerts in Packages from the UI.
- When creating or updating Filter Alerts using the GraphQL API, it is now possible to refer to actions in Packages using a qualified name of \"packagescope/packagename:actionname\". Actions in packages will no longer be found if using an unqualified name.
- The UI flow for Alerts has been updated — when you click on New alert you are directly presented with the New alertform.
- Importing an alert from template or package is done from the new Import from button now located on top of the New alert form.
- When installing or updating a package with an Alert or Scheduled search referencing an action that is not part of the package, the error is now shown in the UI. Previously, a generic error was shown.
- Added a status field to some of the logs for Standard Alerts and Filter Alerts as well as Scheduled Searches. The field shows whether the current run of the job resulted in a Success or Failure for the Alert or Scheduled Search.
  For more information, see Monitoring Alert Execution through the humio-activity Repository.
- When installing a package, all actions referenced by Alerts and Scheduled searches in the package must be contained in the packages. Previously, missing actions were just ignored.
- It is now possible to create Packages containing Filter Alerts, as well as importing such packages, using the API.
GraphQL API
- The following GraphQL mutations have been changed so that the actions field can either contain IDs or names of actions:
  - createAlert
  - updateAlert
  - createScheduledSearch
  - updateScheduledSearch
Configuration
- GCS bucketing and query streaming now use the same proxy configuration as overall system proxy and S3 proxy. Example: HTTP_PROXY_HOST, HTTP_PROXY_PORT, HTTP_PROXY_USERNAME, HTTP_PROXY_PASSWORD
Dashboards and Widgets
- The text color styling option of the Note Widget is now included when importing a dashboard template or exporting it to a yaml file.
- Increased to 10,000 the maximum amount of entries suggested in the dropdown of a parameter field of type File Parameter.
Log Collector
- You can now toggle columns on the instance table, hereby specifying which information should be shown.
- In Fleet Management, it is now possible to discard the draft of a configuration and rollback to the published version.
  For more information, see Editing a Remote Configuration.
Functions
- The rename() function has been enhanced: it is now possible to rename multiple fields using an array in its field argument. This is backwards compatible with giving separate field and as arguments.
- The new query function wildcard() is introduced. This function makes it easy to search for case-insensitive patterns on dashboards, or in ad-hoc queries.
- The new query function crypto:md5() is introduced. This function computes the MD5 hash of a given array of fields.
- Support for decimal values as exponent and divisor is now added in math:pow() and math:mod() functions respectively.
- The memory consumption of the formatTime() function has been decreased.
Other
- The ability to remove fields during when parsing data has been enabled for all users.
  For more information, see Removing Fields.
- Audit logs for Ingest Tokens now include the ingest token name.

Bug Fixes

UI Changes
- The URL would not be updated when selecting a time interval in the distribution chart on the Search page. This issue is now fixed.
Automation and Alerts
- If polling queries were slow, then Scheduled Searches could fire twice. This issue is now fixed.
- Filter Alerts installed from a package would show up under General and not under the Package name. This issue has been fixed.
- Falcon LogScale repository actions have now been fixed for cases where they would ingest data into a repository even though ingest was blocked.
- With Scheduled Searches installed from a package, if you edited the scheduled search and then updated the package, then you would get two copies of the scheduled search. This issue is now fixed.
- Changes to uploaded files due to a package update would be kept even though the package update failed and other changes were rolled back. This wrong behavior has been fixed.
Dashboards and Widgets
- Queries on a dashboard have been fixed as they would be invalid if the dashboard filter contained a single-line comment.
- Widgets description tips on dashboards have been fixed as they would not show or have the same text for multiple widgets.
- If you chose a page size larger than the number of rows, the page number and page size buttons would disappear. The Table widget now always shows the pagination buttons on the Search page where auto page size is turned off. On the dashboard, where auto page size is turned on, the existing behaviour remains.
Log Collector
- Fleet Overview in Fleet Management hangs and doesn't display any data. This behavior has been fixed.
Functions
- Fixed a bug where join() queries could result in a memory leak from their sub queries not being properly cleaned up.
- The hash() query function would sometimes compute incorrect hashes when the field was formatted in UTF8. This is now fixed.
- Fixed an issue that could result in cluster performance degradation using join() under certain circumstances.
- Field names in the query used to export results to CSV had not been quoted correctly: they have now been fixed.
- The format() function has been fixed as the US date format modifier resulted in the EU date format instead.
Other
- The following repository issues have been fixed:
  - After multiple attemps in quick succession to create a repository with the same name, repositories would become inaccessible.
  - Some repositories could only be created partially and would be left as partially initialized in LogScale Internal Architecture used by LogScale.

Falcon LogScale 1.106.1 Preview (2023-09-18)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.106.1

Preview

2023-09-18

Cloud

On-Prem

2024-09-30

No

1.70.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

Installation and Deployment
- The following adjustments have been made to the launcher script:
  - Removed UnlockDiagnosticVMOptions
  - Raised default heap size to 75% of host memory, up from 50%
  - Move -XX:CompileCommand settings into the mandatory launch options, to prevent accidentally removing them when customizing HUMIO_JVM_PERFORMANCE_OPTS
  - Set -XX:MaxDirectMemorySize to 1/5GB per CPU core as a default.
  - Print a warning if the sum of the heap size and the direct memory setting exceeds the total available memory.
Configuration
- GCS bucketing and query streaming now use the same proxy configuration as overall system proxy and S3 proxy. Example: HTTP_PROXY_HOST, HTTP_PROXY_PORT, HTTP_PROXY_USERNAME, HTTP_PROXY_PASSWORD

Bug Fixes

Functions
- Fixed a bug where join() queries could result in a memory leak from their sub queries not being properly cleaned up.

Falcon LogScale 1.106.0 Preview (2023-09-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.106.0

Preview

2023-09-05

Cloud

On-Prem

2024-09-30

No

1.70.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.
Automation and Alerts
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.

Improvements, new features and functionality

Automation and Alerts
- When installing or updating a package with an Alert or Scheduled search referencing an action that is not part of the package, the error is now shown in the UI. Previously, a generic error was shown.
Dashboards and Widgets
- The text color styling option of the Note Widget is now included when importing a dashboard template or exporting it to a yaml file.
- Increased to 10,000 the maximum amount of entries suggested in the dropdown of a parameter field of type File Parameter.
Log Collector
- You can now toggle columns on the instance table, hereby specifying which information should be shown.
Functions
- The rename() function has been enhanced: it is now possible to rename multiple fields using an array in its field argument. This is backwards compatible with giving separate field and as arguments.

Bug Fixes

Dashboards and Widgets
- Queries on a dashboard have been fixed as they would be invalid if the dashboard filter contained a single-line comment.
- Widgets description tips on dashboards have been fixed as they would not show or have the same text for multiple widgets.

Falcon LogScale 1.105.0 Preview (2023-08-29)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.105.0

Preview

2023-08-29

Cloud

On-Prem

2024-09-30

No

1.70.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Bug Fixes

Other
- Keyboard navigation did not work in the jump panel.

Falcon LogScale 1.104.0 Preview (2023-08-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.104.0

Preview

2023-08-22

Cloud

On-Prem

2024-09-30

No

1.70.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Improvements, new features and functionality

Log Collector
- In Fleet Management, it is now possible to discard the draft of a configuration and rollback to the published version.
  For more information, see Editing a Remote Configuration.
Functions
- The new query function crypto:md5() is introduced. This function computes the MD5 hash of a given array of fields.
- Support for decimal values as exponent and divisor is now added in math:pow() and math:mod() functions respectively.

Bug Fixes

Automation and Alerts
- If polling queries were slow, then Scheduled Searches could fire twice. This issue is now fixed.
Dashboards and Widgets
- If you chose a page size larger than the number of rows, the page number and page size buttons would disappear. The Table widget now always shows the pagination buttons on the Search page where auto page size is turned off. On the dashboard, where auto page size is turned on, the existing behaviour remains.
Functions
- Field names in the query used to export results to CSV had not been quoted correctly: they have now been fixed.

Falcon LogScale 1.103.0 Preview (2023-08-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.103.0

Preview

2023-08-15

Cloud

On-Prem

2024-09-30

No

1.70.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Improvements, new features and functionality

Automation and Alerts
- It is now possible to import and export Filter Alerts in Packages from the UI.
- When installing a package, all actions referenced by Alerts and Scheduled searches in the package must be contained in the packages. Previously, missing actions were just ignored.
Other
- The ability to remove fields during when parsing data has been enabled for all users.
  For more information, see Removing Fields.

Bug Fixes

Automation and Alerts
- Filter Alerts installed from a package would show up under General and not under the Package name. This issue has been fixed.
- Changes to uploaded files due to a package update would be kept even though the package update failed and other changes were rolled back. This wrong behavior has been fixed.
Log Collector
- Fleet Overview in Fleet Management hangs and doesn't display any data. This behavior has been fixed.
Functions
- The hash() query function would sometimes compute incorrect hashes when the field was formatted in UTF8. This is now fixed.

Falcon LogScale 1.102.0 Preview (2023-08-08)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.102.0

Preview

2023-08-08

Cloud

On-Prem

2024-09-30

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Improvements, new features and functionality

UI Changes
- The Show in context dialog now closes when the Search button in the dialog is clicked.
- The fields and values in the Fields Panel and in the Event List are now sorted case-insensitively.
Automation and Alerts
- When creating or updating Filter Alerts using the GraphQL API, it is now possible to refer to actions in Packages using a qualified name of \"packagescope/packagename:actionname\". Actions in packages will no longer be found if using an unqualified name.
- The UI flow for Alerts has been updated — when you click on New alert you are directly presented with the New alertform.
- Importing an alert from template or package is done from the new Import from button now located on top of the New alert form.
- Added a status field to some of the logs for Standard Alerts and Filter Alerts as well as Scheduled Searches. The field shows whether the current run of the job resulted in a Success or Failure for the Alert or Scheduled Search.
  For more information, see Monitoring Alert Execution through the humio-activity Repository.
- It is now possible to create Packages containing Filter Alerts, as well as importing such packages, using the API.
GraphQL API
- The following GraphQL mutations have been changed so that the actions field can either contain IDs or names of actions:
  - createAlert
  - updateAlert
  - createScheduledSearch
  - updateScheduledSearch
Functions
- The new query function wildcard() is introduced. This function makes it easy to search for case-insensitive patterns on dashboards, or in ad-hoc queries.
Other
- Audit logs for Ingest Tokens now include the ingest token name.

Bug Fixes

UI Changes
- The URL would not be updated when selecting a time interval in the distribution chart on the Search page. This issue is now fixed.
Automation and Alerts
- With Scheduled Searches installed from a package, if you edited the scheduled search and then updated the package, then you would get two copies of the scheduled search. This issue is now fixed.
Functions
- Fixed an issue that could result in cluster performance degradation using join() under certain circumstances.

Falcon LogScale 1.101.1 Preview (2023-10-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.101.1

Preview

2023-10-28

Cloud

On-Prem

2024-09-30

No

1.44.0

11

No

Bug fixes and updates.

Bug Fixes

UI Changes
- Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.

Falcon LogScale 1.101.0 Preview (2023-08-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.101.0

Preview

2023-08-01

Cloud

On-Prem

2024-09-30

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Improvements, new features and functionality

Functions
- The memory consumption of the formatTime() function has been decreased.

Bug Fixes

Automation and Alerts
- Falcon LogScale repository actions have now been fixed for cases where they would ingest data into a repository even though ingest was blocked.
Functions
- The format() function has been fixed as the US date format modifier resulted in the EU date format instead.
Other
- The following repository issues have been fixed:
  - After multiple attemps in quick succession to create a repository with the same name, repositories would become inaccessible.
  - Some repositories could only be created partially and would be left as partially initialized in LogScale Internal Architecture used by LogScale.

Falcon LogScale 1.100.3 Stable (2024-01-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.100.3

Stable

2024-01-22

Cloud

On-Prem

2024-08-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	42f1f33754b9295212786d4171c62aab
SHA1	b014f6731601d95c9a59257887303f133419ef52
SHA256	c4838d355912d76be123e4694ad6483d7073469634c38a295e0f59d9bb54dc98
SHA512	7ecf7e438f387256d27c8bbae3ef1e1378c1e9d05b52993e9dd964c922c5732ee93d13d0f4480844781229d6cc5caab97e6ff1576cc04163bd71fd804195a106

Docker Image	SHA256 Checksum
humio	a78c9ac49b3f3136a914a95410dc200facb05e0c72549dbba939c6d053c3e75b
humio-core	d2776980b1618355cfc378925b77bcee61362f7fd176652199b3cc0306268662
kafka	85ae3de0fc78bc8a450fd15e4f385f11c5145ca9af9933801aaa4f0cfcc715cc
zookeeper	351829776e29d0560952b2165e9263738d336bb409293354921af2da995be480

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.100.3/server-1.100.3.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

GraphQL API
- Added limits for GraphQL queries on the total number of selected fields and fragments. Defaults are 1000 for authenticated and 150 for unauthenticated users.
  Cluster administrators can adjust these limits with the GraphQLSelectionSizeLimit and UnauthenticatedGraphQLSelectionSizeLimit dynamic configurations.

Falcon LogScale 1.100.2 Stable (2023-11-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.100.2

Stable

2023-11-15

Cloud

On-Prem

2024-08-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	c99f3f0c7a456d11a34a7fc2ab95e20e
SHA1	e8a3d07f1caff582bc735bd3e41d9dde46a383ec
SHA256	84327f98133e658e21a9a96086bd1278fd2b3b283bf11cb272a942b1f5808642
SHA512	c3b84cc9262dae85a43f739f4234d0079099cdbf5601275f3e7f58dc7473a510d2325b32d48f7c3a2391412333e66b173522a7817c3864ecda7f137f323e0d7f

Docker Image	SHA256 Checksum
humio	11c959196ced9534737388aac9b75bb19790d19187f766c71590390e33562482
humio-core	f040d8eb6bd18c2a261900a0c4a2539aad5d8724c32c3f29c612326d9ce48c40
kafka	482857019187364223678e5ca21f16f3b34587f62ddf941866e136f633a69ea1
zookeeper	cbf4679f4097c0b05242bb228897b9bdf44c41b44bbd5beccf4ed22165c95352

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.100.2/server-1.100.2.tar.gz

Bug fixes and updates.

Upgrades
Changes that may occur or be required during an upgrade.
Security
xmlsec has been upgraded to 2.3.4 to address CVE-2023-44483 issue.

Bug Fixes

Other
- Fixing a race that can leave a query in a state where it will cause an excessive amount of 404 HTTP requests. This adds unnecessary noise and a bit of extra load to the system.

Falcon LogScale 1.100.1 Stable (2023-10-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.100.1

Stable

2023-10-28

Cloud

On-Prem

2024-08-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	b6c4ba4a2ad739834e88487addd0337d
SHA1	f7af84bba1bdf85ebec2a88afbccfe21086d848b
SHA256	e54266bbfc953464f65d071363ee33407910c9b0c4fccf9dffdb30b1252bebe8
SHA512	6b6d54cc24e40e5fb079d0b708f81b21d9765cb1c24e90bc0830599d3421d1c3ed329193865ab6a8326e31e4cfcea442b1d328d95b7fabd951dd19aaf0ace684

Docker Image	SHA256 Checksum
humio	c912f26dff073f1b79c4f1cb54a590f8608d41f23af653c85f46b917f5752561
humio-core	9c28429f6ed743e54ad849e4211291c91725ab73fb72c03fc65f7f14f54ee21b
kafka	b6950dddb92ab5df6b63e77d6df96a06ebc1d0675e0889c1f35f745d9904188d
zookeeper	ac7de0749fac8ac57a0098c5dd7c1c0a2169950233be015c2264bd24ab830015

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.100.1/server-1.100.1.tar.gz

Bug fixes and updates.

Bug Fixes

UI Changes
- Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.

Falcon LogScale 1.100.0 Stable (2023-08-16)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.100.0

Stable

2023-08-16

Cloud

On-Prem

2024-08-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	21d63c1c73f770ef58d5adc06ea1841d
SHA1	fafb23178c2ed5dc84dab13265f7dc89b8940de2
SHA256	d51e51ae8e8301044be0bd3c617bde63a6f83b787ded74b61e8e5ded573cad15
SHA512	f0f0b76ceef499ccfe0f1090b0fcaba3fcb16b1cdd61d6d1420d1f3ae84267c251778fc6bd4a1b982fc31c2e5d05af69f784d60daa876101190b3ecb21b53388

Docker Image	SHA256 Checksum
humio	fae9d70da0bfe10cb6502029cf0eeb23787f1af56fb773ad894b285052b9f9af
humio-core	4ddd216beb45f6bd70f59b0137fb8a36f5b32dfecfebb427059b97b118521d16
kafka	11eb764c06ea5015fc803453c43ea38c034ed66c807aa46ef273d2bf406c7986
zookeeper	1f6d7261f2e2970dd4c67812d5103d3c5dbc228b27f45e18cecf4ab74335969a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.100.0/server-1.100.0.tar.gz

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Removed
Items that have been removed as of this release.
GraphQL API
The deprecated RegistryPackage datatype has been deleted, along with the deprecated mutations and fields using it:
installPackageFromRegistry mutation
updatePackageFromRegistry mutation
package in the Searchdomain datatype

Upgrades
Changes that may occur or be required during an upgrade.
Installation and Deployment
Permit running LogScale on Java 20. Docker containers have been upgraded to be based on Java 20.
Other
The Kafka client has been upgraded to 3.4.1. The Kafka broker has been upgraded to 3.4.1 in the Kafka container.

Improvements, new features and functionality

Security
- All view permission tokens created from now on will not be able to run queries based on the user who created it (legacy behavior due to user requirement for queries). They will however be able to run queries on behalf of the organization given the right permissions.
  Existing view permission tokens and the resources (scheduled searches, alerts, etc.) are unaffected by this change. For any view permission tokens created after this change, the scheduled searches, alerts, etc. created using these tokens, will run based on the organization instead of the user who created the token.
  This addresses the issue where, for example, alerts created using a view permission token would fail to run if the user who created the token was removed from the organization or if the permissions needed to run the alert was removed from the user. With the new behaviour the alert will continue working even though the user is removed or looses the required permissions to run the alert.
- In the unlikely event where an external actor hits the audit log without an IP set, we will now log null instead of defaulting to the local IP.
- Migration from the legacy Organization Shared Dashboard IP filter to the Dashboard Security Policies for sharing dashboards will be done by Creating an IP Filter corresponding to the old filter. If the migration can be performed, this IP Filter will be set on all shared dashboards and set as the Shared Dashboard IP filter Security Policy for the organization. If migration cannot be done, a notification will be displayed to the organization owner explaining how to complete the migration manually. Migration cannot be done when there is a shared Dashboard that has an IP filter other than the legacy Organization Shared Dashboard IP filter.
- Introducing organization query ownership, permission tokens and organization level security policies features.
  For more information, see Organization Owned Queries, Repository & View Permissions, Security Policies.
UI Changes
- Organization and system level permissions can now be handled through the UI.
- When duplicating an alert, you are now redirected straight to the New alert page.
  For more information, see Reusing an Alert.
- Filter alerts now have an updated In preview label which no longer behaves like a button but shows a message when hovering over.
Automation and Alerts
- More attributes have been added to Filter alerts:
  - Filter alerts will now be able to catch up with up to 24 hours of delay (ingest delays + delays in actions).
  - Filter alerts will now trigger on events that are unavailable for up to 10 minutes due to query warnings.
  For more information, see Filter Alerts.
- A new Enable/Disable option has been added for Alerts and Scheduled Searches.
  For more information, see Managing Alerts.
- Improvements have been made in the UI:
  - When Creating an Alert from a Query, the alert type — Standard or Filter — is auto-selected based on query detection.
  - Added a trigger limit field in the Filter Alerts form.
  - Actions are now selected in Alerts and Scheduled Searches forms using a ComboBox component.
  - Changed the behaviour of the + button for Actions selection in the Alerts and Scheduled Searches forms; it will now take you to the form where you create a new action instead of adding an action to that entity.
GraphQL API
- For the updateMaxAutoShardCount and blockIngest GraphQL mutations, it is no longer required to be root, instead the caller must have the ManageCluster permission.
- The userId input field on the updateDashboardToken mutation is now optional and deprecated in favor of the queryOwnershipType field. If userId is set to anything else than the calling user ID, an exception will be thrown.
- A GraphQL API has been added to read the current tag groupings on a repository.
  For more information, see repository().
- QueryOnlyAccessTokens GraphQL query field previously used for a prototype has now been removed.
Configuration
- The following configuration parameters have been added:
  - FILTER_ALERTS_MAX_CATCH_UP_LIMIT to set how long back filter alerts will be able to catch up with delays.
  - FILTER_ALERTS_MAX_WAIT_FOR_MISSING_DATA to set for how long filter alerts will wait for query warnings about missing data to disappear.
- The following configuration parameters for storage concurrency are now deprecated:
  - S3_STORAGE_UPLOAD_CONCURRENCY
  - S3_STORAGE_DOWNLOAD_CONCURRENCY
  - GCP_STORAGE_UPLOAD_CONCURRENCY
  - GCP_STORAGE_DOWNLOAD_CONCURRENCY
  They are replaced by new variables:
  - S3_STORAGE_CONCURRENCY
  - GCP_STORAGE_CONCURRENCY
  If unassigned, the new variables will populate with the largest value from the deprecated variables, until these are removed.
- The new configuration parameters FILTER_ALERT_MAX_EMAIL_TRIGGER_LIMIT and FILTER_ALERT_MAX_NON_EMAIL_TRIGGER_LIMIT now allow setting the trigger limit for filter alerts; the allowed value depends on whether the alert has email actions attached or not.
- Introduced the new Dynamic Configuration option QueryPartitionAutoBalance which turns on/off automatic balancing of query partitions across nodes.
  For more information, see Dynamic Configuration.
Dashboards and Widgets
- When clicking Edit in search view on a dashboard widget, the query will now use the live setting of the dashboard. Also, parameter values are carried over.
  For more information, see Managing Widgets.
Log Collector
- A new fleet metric has been added to the Fleet overview page.
  For more information, see LogScale Collector Managing your Fleet.
- Quick filters have been added on Fleet Overview (Status and Config) and on Config overview (Status) pages.
  For more information, see LogScale Collector Managing your Fleet.
- A menu item has been added to Fleet Overview page, which now allows to unenroll a collector from Fleet Management.
  For more information, see Managing LogScale Collector Instance Enrollment.
Functions
- Parameter ignoreCase has been added to the in() function, to allow for case-insensitive searching. Default is to case sensitively search for the provided values.
- Changed the approximation algorithm used for counting distinct values in count(myField, distinct=true) and fieldstats(). Any query using one of the aforementioned functions may report a different number, which in most cases will be more accurate than previous estimates.
Other
- License keys using the format applied before 2021 are no longer supported. Obsolete license formats start with the string eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9. If your license key is obsolete, before you upgrade LogScale contact Support to request an equivalent license key that has the new format. All versions of LogScale since 2020 support the new license key format.
  For more information, see License Installation.
- For auto sharding operations (GET, UPDATE, DELETE) in Cluster Management API it is no longer required to be root, instead the caller must have the ManageCluster permission.
- Tag groupings page is now available under the repository Settings tab to see the tag groupings which are currently in use on a repository.

Bug Fixes

Security
- Hidden validation issues that would prevent from saving changes to Security Policies configuration have now been fixed.
UI Changes
- Fixed an issue where query parameters would be extracted from comments in the query.
- Fixed an error that was thrown when attempting to export fields to CSV containing spaces.
- Fixed the default query prefixes which would override exceptions to default role bindings if no query prefix is set in the exceptions. The default query prefix set in the default role will now only impact views that are not defined as an exception to the default rule.
Automation and Alerts
- Filter alerts with a query ending with a comment would not run. This issue has now been fixed.
GraphQL API
- The GraphQL query used by the front page could not return all views and repositories a user had access to, because of an issue with the default roles on groups. This issue has now been fixed.
Configuration
- Wrong behaviour in the StaticQueryFractionOfCores dynamic configuration. The intent of this configuration is to limit queries from one organization (user on single-organization clusters) to run on a certain percentage of mapper threads at most, effectively throttling queries to prevent one organization from consuming all capacity. Throttled queries from one organization could still block queries from other organizations and prevent them from running, leaving mapper threads idle: this behaviour has now been fixed.
Dashboards and Widgets
- When Using Saved Queries in Interactions, the interaction would not be kept if the saved query was created from template with the + Create from package button. This issue is now fixed.
- Description tips that were partly hidden in Table widgets are now correctly visualized in dashboards.
- Fixed the parameter form which could not be opened when asterisks were used as quoted identifiers in the query.
- On charts, the legend tooltip was sometimes hidden towards the bottom of the chart. It has now been fixed to stay within the chart boundaries.
- The rendering of JSON in the Event List widget is now faster and consumes less memory.
- In Dashboard Link Interactions, the targeted dashboard could not display correctly if the dashboard was renamed. The issue has been fixed by using the dashboard ID instead of the name as reference.
- When using the sort() function with the Bar Chart widget, it would only stay sorted for a while. The issue has been fixed and it now remains sorted in the same order as the underlying data.
Functions
- Fixed an issue where syntax coloring and code completion would stop working in certain cases (using multiple saved queries, or aggregate function in case).
- Fixed bucket() and timeChart() functions as they could lead to partially missing results when used in combination with window().
Other
- A 500 status code was issued when ingesting to /api/v1/ingest/json with no assigned parser. It now ingests the rawstring.
- BucketStorageUploadLatencyJob could incorrectly report that LogScale was falling behind on bucket uploads. This issue has been fixed.
Packages
- Upgrading a Package could result in a conflict for unchanged items when those items had fields beginning or ending with spaces. This issue has now been fixed.

Falcon LogScale 1.99.0 Preview (2023-07-18)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.99.0

Preview

2023-07-18

Cloud

On-Prem

2024-08-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Improvements, new features and functionality

Log Collector
- A menu item has been added to Fleet Overview page, which now allows to unenroll a collector from Fleet Management.
  For more information, see Managing LogScale Collector Instance Enrollment.
Functions
- Parameter ignoreCase has been added to the in() function, to allow for case-insensitive searching. Default is to case sensitively search for the provided values.

Bug Fixes

GraphQL API
- The GraphQL query used by the front page could not return all views and repositories a user had access to, because of an issue with the default roles on groups. This issue has now been fixed.
Configuration
- Wrong behaviour in the StaticQueryFractionOfCores dynamic configuration. The intent of this configuration is to limit queries from one organization (user on single-organization clusters) to run on a certain percentage of mapper threads at most, effectively throttling queries to prevent one organization from consuming all capacity. Throttled queries from one organization could still block queries from other organizations and prevent them from running, leaving mapper threads idle: this behaviour has now been fixed.
Packages
- Upgrading a Package could result in a conflict for unchanged items when those items had fields beginning or ending with spaces. This issue has now been fixed.

Falcon LogScale 1.98.0 Preview (2023-07-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.98.0

Preview

2023-07-11

Cloud

On-Prem

2024-08-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Improvements, new features and functionality

Automation and Alerts
- Improvements have been made in the UI:
  - When Creating an Alert from a Query, the alert type — Standard or Filter — is auto-selected based on query detection.
  - Added a trigger limit field in the Filter Alerts form.
  - Actions are now selected in Alerts and Scheduled Searches forms using a ComboBox component.
  - Changed the behaviour of the + button for Actions selection in the Alerts and Scheduled Searches forms; it will now take you to the form where you create a new action instead of adding an action to that entity.
GraphQL API
- QueryOnlyAccessTokens GraphQL query field previously used for a prototype has now been removed.
Configuration
- The new configuration parameters FILTER_ALERT_MAX_EMAIL_TRIGGER_LIMIT and FILTER_ALERT_MAX_NON_EMAIL_TRIGGER_LIMIT now allow setting the trigger limit for filter alerts; the allowed value depends on whether the alert has email actions attached or not.

Falcon LogScale 1.97.0 Preview (2023-07-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.97.0

Preview

2023-07-04

Cloud

On-Prem

2024-08-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Improvements, new features and functionality

Security
- All view permission tokens created from now on will not be able to run queries based on the user who created it (legacy behavior due to user requirement for queries). They will however be able to run queries on behalf of the organization given the right permissions.
  Existing view permission tokens and the resources (scheduled searches, alerts, etc.) are unaffected by this change. For any view permission tokens created after this change, the scheduled searches, alerts, etc. created using these tokens, will run based on the organization instead of the user who created the token.
  This addresses the issue where, for example, alerts created using a view permission token would fail to run if the user who created the token was removed from the organization or if the permissions needed to run the alert was removed from the user. With the new behaviour the alert will continue working even though the user is removed or looses the required permissions to run the alert.
- Migration from the legacy Organization Shared Dashboard IP filter to the Dashboard Security Policies for sharing dashboards will be done by Creating an IP Filter corresponding to the old filter. If the migration can be performed, this IP Filter will be set on all shared dashboards and set as the Shared Dashboard IP filter Security Policy for the organization. If migration cannot be done, a notification will be displayed to the organization owner explaining how to complete the migration manually. Migration cannot be done when there is a shared Dashboard that has an IP filter other than the legacy Organization Shared Dashboard IP filter.
- Introducing organization query ownership, permission tokens and organization level security policies features.
  For more information, see Organization Owned Queries, Repository & View Permissions, Security Policies.
UI Changes
- Organization and system level permissions can now be handled through the UI.
Automation and Alerts
- More attributes have been added to Filter alerts:
  - Filter alerts will now be able to catch up with up to 24 hours of delay (ingest delays + delays in actions).
  - Filter alerts will now trigger on events that are unavailable for up to 10 minutes due to query warnings.
  For more information, see Filter Alerts.
- A new Enable/Disable option has been added for Alerts and Scheduled Searches.
  For more information, see Managing Alerts.
GraphQL API
- A GraphQL API has been added to read the current tag groupings on a repository.
  For more information, see repository().
Configuration
- The following configuration parameters have been added:
  - FILTER_ALERTS_MAX_CATCH_UP_LIMIT to set how long back filter alerts will be able to catch up with delays.
  - FILTER_ALERTS_MAX_WAIT_FOR_MISSING_DATA to set for how long filter alerts will wait for query warnings about missing data to disappear.
- The following configuration parameters for storage concurrency are now deprecated:
  - S3_STORAGE_UPLOAD_CONCURRENCY
  - S3_STORAGE_DOWNLOAD_CONCURRENCY
  - GCP_STORAGE_UPLOAD_CONCURRENCY
  - GCP_STORAGE_DOWNLOAD_CONCURRENCY
  They are replaced by new variables:
  - S3_STORAGE_CONCURRENCY
  - GCP_STORAGE_CONCURRENCY
  If unassigned, the new variables will populate with the largest value from the deprecated variables, until these are removed.
Dashboards and Widgets
- When clicking Edit in search view on a dashboard widget, the query will now use the live setting of the dashboard. Also, parameter values are carried over.
  For more information, see Managing Widgets.
Log Collector
- Quick filters have been added on Fleet Overview (Status and Config) and on Config overview (Status) pages.
  For more information, see LogScale Collector Managing your Fleet.
Other
- Tag groupings page is now available under the repository Settings tab to see the tag groupings which are currently in use on a repository.

Bug Fixes

Automation and Alerts
- Filter alerts with a query ending with a comment would not run. This issue has now been fixed.
Dashboards and Widgets
- The rendering of JSON in the Event List widget is now faster and consumes less memory.
- When using the sort() function with the Bar Chart widget, it would only stay sorted for a while. The issue has been fixed and it now remains sorted in the same order as the underlying data.
Other
- A 500 status code was issued when ingesting to /api/v1/ingest/json with no assigned parser. It now ingests the rawstring.

Falcon LogScale 1.96.0 Preview (2023-06-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.96.0

Preview

2023-06-27

Cloud

On-Prem

2024-08-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Upgrades
Changes that may occur or be required during an upgrade.
Other
The Kafka client has been upgraded to 3.4.1. The Kafka broker has been upgraded to 3.4.1 in the Kafka container.

Improvements, new features and functionality

UI Changes
- When duplicating an alert, you are now redirected straight to the New alert page.
  For more information, see Reusing an Alert.
- Filter alerts now have an updated In preview label which no longer behaves like a button but shows a message when hovering over.
GraphQL API
- For the updateMaxAutoShardCount and blockIngest GraphQL mutations, it is no longer required to be root, instead the caller must have the ManageCluster permission.
- The userId input field on the updateDashboardToken mutation is now optional and deprecated in favor of the queryOwnershipType field. If userId is set to anything else than the calling user ID, an exception will be thrown.
Other
- For auto sharding operations (GET, UPDATE, DELETE) in Cluster Management API it is no longer required to be root, instead the caller must have the ManageCluster permission.

Bug Fixes

Dashboards and Widgets
- When Using Saved Queries in Interactions, the interaction would not be kept if the saved query was created from template with the + Create from package button. This issue is now fixed.
- Description tips that were partly hidden in Table widgets are now correctly visualized in dashboards.
- In Dashboard Link Interactions, the targeted dashboard could not display correctly if the dashboard was renamed. The issue has been fixed by using the dashboard ID instead of the name as reference.
Functions
- Fixed an issue where syntax coloring and code completion would stop working in certain cases (using multiple saved queries, or aggregate function in case).

Falcon LogScale 1.95.0 Preview (2023-06-20)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.95.0

Preview

2023-06-20

Cloud

On-Prem

2024-08-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Removed
Items that have been removed as of this release.
GraphQL API
The deprecated RegistryPackage datatype has been deleted, along with the deprecated mutations and fields using it:
installPackageFromRegistry mutation
updatePackageFromRegistry mutation
package in the Searchdomain datatype

Upgrades
Changes that may occur or be required during an upgrade.
Installation and Deployment
Permit running LogScale on Java 20. Docker containers have been upgraded to be based on Java 20.

Bug Fixes

UI Changes
- Fixed an issue where query parameters would be extracted from comments in the query.
- Fixed an error that was thrown when attempting to export fields to CSV containing spaces.
- Fixed the default query prefixes which would override exceptions to default role bindings if no query prefix is set in the exceptions. The default query prefix set in the default role will now only impact views that are not defined as an exception to the default rule.
Dashboards and Widgets
- Fixed the parameter form which could not be opened when asterisks were used as quoted identifiers in the query.
- On charts, the legend tooltip was sometimes hidden towards the bottom of the chart. It has now been fixed to stay within the chart boundaries.
Other
- BucketStorageUploadLatencyJob could incorrectly report that LogScale was falling behind on bucket uploads. This issue has been fixed.

Falcon LogScale 1.94.2 Stable (2023-11-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.94.2

Stable

2023-11-15

Cloud

On-Prem

2024-07-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	badc10344b739942bd0f02ca2fd26033
SHA1	5e47a9376b87d16d0fdd7120132cc3ecb9ba0a16
SHA256	c47ac4e150334899a5fad7ef9aeb3cae759ad6e619781d5ee627fa05fb091dfa
SHA512	ebb165a31f919d57b20b802569f816a544a5fcfbfae4f5cb15d616a00316dbe353ed296ad388136739a6200fc5ae209f88a6dc7f913a72f6ac35a3cdd4029936

Docker Image	SHA256 Checksum
humio	cb5a118e0001da009a6234068e58c1aa3b873965ef2eac13ea0f28f0d388b49c
humio-core	3ec3fbe5a57b17f359240891783deb1b5f24b1576eabd6fdc1a874cb4499d78d
kafka	7329a337457b6e498a70be4bc3f7c6e516c8b77f17075209120d1be2c862db5c
zookeeper	ddcd922ea39fa5b593d8501956883fb23ede29786f2241d1247493081c05bfe8

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.94.2/server-1.94.2.tar.gz

Bug fixes and updates.

Upgrades
Changes that may occur or be required during an upgrade.
Security
xmlsec has been upgraded to 2.3.4 to address CVE-2023-44483 issue.

Falcon LogScale 1.94.1 Stable (2023-10-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.94.1

Stable

2023-10-28

Cloud

On-Prem

2024-07-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	eb464db335e468ebc1e4d5ce2c4c9bbb
SHA1	50539def54f28defd1e7609dcf3a914dfc5af021
SHA256	815ece20b80e4bd40f98891377cc5c5a798fb6d1459584eae33ac1f3dad88adc
SHA512	f3bbc09f1d861b0cee819f669ea9341b52d3d0a56250307804a50f8338b36f89270806708a623404d97a36f726ad2677036b52ca137bef2f3f1f31902a4b8e88

Docker Image	SHA256 Checksum
humio	14f52128e6db97854786d535a67c95a07bba628961e565d55382a9a4ba85a8e7
humio-core	14f52128e6db97854786d535a67c95a07bba628961e565d55382a9a4ba85a8e7
kafka	d219b84fe3feb2a3f10da27c33a4471584f50296306f9e740d6469e4d38a04c6
zookeeper	a3e76d48d8029aa0579928ee260e5a8aa92ac7efbea4daa8d67339929506ce91

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.94.1/server-1.94.1.tar.gz

Bug fixes and updates.

Bug Fixes

UI Changes
- Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.

Falcon LogScale 1.94.0 Stable (2023-07-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.94.0

Stable

2023-07-05

Cloud

On-Prem

2024-07-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	a100dcfdab967319d89d19bef26db9af
SHA1	6a811035c3b79b48cdc30d81d1acbe94dd31e118
SHA256	ee5d7491b7dbf0622d95b4382e9061699f7d10644f607309cf3f3c06976539f4
SHA512	62b92b63446626fbbf063f1b249efbd38dc87da939b1a17f5c47884e02e8825ff4f6f03edf0c49117a005e3c9852377638a1dc6e71e5ba11f748800db293ea00

Docker Image	SHA256 Checksum
humio	a7f0df994aa81ffe6c417d2e1ca7a86a300a6ae1c9c17d3415cedbeb4315c686
humio-core	feb4b24681e28deb6f415d518624c665a92451cea5dad54b75fd81351ef3dadc
kafka	9c0d4fa13b873432c405f26a58df36f81893f30dc9a1f11e92cc033d2801e208
zookeeper	7fe8f047891922b3180c7d138f2ab28935f184e22b24e9bdbe436b0ab910de65

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.94.0/server-1.94.0.tar.gz

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Removed
Items that have been removed as of this release.
API
Degrade and deprecate some REST and GraphQL APIs due to the introduction of AutomaticSegmentDistribution and AutomaticDigesterDistribution. The deprecated elements will be removed in a future release, once the upgrade compatibility with version 1.88.0 is dropped. We expect this to be no earlier than September 2023.
The following REST endpoints are deprecated, as they no longer have an effect and return meaningless results:
api/v1/clusterconfig/segments/prune-replicas
api/v1/clusterconfig/segments/distribute-evenly
api/v1/clusterconfig/segments/distribute-evenly-reshuffle-all
api/v1/clusterconfig/segments/distribute-evenly-to-host
api/v1/clusterconfig/segments/distribute-evenly-from-host
api/v1/clusterconfig/segments/partitions
api/v1/clusterconfig/segments/partitions/setdefaults
api/v1/clusterconfig/segments/set-replication-defaults
api/v1/clusterconfig/partitions/setdefaults
api/v1/clusterconfig/ingestpartitions/distribute-evenly-from-host
api/v1/clusterconfig/ingestpartitions/setdefaults
api/v1/clusterconfig/ingestpartitions (POST only, GET will continue to work)
The following GraphQL mutations are deprecated, as they no longer have an effect and return meaningless results:
startDataRedistribution
updateStoragePartitionScheme
The IngestPartitionScheme mutation is not deprecated, but as it updates state that is overwritten by automation, we recommend against using it — it exists solely to serve as a debugging tool.
The following GraphQL fields on the cluster object are deprecated, and return meaningless values:
ingestPartitionsWarnings
suggestedIngestPartitions
storagePartitions
storagePartitionsWarnings
suggestedStoragePartitions
storageDivergence
reapply_targetSize
The following fields in the return value of the api/v1/clusterconfig/segments/segment-stats endpoint are deprecated and degraded to always be O:
reapply_targetBytes
reapply_targetSegments
reapply_inboundBytes
reapply_inboundSegments

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Storage
Be less aggressive updating the digest partitions when a node goes offline. When a node goes offline/online, creating a well balanced table can require changes to partitions other than those where the changed node appears. This can cause more digest reassignment that we'd like, so we're changing the behavior of the automation. We'll now only generate optimally balanced tables in reaction to nodes being registered or unregistered from the cluster, and in reaction to the digest replication factor changing. The rest of the time, we'll take the previously generated balanced table as a starting point, and do very minimal node replacements in it to ensure partitions are properly replicated to live nodes.
It is no longer allowed for nodes to delete bucketed minisegments involved in queries off local disks before the queries are done. This should help ensure queries do not "miss" querying these files if they are deleted while a query is running.
Metadata on segments in memory is now represented in a manner that requires less memory at runtime after booting. The heap required for global snapshot is in the range 3-6 times the size of the disk, for a cluster with many segments. This change reduces the memory requirements for long retention compared to previous versions. Note that for a short time during boot of a node the memory requirement is closer to 10-15 times the size of the snapshot on disk.
Configuration
Remove NEW_INGEST_ONLY_NODE_SEMANTICS since we no longer support opting out of the new ingestonly behavior. The behavior has been the default since 1.79.0.
For more information, see Falcon LogScale 1.79.0 Preview (2023-02-28), LogScale Operational Architecture.

Improvements, new features and functionality

UI Changes
- A new tutorial built on a dedicated demo data view is available for environments that do not have access to legacy tutorial based on a sandbox repository.
- The DeleteRepositoryOrView data permission is now visible in the UI on Cloud environments.
- The Time Selector now only allows zooming out to approximately 4,000 years.
- The ChangeRetention data permission is now enabled on Cloud environments.
- When reaching the default capped output in table() and sort() query functions, a warning now suggests you can set a new value using the limit parameter.
Documentation
- LogScale Kubernetes Reference Architecture new page has been added with LogScale reference architecture description when deploying LogScale using Kubernetes.
- Regular Expression Syntax new page has been added with extended details of supported regular expression syntax and differences between the LogScale support and other implementations such as Java and Perl.
Automation and Alerts
- The Alert and Scheduled Search jobs no longer produce logs about specific alerts or scheduled searches in the humio repository. The logs are still sent to the humio-activity repository, which in normal setup is also ingested into the humio repository. So before, the logs would normally be duplicated, now they are not. The only difference between the two types of logs, is that the logs from the humio-activity repository all have loglevel equal to INFO. You can use the severity field instead to distinguish between the severity of the logs.
- The possibility to mark alerts and scheduled searches as favorites has been removed.
- Improvements in the layout of Alerts and Scheduled Searches, which now have updated forms.
- The Actions overview now has quick filters for showing only actions of specific types.
- The Scheduled Searches overview now shows the status of scheduled searches with a colored dot to make it easy to spot failing scheduled searches.
- Improvements in the Alerts and Scheduled Searches permissions, which are now renamed to Run on behalf of, and have a more clarifying help text.
- The Alerts overview now has quick filters for showing only standard alerts or filter alerts. It also shows the status of alerts with a colored dot to make it easy to spot failing alerts.
GraphQL API
- The Usage page has been updated to support queries that are in progress for longer than the GraphQL timeout allows.
- The semantics of the field SolitarySegmentSize on the ClusterNode datatype has changed from counting bytes that only exist on that node and which have been underreplicated for a while, to counting bytes that only exist on that node.
- The GraphQL schema for UsageStats has been updated to reflect that queries can be in progress.
- Mutations enableAlert and disableAlert have been added for enabling and disabling an alert without changing other fields.
Configuration
- Setting the SHARED_DASHBOARDS_ENABLED environment variable to false now disables the option of creating links for sharing dashboards.
  For more information, see Disabling Access to Shared Dashboards.
- Added support for using Google Cloud storage access Workload Identity rather than an explicit service account for bucket storage and export to bucket of query results.
  For more information, see Google Cloud Bucket Storage with Workload Identity.
- The new MAX_EVENT_FIELD_COUNT_IN_PARSER is introduced to control the number of fields allowed within the parser, but not when storing the event.
Dashboards and Widgets
- New parsing of Template Expressions has been implemented in the UI for improved performance.
- When creating or editing interactions you can now visualize any unused parameter bindings, with the option to remove them.
  For more information, see Unused parameters bindings.
- Improved performance on the Search page, especially when events contain large JSON objects.
  A new limit of 49 series has been set when using the wide format data (one field per series) in the Scatter Chart Widget (the first field is always the x axis). No such limit applies to long format data (series defined by one groupby column).
- The empty list alias is now available as an input option for parameter bindings, so that Multi-value Parameters can be set explicitly to have the value of an empty list.
  For more information, see Empty list alias.
- Parameter labels are now used instead of parameter IDs when displaying the list of parameters that a widget / query is waiting on.
Log Collector
- Added a new test status for configurations, which allows you to try out a configuration on one or more instances before it's published.
  For more information, see Testing a Remote Configuration.
Functions
- Performance improvements when using regex() function or regex syntax.
- In parseTimestamp() function, special format specifiers like seconds are now recognized independently of capitalization to allow case-insensitive match.
Other
- Reduced the amount of memory used when multiple queries use the match() function with the same arguments. Before, if you ran many queries that used the same file, the contents of the file would be represented multiple times in memory, once for each query. This could put you at risk of exhausting the server's memory if the files were large. With this change the file contents will be shared between the queries and represented only once. This enables the server to run more queries and/or handle larger files.
  For more information, see Lookup Files Operations.
- When the Kafka broker set changes at runtime, track that set and use as bootstrap servers for Kafka whenever LogScale needs to create a new Kafka client at runtime. This allows replacing all Kafka brokers (incrementally, moving their work to new servers) without restarting LogScale. Note that the set is not persisted across restart of LogScale, so when restarting LogScale, make sure to provide an up to date set of bootstrap servers.
- The following cluster management features are now enabled:
  - AutomaticJobDistribution
  - AutomaticDigesterDistribution
  - AutomaticSegmentDistribution
  For more information, see Digest Rules.
- Parser timeouts have been changed to take thread time into account. This should make parsers more resilient to long Garbage Collector stalls.
  For more information, see Parser Timeout.

Bug Fixes

UI Changes
- Turned off the light bulb in the query editor as it was causing technical issues.
- Fixed an issue where the filter would remain applied in the saved or recent queries when switching tabs in the Queries menu.
- Fixed the order of the timezones in the timezone dropdown on the Search and Dashboards pages.
- An error for lacking permissions that appeared when updating the organization settings has been fixed. Now, if you have permissions to view the Organization Settings page, you can also update information on it.
Automation and Alerts
- The throttle field would be empty when editing an Alert; this issue has now been fixed.
- Fixed an issue where clicking the Inspect link in Alert notifications would land on a missing page.
- Fixed an issue that could cause some rarely occurring errors when running alerts to not show up on the alert.
Dashboards and Widgets
- Labels of FixedList Parameter parameters values have been fixed, so that they default to the value instead of rendering empty string.
- Fixed an issue where certain widget options would be ignored when importing a dashboard template or installing a package.
- The following issues have been fixed on dashboards:
  - A dashboard would sometimes be perceived as changed on the server even though it was not.
  - Discard unsaved changes would appear when creating and applying new parameters.
- Fixed the Manage interactions page where Event List Interactions were not scrollable.
- Fixed a wrong behaviour on the Interactions overview page when creating a new interaction: if the interaction panel was opened, the repository options would dropdown in it instead of in the Create new interaction dialog.
Functions
- The select() function has been fixed as it wasn't preserving tags.
- The format() has been fixed as the combination of the hexadecimal modifier combined with grouping would not always work.
- The rename() function would drop the field, if the field and as arguments were identical; this issue has now been fixed.
- The regex engine has been fixed for issues impacting nested repeats and giving false negatives, as in expressions such as (x{2}:){3}.
Other
- Fixed an issue that could cause segments to appear missing in queries, due to the presence of deleted minisegments with the same target as live minisegments.
- Some merged segments could temporarily be missing from query results right after an ephemeral node reboot. This issue has been fixed.
- The following Node-Level Metrics that showed incorrect results are now fixed: primary-disk-usage, secondary-disk-usage, cluster-time-skew, temp-disk-usage-bytes.
- An edge case has been fixed where query workers could fail to include minisegments if the minisegments were merged at a bad time, causing queries to be missing the data in those segments.

Public Preview

Automation and Alerts
- This release includes filter alerts in Public Preview. Filter alerts aim to replace existing alerts for use cases where the query does not contain any aggregates.
  Filter alerts:
  - Trigger on individual events and send notifications per event.
  - Guarantee at-least-once delivery of events to actions, within the limits described below.
  - Currently only support delays (ingest delays + delays in actions) of 1 hour and limit the number of notifications to 15 per minute per alert. Before going out of Public Preview, those limits will be raised.
  For more information, see Alerts.

Falcon LogScale 1.93.0 Preview (2023-06-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.93.0

Preview

2023-06-06

Cloud

On-Prem

2024-07-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Improvements, new features and functionality

Automation and Alerts
- The possibility to mark alerts and scheduled searches as favorites has been removed.
- Improvements in the layout of Alerts and Scheduled Searches, which now have updated forms.
- The Actions overview now has quick filters for showing only actions of specific types.
- The Scheduled Searches overview now shows the status of scheduled searches with a colored dot to make it easy to spot failing scheduled searches.
- Improvements in the Alerts and Scheduled Searches permissions, which are now renamed to Run on behalf of, and have a more clarifying help text.
- The Alerts overview now has quick filters for showing only standard alerts or filter alerts. It also shows the status of alerts with a colored dot to make it easy to spot failing alerts.
GraphQL API
- The semantics of the field SolitarySegmentSize on the ClusterNode datatype has changed from counting bytes that only exist on that node and which have been underreplicated for a while, to counting bytes that only exist on that node.
Dashboards and Widgets
- Improved performance on the Search page, especially when events contain large JSON objects.
  A new limit of 49 series has been set when using the wide format data (one field per series) in the Scatter Chart Widget (the first field is always the x axis). No such limit applies to long format data (series defined by one groupby column).
Other
- Parser timeouts have been changed to take thread time into account. This should make parsers more resilient to long Garbage Collector stalls.
  For more information, see Parser Timeout.

Bug Fixes

Dashboards and Widgets
- Labels of FixedList Parameter parameters values have been fixed, so that they default to the value instead of rendering empty string.
Functions
- The format() has been fixed as the combination of the hexadecimal modifier combined with grouping would not always work.

Public Preview

Automation and Alerts
- This release includes filter alerts in Public Preview. Filter alerts aim to replace existing alerts for use cases where the query does not contain any aggregates.
  Filter alerts:
  - Trigger on individual events and send notifications per event.
  - Guarantee at-least-once delivery of events to actions, within the limits described below.
  - Currently only support delays (ingest delays + delays in actions) of 1 hour and limit the number of notifications to 15 per minute per alert. Before going out of Public Preview, those limits will be raised.
  For more information, see Alerts.

Falcon LogScale 1.92.0 Preview (2023-05-30)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.92.0

Preview

2023-05-30

Cloud

On-Prem

2024-07-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Storage
Be less aggressive updating the digest partitions when a node goes offline. When a node goes offline/online, creating a well balanced table can require changes to partitions other than those where the changed node appears. This can cause more digest reassignment that we'd like, so we're changing the behavior of the automation. We'll now only generate optimally balanced tables in reaction to nodes being registered or unregistered from the cluster, and in reaction to the digest replication factor changing. The rest of the time, we'll take the previously generated balanced table as a starting point, and do very minimal node replacements in it to ensure partitions are properly replicated to live nodes.
It is no longer allowed for nodes to delete bucketed minisegments involved in queries off local disks before the queries are done. This should help ensure queries do not "miss" querying these files if they are deleted while a query is running.
Metadata on segments in memory is now represented in a manner that requires less memory at runtime after booting. The heap required for global snapshot is in the range 3-6 times the size of the disk, for a cluster with many segments. This change reduces the memory requirements for long retention compared to previous versions. Note that for a short time during boot of a node the memory requirement is closer to 10-15 times the size of the snapshot on disk.
Configuration
Remove NEW_INGEST_ONLY_NODE_SEMANTICS since we no longer support opting out of the new ingestonly behavior. The behavior has been the default since 1.79.0.
For more information, see Falcon LogScale 1.79.0 Preview (2023-02-28), LogScale Operational Architecture.

Improvements, new features and functionality

UI Changes
- A new tutorial built on a dedicated demo data view is available for environments that do not have access to legacy tutorial based on a sandbox repository.
- The DeleteRepositoryOrView data permission is now visible in the UI on Cloud environments.
- The Time Selector now only allows zooming out to approximately 4,000 years.
- The ChangeRetention data permission is now enabled on Cloud environments.
Documentation
- LogScale Kubernetes Reference Architecture new page has been added with LogScale reference architecture description when deploying LogScale using Kubernetes.
- Regular Expression Syntax new page has been added with extended details of supported regular expression syntax and differences between the LogScale support and other implementations such as Java and Perl.
GraphQL API
- The Usage page has been updated to support queries that are in progress for longer than the GraphQL timeout allows.
- The GraphQL schema for UsageStats has been updated to reflect that queries can be in progress.
Configuration
- Setting the SHARED_DASHBOARDS_ENABLED environment variable to false now disables the option of creating links for sharing dashboards.
  For more information, see Disabling Access to Shared Dashboards.
- Added support for using Google Cloud storage access Workload Identity rather than an explicit service account for bucket storage and export to bucket of query results.
  For more information, see Google Cloud Bucket Storage with Workload Identity.
- The new MAX_EVENT_FIELD_COUNT_IN_PARSER is introduced to control the number of fields allowed within the parser, but not when storing the event.
Dashboards and Widgets
- New parsing of Template Expressions has been implemented in the UI for improved performance.
- When creating or editing interactions you can now visualize any unused parameter bindings, with the option to remove them.
  For more information, see Unused parameters bindings.
- The empty list alias is now available as an input option for parameter bindings, so that Multi-value Parameters can be set explicitly to have the value of an empty list.
  For more information, see Empty list alias.
- Parameter labels are now used instead of parameter IDs when displaying the list of parameters that a widget / query is waiting on.
Other
- Reduced the amount of memory used when multiple queries use the match() function with the same arguments. Before, if you ran many queries that used the same file, the contents of the file would be represented multiple times in memory, once for each query. This could put you at risk of exhausting the server's memory if the files were large. With this change the file contents will be shared between the queries and represented only once. This enables the server to run more queries and/or handle larger files.
  For more information, see Lookup Files Operations.
- Polling a query on /queryjobs can now delay the response a bit in order to allow returning a potentially done response. The typical effective delay is less than 2 seconds, and the positive effect is saving the extra poll roundtrip that would otherwise need to happen before the query completed. This in particular makes simple queries complete faster from the viewpoint of the client, as they do not have to wait for an extra poll roundtrip in most cases.
- When the Kafka broker set changes at runtime, track that set and use as bootstrap servers for Kafka whenever LogScale needs to create a new Kafka client at runtime. This allows replacing all Kafka brokers (incrementally, moving their work to new servers) without restarting LogScale. Note that the set is not persisted across restart of LogScale, so when restarting LogScale, make sure to provide an up to date set of bootstrap servers.

Bug Fixes

Security
- Verified that LogScale does not use the affected Akka dependency component in CVE-2023-31442 by default, and have taken additional precautions to notify customers.
  For:
  LogScale Cloud/Falcon Long Term Repository:
  This CVE does not impact LogScale Cloud or LTR customers.
  LogScale Self-Hosted:
  Exposure to risk:
  Potential risk is only present if a self hosted customer has modified the Akka parameters to a non default value of akka.io.dns.resolver = async-dns during initial setup.
  By default LogScale does not use this configuration parameter.
  CrowdStrike has never recommended custom Akka parameters. We recommend using default values for all parameters.
  Steps to mitigate:
  Setting akka.io.dns.resolver to default value (inet-address) will mitigate the potential risk.
  On versions older than 1.92.0:
  Unset the custom Akka configuration. Refer to Akka documentation for more information on how to unset or pass a different value to the parameter here.
  CrowdStrike recommends upgrading LogScale to 1.92.x or higher versions.
UI Changes
- Fixed an issue where the filter would remain applied in the saved or recent queries when switching tabs in the Queries menu.
- Fixed the order of the timezones in the timezone dropdown on the Search and Dashboards pages.
Automation and Alerts
- Fixed an issue that could cause some rarely occurring errors when running alerts to not show up on the alert.
Dashboards and Widgets
- Fixed an issue where certain widget options would be ignored when importing a dashboard template or installing a package.
- Fixed a wrong behaviour on the Interactions overview page when creating a new interaction: if the interaction panel was opened, the repository options would dropdown in it instead of in the Create new interaction dialog.
Other
- The following Node-Level Metrics that showed incorrect results are now fixed: primary-disk-usage, secondary-disk-usage, cluster-time-skew, temp-disk-usage-bytes.

Falcon LogScale 1.91.0 Not Released (2023-05-23)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.91.0

Not Released

2023-05-23

Cloud

On-Prem

2024-07-31

No

1.44.0

11

No

Not released.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Falcon LogScale 1.90.0 Not Released (2023-05-16)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.90.0

Not Released

2023-05-16

Cloud

On-Prem

2024-07-31

No

1.44.0

11

No

Not released.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Falcon LogScale 1.89.0 Preview (2023-05-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.89.0

Preview

2023-05-11

Cloud

On-Prem

2024-07-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Removed
Items that have been removed as of this release.
API
Degrade and deprecate some REST and GraphQL APIs due to the introduction of AutomaticSegmentDistribution and AutomaticDigesterDistribution. The deprecated elements will be removed in a future release, once the upgrade compatibility with version 1.88.0 is dropped. We expect this to be no earlier than September 2023.
The following REST endpoints are deprecated, as they no longer have an effect and return meaningless results:
api/v1/clusterconfig/segments/prune-replicas
api/v1/clusterconfig/segments/distribute-evenly
api/v1/clusterconfig/segments/distribute-evenly-reshuffle-all
api/v1/clusterconfig/segments/distribute-evenly-to-host
api/v1/clusterconfig/segments/distribute-evenly-from-host
api/v1/clusterconfig/segments/partitions
api/v1/clusterconfig/segments/partitions/setdefaults
api/v1/clusterconfig/segments/set-replication-defaults
api/v1/clusterconfig/partitions/setdefaults
api/v1/clusterconfig/ingestpartitions/distribute-evenly-from-host
api/v1/clusterconfig/ingestpartitions/setdefaults
api/v1/clusterconfig/ingestpartitions (POST only, GET will continue to work)
The following GraphQL mutations are deprecated, as they no longer have an effect and return meaningless results:
startDataRedistribution
updateStoragePartitionScheme
The IngestPartitionScheme mutation is not deprecated, but as it updates state that is overwritten by automation, we recommend against using it — it exists solely to serve as a debugging tool.
The following GraphQL fields on the cluster object are deprecated, and return meaningless values:
ingestPartitionsWarnings
suggestedIngestPartitions
storagePartitions
storagePartitionsWarnings
suggestedStoragePartitions
storageDivergence
reapply_targetSize
The following fields in the return value of the api/v1/clusterconfig/segments/segment-stats endpoint are deprecated and degraded to always be O:
reapply_targetBytes
reapply_targetSegments
reapply_inboundBytes
reapply_inboundSegments

Improvements, new features and functionality

Automation and Alerts
- The Alert and Scheduled Search jobs no longer produce logs about specific alerts or scheduled searches in the humio repository. The logs are still sent to the humio-activity repository, which in normal setup is also ingested into the humio repository. So before, the logs would normally be duplicated, now they are not. The only difference between the two types of logs, is that the logs from the humio-activity repository all have loglevel equal to INFO. You can use the severity field instead to distinguish between the severity of the logs.
GraphQL API
- Mutations enableAlert and disableAlert have been added for enabling and disabling an alert without changing other fields.
Configuration
- Automatic rebalancing of existing segments onto cluster nodes has been enabled.
  Manual editing of the segment partition table is no longer supported. The table is no longer displayed in the Cluster Administration UI.
  The segments will be distributed onto cluster nodes based on the following node-level settings:
  - ZONE defines a node's zone. The balancing logic will attempt to distribute segment replicas across as many zones as possible.
  - The target disk usage percentage determines how much of the node disk we will consider usable for storing segment data during a rebalance. The balancing logic will attempt to keep nodes equally full, while considering the node zone and segment replication factor. This can be configured via GraphQL using the setTargetDiskUsagePercentage mutation. The default value is 90.
  - Nodes with a NODE_ROLES setting that excludes segment storage will not receive segments as part of a rebalance.
Log Collector
- Added a new test status for configurations, which allows you to try out a configuration on one or more instances before it's published.
  For more information, see Testing a Remote Configuration.
Other
- The following cluster management features are now enabled:
  - AutomaticJobDistribution
  - AutomaticDigesterDistribution
  - AutomaticSegmentDistribution
  For more information, see Digest Rules.

Bug Fixes

UI Changes
- The Search page would reload when using the browser's history navigation buttons. This issue has now been fixed.
- An error for lacking permissions that appeared when updating the organization settings has been fixed. Now, if you have permissions to view the Organization Settings page, you can also update information on it.
Automation and Alerts
- The throttle field would be empty when editing an Alert; this issue has now been fixed.
- Fixed an issue where clicking the Inspect link in Alert notifications would land on a missing page.
Dashboards and Widgets
- The following issues have been fixed on dashboards:
  - A dashboard would sometimes be perceived as changed on the server even though it was not.
  - Discard unsaved changes would appear when creating and applying new parameters.
Functions
- The rename() function would drop the field, if the field and as arguments were identical; this issue has now been fixed.
Other
- Fixed an issue that could cause segments to appear missing in queries, due to the presence of deleted minisegments with the same target as live minisegments.
- Some merged segments could temporarily be missing from query results right after an ephemeral node reboot. This issue has been fixed.
- An edge case has been fixed where query workers could fail to include minisegments if the minisegments were merged at a bad time, causing queries to be missing the data in those segments.

Falcon LogScale 1.88.2 Stable (2023-07-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.88.2

Stable

2023-07-04

Cloud

On-Prem

2024-05-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	0ff76e4d337ae9ad8c97f50afb0c9934
SHA1	1c654d18a443dcf58a4ac42755aa5121bf73aed4
SHA256	7a020339813f78cadf3a6c162950c891772ca4fd01500c3d21fb0b5c6b66b3a7
SHA512	6ae6bfff348447d78de037970a4ab2b84e4b60fdc134be4d68d54b70b1dd4676d5ac7059940222f9df97e89665db52b5549c3c421b5759fcf7d1c75879f7a1ec

Docker Image	SHA256 Checksum
humio	dc1b3fca6b642ba3c784d675153ab955e3d6010954e3efcde1a1388bcace1690
humio-core	fed8b88befc50966e8b9f2003c840094790762af993e77fdb9c13e02975d0c11
kafka	c24e1d5d6ee54ff52d57d7dae47ab20d8be0b5e4d49f2ca1b92503a5e0629478
zookeeper	b5dbea2a18ef00f271267665a86c1e084c3251e53db1510ddf54b1206390b5e3

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.88.2/server-1.88.2.tar.gz

Bug fix and updates.

Bug Fixes

Other
- Fixed an issue where searching within small subsets of the latest 24 hours in combination with hash filters could result in events that belonged in the time range to not be included in the result. The visible symptom was that narrowing the search span provided more hits.

Falcon LogScale 1.88.1 Stable (2023-06-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.88.1

Stable

2023-06-22

Cloud

On-Prem

2024-05-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	a999345b437d7c0fbaddbb8a55e6429a
SHA1	1de90e62be02bdcccbec07f9a29720c3c69dbe63
SHA256	40b2addbaedfdd3155fbd78b38c72dc8ef64c8a945a5858db38867d92aa54b6a
SHA512	78910febd9b6c7d216bc662ca47987db4e3a9e8c7eb3ee948a90e0c73b7aaf2de287faaec1c7891f8a76b4bc0914019e1ed09bd4919d4b5a23deda31c3d3038d

Docker Image	SHA256 Checksum
humio	d8436c255ce0c95e231fc533a2240f037f3668f4e5f6bc7d3ea614173a6a5088
humio-core	c5e82eac78cf5cf9132d3fb76ccda881ef402c142378eebffae77b4356de2ef9
kafka	5ad6b49d76ca75c91731c02f1c11928eea98efa3d2f1df8800ab55e669045ce0
zookeeper	cb4f5e163317fb289110c6372d5b54208f4396c433282b65bbfa3c15596e64cc

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.88.1/server-1.88.1.tar.gz

Security fixes.

Improvements, new features and functionality

Other
- Polling a query on /queryjobs can now delay the response a bit in order to allow returning a potentially done response. The typical effective delay is less than 2 seconds, and the positive effect is saving the extra poll roundtrip that would otherwise need to happen before the query completed. This in particular makes simple queries complete faster from the viewpoint of the client, as they do not have to wait for an extra poll roundtrip in most cases.

Bug Fixes

Security
- Verified that LogScale does not use the affected Akka dependency component in CVE-2023-31442 by default, and have taken additional precautions to notify customers.
  For:
  LogScale Cloud/Falcon Long Term Repository:
  This CVE does not impact LogScale Cloud or LTR customers.
  LogScale Self-Hosted:
  Exposure to risk:
  Potential risk is only present if a self hosted customer has modified the Akka parameters to a non default value of akka.io.dns.resolver = async-dns during initial setup.
  By default LogScale does not use this configuration parameter.
  CrowdStrike has never recommended custom Akka parameters. We recommend using default values for all parameters.
  Steps to mitigate:
  Setting akka.io.dns.resolver to default value (inet-address) will mitigate the potential risk.
  On versions older than 1.92.0:
  Unset the custom Akka configuration. Refer to Akka documentation for more information on how to unset or pass a different value to the parameter here.
  CrowdStrike recommends upgrading LogScale to 1.92.x or higher versions.

Falcon LogScale 1.88.0 Stable (2023-05-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.88.0

Stable

2023-05-24

Cloud

On-Prem

2024-05-31

No

1.44.0

11

No

Yes

TAR Checksum	Value
MD5	4498b5fcb67bc5d9418ddb67d502af19
SHA1	ce9309cb9c9d6f56513ff1e5de4c91f4f23a8b47
SHA256	9ba3c4f782bbd58751571b247ab3e76b6e2b50f0457d6966c8754e6566569273
SHA512	e5cebea46bb385f268c2e8ca6f7d6d42d12f19fe7704efcbcb41b50e40ccbf318ed3035c79b8f3fdf8623860e24190dde692fce09a938d9f0c2b3486ac436ae1

Docker Image	SHA256 Checksum
humio	607c8b664d97ec29e5a11960d3b37a01580054d5582748721c5ac141c8be72c0
humio-core	071c84efeb896afb372c43515aab1a5b67e61b035e90937311988ffda9c16a53
kafka	ccd909da61a4b1c8be82600f749d2a571afb3ee2baa720a77aaebf06ffd334e4
zookeeper	9a2015bfd9a7b7401604bb54f17d9029b4c6dc42cf3b25655b5c7e60f7e1db86

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.88.0/server-1.88.0.tar.gz

Bug fixes and updates.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Storage
It is no longer allowed for nodes to delete bucketed minisegments involved in queries off local disks before the queries are done. This should help ensure queries do not "miss" querying these files if they are deleted while a query is running.
Change how downloads from bucket storage are prioritized for queries. Previously the highest priority query was allowed to download as many segments as it liked. We now try to estimate how much work a query has available in local segments, and prioritize fetching segments for those queries that are close to running out of local work and becoming blocked for that reason.

Upgrades
Changes that may occur or be required during an upgrade.
Other
Docker images have been upgraded to Java 19.0.2. to address CVE-2022-45688 issue.
Snakeyamls has been upgraded to 2.0 to address CVE-2022-1471 issue.

Improvements, new features and functionality

UI Changes
- The view permission ChangeDashboardReadonlyToken is now also required when creating and deleting shared dashboard tokens.
- Improvements in UI tables visualization: even long column headers' text is now always left-aligned (instead of center-aligned and on top of each other) and uses a different color.
- Organization level query blocking has been added to Organization Settings UI.
  For more information, see Organization Query Monitor.
- Event List Interactions are now accessible from the Repository and View Settings page.
Automation and Alerts
- Clicking the Labels button in Alerts will now show every unique label that has been created on every alert in the same repository. This means that you don't need to rewrite a label when wanting to add the same label to another alert. This feature also applies to Scheduled Searches.
- The error message for an Alert or Scheduled Search on their edit pages now has a button for clearing the error while the dismiss icon will just close the message but not clear errors.
- When creating a new Alert, you now have a pulldown menu that suggests labels that you've previously created for other alerts. The same applies to Scheduled Searches.
  For more information, see Creating Alerts.
- The default time window for Alerts has been updated:
  - When creating an alert from the Alerts page, the default query time window has been changed from 24 Hours to 1 Hours to match the default throttle time.
  - When creating an alert from the Search page, the default Throttle period has been changed to match that of the query time window set.
  For more information, see Creating Alerts.
- When enabling an Alert or Scheduled Search with no actions, an inline warning message now appears instead of a message box.
GraphQL API
- The following GraphQL mutations can now also be performed with the ChangeOrganizationPermissions permission:
  - assignOrganizationRoleToGroup
  - unassignOrganizationRoleFromGroup
  The following GraphQL mutations can now also be performed with the ChangeSystemPermissions permission:
  - assignSystemRoleToGroup
  The following GraphQL queries and mutations can now also be performed with either ChangeOrganizationPermissions, ChangeSystemPermissions permission depending on the group:
  - addUsersToGroup
  - removeUsersFromGroup
  - assignRoleToGroup
  - group
  - groupByDisplayName
- The permissions required in order to list IP filters have been updated. You can now also list IP filters with one of the following permissions:
- The querySearchDomain GraphQL query now allows you to search for Views and Repositories based on your permissions — previously, enforcing specific permissions caused errors.
Configuration
- Using the storage class "S3 Intelligent-Tiering" in AWS S3 selectively on files that LogScale knows continues to be supported: it is controlled by the new dynamic configuration BucketStorageUploadInfrequentThresholdDays that sets the minimum number of days of remaining retention for the data in order to switch from the default "S3 Standard" to the "Intelligent" tier.
  The decision is made at the point of upload to the bucket only, whereas existing objects in the bucket are not modified.
  The bucket must be configured to not allow the optional tiers Archive Access tier nor Deep Archive Access tier as those do not have instant access, which is required for LogScale.
  As a consequence of that, do not enable automatic archiving within the S3 Intelligent-Tiering storage class.
- The new configuration parameter SEGMENT_READ_FADVICE has been introduced.
- The following cluster-level setting has been introduced, editable via GraphQL mutations:
  - setSegmentReplicationFactor configures the desired number of segment replicas.
  This is also configurable via the DEFAULT_SEGMENT_REPLICATION_FACTOR configuration parameter.
  If configured via both environment variable and GraphQL mutation, the mutation has precedence.
  For new clusters the default is 1. For clusters upgrading from older versions, the initial value is taken from the STORAGE_REPLICATION_FACTOR environment variable, if set. If instead the variable is not set, the value is taken from the replication factor of the storage partition table prior to the upgrade — this means that upgrading clusters should see no change to their replication factor, unless specified in the STORAGE_REPLICATION_FACTOR .
  The feature can be disabled in case of problems via either the GraphQL mutation setAllowRebalanceExistingSegments, or the environment variable DEFAULT_ALLOW_REBALANCE_EXISTING_SEGMENTS.
  If you need to disable the feature, please reach out to Support and share your concerns so we can try to address them. We intend to remove the option to handle segment partitions manually in the future.
- New configuration parameters have been added allowing control of client.rack for our Kafka consumers:
  - KAFKA_CLIENT_RACK_ENV_VAR — this variable is read to find the name of the variable that holds the value. It defaults to ZONE, which is the same variable applied to the LogScale node zones by default.
- Disable the AutomaticDigesterDistribution feature by default. While the feature works, it can cause performance issues on very large installs if nodes are rebooted repeatedly. In future versions, we've worked around this issue, but for 1.88 patch versions, we prefer simply disabling the feature.
Dashboards and Widgets
- When using the Edit in search view item on a dashboard widget, the values set in parameters in the query are also carried over into the search view.
- Introduced a new setting for dashboard parameters configuration to defer query execution: the dashboard will not execute any queries on page load until the user provides a value to the parameter.
  For more information, see Configuring Dashboard Parameters.
- The new interaction type Search Link has been introduced, allowing users to create an interaction that will trigger a new search.
  For more information, see Managing Dashboard Interactions, Creating Event List Interactions.
- You can now save interactions with a saved query on the Search page. Interactions in saved queries are also supported in Packages.
  For more information, see Creating Event List Interactions.
- The new interaction type Update Parameters has been introduced. This interaction allows you to update parameters in the context you're working in — on the dashboard or on the Search page.
  For more information, see Update Parameters.
- The combo box has been updated to show multiple selections as "pills".
- You can now delete or duplicate Event List Interactions from the Interactions overview page.
  For more information, see Deleting & Duplicating Event List Interactions.
- Multivalued parameters have been introduced to pass an array of values to the query. The support is limited to the Dashboards page.
  For more information, see Multi-value Parameters.
- When Setting Up a Dashboard Interaction, the {{ startTime }} and {{ endTime }} special variables now work differently, depending on whether the query, widget or dashboard is running in Live mode or not. They now work as follows:
  - In a live query or dashboard, the startTime variable will contain the relative time, such as 2d whereas endTime will be empty.
  - In a non-live query or dashboard, startTime will be the absolute start time when the query was last run. endTime, similarly, will have the end time of when the query was last run.
- Interactive elements in visualizations now have the point cursor.
Log Collector
- On the Config Overview page a column showing the state of the configuration has been added. The configuration can either be published or in draft state.
  A menu item has been added on the Config Overview page, that links to the Settings page.
  When clicking on an Error status on the Fleet Overview page, a dialog with the error details will open.
  For more information, see LogScale Collector Managing your Fleet.
- Fleet Management updates:
  - Added the Basic Information page with primary information of a specific configuration e.g. name, description, no. of assigned instances.
  - The Config Editor used to create/modify LogScale Collector configurations in LogScale has been augmented with context aware auto-completion, tooltips for keywords and highlighting of invalid settings.
  For more information, see Managing Remote Configurations.
Functions
- Performance improvements have been made to the match() query function in cases where ignoreCase=true is used together with either mode=cidr, or mode=string.
- base64Decode() query function has been updated such that, when decoding to UTF-8, invalid code points are replaced with a placeholder character.
- When IOCs are not available, the ioc:lookup() query function will now produce an error. Previously, it only produced a warning.
- The memory usage of the functions selectLast() and groupBy() has been improved.
Other
- Reduced the amount of memory used when multiple queries use the match() function with the same arguments. Before, if you ran many queries that used the same file, the contents of the file would be represented multiple times in memory, once for each query. This could put you at risk of exhausting the server's memory if the files were large. With this change the file contents will be shared between the queries and represented only once. This enables the server to run more queries and/or handle larger files.
  For more information, see Lookup Files Operations.
- Improvements to query scheduler logic for "shelving" i.e., pausing queries considered too expensive. The pause/unpause logic are now more responsive and unpause queries faster when they become eligible to run.
- When the automatic segment rebalancing feature is enabled, ignore the segment storage table when evaluating whether dead ephemeral nodes can be removed automatically.
- Create Repositories permission now also allows LogScale Self-Hosted users to create repositories.
Packages
- The size limit of packages' lookup files has been changed to adhere to the MAX_FILEUPLOAD_SIZE configuration parameter. Previously the size limit was 1MB.
  For more information, see Exporting the Package.

Bug Fixes

UI Changes
- The Search page would reload when using the browser's history navigation buttons. This issue has now been fixed.
- An issue in the Usage page that could fail showing any data has been fixed.
  The Usage page now shows an error if there are any warnings from the query.
- The Fields Panel flyout displayed the bottom 10 values rather than the top 10 values. This issue has now been fixed.
  For more information, see Displaying Fields.
Dashboards and Widgets
- "" was being discarded when creating URLs for interactions. This issue has now been fixed.
- Attempting to remove a widget on a dashboard would sometimes remove another widget than the one attempted to remove. This issue has been fixed.
- The tooltip in the Time Chart widget would not show any data points. This issue has now been fixed.
- Non-breaking space chars (ALT+Space) made Template Expressions unable to be resolved. This issue has been fixed.
- '_' was not recognized as a valid first symbol for parameters when parsing queries. This issue has now been fixed.
- Fixed an issue where clicking the Inspect link in alert notifications would land on a missing page.
- The values of FixedList Parameter on a dashboard would change sort ordering after being exported to a yaml template file. This issue has been fixed.
Functions
- The groupBy() function would not always warn upon exceeding the default limit. This issue has now been fixed.
- Fixed a regression in join() validation, which was introduced in version Falcon LogScale 1.80.0 Preview (2023-03-07).
- timeChart() provided with unitand groupBy() as the aggregation function would not warn on exceeding the default groupBy() limit. This issue has now been fixed.
Other
- The following audit log issues have been fixed:
  - the audit log logged the name of the view owning the view bindings instead of the repository it links to. The name now matches the id in the binding log entry.
  - the audit log for a view update did not use the updated view but the view data before the update.
- An uploaded file would sometimes disappear immediately after uploading. This issue has been fixed.
- An issue that would cause query workers to handle minisegments for longer than intended has been fixed.
- An issue that would cause bucket downloads to retry infinitely many times for certain types of segments has been fixed.
- Export query result to file dialog would not close in some cases. This issue has now been fixed.
- Restart of queries based on lookup files has been fixed: only live queries need restarting from changes to uploaded files that they depend on. Scheduled Searches and static queries use the version of the file present when they start and run to completion.
- Fixed bucket downloads that could fail if the segment they were fetching disappeared from global.
- In ephemeral-disk mode, allow removing a node via the UI when it is dead regardless of any data present on the node: ephemeral mode knows how to ensure durability also when nodes are lost without notice.
  For more information, see Ephemeral Nodes and Cluster Identity.
- In clusters with bucket storage running queries that take more than 90 minutes, those queries could spuriously fail with a complaint that segments were missing. The issue has now been fixed.

Falcon LogScale 1.87.0 Preview (2023-04-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.87.0

Preview

2023-04-25

Cloud

On-Prem

2024-05-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Improvements, new features and functionality

Dashboards and Widgets
- When using the Edit in search view item on a dashboard widget, the values set in parameters in the query are also carried over into the search view.
- When Setting Up a Dashboard Interaction, the {{ startTime }} and {{ endTime }} special variables now work differently, depending on whether the query, widget or dashboard is running in Live mode or not. They now work as follows:
  - In a live query or dashboard, the startTime variable will contain the relative time, such as 2d whereas endTime will be empty.
  - In a non-live query or dashboard, startTime will be the absolute start time when the query was last run. endTime, similarly, will have the end time of when the query was last run.
Functions
- base64Decode() query function has been updated such that, when decoding to UTF-8, invalid code points are replaced with a placeholder character.
- The memory usage of the functions selectLast() and groupBy() has been improved.
Packages
- The size limit of packages' lookup files has been changed to adhere to the MAX_FILEUPLOAD_SIZE configuration parameter. Previously the size limit was 1MB.
  For more information, see Exporting the Package.

Bug Fixes

UI Changes
- An issue in the Usage page that could fail showing any data has been fixed.
  The Usage page now shows an error if there are any warnings from the query.
Dashboards and Widgets
- Attempting to remove a widget on a dashboard would sometimes remove another widget than the one attempted to remove. This issue has been fixed.
- Non-breaking space chars (ALT+Space) made Template Expressions unable to be resolved. This issue has been fixed.
Functions
- The groupBy() function would not always warn upon exceeding the default limit. This issue has now been fixed.
- timeChart() provided with unitand groupBy() as the aggregation function would not warn on exceeding the default groupBy() limit. This issue has now been fixed.
Other
- In clusters with bucket storage running queries that take more than 90 minutes, those queries could spuriously fail with a complaint that segments were missing. The issue has now been fixed.

Falcon LogScale 1.86.0 Preview (2023-04-18)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.86.0

Preview

2023-04-18

Cloud

On-Prem

2024-05-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Improvements, new features and functionality

Automation and Alerts
- When creating a new Alert, you now have a pulldown menu that suggests labels that you've previously created for other alerts. The same applies to Scheduled Searches.
  For more information, see Creating Alerts.
Configuration
- New configuration parameters have been added allowing control of client.rack for our Kafka consumers:
  - KAFKA_CLIENT_RACK_ENV_VAR — this variable is read to find the name of the variable that holds the value. It defaults to ZONE, which is the same variable applied to the LogScale node zones by default.

Bug Fixes

Dashboards and Widgets
- "" was being discarded when creating URLs for interactions. This issue has now been fixed.
- '_' was not recognized as a valid first symbol for parameters when parsing queries. This issue has now been fixed.

Falcon LogScale 1.85.0 Preview (2023-04-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.85.0

Preview

2023-04-13

Cloud

On-Prem

2024-05-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Upgrades
Changes that may occur or be required during an upgrade.
Other
Snakeyamls has been upgraded to 2.0 to address CVE-2022-1471 issue.

Improvements, new features and functionality

UI Changes
- Improvements in UI tables visualization: even long column headers' text is now always left-aligned (instead of center-aligned and on top of each other) and uses a different color.
- Organization level query blocking has been added to Organization Settings UI.
  For more information, see Organization Query Monitor.
Automation and Alerts
- Clicking the Labels button in Alerts will now show every unique label that has been created on every alert in the same repository. This means that you don't need to rewrite a label when wanting to add the same label to another alert. This feature also applies to Scheduled Searches.
GraphQL API
- The following GraphQL mutations can now also be performed with the ChangeOrganizationPermissions permission:
  - assignOrganizationRoleToGroup
  - unassignOrganizationRoleFromGroup
  The following GraphQL mutations can now also be performed with the ChangeSystemPermissions permission:
  - assignSystemRoleToGroup
  The following GraphQL queries and mutations can now also be performed with either ChangeOrganizationPermissions, ChangeSystemPermissions permission depending on the group:
  - addUsersToGroup
  - removeUsersFromGroup
  - assignRoleToGroup
  - group
  - groupByDisplayName
- The permissions required in order to list IP filters have been updated. You can now also list IP filters with one of the following permissions:
Configuration
- Using the storage class "S3 Intelligent-Tiering" in AWS S3 selectively on files that LogScale knows continues to be supported: it is controlled by the new dynamic configuration BucketStorageUploadInfrequentThresholdDays that sets the minimum number of days of remaining retention for the data in order to switch from the default "S3 Standard" to the "Intelligent" tier.
  The decision is made at the point of upload to the bucket only, whereas existing objects in the bucket are not modified.
  The bucket must be configured to not allow the optional tiers Archive Access tier nor Deep Archive Access tier as those do not have instant access, which is required for LogScale.
  As a consequence of that, do not enable automatic archiving within the S3 Intelligent-Tiering storage class.
- The new configuration parameter SEGMENT_READ_FADVICE has been introduced.
Dashboards and Widgets
- Introduced a new setting for dashboard parameters configuration to defer query execution: the dashboard will not execute any queries on page load until the user provides a value to the parameter.
  For more information, see Configuring Dashboard Parameters.
- The new interaction type Search Link has been introduced, allowing users to create an interaction that will trigger a new search.
  For more information, see Managing Dashboard Interactions, Creating Event List Interactions.
- Multivalued parameters have been introduced to pass an array of values to the query. The support is limited to the Dashboards page.
  For more information, see Multi-value Parameters.
Log Collector
- Fleet Management updates:
  - Added the Basic Information page with primary information of a specific configuration e.g. name, description, no. of assigned instances.
  - The Config Editor used to create/modify LogScale Collector configurations in LogScale has been augmented with context aware auto-completion, tooltips for keywords and highlighting of invalid settings.
  For more information, see Managing Remote Configurations.
Functions
- When IOCs are not available, the ioc:lookup() query function will now produce an error. Previously, it only produced a warning.
Other
- Improvements to query scheduler logic for "shelving" i.e., pausing queries considered too expensive. The pause/unpause logic are now more responsive and unpause queries faster when they become eligible to run.
- Create Repositories permission now also allows LogScale Self-Hosted users to create repositories.
- Worker-level query scheduling has been adjusted to avoid long-term starvation of expensive queries.

Bug Fixes

Functions
- Fixed a regression in join() validation, which was introduced in version Falcon LogScale 1.80.0 Preview (2023-03-07).
- Fixed an issue where a query with join(), selfJoin(), or selfJoinFilter() functions would sometimes get cancelled.
Other
- The following audit log issues have been fixed:
  - the audit log logged the name of the view owning the view bindings instead of the repository it links to. The name now matches the id in the binding log entry.
  - the audit log for a view update did not use the updated view but the view data before the update.
- An issue that would cause query workers to handle minisegments for longer than intended has been fixed.
- An issue that would cause bucket downloads to retry infinitely many times for certain types of segments has been fixed.

Falcon LogScale 1.84.0 Not Released (2023-04-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.84.0

Not Released

2023-04-04

Cloud

On-Prem

2024-05-31

No

1.44.0

11

No

Not released.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Falcon LogScale 1.83.0 Preview (2023-03-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.83.0

Preview

2023-03-28

Cloud

On-Prem

2024-05-31

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

Improvements, new features and functionality

UI Changes
- Event List Interactions are now accessible from the Repository and View Settings page.
Automation and Alerts
- The default time window for Alerts has been updated:
  - When creating an alert from the Alerts page, the default query time window has been changed from 24 Hours to 1 Hours to match the default throttle time.
  - When creating an alert from the Search page, the default Throttle period has been changed to match that of the query time window set.
  For more information, see Creating Alerts.
GraphQL API
- The querySearchDomain GraphQL query now allows you to search for Views and Repositories based on your permissions — previously, enforcing specific permissions caused errors.
Dashboards and Widgets
- You can now save interactions with a saved query on the Search page. Interactions in saved queries are also supported in Packages.
  For more information, see Creating Event List Interactions.
- The combo box has been updated to show multiple selections as "pills".
- You can now delete or duplicate Event List Interactions from the Interactions overview page.
  For more information, see Deleting & Duplicating Event List Interactions.
- Interactive elements in visualizations now have the point cursor.
Functions
- Performance improvements have been made to the match() query function in cases where ignoreCase=true is used together with either mode=cidr, or mode=string.

Bug Fixes

Other
- Fixed bucket downloads that could fail if the segment they were fetching disappeared from global.

Falcon LogScale 1.82.4 Stable (2023-11-20)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.82.4

Stable

2023-11-20

Cloud

On-Prem

2024-04-30

No

1.44.0

11

No

TAR Checksum	Value
MD5	702decdef1d72545f0357091f3623c08
SHA1	49b14563b7ea0d01f87cb78e25e99fcab603c2c8
SHA256	d38ea4ab551ab0f826eab12e772ee78a3870d3d73cfd83bcb4acbeddeb44dd70
SHA512	e039bfaa94a9c9a4c96cd7350b21ff035fd73d1800514ec53aa416ca555178eb87c99da0c939e2f5366909c5fd63526b0d598318f5672da4d016ef788155a4fe

Docker Image	SHA256 Checksum
humio	f801fd236ff5729012c51c035c1607be2fda7909f79843c82af7535b20e6c6f1
humio-core	0a024a74995adcf6ce9d225e731af34bbfdbe5dee016162a3b6ae073f26ce4c4
kafka	fd0838840877fadce404c233cb5a4000e31361e9ee49a8ab95cb36c66a70d67b
zookeeper	8022e850fe9e6d38c158d8ea8c03a5f88b0607bd1cc2a5cf96219ab3f87db00f

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.82.4/server-1.82.4.tar.gz

Bug fix and updates.

Bug Fixes

UI Changes
- Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.

Falcon LogScale 1.82.3 Stable (2023-07-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.82.3

Stable

2023-07-04

Cloud

On-Prem

2024-04-30

No

1.44.0

11

No

TAR Checksum	Value
MD5	0823b20fe8ac1627377ee9c8088915f4
SHA1	c702802c7912a62575d0df66c0e50fbad77ffae2
SHA256	3ccba6e2d9911d345f19ddfb57ac25614a0ecc566d0c95443fd8cbbd010a4132
SHA512	fc8627e24fc82022248520e2dd594ef74fb02228dfe51aa7d7a1e7a241d0d27606a68a2c1dfdecdd72547683b6b86d70930773e2798ccfadf9b8b18fc151b2eb

Docker Image	SHA256 Checksum
humio	159d69c1521724d90bfefc7a5fe22f23ad3cfc386291f5e93828e27d05bb5f34
humio-core	a30a197ed0d8e829db54e8738a583275a01717b397e0beac8523e921448bbc4a
kafka	e808836ef57c65de5cd5c4b39fadd4f62ea0589d7781cab3c70b263713efbff7
zookeeper	771385427652ccd1d166e2e98dd09fcfcc84297303db6a571a4007d5f104dfc7

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.82.3/server-1.82.3.tar.gz

Bug fix and updates.

Bug Fixes

Other
- Fixed an issue where searching within small subsets of the latest 24 hours in combination with hash filters could result in events that belonged in the time range to not be included in the result. The visible symptom was that narrowing the search span provided more hits.

Falcon LogScale 1.82.2 Stable (2023-06-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.82.2

Stable

2023-06-22

Cloud

On-Prem

2024-04-30

No

1.44.0

11

No

TAR Checksum	Value
MD5	155c984fb2f3319e42ca151704a5b3f1
SHA1	05cae24fac6be7d8cc24bb29c11fa068961d76e7
SHA256	9a0ca4411a7fbd12dbbbe9582498d9f26552c72e68bfca31f6e812b4bb5bcc81
SHA512	bcf589535e0e5c13ecab26f8ba330dd99f190228337f780d0c77d7ca012d67156ad26916471da4e21e7847074f1b654638117626f34e2c509cd2c736faaa90aa

Docker Image	SHA256 Checksum
humio	3efbba813293749fc2a6c7bd8332f17110ca33f92a5aa6ea82dab158defe4456
humio-core	92178d5950198b8a9c5df7764385248f7a58d72c2c3f9eae74f3c7b8492b91b1
kafka	4485b9c15d8a3e9cc122f548e68a6daaba983cb8479f553d8ea11ba4de7c09c5
zookeeper	c045a185ddc1f0d852a4f73b6668db78c580b0f17287458d78cc723fce20a778

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.82.2/server-1.82.2.tar.gz

Security fixes.

Bug Fixes

Security
- Verified that LogScale does not use the affected Akka dependency component in CVE-2023-31442 by default, and have taken additional precautions to notify customers.
  For:
  LogScale Cloud/Falcon Long Term Repository:
  This CVE does not impact LogScale Cloud or LTR customers.
  LogScale Self-Hosted:
  Exposure to risk:
  Potential risk is only present if a self hosted customer has modified the Akka parameters to a non default value of akka.io.dns.resolver = async-dns during initial setup.
  By default LogScale does not use this configuration parameter.
  CrowdStrike has never recommended custom Akka parameters. We recommend using default values for all parameters.
  Steps to mitigate:
  Setting akka.io.dns.resolver to default value (inet-address) will mitigate the potential risk.
  On versions older than 1.92.0:
  Unset the custom Akka configuration. Refer to Akka documentation for more information on how to unset or pass a different value to the parameter here.
  CrowdStrike recommends upgrading LogScale to 1.92.x or higher versions.

Falcon LogScale 1.82.1 Stable (2023-05-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.82.1

Stable

2023-05-15

Cloud

On-Prem

2024-04-30

No

1.44.0

11

No

TAR Checksum	Value
MD5	fb4b50f131a07565a3f26b880d56fd4c
SHA1	1263a3d79beba7826184e3ad25ecd0e943c7ea9e
SHA256	0d941a09269ae5efaa934568009a4ac4ea8a3ef7100332afe253c82ff75ec17b
SHA512	0277eab1d3069f5369f978b9d582f3093c6856563d4512c590cbed3a381e1fd8c45ddb4185e71c2ff5c2ce9dc2f97822fbe466574c0e638e90c2132db9980e06

Docker Image	SHA256 Checksum
humio	87eaef9b043dd23a65eefd749e9540b27d554fd1f41484695d77815544347937
humio-core	145cb7a5d35dffc62e7239b007721454ba2bd85af50496cc4c461bafbcd472d9
kafka	31a6e03e68efd4d7a2a3be0858726d77c6c7e7be9eadecff52144e8e349b195e
zookeeper	4842ee4e9848b389d97e155a9504e9e9c54ae4312c9d47b23529e9bea4fcf85a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.82.1/server-1.82.1.tar.gz

Bug fixes and updates.

Bug Fixes

UI Changes
- Fixed some missing Field Interactions options for the JSON data type in the Event List.
  For more information, see Field Data Types.

Falcon LogScale 1.82.0 Stable (2023-04-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.82.0

Stable

2023-04-12

Cloud

On-Prem

2024-04-30

No

1.44.0

11

No

TAR Checksum	Value
MD5	51d366030dddbe5f3b5cf2bf54507d11
SHA1	877287bb9d431853a530ff647b692a8c40f8fad8
SHA256	191b56f4e1a9e54bcf284b0280cce865251970d7bd0cd6660f132520b0931432
SHA512	88e8219b8a60fe259e1953584cee167d2325abf28525ea70bead77998af11b5ebe0df5bcce0a3bef398db95b5f99ac1f3022d8ab24f88aef22bde42f0f4af180

Docker Image	SHA256 Checksum
humio	6087c619f855cf9a1d05c6aaf983feb3b1fdd7d051c8c769683541f45181da79
humio-core	41089d22b64f5e7fb6e1337064afec7816ac84aa5602b1d98f6684fa16eb03e4
kafka	3b3a4a610a5ab9b38dded8cad062aedf863651ca6f3f9c6b81bee753af9c6d6c
zookeeper	e5887242f44220b313c6c11bb062ce1e3255d65ec9437bc58876ffbf1753ce0a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.82.0/server-1.82.0.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

UI Changes
- Improvements have been made on the Fields Panel, that would flicker when switching between the Results and Events tabs and the query was live. It now displays the fields of the aggregated query when on the Results tab, and the fields of the events query when on the Events tab.
Functions
- The match()query function has been improved in terms of speed when using glob as the mode.
Other
- Added optional global argument to stopAllQueries, stopStreamingQueries, stopHistoricalQueries, blockedQueries, addToBlocklistById, addToBlocklist permissions. Default is false i.e. within own organization only.
- Added backend support for organization level query blocking. Actors with the BlockQueries permission are able to block and stop queries running within their organization.
- Worker-level query scheduling has been adjusted to avoid long-term starvation of expensive queries.

Bug Fixes

Dashboards and Widgets
- The dropdown menu for dashboard parameter suggestions is now faster and can handle several thousand entries without blocking the UI.
  For more information, see Managing Dashboard Parameters.
Functions
- Fixed an issue where a query with join(), selfJoin(), or selfJoinFilter() functions would sometimes get cancelled.
Other
- Fixed a permission issue for LogScale Self-Hosted having a dependency on the ManageOrganizations system permission, which should not apply to that environment — the ManageCluster system permission in itself is now sufficient for Self-Hosted.
- Fixed an issue that could cause recently merged minisegments to be excluded from searches after a reboot.
- Fixed an issue that occurred when creating users: when multiple user creation requests were sent at the same time, multiple users were in some cases created with the same name.
- Fixed an issue with API Explorer that could fail to load in some configurations when using cookie authentication.

Falcon LogScale 1.81.0 Preview (2023-03-14)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.81.0

Preview

2023-03-14

Cloud

On-Prem

2024-04-30

No

1.44.0

11

No

Bug fixes and updates.

Removed
Items that have been removed as of this release.
Automation and Alerts
The deprecated REST Alert API has been removed.
Other
The deprecated REST Action API endpoint for testing actions has been removed.

Upgrades
Changes that may occur or be required during an upgrade.
Other
OpenSSL in Docker images has been upgraded to address CVE-2023-0286 issue.

Improvements, new features and functionality

Automation and Alerts
- The throttle field on alerts can now be imported and exported.
Configuration
- The default value for AUTOSHARDING_TRIGGER_DELAY_MS has been raised from 20,000 to 3,600,000.
Other
- Event redaction will no longer rewrite minisegments. Instead, the redaction will be delayed until all minisegments that would be affected have been merged.
- Query Monitor page is now available on the organization level. Users with Monitor queries organization level permission get access to the page where they can see queries running in their organization.
  For more information, see Query Monitor, Organization Query Monitor.
- New ingest endpoint api/v1/ingest/json for ingesting JSON objects and JSON arrays has been added.
  For more information, see Ingest Raw JSON Data.

Bug Fixes

Falcon Data Replicator
- Fixed a bug where testing new FDR feeds that use S3 Aliasing would fail for valid credentials.
Dashboards and Widgets
- The following items have been fixed:
  - Parameter bindings would not be visible for imported dashboards when configuring interactions.
  - Imported dashboard containing interactions would be perceived as invalid.
  For more information, see Managing Dashboard Interactions.
Functions
- Fixed a bug where the query editor would wrongly claim that predicate functions used as match guards were missing an argument to the field parameter.
Other
- Fixed an issue which could cause minisegments to not all be on the same host for a short time, while those minisegments were being merged. This could cause queries to be unable to query them.
- Fixed some issues in the event redaction implementation which could cause the redaction to fail in rare cases.
- A bug has been fixed that caused recent minisegments to be missed in queries if the minisegments were merged during the query.

Falcon LogScale 1.80.0 Preview (2023-03-07)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.80.0

Preview

2023-03-07

Cloud

On-Prem

2024-04-30

No

1.44.0

11

No

Bug fixes and updates.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Ingestion
Ingested events would not be limited in size if the bulk of the data in the event was in fields other than @rawstring. This will now be enforced. Events that exceed the limit on event size at ingest are handled as follows:
@rawstring is truncated to the maximum allowed length, and all other fields are dropped from the event.
@timestamp becomes the ingest time.
@timezone becomes UTC.
(This is identical to the previous handling of oversized @rawstring).

Upgrades
Changes that may occur or be required during an upgrade.
Other
Kafka client has been upgraded to 3.4.0.
Kafka broker has been upgraded to 3.4.0 in the Kafka container.
The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.

Improvements, new features and functionality

UI Changes
- Whether one can create a new repository is now controlled by the Create repository permission in the UI.
Configuration
- Removed NEW_VHOST_SELECTION_ENABLED as a configuration option. The option has been true by default since 1.70; an opt-out is no longer needed.
Dashboards and Widgets
- Changed the query editor when editing dashboard queries to be the same that is used on the Search page.
Log Collector
- New Template feature added to the Fleet Management page, which allows you to:
  - upload a yaml file when creating a new configuration
  - export either the published or draft version of a configuration file.
  For more information, see Fleet Management Overview.
Functions
- Saved queries can now be used in subqueries, see Using Functions as Arguments to Other Functions.
Other
- Added backend support for organization level query monitor. The new MonitorQueries permission now allows viewing queries that are running within the organization.
Packages
- Interactions installed from a package use the new repository where the package is installed.

Bug Fixes

UI Changes
- A high CPU usage in the UI since LogScale 1.75 when the Time Zone Selector dropdown was displayed has now been fixed.
Configuration
- Automatic generation and updating of the digest partitions table has been enabled, and manual editing is no longer supported. See Digest Rules for reference.
  The table will be kept up to date based on the following node-level settings (see Starting a New LogScale Node):
  - ZONE defines a node's zone. The table we generate will attempt to distribute segments across as many zones as possible.
  - Nodes will appear in the table more often if they have many cores. Nodes with fewer cores will appear less often.
  - Nodes with a NODE_ROLES setting that excludes digest work will not appear in the table.
  A cluster-level setting has also been introduced: setDigestReplicationFactor GraphQL mutation configures the replication factor to use for the table. This is also settable via the environment variable DEFAULT_DIGEST_REPLICATION_FACTOR.
  Automatic management of the digest partition table is now handled by the environment variable DEFAULT_ALLOW_UPDATE_DESIRED_DIGESTERS. We intend to remove the option to handle digest partitions manually in the future.
Dashboards and Widgets
- Keyboard combinations cmd+Z/Ctrl+Z no longer deletes the query on dashboard widgets.
Functions
- A performance issue in collect() when it collected many values has been fixed.
- Validation of join() and join-like functions in conditional expressions and subqueries not having positional information has been fixed.
- Fixed an issue where joins in case statements, match statements, and subqueries would mark the entire query as erroneous.
Other
- Some minisegments would be excluded from queries in cases where those minisegments had previously been merged, but the merge was reverted.
- Minisegments would be removed too early from nodes which were querying them, causing queries to be missing some data.
- Two hosts booted at around the same time would conflict on which vhost number to use, causing one of the hosts to crash.
- Avoid caching warnings that some data segments could not be found on any servers. This prevents queries from displaying this warning spuriously.

Falcon LogScale 1.79.0 Preview (2023-02-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.79.0

Preview

2023-02-28

Cloud

On-Prem

2024-04-30

No

1.44.0

11

No

Bug fixes and updates.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Configuration
The behavior of nodes using the ingestonly role has changed. Such nodes used not to write to global, and not register themselves in the cluster. They now do both.
The old behavior can be restored by setting NEW_INGEST_ONLY_NODE_SEMANTICS=false. If you do this, please reach out to Support and outline your need, as this option will be removed in the near future.

Improvements, new features and functionality

Automation and Alerts
- When creating or editing Alerts and Scheduled Searches, it is now possible to specify another user the alert or scheduled search should run as, via the new organization permission ChangeTriggersToRunAsOtherUsers.
  It is now checked that the user selected to run the alert or scheduled search has permissions to run it. Previously, that was first checked when trying to run the alert or scheduled search.
  The new feature checks whether the user, trying to create or edit an alert or schedule search, has permissions to change and run as another user. If the feature is enabled, you can select the user to run an alert or schedule search as, from a list of users.
  See Creating Alerts and Scheduled Search Run on Behalf of for more information.
Functions
- Memory consumption of the format() function has been decreased.
- Introduced a memory limit in collect() mapper phase. The collect() function now collects up to the value of the limit argument or 10 MiB worth of distinct values, whichever comes first.

Bug Fixes

Falcon Data Replicator
- Fixed a performance issue when setting fileDownloadParallelism to more than 1. See Adjust Polling Nodes Per Feed for more information.
UI Changes
- The Event Distribution Histogram wouldn't show properly after manipulation of the @timestamp field.
Dashboards and Widgets
- Fixed dashboard links to the same dashboard, as they would not correctly update the parameters.
- In visualizations using the timeChart() or bucket() functions, when no results were returned you would just see an empty page. Consistently with other visualizations, you will now see a no-result message displayed, such as No results in active time window or Search Completed. No results found — depending on whether Live mode is selected or not.

Falcon LogScale 1.78.0 Preview (2023-02-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.78.0

Preview

2023-02-21

Cloud

On-Prem

2024-04-30

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Improvements, new features and functionality

UI Changes
- An explicit logout message now indicates that the user's session has been terminated.
- The Time Zone Selector now shows the timezone as +00:00 instead of -00:00 when the offset is zero.
- Clone items have all been replaced with Duplicate in the UI to be consistent with what they actually do.
Automation and Alerts
- When updating or creating new Actions, any server errors will be displayed in a summary under the form. The server errors in the summary will now specify the form field title where the error occurred, to easily identify where the error is.
- Removed the sidepanel when creating/editing an Alerts or Scheduled Searches.
Configuration
- The default value of MAX_INGEST_REQUEST_SIZE has been reduced from 1024 MB to 32 MB. This limits the size of ingest requests and rejects oversized requests. If the request is compressed within HTTP, then this restricts the size after decompressing.
Functions
- The array:filter() function is now generally available.
- Introduced the new query function bitfield:extractFlags().
- More time format modifiers are now supported in the format() function:
  - Full and abbreviated month, day-of-week names, and the century
  - Date/time composition format Day Mon DD HH:MM:SS Zone YYYY, e.g., Tue Jun 22 16:45:05 GMT+1 1993.
Other
- "Sticky" autoshards no longer mean that the system cannot tune their value, but only that it cannot decrease the number of shards; the cluster is allowed to raise the number of shards on datasources when it needs to, also for those that were set as sticky using the REST API.
- An enhancement has been made so that when the number of ingest partitions is increased, fresh partitions are assigned to all non-idle datasources based on the new set of partitions. Before this change only new datasources (new tag combinations) would be using the new partitions. The auto-balancing does not start if there are nodes in the cluster running versions prior to 1.78.0.

Bug Fixes

UI Changes
- When exporting a dashboard, alert or scheduled search as a template, the labels' field was missing in the exported YAML.
  For more information, see Managing Alerts, Scheduled Searches, Dashboards & Widgets.
- Double-clicking in the Event List would open the Inspection Panel instead of making a text selection. It now correctly selects the word being double-clicked.
Automation and Alerts
- A typo has been fixed in message ActionWithIdNotFound.
GraphQL API
- Pending deletes that would cause nodes to fail to start, reporting a NullPointerException, have been fixed.
Dashboards and Widgets
- A newly added, unconfigured dashboard parameter could not be deleted again. This issue has been fixed.
Other
- Ensure we keep hosts listed in the query partition table up to date as those hosts restart. This should prevent an issue where removing too many nodes from a cluster could prevent queries from running.
- Prevent nodes configured not to run queries from starting queries locally in the case where the query request can't be proxied.
- When making updates to the query partition table, only change partitions with dead nodes. This should allow queries to continue without requiring resubmit when a previously unknown node joins the cluster.
- Fixed ingest-only nodes that would fail all requests to /dataspaces and /repositories.

Falcon LogScale 1.77.0 Preview (2023-02-14)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.77.0

Preview

2023-02-14

Cloud

On-Prem

2024-04-30

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Ingestion
It is no longer possible to list ingest tokens for system repositories.

Improvements, new features and functionality

UI Changes
- Filtering and group-by icons have been added to the Fields Panel and Inspection Panel detail views.
Documentation
- The new Template Language reference information section has been added.
Dashboards and Widgets
- Hold ⇧ (Shift) to show unformatted values. Hold ⌥ (Alt on Windows or Option on Mac) to show full legend labels.
- startTime, endTime, and parameter variables are now also available when working with Template Language expressions on the Search page.
Functions
- Introduced the array:reduceAll() function.
  As other released Array Query Functions, it requires square braces.
Other
- Ephemeral nodes are automatically removed from the cluster if they are offline for too long (2 hours by default).
- Adding more Repositories & Views to a group is now done inside a dialog.
Packages
- Repository interactions are now supported in Packages. When exporting a package with dashboard link interactions referencing a dashboard also included in the package, then that reference will be updated to reflect this in the resulting zip file.

Bug Fixes

Dashboards and Widgets
- When importing a dashboard from a template, some widget options (including LegendPosition) were being ignored and reverted to their default value.
- The Table widget is able to display any search result, yet in the widget dropdown, it would often say "Incompatible". It now indicates compatibility. For event type results, the Event List visualisation will still be preferred and auto selected.
- When using the Export as template functionality, the label field was missing in the exported YAML.
  For more information, see Dashboards & Widgets.
- If you clone a widget and click Edit in Search View, you would be asked to discard your changes before editing, causing confusion. Now, Edit in Search View is not available until you save or discard using the buttons in the top bar.
  For more information, see Managing Widgets, Managing Widgets.
- The Scatter Chart widget visualization would under some conditions claim to be compatible with any result that has 3 or more fields. Yet it would not display anything unless the actual data was numeric. The Scatter Chart visualization now properly detects compatibility and ignores any non-numeric fields in the query result.
Functions
- The collect() function has been fixed in that its limit parameter was not being obeyed. This would lead to inconsistent results when there were more values to collect than what specified in the limit.
Other
- Nodes are now considered ephemeral only if they set USING_EPHEMERAL_DISKS to true. Previously, they were ephemeral if they either set that configuration, or if they were using the httponly node role.
- Job-to-node assignment in Logscale has been reworked. Jobs that only needed to run on a subset of nodes in the cluster — such as the job for firing alert notifications or the job enforcing retention settings — would previously select which hosts were responsible for executing the job based on the segment storage table.
  The selection is now based on consistent hashing, which means the job assignments should automatically follow the set of live nodes.
  It is possible to observe where a given job is running based on logs found with the query class=*JobAssignments*.
- Fixing minisegment downloads during queries, as they could cause download retries to fail spuriously, even if the download actually succeeded.
- Linked to the correct SaaS eula for SaaS customers.
- Timeout from publish to global topic in Kafka has been fixed, as it resulted in marking input segments for merge as broken temporarily.
- Fixing minisegment fetches as they failed to complete properly during queries, if the number of minisegments involved was too large.

Falcon LogScale 1.76.5 Stable (2023-07-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.76.5

Stable

2023-07-04

Cloud

On-Prem

2024-02-28

No

1.44.0

11

No

TAR Checksum	Value
MD5	78d4ef92b3bd402d031e960f9693930d
SHA1	37283886b67fdee02b27254d842721654eaf248a
SHA256	e17d9e3ca998d00d0b17e9eae5802b1f2155994e678821b20a07754ef0982e8c
SHA512	db232a4058dc81ab97f306872441686d95e29bafdaf67f571bdc42ef7aaad267d9e56444ea23c9d37868ffc6c0e9286e650cee39fe1eead827f5bba0ffd5fe68

Docker Image	SHA256 Checksum
humio	dbc00dbca27fc9dfc119fe2e56c2413fec71cc3f9ddc18a3c3c14d61258c67d7
humio-core	bc6832bbc6d349d4513d18e4aae7c56f5f649ed4c39bbc9440e588a05ef471d8
kafka	d6772836c29001ddb614323802a4cbdbb93de6426af71caf34e49b5abba39f68
zookeeper	46e8c5876ba32632f8e4868a7f6dc366c1c928ce761553fbbd517c5603947d4d

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.5/server-1.76.5.tar.gz

Bug fix and updates.

Advanced Warning
The following items are due to change in a future release.

Bug Fixes

UI Changes
- Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.
Other
- Fixed an issue where searching within small subsets of the latest 24 hours in combination with hash filters could result in events that belonged in the time range to not be included in the result. The visible symptom was that narrowing the search span provided more hits.

Falcon LogScale 1.76.4 Stable (2023-06-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.76.4

Stable

2023-06-22

Cloud

On-Prem

2024-02-28

No

1.44.0

11

No

TAR Checksum	Value
MD5	db953465da81f218ea623eda9eb1bbe0
SHA1	2a8103e67e25f5875b0d9fb64df7b200553e2e2a
SHA256	c9ea2a7accd3e68b4a38dadc8a4a2db61551501d5faf13fa45422fd62433a9ed
SHA512	04f3e5f98eea9fb40c9af0ca3bf00ed1941dd54d6ab2d3fc030d9ea98fca735a5fc9a9aa3d83dc5d66a47955c0242ba78dca291321c6b53880a7239d1831c259

Docker Image	SHA256 Checksum
humio	764db9a8db6139b18f8e6757c1bfd8b3adfe61cfae07f923a453a1fbe7831fe7
humio-core	a885340105544d8054463717a4457cc6cda3b42bdcb5df12a830677b8a232803
kafka	92250700f7357110151726ebbe1cb38f63534c25e24566ffdb5f3d9c042158f3
zookeeper	76417a09f8e5bfcbf647ade6456acce088c5dcb4cb7be02686dcc6c2a30b616e

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.4/server-1.76.4.tar.gz

Security fixes.

Advanced Warning
The following items are due to change in a future release.

Bug Fixes

Security
- Verified that LogScale does not use the affected Akka dependency component in CVE-2023-31442 by default, and have taken additional precautions to notify customers.
  For:
  LogScale Cloud/Falcon Long Term Repository:
  This CVE does not impact LogScale Cloud or LTR customers.
  LogScale Self-Hosted:
  Exposure to risk:
  Potential risk is only present if a self hosted customer has modified the Akka parameters to a non default value of akka.io.dns.resolver = async-dns during initial setup.
  By default LogScale does not use this configuration parameter.
  CrowdStrike has never recommended custom Akka parameters. We recommend using default values for all parameters.
  Steps to mitigate:
  Setting akka.io.dns.resolver to default value (inet-address) will mitigate the potential risk.
  On versions older than 1.92.0:
  Unset the custom Akka configuration. Refer to Akka documentation for more information on how to unset or pass a different value to the parameter here.
  CrowdStrike recommends upgrading LogScale to 1.92.x or higher versions.

Falcon LogScale 1.76.3 Stable (2023-04-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.76.3

Stable

2023-04-27

Cloud

On-Prem

2024-02-28

No

1.44.0

11

No

TAR Checksum	Value
MD5	1e3ae5bfd9e5f5678fe34f0665148868
SHA1	cafadf95ebeb23f145b263f9e05c7721a8a6d378
SHA256	7e532c0071874b5924b2d46c95e884c85f61de82eae228015a0c19f988f7311b
SHA512	f7b5ab273c7700554eece6798ebd8eb99cf4baf1e978d17b4dc92bb57f7d8001c0c03d0e03572007853ead7c63ea10191e4291d3abe6adfe18a46a3b7b5063fe

Docker Image	SHA256 Checksum
humio	21ff13996def725123764b56f9e9f3a563d4988b2f24f877abae4341db2eb3e9
humio-core	e848a7cdbc6d65eeb5bd33eaca3e5b697d2f477e41de294a729382ceaf383aa0
kafka	395dd3f4cf6cc2a0bd02600bf7a08cadc2a840787727f77cb59e89833a48cd97
zookeeper	da46f56b5bcbf620c2d3e699c113a6bde0655028ed6ea6695663b7fecd479d3f

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.3/server-1.76.3.tar.gz

Bug fix.

Advanced Warning
The following items are due to change in a future release.

Bug Fixes

Other
- Fixed an issue with API Explorer that could fail to load in some configurations when using cookie authentication.

Falcon LogScale 1.76.2 Stable (2023-03-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.76.2

Stable

2023-03-06

Cloud

On-Prem

2024-02-28

No

1.44.0

11

No

TAR Checksum	Value
MD5	6e3ffd1b9c487b41516d3aca0952c9d5
SHA1	02832eec0f41358be3e956d7e9dbab87da190d2e
SHA256	1289683afb0666dbba0c7340b05d1d8ecbdd4f32ed69924108e5065d435f0fc1
SHA512	6d25eefba440ad98e76721945ac0cc12a02e1cd53ae1b1a35acd1b4b2abfe675583bdedaadefb44a12564680f507709541d43de116907fdc08a1f0a7a2f0d3b9

Docker Image	SHA256 Checksum
humio	ccde946345dfc1fe39bd0e36bc80fff02c67791241ecbfb2848842215c505b57
humio-core	52bb05ccf27c04c842b307e2b895eb3bd296e40058c992bb8b898027c49595f2
kafka	37e166cfeacd8ceae63929368c7d6a86560a9bc1a5b0ee174d775ef636f9a223
zookeeper	0021b13408d1fad0b2644ddad81dce83af0fa2fd885b411526a365913b794f39

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.2/server-1.76.2.tar.gz

Security fix.

Advanced Warning
The following items are due to change in a future release.

Upgrades
Changes that may occur or be required during an upgrade.
Other
Kafka client has been upgraded to 3.4.0.
Kafka broker has been upgraded to 3.4.0 in the Kafka container.
The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.

Falcon LogScale 1.76.1 Stable (2023-02-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.76.1

Stable

2023-02-27

Cloud

On-Prem

2024-02-28

No

1.44.0

11

No

TAR Checksum	Value
MD5	5c03162eebeb9c4fe028bce4140da4d9
SHA1	56459772d2c7f5c2d21be6650d473bfee0893ab1
SHA256	04c067f721cb6a3bf3e74ce10d2bda8a12a3ede05c6b181af8a074a430321bfc
SHA512	71e330f43a0825c70bf0fd8b1c3c82cedc554aab87316a906a72c813697c930be58eef2bffe049ff28f13bd0d4b44700e8fd7a54e796724acdf4c063c5c4508c

Docker Image	SHA256 Checksum
humio	e4a730e769cb84cea8be642eb352763e6596caa249a95857de9052cc4b83ddb4
humio-core	148d662610e09163ce581487ebdec4519960e9f332473b100cd3c6466d52943b
kafka	c717b3b0c5087cb746bde5381419bf5cc31532a1756f2463ff31477374b89a4a
zookeeper	2b228e05f97e8946c323fa40060102de41210e5e38733ffb3dd0b353259c37d3

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.1/server-1.76.1.tar.gz

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Configuration
Starting from 1.78 release, the default value for the MAX_INGEST_REQUEST_SIZE configuration will be reduced from 1 GB to 32 MB.
This value limits the size of ingest request and rejects oversized requests.
If the request is compressed within HTTP, then this restricts the size after decompressing.

Removed
Items that have been removed as of this release.
API
Removed the API for managing ingest tokens. This has long been deprecated and replaced by a GraphQL API.

Deprecation
Items that have been deprecated and may be removed in a future release.
The REST endpoint for testing actions has been deprecated. api/v1/repositories/repoId/alertnotifiers/actionId/test has been deprecated. The new GraphQL mutations should be used instead.

Upgrades
Changes that may occur or be required during an upgrade.
Other
Java upgraded to 17.0.6 in Docker containers
Kafka upgraded to 3.3.2 for KAFKA-14379
Kafka client upgraded to 3.3.2
Kafka Docker container upgraded to 3.3.2
Packages
Optimizations in package handling require migration of data during upgrade. This migration is performed automatically. Please notice:
While the upgrade of cluster nodes are ongoing, we recommend you do not install or update any packages, as they may end up in an inconsistent state.
If a package ends up in a bad state during migration, it can be fixed simply by reinstalling the package.
You will potentially experience that accessing the list of installed packages will fail, and creating new dashboards, alerts, parsers, etc. based on package templates will not work as intended.
This should only happen during the cluster upgrade, and should resolve itself once the cluster is fully upgraded.
If the cluster nodes are downgraded, any packages installed or updated while running the new version will not work, and we therefore recommend uninstalling or downgrading those packages prior to downgrading the cluster nodes.

Improvements, new features and functionality

UI Changes
- Changes have been made for the three-dot menu (⋮) used for Field Interactions:
  - It is now available from the Fields Panel and the Inspection Panel, see Searching Data.
  - Keyboard navigation has been improved.
  - For field interactions with live queries, the Fields Panel flyout will now display a fixed list of top values, keeping the values from the point in time when the menu was opened.
- Introduced Search Interactions to add custom event list options for all users in a repository.
  For more information, see Event List Interactions.
- Event List Interactions are now sorted by name and repository name by default.
- Tabs on the Users page are renamed: former Groups and Permissions tab is now renamed to Permissions; former Details tab is now renamed to Information. In addition, the Permissions tab is now displayed first — it is also the tab that will be opened by default when navigating to a user from other places in the product. See Managing Users & Permissions for a description of roles and permissions in the UI.
- The Search page now supports timezone picking e.g. +02:00 Copenhagen. The timezone will be set on the users' session and remembered between pages.
  For more information, see Setting Time Zone.
- You can now set your preferred timezone under Manage your Account.
- Suggestions in Search Box will show for certains function parameters like time formats.
- Known field names are now shown as completion suggestions in Search Box while you type.
Automation and Alerts
- The list of Message Templates and Variables is no longer shown in the User Interface when editing Actions, instead a link to the documentation has been added.
GraphQL API
- GraphQL API mutations have been added for testing actions without having to save them first. The added mutations are:
  - testEmailAction
  - testHumioRepoAction
  - testOpsGenieAction
  - testPagerDutyAction
  - testSlackAction
  - testSlackPostMessageAction
  - testUploadFileAction
  - testVictorOpsAction
  - testWebhookAction
  The previous testAction mutation has been removed.
  The new GraphQL API mutations' signature is almost the same as the create mutation for the same action, except that test actions require event data and a trigger name, as the previous testAction mutation did.
  As a consequence, the Test button is now always enabled in the UI.
Configuration
- The ability to keep the same merge target across digest changes is reintroduced. This feature was reverted in an earlier release due to a discovered issue where mini segments for an active merge target could end up spread across hosts. As that issue has been fixed, mini segments should now be stored on the hosts running digest for the target.
- A new environment configuration variable GLOB_ALLOW_LIST_EMAIL_ACTIONS is introduced. It enables cluster-wide blocking of recipients of Action Type: Email actions that are not in the provided allow list.
- New dynamic configuration FlushSegmentsAndGlobalOnShutdown. When set, and when USING_EPHEMERAL_DISKS is set to true, forces all in-progress segments to be closed and uploaded to bucket, and also forces a write (and upload) of global snapshot during shutdown. When not set, this avoids the extra work and thus time shutting down from flushing very recent segments, as those can then be resumed on next boot, assuming that next boot continues on the same Kafka epoch. The default is false, which allows faster shutdown.
Dashboards and Widgets
- It is now possible to set a temporary timezone in dashboards, which will be read from the URL on page load e.g. tz=Europe%2FCopenhagen.
  For more information, see Time Interval Settings.
- The Single Value widget now supports interactions on both the Search and Dashboard page. See Managing Dashboard Interactions for more details on interactions.
- Introduced Dashboards Interactions to add interactive elements to your dashboards.
  For more information, see Managing Dashboard Interactions.
Log Collector
- LogScale Collector Managing your Fleet now supports remote configuration of LogScale Collectors. This gives an administrator the option of managing the configuration of LogScale Collector instances in LogScale, instead of managing configuration files directly on the device where Falcon LogScale Collector is installed.
  For more information, see LogScale Collector Managing your Fleet, LogScale Collector Releases.
Functions
- Queries containing a join() function no longer run truly live when the query is set to Live. Instead, these queries will run repeatedly at intervals determined by the query engine.
  For more information, see Errors when Using Live join() Functions, Widgets with Live join() Functions, join(), Special Behaviour for Live Joins.
- default() now supports assigning the same value to multiple fields, by passing multiple field names to the field parameter.
- The query function holtwinters() has been removed from the product.
- Using ioc:lookup() in a query while the IOC service is disabled will now result in a failed query instead of a warning, stating that there are partial results.
- selectLast() and groupBy() now use less state size, allowing for larger result sets.
- The performance of in() is improved when matching with values that do not use the * wildcard.
Other
- "Sticky" autoshards no longer mean that the system cannot tune their value, but only that it cannot decrease the number of shards; the cluster is allowed to raise the number of shards on datasources when it needs to, also for those that were set as sticky using the REST API.
- When creating a new group you now have to add the group and add permissions for it in the same multi step dialog.
- Ephemeral nodes are automatically removed from the cluster if they are offline for too long (2 hours by default).

Bug Fixes

UI Changes
- Fixed an issue that made switching UI theme report an error and only take effect for the current session.
- Fixed an issue where the dashboard page would freeze when the value of a dashboard parameter was changed.
- Fixed the UI as it were not showing an error when a query gets blocked due to query quota settings.
- We have fixed tooltips in the query editor, which were hidden by other elements in the UI.
Automation and Alerts
- For self-hosted: Action Type: Postmark for sending emails from Actions no longer uses the IP filter, allowing administrators not to put Action Type: Postmark on the IP allowlist.
GraphQL API
- Pending deletes that would cause nodes to fail to start, reporting a NullPointerException, have been fixed.
Configuration
- Fixed an issue where the IOC database could get out of sync. The IOC database will be re-downloaded upon upgrade, therefore IOCs won't be completely available for a while after the upgrade.
- Removed compression type extreme for configuration COMPRESSION_TYPE. Specifying extreme will now select the default value of high in order not to cause configuration errors for clusters that specify extreme. The suggestion is to remove COMPRESSION_TYPE from your configurations unless you specify the only other non-default value of fast.
Functions
- Queries ending with tail() will no longer be rendered with infinite scroll.
Other
- Fixed a failing require from MiniSegmentsAsTargetSegmentReader, causing queries to fail in very rare cases.
- Fixed an issue for the ingest API that made it possible to ingest into system repositories.
- Nodes are now considered ephemeral only if they set USING_EPHEMERAL_DISKS to true. Previously, they were ephemeral if they either set that configuration, or if they were using the httponly node role.
- Fixing minisegment downloads during queries, as they could cause download retries to fail spuriously, even if the download actually succeeded.
- We have set a maximum number of events that we will parse under a single timeout so large batches are allowed to take longer. If you've seen parsers time out not because the parser is actually slow but because you were processing many events in a single batch, this change should cause that stop happening. Only parsers that are genuinely slow should now time out.
- Fixed an issue where the query scheduling could hit races with the background recompression of files in a way that resulted in the query missing the file and ending up adding warnings about segment files being missed by the query.
- Timeout from publish to global topic in Kafka has been fixed, as it resulted in marking input segments for merge as broken temporarily.
- Fixing minisegment fetches as they failed to complete properly during queries, if the number of minisegments involved was too large.
- We have reduced the noise from MiniSegmentMergeLatencyLoggerJob by being more conservative about when we log mini segments that are unexpectedly not being merged. We have made MiniSegmentMergeLatencyLoggerJob take datasource idleness into account.

Falcon LogScale 1.76.0 Preview (2023-02-07)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.76.0

Preview

2023-02-07

Cloud

On-Prem

2024-02-28

No

1.44.0

11

No

Bug fixes and updates.

Advanced Warning
The following items are due to change in a future release.
Configuration
Starting from 1.78 release, the default value for the MAX_INGEST_REQUEST_SIZE configuration will be reduced from 1 GB to 32 MB.
This value limits the size of ingest request and rejects oversized requests.
If the request is compressed within HTTP, then this restricts the size after decompressing.

Removed
Items that have been removed as of this release.
API
Removed the API for managing ingest tokens. This has long been deprecated and replaced by a GraphQL API.

Improvements, new features and functionality

UI Changes
- Event List Interactions are now sorted by name and repository name by default.
Dashboards and Widgets
- It is now possible to set a temporary timezone in dashboards, which will be read from the URL on page load e.g. tz=Europe%2FCopenhagen.
  For more information, see Time Interval Settings.
- The Single Value widget now supports interactions on both the Search and Dashboard page. See Managing Dashboard Interactions for more details on interactions.
Log Collector
- LogScale Collector Managing your Fleet now supports remote configuration of LogScale Collectors. This gives an administrator the option of managing the configuration of LogScale Collector instances in LogScale, instead of managing configuration files directly on the device where Falcon LogScale Collector is installed.
  For more information, see LogScale Collector Managing your Fleet, LogScale Collector Releases.
Functions
- Queries containing a join() function no longer run truly live when the query is set to Live. Instead, these queries will run repeatedly at intervals determined by the query engine.
  For more information, see Errors when Using Live join() Functions, Widgets with Live join() Functions, join(), Special Behaviour for Live Joins.

Bug Fixes

Other
- Fixed an issue for the ingest API that made it possible to ingest into system repositories.

Falcon LogScale 1.75.0 Preview (2023-01-31)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.75.0

Preview

2023-01-31

Cloud

On-Prem

2024-02-28

No

1.44.0

11

No

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The REST endpoint for testing actions has been deprecated. api/v1/repositories/repoId/alertnotifiers/actionId/test has been deprecated. The new GraphQL mutations should be used instead.

Upgrades
Changes that may occur or be required during an upgrade.
Other
Java upgraded to 17.0.6 in Docker containers
Kafka upgraded to 3.3.2 for KAFKA-14379
Kafka client upgraded to 3.3.2
Kafka Docker container upgraded to 3.3.2

Improvements, new features and functionality

UI Changes
- Introduced Search Interactions to add custom event list options for all users in a repository.
  For more information, see Event List Interactions.
- The Search page now supports timezone picking e.g. +02:00 Copenhagen. The timezone will be set on the users' session and remembered between pages.
  For more information, see Setting Time Zone.
- You can now set your preferred timezone under Manage your Account.
- Suggestions in Search Box will show for certains function parameters like time formats.
- Known field names are now shown as completion suggestions in Search Box while you type.
GraphQL API
- GraphQL API mutations have been added for testing actions without having to save them first. The added mutations are:
  - testEmailAction
  - testHumioRepoAction
  - testOpsGenieAction
  - testPagerDutyAction
  - testSlackAction
  - testSlackPostMessageAction
  - testUploadFileAction
  - testVictorOpsAction
  - testWebhookAction
  The previous testAction mutation has been removed.
  The new GraphQL API mutations' signature is almost the same as the create mutation for the same action, except that test actions require event data and a trigger name, as the previous testAction mutation did.
  As a consequence, the Test button is now always enabled in the UI.
Dashboards and Widgets
- Introduced Dashboards Interactions to add interactive elements to your dashboards.
  For more information, see Managing Dashboard Interactions.
Functions
- default() now supports assigning the same value to multiple fields, by passing multiple field names to the field parameter.
- selectLast() and groupBy() now use less state size, allowing for larger result sets.
- The performance of in() is improved when matching with values that do not use the * wildcard.

Bug Fixes

UI Changes
- Fixed an issue that made switching UI theme report an error and only take effect for the current session.
- Fixed the UI as it were not showing an error when a query gets blocked due to query quota settings.
Automation and Alerts
- For self-hosted: Action Type: Postmark for sending emails from Actions no longer uses the IP filter, allowing administrators not to put Action Type: Postmark on the IP allowlist.
Functions
- Queries ending with tail() will no longer be rendered with infinite scroll.
Other
- Fixed a failing require from MiniSegmentsAsTargetSegmentReader, causing queries to fail in very rare cases.
- Unlimited waits for nodes to get in sync has been fixed. This caused digest coordination to fail, to limit the time allowed for a node to get "in sync" on a partition before leadership was assigned to it, in cases where the previous digest leader shut down gracefully.

Falcon LogScale 1.74.0 Preview (2023-01-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.74.0

Preview

2023-01-24

Cloud

On-Prem

2024-02-28

No

1.44.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

UI Changes
- Changes have been made for the three-dot menu (⋮) used for Field Interactions:
  - It is now available from the Fields Panel and the Inspection Panel, see Searching Data.
  - Keyboard navigation has been improved.
  - For field interactions with live queries, the Fields Panel flyout will now display a fixed list of top values, keeping the values from the point in time when the menu was opened.
Automation and Alerts
- The list of Message Templates and Variables is no longer shown in the User Interface when editing Actions, instead a link to the documentation has been added.
Configuration
- A new environment configuration variable GLOB_ALLOW_LIST_EMAIL_ACTIONS is introduced. It enables cluster-wide blocking of recipients of Action Type: Email actions that are not in the provided allow list.
Other
- When creating a new group you now have to add the group and add permissions for it in the same multi step dialog.

Bug Fixes

UI Changes
- Fixed an issue where the dashboard page would freeze when the value of a dashboard parameter was changed.
- We have fixed tooltips in the query editor, which were hidden by other elements in the UI.
Configuration
- Some restrictions have been introduced when running with single-user as AUTHENTICATION_METHOD:
  - Starting on a machine that already has multiple users will not delete them, but you will be unable to create additional users.
  - Running AUTHENTICATION_METHOD=single-user with multiple users will pick the best candidate based on username and privilege.
- Fixed an issue where the environment variable OIDC_USE_HTTP_PROXY was not respected. It means that LogScale will now call all OIDC endpoints directly without going through the HTTP Proxy, when OIDC_USE_HTTP_PROXY is set to false.
  This fixes the known issue previously reported in Falcon LogScale 1.63.1 Stable (2022-11-14), Falcon LogScale 1.63.2 Stable (2022-11-30), Falcon LogScale 1.63.3 Stable (2022-12-21) and Falcon LogScale 1.70.0 Stable (2023-01-16).
Other
- We have set a maximum number of events that we will parse under a single timeout so large batches are allowed to take longer. If you've seen parsers time out not because the parser is actually slow but because you were processing many events in a single batch, this change should cause that stop happening. Only parsers that are genuinely slow should now time out.

Falcon LogScale 1.73.0 Preview (2023-01-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.73.0

Preview

2023-01-17

Cloud

On-Prem

2024-02-28

No

1.44.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

Functions
- The query function holtwinters() has been removed from the product.
- Using ioc:lookup() in a query while the IOC service is disabled will now result in a failed query instead of a warning, stating that there are partial results.

Bug Fixes

Other
- We have reduced the noise from MiniSegmentMergeLatencyLoggerJob by being more conservative about when we log mini segments that are unexpectedly not being merged. We have made MiniSegmentMergeLatencyLoggerJob take datasource idleness into account.

Falcon LogScale 1.72.0 Preview (2023-01-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.72.0

Preview

2023-01-10

Cloud

On-Prem

2024-02-28

No

1.44.0

11

No

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The query function holtwinters() is now deprecated and will be removed along with the release of future version 1.73; therefore, its usage in alerts is not recommended.

Bug Fixes

Configuration
- Removed compression type extreme for configuration COMPRESSION_TYPE. Specifying extreme will now select the default value of high in order not to cause configuration errors for clusters that specify extreme. The suggestion is to remove COMPRESSION_TYPE from your configurations unless you specify the only other non-default value of fast.
Other
- Fixed an issue where the query scheduling could hit races with the background recompression of files in a way that resulted in the query missing the file and ending up adding warnings about segment files being missed by the query.

Falcon LogScale 1.71.0 Preview (2023-01-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.71.0

Preview

2023-01-03

Cloud

On-Prem

2024-02-28

No

1.44.0

11

No

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The query function holtwinters() is now deprecated and will be removed along with the release of future version 1.73; therefore, its usage in alerts is not recommended.

Upgrades
Changes that may occur or be required during an upgrade.
Packages
Optimizations in package handling require migration of data during upgrade. This migration is performed automatically. Please notice:
While the upgrade of cluster nodes are ongoing, we recommend you do not install or update any packages, as they may end up in an inconsistent state.
If a package ends up in a bad state during migration, it can be fixed simply by reinstalling the package.
You will potentially experience that accessing the list of installed packages will fail, and creating new dashboards, alerts, parsers, etc. based on package templates will not work as intended.
This should only happen during the cluster upgrade, and should resolve itself once the cluster is fully upgraded.
If the cluster nodes are downgraded, any packages installed or updated while running the new version will not work, and we therefore recommend uninstalling or downgrading those packages prior to downgrading the cluster nodes.

Improvements, new features and functionality

UI Changes
- Tabs on the Users page are renamed: former Groups and Permissions tab is now renamed to Permissions; former Details tab is now renamed to Information. In addition, the Permissions tab is now displayed first — it is also the tab that will be opened by default when navigating to a user from other places in the product. See Managing Users & Permissions for a description of roles and permissions in the UI.
Configuration
- The ability to keep the same merge target across digest changes is reintroduced. This feature was reverted in an earlier release due to a discovered issue where mini segments for an active merge target could end up spread across hosts. As that issue has been fixed, mini segments should now be stored on the hosts running digest for the target.
- New dynamic configuration FlushSegmentsAndGlobalOnShutdown. When set, and when USING_EPHEMERAL_DISKS is set to true, forces all in-progress segments to be closed and uploaded to bucket, and also forces a write (and upload) of global snapshot during shutdown. When not set, this avoids the extra work and thus time shutting down from flushing very recent segments, as those can then be resumed on next boot, assuming that next boot continues on the same Kafka epoch. The default is false, which allows faster shutdown.

Bug Fixes

Configuration
- Fixed an issue where the IOC database could get out of sync. The IOC database will be re-downloaded upon upgrade, therefore IOCs won't be completely available for a while after the upgrade.

Falcon LogScale 1.70.2 Stable (2023-03-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.70.2

Stable

2023-03-06

Cloud

On-Prem

2024-01-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	be3b24f591693dae272c029c64172f9b
SHA1	1ba350d80532d655a8f16585e2442a306e9bd163
SHA256	b44d38ad5ebbc0a8765df609e1fab85ab0421ea4f298e766d5ae042862b4dfe5
SHA512	fdc39cf36ac6ce8f88ceb78d7728cb6beebfae56faa54eef724b8154fac5e4cafee5118621ef2234eb080533243ebe06ef8b0a2f78aa1945f7fc21ccd7e9b010

Docker Image	SHA256 Checksum
humio	80df972f2666dfd6cd0f6d667fa5fa4c0d70da505475fb2feafc2f9ec758d2b2
humio-core	f4c2cc95de7ad66e6800fbceb1a22caee567b482dcf6b1181b7369c9aa7c86eb
kafka	737cbf227b96a304343f03ed168642ae24ea0ca5f6e3c754ebb26e482b6b887c
zookeeper	d45fc23dee3e9b4b8dd0be3a88baddba0fef08c21d77119b6d07254fbb34ee8c

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.70.2/server-1.70.2.tar.gz

Security fix and bug fixes.

Deprecation
Items that have been deprecated and may be removed in a future release.
The query function holtwinters() is now deprecated and will be removed along with the release of future version 1.73; therefore, its usage in alerts is not recommended.

Upgrades
Changes that may occur or be required during an upgrade.
Other
Kafka client has been upgraded to 3.4.0.
Kafka broker has been upgraded to 3.4.0 in the Kafka container.
The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.

Improvements, new features and functionality

Other
- Ephemeral nodes are automatically removed from the cluster if they are offline for too long (2 hours by default).

Bug Fixes

GraphQL API
- Pending deletes that would cause nodes to fail to start, reporting a NullPointerException, have been fixed.
Other
- Nodes are now considered ephemeral only if they set USING_EPHEMERAL_DISKS to true. Previously, they were ephemeral if they either set that configuration, or if they were using the httponly node role.
- Timeout from publish to global topic in Kafka has been fixed, as it resulted in marking input segments for merge as broken temporarily.

Falcon LogScale 1.70.1 Stable (2023-02-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.70.1

Stable

2023-02-01

Cloud

On-Prem

2024-01-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	e0aa0e799d3f5b3009ef9a636ad96c78
SHA1	06710b69230c442dc67ba137bd02613cb29b5224
SHA256	5ada1e5a56d73d1e2532378035c1eccf9fa476b5226ae6bdc9d7e29dc8b2ddc3
SHA512	e1768b9e41ef5940e2defbf10cc908b454ef6f67358b340fbcb648c5e91a98031b385cfcc242ee40ed33d4d17fb5e1eb7418abb287adbfe83e3827ae8e11a54f

Docker Image	SHA256 Checksum
humio	72a45d92e868e101a8bd2a7f20f83b37946761bfead3bce3bbb28a9ebf318a50
humio-core	f4c2cc95de7ad66e6800fbceb1a22caee567b482dcf6b1181b7369c9aa7c86eb
kafka	c8500740a3ead1d9e6b48df608b225ffd9c221263a9bcd5f2134b3ade89260ac
zookeeper	0b1155a324d0940f6c4aa3e3f2088cec5d8cd77e6883454c59a111028b7cfe82

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.70.1/server-1.70.1.tar.gz

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The query function holtwinters() is now deprecated and will be removed along with the release of future version 1.73; therefore, its usage in alerts is not recommended.

Bug Fixes

Configuration
- Some restrictions have been introduced when running with single-user as AUTHENTICATION_METHOD:
  - Starting on a machine that already has multiple users will not delete them, but you will be unable to create additional users.
  - Running AUTHENTICATION_METHOD=single-user with multiple users will pick the best candidate based on username and privilege.
- Fixed an issue where the environment variable OIDC_USE_HTTP_PROXY was not respected. It means that LogScale will now call all OIDC endpoints directly without going through the HTTP Proxy, when OIDC_USE_HTTP_PROXY is set to false.
  This fixes the known issue previously reported in Falcon LogScale 1.63.1 Stable (2022-11-14), Falcon LogScale 1.63.2 Stable (2022-11-30), Falcon LogScale 1.63.3 Stable (2022-12-21) and Falcon LogScale 1.70.0 Stable (2023-01-16).
Other
- Unlimited waits for nodes to get in sync has been fixed. This caused digest coordination to fail, to limit the time allowed for a node to get "in sync" on a partition before leadership was assigned to it, in cases where the previous digest leader shut down gracefully.

Falcon LogScale 1.70.0 Stable (2023-01-16)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.70.0

Stable

2023-01-16

Cloud

On-Prem

2024-01-31

No

1.44.0

11

No

TAR Checksum	Value
MD5	d9bb7d6cbb0ca0bda19849432c379edf
SHA1	b6c06ea11e89db8f31c68b1aa2ad278aad0fe433
SHA256	aaae7b77d39c82f5b6931f7be9da2e03ac7cb68bc7f246529562f3900bf23b02
SHA512	6370a6f003a2f2ac6f59fdbaa8d7578e2eae7658645bc97cc4ed5f3c75489c914cb09a35e8ca5a6b6203f8a084aac769bc6d9d9b7fd9547fa2cfe9cef6639f40

Docker Image	SHA256 Checksum
humio	9bdd95bb499feb635b2fa10e2ccc8d3738173998679e0b59852b61e9f9072b07
humio-core	8693b1c4fe80d51907f4b706e5f464ed990e365b50099ad8b6a8eb33d370b6cb
kafka	f22f369876933b93084f34d73014697b6cbae24c3d915e8fb590f2289f4361ce
zookeeper	b4bb9f58e8a519db4850e395824142fe62fe52f8fcf024de1001fd76481e63c7

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.70.0/server-1.70.0.tar.gz

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The following environment variables are deprecated as of this release. Their removal will be announced in a future version.
ZOOKEEPER_URL_FOR_NODE_UUID
ZOOKEEPER_URL
ZOOKEEPER_PREFIX_FOR_NODE_UUID
ZOOKEEPER_SESSIONTIMEOUT_FOR_NODE_UUID
The recommended steps for migrating off of Zookeeper are described in Falcon LogScale 1.70.0 Stable (2023-01-16).
Note
When using Operator and Kubernetes deployments, you must upgrade to 0.17.0 of operator to support migration away from the Zookeeper requirement. See Operator Version 0.17.0.
The query function holtwinters() is now deprecated and will be removed along with the release of future version 1.73; therefore, its usage in alerts is not recommended.

Upgrades
Changes that may occur or be required during an upgrade.
Installation and Deployment
We have enabled a new vhost selection method by default. The way hosts select their vhost number when joining the cluster has changed, the new logic is described at Node Identifiers documentation page.
The new logic does not depend on Zookeeper, even for clusters where nodes occasionally lose disk contents, such as Kubernetes. In order to smooth migration for clusters using Zookeeper, the new logic will still interact with Zookeeper to avoid nodes using a mix of new and old vhost code from fighting over the vhost numbers. This is only necessary while migrating.
The recommended steps for migrating off of Zookeeper are as follows:
Deploy the new LogScale version to all nodes.
Remove ZOOKEEPER_URL_FOR_NODE_UUID, ZOOKEEPER_URL, ZOOKEEPER_PREFIX_FOR_NODE_UUID, ZOOKEEPER_SESSIONTIMEOUT_FOR_NODE_UUID from the configuration for all nodes.
Reboot
Once rebooted, LogScale will no longer need Zookeeper directly, except as an indirect dependency of Kafka. Due to this, the 4 Zookeeper-related variables are deprecated as of this release and will be removed in a future version.
Since vhost numbers now change when a disk is wiped, cluster administrators for clusters using nodes where USING_EPHEMERAL_DISKS is set to true will need to ensure that the storage and digest partitioning tables are up to date as hosts join and leave the cluster. Updating the tables is handled automatically if using the Logscale Kubernetes operator, but for clusters that do not use this operator, cluster administrators should run scripts periodically to keep the storage and digest tables up to date. This is not a new requirement for ephemeral clusters, but we're providing a reminder here since it may be needed more frequently now.
The cluster GraphQL query can provide updated tables (the suggestedIngestPartitions and suggestedStoragePartitions fields), which can then be applied via the updateIngestPartitionScheme and updateStoragePartitionScheme GraphQL mutations.
Should you experience any issue in using this feature, you may opt out by setting NEW_VHOST_SELECTION_ENABLED=false. If you do this, please reach out to support with feedback, as we otherwise intend to remove the old vhost selection logic in the coming months.
Note
When using Operator and Kubernetes deployments, you must upgrade to 0.17.0 of operator to support migration away from the Zookeeper requirement. See Operator Version 0.17.0.

Improvements, new features and functionality

Dashboards and Widgets
- Added support for export and import of dashboards with query based widgets which use a fixed time window.
Other
- Add code to ensure all minisegments for the same target end up located on the same hosts. A change in 1.63 could create a situation where minisegments for the same merge target wound up on different nodes, which the query code currently assumes can't happen. This could cause Result is partial responses to user queries.
- New background task TagGroupingSuggestionsJob that reports on flow rate in repositories with many datasources on what it considers slow ones, controlled by configuration of segment sizes and flush intervals. The output in the log can be input to decision on add Tag Grouping to a repository to reduce the number of slow datasources.

Bug Fixes

Security
- Update Netty to address CVE-2022-41915.
Automation and Alerts
- Fixed a bug where a link in the notification for a failed alert would link to a non-existing page.
Dashboards and Widgets
- Fixed three bugs in the Bar Chart — where the sorting would be wrong with updating query results in the stacked version, flickering would occur when deselecting all series in the legend, and deselecting renamed series in the legend would not have any effect.
- Scatter Chart has been updated:
  - The x-axis would not update correctly with updated query results
  - The trend line toggle in the style panel was invisible.
- Fixed an issue with parameters in dashboards, where the values of a fixed list parameter would not have their order maintained when exporting and importing templates.
Other
- Fixed a bug where very long string literals in a regex could cause a query/parser to fail with a stack overflow.

Known Issues

Other
- OIDC known issue preventing login:
  if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
  Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.

Falcon LogScale 1.69.0 Preview (2022-12-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.69.0

Preview

2022-12-13

Cloud

On-Prem

2024-01-31

No

1.44.0

11

No

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The query function holtwinters() is now deprecated and will be removed along with the release of future version 1.73; therefore, its usage in alerts is not recommended.

Improvements, new features and functionality

Other
- Add support for GET+DELETE requests for queries by external Query ID without including the repository name in the URL. The new URL is /api/v1/queryjobs/QUERYID. Note that shared dashboard token authentication is not supported on this API. (The existing API on /api/v1/repositories/REPONAM/queryjobs/QUERYID remains unmodified and support POST requests for submit of queries.)
- Reduced CPU usage of background tasks for the case of high partition count and high datasource count.
- Add bounds to maximum number of active notifications per user.
- Added option to filter by group and role permission types in groupsPage and rolesPage queries.
- Throttle publish to global-events topic internally based on time spent in recent transactions of the same type (digest-related writes are not throttled). See details at new configuration variable GLOBAL_THROTTLE_PERCENTAGE page. Also see the metric global-operation-time for measurements of the time spent.

Bug Fixes

Other
- Allow creating Kafka topics even if a broker is down.
- LogScale no longer considers every host to be alive for a period after rebooting. Only hosts marked as running in global will be considered alive. This fixes an issue where a query coordinator might pointlessly direct queries to dead nodes because the coordinator had recently booted.

Falcon LogScale 1.68.0 Preview (2022-12-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.68.0

Preview

2022-12-06

Cloud

On-Prem

2024-01-31

No

1.44.0

11

No

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The query function holtwinters() is now deprecated and will be removed along with the release of future version 1.73; therefore, its usage in alerts is not recommended.

Improvements, new features and functionality

Falcon Data Replicator
- Enforcing S3 file size limits (30MB) in FDR feeds. Files will not be ingested if they are above the limit.
UI Changes
- Introduced the Social Login Settings feature: all customers with access to the organization identity providers page can now change social login settings in the UI. See Authentication & Identity Providers for details.
- No longer possible to add a color to roles. Existing role colors removed from the UI.
Automation and Alerts
- Improved performance when storing alert errors and trigger times in global.
Configuration
- Set dynamic configuration BucketStorageWriteVersion to 3. This sets the format for files written to bucket storage to use a format that allows files larger than 2GB and incurs less memory pressure when decrypting files during download from the bucket. The new format is supported since 1.44.0 only.
- Set minimum version for the cluster to be 1.44.0.
- Changed the default value for AUTHENTICATION_METHOD from none to single-user.
  To set username and password, use the environment variables:
  - SINGLE_USER_USERNAME — if not set, default is user.
  - SINGLE_USER_PASSWORD — if not set, a random password is generated.
  See SINGLE_USER_USERNAME and SINGLE_USER_PASSWORD documentation for more details on these variables.
Other
- Audit logging has been improved.
- New metric global-operation-time: tracks local time spent processing each kind of message received on the global events topic.

Bug Fixes

UI Changes
- The warning about unsaved changes being lost on an edited dashboard will now only show when actual changes have been made.
Other
- Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when version-for-bucket-writes=3. The bug did not allow to decrypt files larger than 2GB.
- Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.

Falcon LogScale 1.67.0 Preview (2022-11-29)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.67.0

Preview

2022-11-29

Cloud

On-Prem

2024-01-31

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

Functions
- A new query function named createEvents() has been released. This function creates events from strings and is used for testing queries.

Bug Fixes

UI Changes
- URL paths with repository name and no trailing /search resolved to Not Found. The URL /repoName will now again show the search page for the repoName repository.
- IP Location drilldowns now correctly use lat and lon field names instead of latitude and longitude .
Functions
- Bugs fixed for the collect() function, where:
  - The function mistakenly warned about exceeding its limit if the number of collected values was equal to the limit.
  - The limit parameter was not applied correctly.

Falcon LogScale 1.66.0 Preview (2022-11-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.66.0

Preview

2022-11-22

Cloud

On-Prem

2024-01-31

No

1.30.0

11

No

Yes

Bug fixes and updates.

Improvements, new features and functionality

Configuration
- Added a new configuration to control when digest coordination will permit a node that is not "in sync" and to set a time limit. See MAX_SECS_WAIT_FOR_SYNC_WHEN_CHANGING_DIGEST_LEADER for all the details.
Other
- Make adjustments to the HostsCleanerJob. It will now remove references to missing hosts in fewer writes, and will stop immediately if a host rejoins the cluster.

Bug Fixes

Functions
- Fixed a bug seen in version 1.65 where groupBy() on multiple fields would sometimes produce multiple rows for the same combination of keys.
Other
- Fixed an issue that could cause repeated unnecessary updates of currentHosts for some segments.
- Fixed a race where unavailable segments, due to nodes going away, would not become available again after nodes returning.
- Fixed an issue that could cause the error message Object is missing required member replicationFactor when downgrading from current versions to older versions. The error message is only a nuisance, since the object failing deserialization isn't in use in released code yet.
Packages
- Fixed an issue where deleting a parser through an update or uninstall of a package could fail in an unexpected way if the parser was used by an ingest listener or an FDR feed. Now, a proper error message will be shown.

Falcon LogScale 1.65.0 Preview (2022-11-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.65.0

Preview

2022-11-15

Cloud

On-Prem

2024-01-31

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

Security
- The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.
UI Changes
- The Repository icon has been changed to match the new look and feel.
- A new UI for event forwarders located under Organisation Settings now allows you to configure your event forwarders. See Event Forwarders for details.
Automation and Alerts
- Added a query editor warning (yellow wavy lines) for joins in alerts.
Configuration
- Added a new dynamic configuration UndersizedMergingRetentionPercentage, with a default value of 20. This configuration value is used when selecting undersized segments to merge, this setting controls how wide a time span can be merged together.
  The setting is interpreted as a percentage of the repository's retention by time setting. A reasonable range is 0 through to 90.
Other
- Docker images have been upgraded to Java 17.0.5.
- Audit logging for s3 archiving which tracks when it is enabled, disabled, configured, and restarted.
- Increased the limits for bucket. The maximum number of series has been raised from 50 to 500 and the maximum number of output events has been raised from 10,000 to 100,000.
- Avoid writing some messages to global if we can tell up-front that the message is unnecessary.
- Reduce the scope of a precondition for a particular write to global. This should reduce unnecessary transaction rejections when such writes are bulked together.

Bug Fixes

Configuration
- Fix some issues with the workings of the BUCKET_STORAGE_MULTIPLE_ENDPOINTS and S3_STORAGE_ENDPOINT_BASE configurations.
  The intent of this configuration is to allow users to configure buckets in multiple bucket services, for instance to allow migrating from AWS bucket storage to a local S3 service. When true, each bucket in global can have a separate endpoint configuration, as defined in S3_STORAGE_ENDPOINT_BASE and similar configurations. This allows an existing cluster running against AWS S3 to begin uploading segments to an on-prem S3 by switching the endpoint base, while still keeping access to existing segments in AWS.
  When false (default), the endpoint base configuration is applied to all existing buckets on boot. This is intended for cases where the base URL needs to be changed for all bucket, for instance due to the introduction of a proxy.
  The issue was that we were not consistently looking up endpoint urls in global for the relevant bucket, but instead simply used whichever endpoint url happened to be defined in configuration at the time. This has been fixed.
Other
- The SAML login to Humio using deeplinks now works correctly.
- When a host is removed from global, a job tries to clean up any references to it from other places in global, such as segments. Fixed a bug in this job that meant it didn't clean up references on segments that were tombstoned but not yet gone from global. This issue could block cleanup of those segments.
- Fixed a minor desynchronization issue related to idle datasources.
- Fixed a bug where interaction context menus did not update the query editor in Safari.

Falcon LogScale 1.64.0 Preview (2022-11-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.64.0

Preview

2022-11-01

Cloud

On-Prem

2024-01-31

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

Configuration
- Added new dynamic configuration for MaxIngestRequestSize to allow limiting size of ingest requests after content-encoding has been applied. The default can be set using the new configuration variable MAX_INGEST_REQUEST_SIZE, or applied via the dynamic configuration.
Dashboards and Widgets
- It is now possible to specify a dashboard by name in the URL. It is also possible to have dashboard ID as a parameter in order to have permanent links.
Functions
- Improved memory allocation for the query function split().
- Removed the restriction that case and match expressions cannot be used in subqueries.
- The query function split() now allows splitting arrays that contain arrays. For example, the event a[0][0]=1, a[1][0]=2 can now be split using split(a) produces two events: _index=0, a[0]=1' and '_index=1, a[0]=2.
- The query function join() now provides information to optimize the query.
- The query function in() has been improved w.r.t. performance when searching in tag fields.
Other
- In the internal request log, include decoded size of the request body after content-encoding has been applied in new field decodedContentLength. This allows inspecting compression ratio of incoming requests and range of values seen. Requests without compression have contentLength in this new field too.

Bug Fixes

UI Changes
- The Copy menu in the event Inspection Panel now copies text correctly again.
- Fixed a bug where a disabled item in the main menu could be clicked on and which would redirect to the homepage.
Functions
- Fixed an issue where percentile() would crash on invalid input.
- The query functions bucket(), holtwinters(), beta:repeating(), series(), session(), and window() wrongly accepted now as a duration. This error has been fixed.
Other
- Fixed an issue that could cause merged segments to appear to be missing after a restart, due to the datasource going idle.

Falcon LogScale 1.63.6 Stable (2023-03-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.63.6

Stable

2023-03-22

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

TAR Checksum	Value
MD5	c6a5dedd2c76d1ceb44984d2b6c249ee
SHA1	d45f31016599ea0c905c93cf731cb7d2fcd47a6c
SHA256	8c9d3dc61b1f8a2f392ff53dd88602abcdb04b3084c847f54f00e55887d561a2
SHA512	1a5db287ab19b1c3efe1a5c447e27d7d4d66834f608a777485ea2aec73c8f7963b816ffe7b29758285dd692adf11989be302c3863feda97e0962e723b42c7e5a

Docker Image	SHA256 Checksum
humio	8b20c3c128d786c6dd121bab5f6878129343d9d9967b855ed9d9825a13560cd6
humio-core	3d03504a00022115b7a581938dd8d0d7f96a583c57d02efdf15b4127971914df
kafka	6c9978f48ade34b4bb12f7e5862c556ba60e2650555db05ae36ac9abd44062ca
zookeeper	cad51c3f5959cd99609d6abdb28ea938b87942780567a462e897ba34e31d3679

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.6/server-1.63.6.tar.gz

Bug fix.

Bug Fixes

Other
- Fixed an issue with API Explorer that could fail to load in some configurations when using cookie authentication.

Falcon LogScale 1.63.5 Stable (2023-03-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.63.5

Stable

2023-03-06

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

TAR Checksum	Value
MD5	e4684d95d5cf279a36f9581d395dbd6b
SHA1	b179a38c49fb4d4c9b298ea867f69f97e1eb5dc8
SHA256	a0bfa4e22b5800a5ca2f117914d30a68df66fd1ddfe5452cc97960832e3714b8
SHA512	168dcec977536d77f3f793b811b41e483b6ca17b942d305953ce6099d1d01de7d7a14fa135681d330ef0ce5b9bff94457fba265064e838f1fedca49f8e032f3d

Docker Image	SHA256 Checksum
humio	c78c2e3e9b3956346aa8ad0b90b68ad42c17e25e22b2b45ad0c9d564aa6f6e29
humio-core	4811ddd5298fa41d7ccf123f83aa060d77a2583528208dfdfe6c98b298f931f3
kafka	adae65ce4cb90bf64fcef617d13d896a531f08cca8286b7241be62013f3c801a
zookeeper	4e146244b375c139e49e3247b24cdfd8adfded7a07b9dba074ebb68878033619

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.5/server-1.63.5.tar.gz

Security fix.

Upgrades
Changes that may occur or be required during an upgrade.
Other
Kafka client has been upgraded to 3.4.0.
Kafka broker has been upgraded to 3.4.0 in the Kafka container.
The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.

Falcon LogScale 1.63.4 Stable (2023-02-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.63.4

Stable

2023-02-01

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

TAR Checksum	Value
MD5	b8b3067213532194d2510cc1b12b1ed8
SHA1	5418f0926f51fafb413500fbdbb41df496a7fb0d
SHA256	994882158ac89800a9418fe8d2b51426dc794ec1fbc5dc1d365530c8449fefca
SHA512	262f662af3647d77352e1abe990be003f98a2abf50be0350b538ca8cc13ff56ec6414f3a045758d64bbf4e137918877fe56d70a1b3ef01e1405da4514742d66e

Docker Image	SHA256 Checksum
humio	8861250649894e744ecb070db48a50c5ffdf071f7bc26a3b1bc41970262da77e
humio-core	b310155c2958037385eb20527dad3bd10a0854c0761ef9991ca4c48d01074a42
kafka	4d9fb7715fd851192005c1cf8180e9ff9a27b84f58e720b36f4d4f3baa5a4449
zookeeper	d00d8999eb2880d7d0ef307210b7c5aa3949b2c16ec1d471af36d9344a8501c9

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.4/server-1.63.4.tar.gz

Bug fixes and updates.

Bug Fixes

Configuration
- Fixed an issue where the environment variable OIDC_USE_HTTP_PROXY was not respected. It means that LogScale will now call all OIDC endpoints directly without going through the HTTP Proxy, when OIDC_USE_HTTP_PROXY is set to false.
  This fixes the known issue previously reported in Falcon LogScale 1.63.1 Stable (2022-11-14), Falcon LogScale 1.63.2 Stable (2022-11-30), Falcon LogScale 1.63.3 Stable (2022-12-21) and Falcon LogScale 1.70.0 Stable (2023-01-16).
Other
- Unlimited waits for nodes to get in sync has been fixed. This caused digest coordination to fail, to limit the time allowed for a node to get "in sync" on a partition before leadership was assigned to it, in cases where the previous digest leader shut down gracefully.

Falcon LogScale 1.63.3 Stable (2022-12-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.63.3

Stable

2022-12-21

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

JAR Checksum	Value
MD5	74b7a4bc3143245a361537e572c5afb2
SHA1	ef312b1b71d041d1b9a4ebfd7ef5108c6fff24b3
SHA256	c7fe720697a9c624db9cc26268883b7389092c3c0dbc5541b643ff12cf62226d
SHA512	5fb5b6dee09abafc1f45b2cce0889e315cd1aa6fc79dd393bfb78eac5bd51047ada7670d65fe4bbc7908b0791c17048552eb03abf675fb70b74778b5142db523

Docker Image	SHA256 Checksum
humio	ba99848f525941344e972b9fddc437042aaaa851bbba6a10f3e54aebccafbe62
humio-core	ef99f9f84bfd3258f4abc92e6b3f1ec300003caaf93cb330a1a52f419e9e6e76
kafka	d96ae0f7043c57f0f1b0ae79a03d27fdb38854232f63dc341987158b6703b09f
zookeeper	357e3e93a78cc19e7d8aad157e6b1416c36fbf31153897d40adc9aa02b9b9b61

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.3/server-1.63.3.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

Other
- Add code to ensure all minisegments for the same target end up located on the same hosts. A change in 1.63 could create a situation where minisegments for the same merge target wound up on different nodes, which the query code currently assumes can't happen. This could cause Result is partial responses to user queries.

Bug Fixes

Security
- Update Netty to address CVE-2022-41915.
Automation and Alerts
- Fixed a bug where a link in the notification for a failed alert would link to a non-existing page.
Other
- Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when version-for-bucket-writes=3. The bug did not allow to decrypt files larger than 2GB.
- Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.

Known Issues

Other
- OIDC known issue preventing login:
  if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
  Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.

Falcon LogScale 1.63.2 Stable (2022-11-30)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.63.2

Stable

2022-11-30

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

JAR Checksum	Value
MD5	4b6142d1443af26cbe05f794f8fb65ec
SHA1	2d21db39a7d4de74df05aea99baab1ad5d5def35
SHA256	fe66c9be4aab6b027a5ebc5711fedaeee0aea088c7a20981dfdca07739325f1a
SHA512	efb7e6aaa4dbbfd1662552fb3f07b6895bcb2220b69da34a6deb228bd13b286a38ac470f436a0378fa24701d13094da3d3524ebd0f9580a9a599ca5c

Docker Image	SHA256 Checksum
humio	dd063817c4b302708422213deaa45ac8c799dfc199ae9dc8e80c18a12f882c28
humio-core	2f52662a0191e3723c65ac344b8aedb8a0b4a31f324823857fc2dcd13262c5e4
kafka	cfc1d3f130db496dff29c8c8bf3897253615b03521584bd1f3e17da7a398b67f
zookeeper	3d485ef41d36cbc71b583bee7153f75d660c2d1bf42c88fa6dbc21557eac0123

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.2/server-1.63.2.tar.gz

Bug fixes and updates.

Bug Fixes

UI Changes
- URL paths with repository name and no trailing /search resolved to Not Found. The URL /repoName will now again show the search page for the repoName repository.

Known Issues

Other
- OIDC known issue preventing login:
  if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
  Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.

Falcon LogScale 1.63.1 Stable (2022-11-14)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.63.1

Stable

2022-11-14

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.63.1/server-1.63.1.tar.gz

Bug fixes and updates.

Removed
Items that have been removed as of this release.
Installation and Deployment
Deprecated feature removal: the file-based backup feature was deprecated in 1.42.0 and is now removed from Humio. The following configs are no longer supported and will do nothing if set:
BACKUP_NAME
BACKUP_DIR
BACKUP_KEY
The DELETE_BACKUP_AFTER_MILLIS config is still supported, as it is used for configuring the delay between a file being marked for deletion in Humio, and that file being removed from bucket storage.

Improvements, new features and functionality

Security
- The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.
Falcon Data Replicator
- Added the new fileDownloadParallelism setting for FDR feeds to download files from the same SQS message in parallel. See Adjust Polling Nodes Per Feed for all the details.
UI Changes
- Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
- Change Humio logo to Falcon LogScale on login and signup pages.
- Interactions on JSON data now enabled for JSON arrays in the Event List.
- Parsing JSON arrays in drill-down context menus no longer adds a trailing dot to the prefix field name.
- The Single Value widget has updated properties:
  - New design for the toggle switch: it is now bigger and has a green/gray color profile instead of blue/gray.
  - The color profile of the displayed value by trend is now customizable.
- Following its name change, mentions of Humio have been changed to Falcon LogScale.
- Add Falcon LogScale announcement on login and signup pages.
- Contextual drill-down menus for field interactions have been introduced, see Field Interactions. In particular:
  - Fields in the Inspection Panel are now provided with Drill down and Copy context menu items, replacing the former + - GroupBy buttons, see updates at Inspecting Events.
  - The Fields Panel on the left-hand side of the User Interface is now provided with Drill down and Copy context menu items, replacing the former drill-down buttons in the field details flyout (when clicking a field in the fields menu). See updates at Displaying Fields.
  - Fields that have JSON, URL and Timestamps content will have a Parse drill-down option which will parse the field as a LogScale field.
    Parsing JSON will automatically use the field name as prefix for the new field name.
  - Fields containing numbers (currently JSON only) will have Sum, Max, Min, Max values, and Percentiles drill-down options.
Automation and Alerts
- Added two new message templates to actions, {query_start_s} and {query_end_s}. See Message Templates and Variables for details.
- Self-hosted only: the old implementation of how alert queries are run has been removed. As a consequence, the dynamic configuration UseLegacyAlertJob has also been removed.
GraphQL API
- Added new createDashboardFromTemplateV2 mutation with input parameters aligned with the rest of the create from template mutations.
Dashboards and Widgets
- JSON in Log Line and JSON formats columns in Event List widgets now have fields underlined on hover and are clickable. This allows drill-downs and copying values easily.
Functions
- QueryAPI — Added staticMetaData property to QueryJobStartedResult. At the moment it only contains the property executionMode, which can be used to communicate hints about the way the backend executes the query to the front-end.
- Improved the format():
  - Fixed an issue where the format() function would output the wrong amount of left padded zeros for decimal conversions.
  - Formatting large positive numbers as hex no longer causes a loss of bits for integers less than 2^63.
  - Formatting negative numbers as hex no longer produces unintelligible strings.
  - Fixed an issue where adding the # flag would not display the correct formatting string.
  - Fixed an issue where specifying the time/date modifier N would fail to parse.
  - Fixed an issue where supplying multiple fields required you to specify the index of the last field as an argument specifier.
  - Added a length specifier to allow for outputting fields as 32-bit integers instead of 64-bits.
  - Using the type specifier %F now tries to format the specified field as a floating point.
  See the format() reference documentation page for all the above mentioned updates on the supported formatting syntax.
- QueryAPI — executionModeHint renamed to executionMode.
- Introduced new valid array syntax in array:contains() and array:regex() functions:
  - Changed the expected format of the array parameter.
  - Changed these functions to no longer be experimental.
Other
- When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
- Add a script in the tarball distribution's bin directory to check the execution environment, checking common permission issues and other requirements for an environment suitable for running Logscale.
- Added a new dynamic configuration UndersizedMergingRetentionPercentage, with a default value of 20. This configuration value is used when selecting undersized segments to merge, this setting controls how wide a time span can be merged together.
  The setting is interpreted as a percentage of the repository's retention by time setting. A reasonable range is 0 through to 90.
- New background task that runs at startup. It verifies the checksums present in local segment files, traversing the most recently updated segment files on the local disk, using the timestamps they have when Humio status. If a file has invalid checksum it will be renamed to crc-error.X where X is the ID of the segment. An error will be logged as well.
- Add an additional validation check when uploading files to S3-like bucket storage. Humio will now perform a HEAD request for the file's final location in the bucket to verify that the upload succeeded.
- Added use of the HTTP Proxy Client Configuration, if configured, in a lot of places.
- Added a new ingest endpoint for receiving metrics and traces via OpenTelemetry OTLP/http. See OpenTelemetry for all the details.
- Empty datasource directories will be now removed from the local file system while starting the server.
- It's now possible to expand multiple bell notifications.
- Created new test function for event forwarders, which takes as input an event forwarder configuration and tests whether it is possible to connect to the Kafka server. The current test function which takes an ID as input and tests an existing event forwarder by ID, is now marked as deprecated.
- Use latest version of Java 17 in Docker images.

Bug Fixes

UI Changes
- Change missing @timestamp field to give a warning instead of an error in functions tail(), head(), bucket(), and timeChart().
Dashboards and Widgets
- Fixed a bug where query result containing no valid results was handled incorrectly in visualisation.
- Bug fixed in Scatter Chart widget tooltip, so that the description of the actual point only is shown in the tooltip when hovering the mouse over one point, instead of multiple points.
Functions
- Fixed an issue where match() would sometimes give errors when ignoreCase=true and events contained latin1 encoded characters.
- Fixed an issue where NaN values could cause groupBy() queries to fail.
- Fixed a bug where the selfJoin() function would not apply the postfilter parameter.
Other
- Fixed an issue where nothing was displayed on the average ingest chart in case only one datapoint is present.
- It is now possible for a user to use the same personal invite token after the user has been transferred to another organization.
- When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
- Fixed a regression causing a reflective method lookup to fail when Humio is running on a Java prior to 13.
- When a host is removed from global, a job tries to clean up any references to it from other places in global, such as segments. Fixed a bug in this job that meant it didn't clean up references on segments that were tombstoned but not yet gone from global. This could block cleanup of those segments.
- Fix an issue that could cause event redaction tasks to fail to complete, if a segment having events redacted was deleted due to retention.
- Fix an issue causing a content-length check for bucket uploads to fail when encryption was enabled. The content-length check is not normally enabled, so this should only affect clusters that have disabled ETag-based validation.

Known Issues

Other
- OIDC known issue preventing login:
  if you are running LogScale self-hosted, this version will not work in an environment where you are Authenticating with OpenID Connect and you use an HTTP Proxy, but you do not want to call OpenIDConnect through the HTTP Proxy.
  Please do not upgrade to this version if this is the case — upgrade to Falcon LogScale 1.63.4 Stable (2023-02-01) and Falcon LogScale 1.70.1 Stable (2023-02-01) instead, where this issue has been fixed.

Falcon LogScale 1.63.0 Preview (2022-10-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.63.0

Preview

2022-10-25

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

GraphQL API
- Added enableEventForwarder and disableEventForwarder mutations to enable/disable event forwarders.
Log Collector
- LogScale Collector download page has moved into the new top level tab LogScale Collector Managing your Fleet (Cloud-only).
- Humio Log Collector is now Falcon LogScale Collector.
- New FleetOverview functionality for the LogScale Collector 1.2.0 is available.
Functions
- The holtwinters() query function will be deprecated with the release of future version 1.68. From then, it cannot be expected to work in alerts, and it will be removed entirely with the release of version 1.72.
- The parseCSV() function has improved its performance, in particular in terms of memory pressure.
- The base64Decode() query function now accepts non-canonical encodings.
Other
- Close all segments a node is working on when shutting down. This should help start later in Kafka after reboots.

Bug Fixes

Other
- - Fixed an issue with validations when creating a new Ingest Listener as Netflow/UDP.
  - The form validation for Ingest Listener will now clearly tell the user that the parser needs to be selected when you change between different protocols.
- Fixed a race condition where the segment top offset wasn't removed when a datasource went idle due to a race. This could result in event redaction not running for such segments.

Falcon LogScale 1.62.0 Preview (2022-10-18)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.62.0

Preview

2022-10-18

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

Updates.

Improvements, new features and functionality

UI Changes
- Change Humio logo to Falcon LogScale on login and signup pages.
- Parsing JSON arrays in drill-down context menus no longer adds a trailing dot to the prefix field name.
- Following its name change, mentions of Humio have been changed to Falcon LogScale.
- Add Falcon LogScale announcement on login and signup pages.
Functions
- Introduced new valid array syntax in array:contains() and array:regex() functions:
  - Changed the expected format of the array parameter.
  - Changed these functions to no longer be experimental.
Other
- Add a script in the tarball distribution's bin directory to check the execution environment, checking common permission issues and other requirements for an environment suitable for running Logscale.
- Added a new ingest endpoint for receiving metrics and traces via OpenTelemetry OTLP/http. See OpenTelemetry for all the details.

Humio Server 1.61.0 Preview (2022-10-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.61.0

Preview

2022-10-11

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

Falcon Data Replicator
- Added the new fileDownloadParallelism setting for FDR feeds to download files from the same SQS message in parallel. See Adjust Polling Nodes Per Feed for all the details.
UI Changes
- Interactions on JSON data now enabled for JSON arrays in the Event List.
Functions
- QueryAPI — Added staticMetaData property to QueryJobStartedResult. At the moment it only contains the property executionMode, which can be used to communicate hints about the way the backend executes the query to the front-end.
- QueryAPI — executionModeHint renamed to executionMode.

Bug Fixes

Functions
- Fixed a bug where the selfJoin() function would not apply the postfilter parameter.
Other
- Fixed an issue where nothing was displayed on the average ingest chart in case only one datapoint is present.
- Fixed a regression causing a reflective method lookup to fail when Humio is running on a Java prior to 13.
- Fix an issue that could cause event redaction tasks to fail to complete, if a segment having events redacted was deleted due to retention.

Humio Server 1.60.0 Preview (2022-10-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.60.0

Preview

2022-10-04

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

UI Changes
- Contextual drill-down menus for field interactions have been introduced, see Field Interactions. In particular:
  - Fields in the Inspection Panel are now provided with Drill down and Copy context menu items, replacing the former + - GroupBy buttons, see updates at Inspecting Events.
  - The Fields Panel on the left-hand side of the User Interface is now provided with Drill down and Copy context menu items, replacing the former drill-down buttons in the field details flyout (when clicking a field in the fields menu). See updates at Displaying Fields.
  - Fields that have JSON, URL and Timestamps content will have a Parse drill-down option which will parse the field as a LogScale field.
    Parsing JSON will automatically use the field name as prefix for the new field name.
  - Fields containing numbers (currently JSON only) will have Sum, Max, Min, Max values, and Percentiles drill-down options.
GraphQL API
- Added new createDashboardFromTemplateV2 mutation with input parameters aligned with the rest of the create from template mutations.
Dashboards and Widgets
- JSON in Log Line and JSON formats columns in Event List widgets now have fields underlined on hover and are clickable. This allows drill-downs and copying values easily.
Other
- New background task that runs at startup. It verifies the checksums present in local segment files, traversing the most recently updated segment files on the local disk, using the timestamps they have when Humio status. If a file has invalid checksum it will be renamed to crc-error.X where X is the ID of the segment. An error will be logged as well.
- It's now possible to expand multiple bell notifications.
- Use latest version of Java 17 in Docker images.

Bug Fixes

Dashboards and Widgets
- Fixed a bug where query result containing no valid results was handled incorrectly in visualisation.
Functions
- Fixed an issue where NaN values could cause groupBy() queries to fail.

Humio Server 1.59.0 Preview (2022-09-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.59.0

Preview

2022-09-27

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

Updates.

Improvements, new features and functionality

UI Changes
- The Single Value widget has updated properties:
  - New design for the toggle switch: it is now bigger and has a green/gray color profile instead of blue/gray.
  - The color profile of the displayed value by trend is now customizable.
Automation and Alerts
- Added two new message templates to actions, {query_start_s} and {query_end_s}. See Message Templates and Variables for details.

Humio Server 1.58.0 Preview (2022-09-20)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.58.0

Preview

2022-09-20

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

UI Changes
- Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
Functions
- Improved the format():
  - Fixed an issue where the format() function would output the wrong amount of left padded zeros for decimal conversions.
  - Formatting large positive numbers as hex no longer causes a loss of bits for integers less than 2^63.
  - Formatting negative numbers as hex no longer produces unintelligible strings.
  - Fixed an issue where adding the # flag would not display the correct formatting string.
  - Fixed an issue where specifying the time/date modifier N would fail to parse.
  - Fixed an issue where supplying multiple fields required you to specify the index of the last field as an argument specifier.
  - Added a length specifier to allow for outputting fields as 32-bit integers instead of 64-bits.
  - Using the type specifier %F now tries to format the specified field as a floating point.
  See the format() reference documentation page for all the above mentioned updates on the supported formatting syntax.
Other
- Add an additional validation check when uploading files to S3-like bucket storage. Humio will now perform a HEAD request for the file's final location in the bucket to verify that the upload succeeded.
- Empty datasource directories will be now removed from the local file system while starting the server.

Bug Fixes

UI Changes
- Change missing @timestamp field to give a warning instead of an error in functions tail(), head(), bucket(), and timeChart().
Other
- Fix an issue causing a content-length check for bucket uploads to fail when encryption was enabled. The content-length check is not normally enabled, so this should only affect clusters that have disabled ETag-based validation.
- Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.

Humio Server 1.57.0 Preview (2022-09-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.57.0

Preview

2022-09-13

Cloud

On-Prem

2023-11-30

No

1.30.0

11

No

Bug fixes and updates.

Removed
Items that have been removed as of this release.
Installation and Deployment
Deprecated feature removal: the file-based backup feature was deprecated in 1.42.0 and is now removed from Humio. The following configs are no longer supported and will do nothing if set:
BACKUP_NAME
BACKUP_DIR
BACKUP_KEY
The DELETE_BACKUP_AFTER_MILLIS config is still supported, as it is used for configuring the delay between a file being marked for deletion in Humio, and that file being removed from bucket storage.

Improvements, new features and functionality

UI Changes
- Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
Other
- When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
- Added use of the HTTP Proxy Client Configuration, if configured, in a lot of places.
- Created new test function for event forwarders, which takes as input an event forwarder configuration and tests whether it is possible to connect to the Kafka server. The current test function which takes an ID as input and tests an existing event forwarder by ID, is now marked as deprecated.

Bug Fixes

Dashboards and Widgets
- Bug fixed in Scatter Chart widget tooltip, so that the description of the actual point only is shown in the tooltip when hovering the mouse over one point, instead of multiple points.
Functions
- Fixed an issue where match() would sometimes give errors when ignoreCase=true and events contained latin1 encoded characters.
Other
- It is now possible for a user to use the same personal invite token after the user has been transferred to another organization.
- When selecting a parser test case, the selected test case is highlighted in the UI, so you can see what is selected.
- Fixed an issue where the HTTP threads (Akka pool) could get blocked while sending ingest requests to Kafka, which could result in Humio HTTP endpoints not responding.

Humio Server 1.56.4 Stable (2022-12-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.56.4

Stable

2022-12-21

Cloud

On-Prem

2023-09-30

No

1.30.0

11

No

JAR Checksum	Value
MD5	2afb7131fc25ec5161869b348421a51d
SHA1	5c93d5bd0b065b2de49571f9285ab087c2b7b6fd
SHA256	ca1b48a745b492dd2a580ff2efcd37a20440787dc150c65ae51ad3547bbc5528
SHA512	c24ff5be15fd46b712de76d574d4b9e49464e3679cd8b5fe707442337fac6fc828cc9173663a3e2f3271a3ad6545c4b87c849ce75db27cfb5ed05795f998011f

Docker Image	SHA256 Checksum
humio	c44efa344016b1e3750fbaa0c48aaf82a1a70400c7e5f84c230396143523fc94
humio-core	0c5cc7251f855759999c61a259fc3b3dae5180b43f97296fe4ff0709c872af6b
kafka	270d083cd4a0e1947e9f151396404bd77c3e6581dd3615e04814b9b4e0108743
zookeeper	116ef60d3affef2415dfb3b25b6460b67bceebedc4b11070039aa3ba2dbcbb31

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.4/server-1.56.4.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

Security
- The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.

Bug Fixes

Security
- Update Netty to address CVE-2022-41915.
Other
- Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when version-for-bucket-writes=3. The bug did not allow to decrypt files larger than 2GB.
- Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.

Humio Server 1.56.3 Stable (2022-10-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.56.3

Stable

2022-10-05

Cloud

On-Prem

2023-09-30

No

1.30.0

11

No

JAR Checksum	Value
MD5	f58e3b5944609cb3331a54277b4bf9d6
SHA1	48c6bf3339693489e073cbac67ba799fbe48661f
SHA256	0273a18b354b2844a48175b16fd88f02b1522281a94850a3cc6815430d9efea5
SHA512	9ba1ef1ffc2f9d5d1a366b11f724bf24489e9f97c456104399b31d02b4da2903b6c1ac3903ecab862b305e530c19d12400748657cf096f35838ebab978b045e2

Docker Image	SHA256 Checksum
humio	6de3bd848774503be64bc0ff6301afa5544bf379e58a8f485703d139ff13c2e1
humio-core	7a15c633a82db8246a9d4a2e51bd3f802f11f7e08c53d88cb0f79a4886fd12ab
kafka	e12d028592c8f92fc23413fc5c9eef903690d3f164b571d05cba3f6319101ceb
zookeeper	f2e3390dd8552af9830c711f39c409f2ef668a457d377b38610e77d03f42cb2c

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.3/server-1.56.3.tar.gz

Bug fixes and updates.

Bug Fixes

Security
- Update Scala to address CVE-2022-36944.

Humio Server 1.56.2 Stable (2022-09-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.56.2

Stable

2022-09-26

Cloud

On-Prem

2023-09-30

No

1.30.0

11

No

JAR Checksum	Value
MD5	954f0d64fe9405b757c522a34c28c1cc
SHA1	14a5afe64517155bc6f7dd1da5d8a94ed42155a0
SHA256	cd02dbf3ced3c551e13b1a39d621949770f4ade27b1c5c7f233791b339fd5aa5
SHA512	a26172900cb29b89702bf2b61020850d6a24e739de046fc486e5b49b2b06296757086f00984a22d3950d70a0967105408acf8ce003bf5b8e7e2db9f8a0ba3b64

Docker Image	SHA256 Checksum
humio	3d47b95b292f61d31e491ed7682d540675b62dda8693ed0a23b39a6dd55fdbba
humio-core	b13a27d6d39436469033fb8f69f5a6945283a71468ea2248c2902cb38c842501
kafka	eecc82f9fb8ad2cb7e890650ff8e20538905a33fa53da4272c0582b68d11937e
zookeeper	0ab597706043240b1591e412a0b85b03737f583254148cd33bf5443039b368ad

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.56.2/server-1.56.2.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

Falcon Data Replicator
- The feature flag for FDR feeds has been removed. FDR feeds are now generally available.
UI Changes
- The event lists column header menus have been redesigned to be simpler:
  - You can now click the border between columns header in the event to fit the column to the content.
  - The Event List column Format Panel has been updated to make it easier to manage columns.
  See Formatting Columns.
- It is now possible to interact directly with the JSON properties and values in the EventList.
- It is now possible to scroll to the selected event on the Search page.
- Add UI for enabling and disabling social logins on the identity providers page.
- The Log line format type in the Event List will now render fully expanded JSON when a JSON structure starts with a square bracket or curly bracket followed by a newline.
- Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
- In the Event List you can assign data types to a column field. You can now make the setting the default for a fields and the setting is remembered when even the field is added to the Event List, e.g. from the fields panel on the Search page. The button for assigning default data type to a field can be found in the Data type dropdown menu in the column headers of the event list widget. See Field Data Types.
Documentation
- Fixed a broken link to the documentation for Message Templates and Variables when editing alerts and scheduled searches.
Automation and Alerts
- When creating new Actions, the new name will now stay when you change the Action Type without getting cleared. This also works when you want to change the New Action name while creating a New Action.
- When you create or edit an action it will now show a warning dialog if you have unsaved changes.
- A major change has been made to how alert queries are run in order to better reuse live queries when nodes are restarted in a Humio cluster. Find more details at Alerts.
- With the new implementation for running alerts, alerts will now start faster after a node has been restarted, making it easier for alerts with a small search interval to be able to alert on events during the downtime.
GraphQL API
- Deprecates the defaultSharedTimeIsLive input field on the updateDashboard GraphQL mutation, in favor of updateFrequency.
Configuration
- New dynamic configuration MinimumHumioVersion, default value is 0.0.0, that allows setting a minimum Humio version that this cluster will accept starting on. This allows protecting against inadvertently later rolling back too far for some other feature to be turned on, that has an implied minimum version for support of that feature.
- On cloud: added a configuration on dynamic identity providers to configure if users are allowed to be lazily created.
- Added environment variable ENABLE_SANDBOXES to make it possible to enable and disable sandbox repositories.
Dashboards and Widgets
- Implemented support for widgets with a fixed time interval on dashboards.
Functions
- Improved warning message when using groupBy() with limit=max and the limit is exceeded.
- Query functions selectFromMin() and selectFromMax() are now generally available for use.
- BREAKING CHANGE: Changes to the serialization format of the Intermediate Language representation of queries.
  Description: The serialization format used to serialize the intermediate language representation of queries has changed to a JSON format. This has multiple consequences for on-prem customers. During upgrades to this version and rollbacks from this version you can expect the following:
  - Queries can be slower than usual initially as the query cache clears itself.
  - Queries may cause deserialization errors if they are run during upgrade and two or more nodes have different versions. It is recommended to block all queries upon upgrade and downgrade to and from this version and have all nodes upgrade at the same time.
Other
- In case view is not found we will try to fixup the cache on all cluster nodes.
- It is now possible to select an entire permissions group when configuring permissions for a role.
- - Added the possibility of creating a role that grants permissions on the system and organization levels from the UI.
  - Updated the flow of creating and editing roles in the Understanding Your Organization pages.
- In the dialog for entering a name, when creating a new entity (Alerts, Actions, Scheduled Searches, Parsing Data), hitting Enter without filling out the name field will now show an error and will not let you go on to the next page.
- Permit the first character in the field name of a field being turned into a tag to be anything. If the first character does not match [a-zA-Z] then strip that from the resulting tag name. This does not alter the set of allowed names for tags, but allows the field names being turned into tags to have any character as the leading one, e.g. permitting examples such as &path and *path as field names to turn into the tag #path.
- Allow any root user and any user with the PatchGlobal permission to use the global patch API. Previously required using the server-local special bootstraps root token, that would be valid only on the local node, thus hard to use via a load balancer.
- Added support for writing H in place of minutes in the cron schedule of scheduled searches — see Cron Schedule Templates for details.
- Added new system permission, PatchGlobal, enabling access to the global patch API.
- Reduced memory usage for queries that include noResultUntilDone: true in their inputs. This reduces memory usage in queries that do "export" of an aggregate result via the Query API, as well as the "inner" queries in joins, and queries from scheduled searches.
- When saving a parser, validate that the fields designated as tag fields have names that are valid as tag field names. Since packages with invalid parsers cannot be installed, if you have an invalid parser in a package, you will need to edit it to keep being able to install it.
- When searching for queries using the Query Monitor in Cluster Administration you can now filter queries based on internal and external query IDs.
- Added an option to make token hashing output in json format. See tokenhashing usage described at Hashed Root Access Token.
- When configuring SAML and OIDC for an organization, for users with the ManageOrganizations permission to enable/disable whether the IDP is Default and Humio managed.

Bug Fixes

Falcon Data Replicator
- Fixed a bug where a dropdown for choosing a parser was not visible in a dialog when creating a new FDR feed.
- Removed the deprecated feature flag FdrFeeds
UI Changes
- Fixed a bug in the computation of query metadata that is used by the UI, which, for example, caused problems showing pie charts with queries containing both groupBy() and top().
GraphQL API
- Fixed an error when querying for actions in GraphQL on a deleted view.
- Marked all feature flags as preview in GraphQL, which means that once they are no longer needed, they will be removed without being deprecated first.
Dashboards and Widgets
- Fixed an issue where wordwrap did not work in the Inspect Panel.
- Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.
  Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.
- The Apply Filter button on the dashboard correctly applies the typed filter again.
- The Single Value color threshold list could get into a state where you could not type threshold values into the four text fields.
Functions
- Fixed a recent bug which caused the category links from groupBy()-groups to be lost when a subsequent sort() was used, and also made grouping-based charts (bar, pie, heat map) unusable in such cases.
Other
- Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.
- Fixing an issue, where the sessions of a user wasn't revoked when the user was deleted.
- Fixes a bug where a placeholder would appear for the region selector on the login pages, even though it itself wouldn't be shown since it has no configured regions.
- It is no longer possible to have an upload file action with a path in the file name. This would result in an unusable file being created.
- Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with topOffset attribute being -1, and MiniSegmentMergeLatencyLoggerJob logging that some segments are not being merged.
- We have removed the @host field from the humio-activity logs and the #host tag from the humio-audit log, as we can no longer provide meaningful values for these. The @host field in the humio-metrics logs will remain, but its value will be changed to the vhost id (an integer number).
- Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.
- Fixed an issue where the HTTP threads (Akka pool) could get blocked while sending ingest requests to Kafka, which could result in Humio HTTP endpoints not responding.
- Fixed an issue with tags in Event Forwarding, so that it is now possible to filter on tags using event forwarding rules, and the tags are present in the forwarded events.
- Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.
Packages
- Previously parsing packages was very strict, falling when detecting unsupported files. This is no longer the case, unsupported files will now be ignored and won't stop the package from installing.

Humio Server 1.56.1 Preview (2022-09-20)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.56.1

Preview

2022-09-20

Cloud

On-Prem

2023-09-30

No

1.30.0

11

No

Update.

Improvements, new features and functionality

UI Changes
- Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.

Humio Server 1.56.0 Preview (2022-09-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.56.0

Preview

2022-09-06

Cloud

On-Prem

2023-09-30

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

UI Changes
- The event lists column header menus have been redesigned to be simpler:
  - You can now click the border between columns header in the event to fit the column to the content.
  - The Event List column Format Panel has been updated to make it easier to manage columns.
  See Formatting Columns.
- It is now possible to interact directly with the JSON properties and values in the EventList.
- Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.
- In the Event List you can assign data types to a column field. You can now make the setting the default for a fields and the setting is remembered when even the field is added to the Event List, e.g. from the fields panel on the Search page. The button for assigning default data type to a field can be found in the Data type dropdown menu in the column headers of the event list widget. See Field Data Types.
Dashboards and Widgets
- Implemented support for widgets with a fixed time interval on dashboards.
Functions
- BREAKING CHANGE: Changes to the serialization format of the Intermediate Language representation of queries.
  Description: The serialization format used to serialize the intermediate language representation of queries has changed to a JSON format. This has multiple consequences for on-prem customers. During upgrades to this version and rollbacks from this version you can expect the following:
  - Queries can be slower than usual initially as the query cache clears itself.
  - Queries may cause deserialization errors if they are run during upgrade and two or more nodes have different versions. It is recommended to block all queries upon upgrade and downgrade to and from this version and have all nodes upgrade at the same time.
Other
- - Added the possibility of creating a role that grants permissions on the system and organization levels from the UI.
  - Updated the flow of creating and editing roles in the Understanding Your Organization pages.

Bug Fixes

Falcon Data Replicator
- Removed the deprecated feature flag FdrFeeds
GraphQL API
- Marked all feature flags as preview in GraphQL, which means that once they are no longer needed, they will be removed without being deprecated first.
Dashboards and Widgets
- Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.
  Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.
Other
- It is no longer possible to have an upload file action with a path in the file name. This would result in an unusable file being created.
- Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with topOffset attribute being -1, and MiniSegmentMergeLatencyLoggerJob logging that some segments are not being merged.
- Fixed an issue with tags in Event Forwarding, so that it is now possible to filter on tags using event forwarding rules, and the tags are present in the forwarded events.

Humio Server 1.55.0 Preview (2022-08-30)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.55.0

Preview

2022-08-30

Cloud

On-Prem

2023-09-30

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

UI Changes
- It is now possible to scroll to the selected event on the Search page.
Automation and Alerts
- When creating new Actions, the new name will now stay when you change the Action Type without getting cleared. This also works when you want to change the New Action name while creating a New Action.
- When you create or edit an action it will now show a warning dialog if you have unsaved changes.
Functions
- Query functions selectFromMin() and selectFromMax() are now generally available for use.
Other
- It is now possible to select an entire permissions group when configuring permissions for a role.
- In the dialog for entering a name, when creating a new entity (Alerts, Actions, Scheduled Searches, Parsing Data), hitting Enter without filling out the name field will now show an error and will not let you go on to the next page.

Bug Fixes

Other
- Fixing an issue, where the sessions of a user wasn't revoked when the user was deleted.

Humio Server 1.54.0 Preview (2022-08-23)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.54.0

Preview

2022-08-23

Cloud

On-Prem

2023-09-30

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

UI Changes
- The Log line format type in the Event List will now render fully expanded JSON when a JSON structure starts with a square bracket or curly bracket followed by a newline.
Configuration
- Added environment variable ENABLE_SANDBOXES to make it possible to enable and disable sandbox repositories.
Other
- Added an option to make token hashing output in json format. See tokenhashing usage described at Hashed Root Access Token.
- When configuring SAML and OIDC for an organization, for users with the ManageOrganizations permission to enable/disable whether the IDP is Default and Humio managed.

Bug Fixes

Functions
- Fixed a recent bug which caused the category links from groupBy()-groups to be lost when a subsequent sort() was used, and also made grouping-based charts (bar, pie, heat map) unusable in such cases.
Other
- Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.
Packages
- Previously parsing packages was very strict, falling when detecting unsupported files. This is no longer the case, unsupported files will now be ignored and won't stop the package from installing.

Humio Server 1.53.0 Preview (2022-08-16)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.53.0

Preview

2022-08-16

Cloud

On-Prem

2023-09-30

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

UI Changes
- Add UI for enabling and disabling social logins on the identity providers page.
Other
- Reduced memory usage for queries that include noResultUntilDone: true in their inputs. This reduces memory usage in queries that do "export" of an aggregate result via the Query API, as well as the "inner" queries in joins, and queries from scheduled searches.
- When searching for queries using the Query Monitor in Cluster Administration you can now filter queries based on internal and external query IDs.

Bug Fixes

Dashboards and Widgets
- Fixed an issue where wordwrap did not work in the Inspect Panel.
- The Apply Filter button on the dashboard correctly applies the typed filter again.
- The Single Value color threshold list could get into a state where you could not type threshold values into the four text fields.
Other
- Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.
- We have removed the @host field from the humio-activity logs and the #host tag from the humio-audit log, as we can no longer provide meaningful values for these. The @host field in the humio-metrics logs will remain, but its value will be changed to the vhost id (an integer number).

Humio Server 1.52.0 Preview (2022-08-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.52.0

Preview

2022-08-09

Cloud

On-Prem

2023-09-30

No

1.30.0

11

No

Bug fixes and updates.

Improvements, new features and functionality

Falcon Data Replicator
- The feature flag for FDR feeds has been removed. FDR feeds are now generally available.
Documentation
- Fixed a broken link to the documentation for Message Templates and Variables when editing alerts and scheduled searches.
Automation and Alerts
- A major change has been made to how alert queries are run in order to better reuse live queries when nodes are restarted in a Humio cluster. Find more details at Alerts.
- With the new implementation for running alerts, alerts will now start faster after a node has been restarted, making it easier for alerts with a small search interval to be able to alert on events during the downtime.
GraphQL API
- Deprecates the defaultSharedTimeIsLive input field on the updateDashboard GraphQL mutation, in favor of updateFrequency.
Configuration
- New dynamic configuration MinimumHumioVersion, default value is 0.0.0, that allows setting a minimum Humio version that this cluster will accept starting on. This allows protecting against inadvertently later rolling back too far for some other feature to be turned on, that has an implied minimum version for support of that feature.
- On cloud: added a configuration on dynamic identity providers to configure if users are allowed to be lazily created.
Functions
- Improved warning message when using groupBy() with limit=max and the limit is exceeded.
Other
- In case view is not found we will try to fixup the cache on all cluster nodes.
- Permit the first character in the field name of a field being turned into a tag to be anything. If the first character does not match [a-zA-Z] then strip that from the resulting tag name. This does not alter the set of allowed names for tags, but allows the field names being turned into tags to have any character as the leading one, e.g. permitting examples such as &path and *path as field names to turn into the tag #path.
- Allow any root user and any user with the PatchGlobal permission to use the global patch API. Previously required using the server-local special bootstraps root token, that would be valid only on the local node, thus hard to use via a load balancer.
- Added support for writing H in place of minutes in the cron schedule of scheduled searches — see Cron Schedule Templates for details.
- Added new system permission, PatchGlobal, enabling access to the global patch API.
- When saving a parser, validate that the fields designated as tag fields have names that are valid as tag field names. Since packages with invalid parsers cannot be installed, if you have an invalid parser in a package, you will need to edit it to keep being able to install it.

Bug Fixes

Falcon Data Replicator
- Fixed a bug where a dropdown for choosing a parser was not visible in a dialog when creating a new FDR feed.
UI Changes
- Fixed a bug in the computation of query metadata that is used by the UI, which, for example, caused problems showing pie charts with queries containing both groupBy() and top().
GraphQL API
- Fixed an error when querying for actions in GraphQL on a deleted view.
Other
- Fixes a bug where a placeholder would appear for the region selector on the login pages, even though it itself wouldn't be shown since it has no configured regions.

Humio Server 1.51.3 Stable (2022-12-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.51.3

Stable

2022-12-21

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

JAR Checksum	Value
MD5	905f743a0266a5a5263dab94b23bbbb5
SHA1	e4e32ca0fe460e7d708418d8b42bf30939298706
SHA256	d81ad776a869a90b199e405e51f71ba0861a5034045d0b17611564a689370af5
SHA512	78f53b9ed42816638064fe3dc03d86e1667f13a60b45a13e32d55428ca1ecdcf88966d536224a999d95583c61390141b0d14fcb9643db80329f8a839da570e41

Docker Image	SHA256 Checksum
humio	3400bf4a1e7304b5e904406d3c0ef8baa7d3feeb4a25d8b5607fc8a7fbdb2c60
humio-core	7604f6e444a43be68d510023e34e2ebda393c48516f29baafd561876a5fa3c72
kafka	1528fc8436b88d07d81e232ac9631a49e8d86ebe1911bf80477911262a3fe6fe
zookeeper	55f5e094f8da5d9b4767b1b342b78dce32c67dc6e9112b049415dea79aa98444

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.3/server-1.51.3.tar.gz

Bug fixes and updates.

Improvements, new features and functionality

Security
- The version of Jackson has been upgraded to address CVE-2022-42003 vulnerability.

Bug Fixes

Security
- Update Netty to address CVE-2022-41915.
Other
- Fixed a bug in decryption code used when decrypting downloaded files from bucket storage when version-for-bucket-writes=3. The bug did not allow to decrypt files larger than 2GB.
- Fixed an issue where LogScale could log secrets to the debug log when configured to use LDAP or when configured to use SSL for Kafka.

Humio Server 1.51.2 Stable (2022-10-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.51.2

Stable

2022-10-05

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

JAR Checksum	Value
MD5	e21bc8fda9250669b15d7d61521501f7
SHA1	50669930b6f27b097221b7e9a12cc9b061d70e52
SHA256	aec3efe7a376ada047e813aad87cd68c43a8ea0de1cfb863190b77265b3f8d32
SHA512	1b9cec3f814d207bcc49ce9c43bcfcd139f7ddfaedd293c9a20fdfee2898aa0ff5fb5c82374eef2371e31753e331e15f8a6646a0e23b326885a1105fbd6081d4

Docker Image	SHA256 Checksum
humio	a63f552480e3e1ccaa22a095ff7b98efcbfc01d9e66fa7f1b40b45242226fc4en
humio-core	af30f2076612b8e04a8c55172b3ff6cbd41d09b9be64b0267d9f8bd6d3b9efdc
kafka	723d25e8ba4bfb7247c4d39021155681aefab20f584c2d7db786941aa9d1522d
zookeeper	5878dbf9e32a0913da59d0b2e8dd13c5c7ba6043ba933a8b23d368f0d1241315

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.2/server-1.51.2.tar.gz

Bug fixes and updates.

Bug Fixes

Security
- Update Scala to address CVE-2022-36944.
Dashboards and Widgets
- Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.
  Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.
Other
- Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with topOffset attribute being -1, and MiniSegmentMergeLatencyLoggerJob logging that some segments are not being merged.
- Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.

Humio Server 1.51.1 Stable (2022-08-29)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.51.1

Stable

2022-08-29

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

JAR Checksum	Value
MD5	6410ab777ec6d98066a3492f4a6b68af
SHA1	2b55844a4c4d5d613f091a7a753977e6b51477f4
SHA256	a8beb23cfa0b00aebbd4a4a95665deedcce868c0be1de5c5383601fd55ba60f9
SHA512	c37d2ee75d3b7ac4259fd453c24fa8ada18de360837ba475cf552747ac1b0b07dfce618ced2708e51ee9d66c5ff1a36081bb57a2531922930c385846ac80d73c

Docker Image	SHA256 Checksum
humio	10c21dbc2eba33d4e401b0559ae0ecacfd1f80e9184b946164e674068380d286
humio-core	f232ce1b182b74bb534249fbf8eba1ab41544242353e1fe4d21f69a0e6a7c190
kafka	98fe1b8f3c6caadb6efb6de3e5be3215e9987f235c1134ac0e14eb8705d1d2d8
zookeeper	97c571a338e94b9ecaf66c6e9625c593dff68fe62c04c1b2a1ffd44bf10d39ba

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.1/server-1.51.1.tar.gz

Bug fix.

Bug Fixes

Dashboards and Widgets
- The Apply Filter button on the dashboard correctly applies the typed filter again.
Functions
- Fixed a recent bug which caused the category links from groupBy()-groups to be lost when a subsequent sort() was used, and also made grouping-based charts (bar, pie, heat map) unusable in such cases.
- Fixed a bug related to query result metadata for some functions when used as the last aggegate function in a query.
Other
- Fixed an issue for ephemeral disk based installs where segment files could stay longer on local disks than they were required to, in cases where some nodes listed in the cluster were not alive for extended periods of time.
- Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.

Humio Server 1.51.0 Stable (2022-08-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.51.0

Stable

2022-08-15

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

JAR Checksum	Value
MD5	af0041ec27647291086073dc83628bc2
SHA1	210e924a2863c3b28d08659241c0a283482c12b8
SHA256	fddcb2184d76d5cfefb2f6a02705f66764d8972fb2e664ef7115353344d05680
SHA512	2b230a836e18d13a282ea28be23130897876e6cbe0bfa30a71a3795a7704255cbdf1c19eadc094cd970e58e0234c540a6b469266765d736fc6435c0a01bbda1e

Docker Image	SHA256 Checksum
humio	c5db5fac0b03adf9039c31ef4ba69c49356b230b01e0eab0b16c477768dd52af
humio-core	36dbe1d90534d2ca72bdadb4992397aa60d2315565ce7a3c7c272a48617cf759
kafka	92de8c0d092fe5c04cc10e076a9bb183c8f3136b9813f3ae74b423ae090cb0d8
zookeeper	85620182a8c5f91426e0d138ca21947975c99a16fbb00f9e7d0c0ca7a8e94d2a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.51.0/server-1.51.0.tar.gz

Bug fixes and updates.

Removed
Items that have been removed as of this release.
API
The deprecated REST API for actions has been removed, except for the endpoint for testing an action.
The deprecated REST API for parsers has been removed.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated enabledFeatures query. Use the new featureFlags query instead.

Improvements, new features and functionality

Falcon Data Replicator
- FDR polling is now turned on by default. Whether FDR polling should be turned on or off on a node can be configured using the ENABLE_FDR_POLLING_ON_NODE configuration variable.
- - If an S3 file is found to be incorrectly formatted during FDR ingest, it will not be ingested completely, but an attempt is made to ingest the remaining S3 files of the SQS message.
  - If an S3 file cannot be found during FDR ingest, it will not be ingested, but an attempt is made to ingest the remaining S3 files of the SQS message.
- Added environment variable FDR_USE_PROXY which makes the fdr job use the proxy settings specified with: HTTP_PROXY_* environment variables.
UI Changes
- The design of the Time Selector has been updated, and it now features an Apply button on the dashboard page. See Time Interval Settings.
- Field columns now support multiple formatting options. See Formatting Columns for details.
- Add missing accessibility features to the login page.
- Toggle switches anywhere in the UI are now tabbable and can be accessed using the keyboard.
- In lists of users, with user avatars containing user initials, the current user would sometimes appear to have an opening parenthesis as their last initial.
- The Live checkbox is now no longer checked automatically when changing the value of the time window in the Time Selector. See Changing Time Frame for details.
- If Humio fails to start because the cluster is being upgraded, a dedicated message will show when launching the UI.
- The Save As... button is now always displayed on the Search page, see it described at Saving Searches.
- Improved keyboard accessibility for creating repositories and views.
- New styling of errors on search and dashboard pages.
- Adds an icon and a hint to a disabled side navigation menu item that tells the user the reason for it being disabled.
- When editing an email action in the UI and adding multiple recipients, it is now possible to add a space after the comma in the comma-separated list of recipients.
Documentation
- All documentation links have been updated after the documentation site has been restructured. Please contact support, if you experience any broken links.
Automation and Alerts
- Fixed a bug where an alert with name longer than 50 characters could not be edited.
GraphQL API
- Added preview fields isClusterBeingUpdated and minimumNodeVersion to the GraphQL Cluster object type.
- Added a new dynamic configuration flag QueryResultRowCountLimit that globally limits how many results (events) a query can return. This flag can be set by administrators through GraphQL. See Limits & Standards for more details.
- The GQL API mutation updateDashboard has been updated to take a new argument updateFrequency which can currently only be NEVER or REALTIME, which correspond respectively to "dashboard where queries are never updated after first completion" and "dashboard where query results are updated indefinitely".
- Expose a new GraphQL type with feature flag descriptions and whether they are experimental.
- Added a GraphQL mutation for testing an action. It is still in preview, but it will replace the equivalent REST endpoint soon.
- Improved error messaging of GraphQL queries and mutations for alerts, scheduled searches and actions in cases where a given repository or view cannot be found.
Configuration
- Detect need for higher autoshard count by monitoring ingest request flow in the cluster. Dynamically increase the number of autoshards for each datasource to keep flow on each resulting shard below approximately 2MB/s. New dynamic configuration for this that sets the target maximum rate of ingest for each shard of a datasource: TargetMaxRateForDatasource. Default value is 2000000 (2 MB).
- Added a new environment variable GLOB_MATCH_LIMIT which sets the maximum number of rows for csv_file in match(..., file=csv_file, glob=true) function. Previously MAX_STATE_SIZE was used to determine this limit. The default value of this variable is 20000. If you've changed the value of MAX_STATE_SIZE, we recommend that you also change GLOB_MATCH_LIMIT to the same value for a seamless upgrade.
- Default value of configuration variable S3_ARCHIVING_WORKERCOUNT raised from 1 to (vCPU/4).
- Added a new dynamic configuration GroupDefaultLimit. This can be done through GraphQL. See Limits & Standards for details. If you've changed the value of MAX_STATE_LIMIT, we recommend that you also change GroupDefaultLimit and GroupMaxLimit to the same value for a seamless upgrade, see groupBy() for details.
- Introduced new dynamic configuration LiveQueryMemoryLimit. It can be set using GraphQL. See Limits & Standards for details.
- Introduced new dynamic configuration JoinRowLimit. It can be set using GraphQL and can be used as an alternative to the environment variable MAX_JOIN_LIMIT. If the JoinRowLimit is set, then its value will be used instead of MAX_JOIN_LIMIT. If it is not set, then MAX_JOIN_LIMIT will be used.
- Adds a new metric for measuring the merge latency, which is defined as the latency between the last minisegment being written in a sequence with the same merge target, and those minisegments being merged. The metric name is segment-merge-latency-ms.
- Introduced new dynamic configuration StateRowLimit. It can be set using GraphQL. See Limits & Standards for details.
- Improve the error message if Humio is configured to use bucket storage, but the credentials for the bucket are not configured.
- Change default value for configuration AUTOSHARDING_MAX from 16 to 128.
- Add environment variable EULA_URL to specificy url for terms and conditions.
- New configurations BUCKET_STORAGE_SSE_COMPATIBLE that makes bucket storage not verify checksums of raw objects after uploading to an S3. This option is turned on automatically is KMS is enabled (see S3_STORAGE_KMS_KEY_ARN) but is available directly here for use with other S3 compatible providers where verfying even content length does not work.
  Mini segments usually get merged if their event timestamps span more than MAX_HOURS_SEGMENT_OPEN. Mini segments created as part of backfilling did not follow this rule, but will now get merged if their ingest timestamps span more than MAX_HOURS_SEGMENT_OPEN.
- Added a link to humio-activity repository for debugging IDP configurations to the page for setting up the same.
- Bucket storage now has support for a new format for the keys (file names) for the files placed in the bucket. When the new format is applied, the listing of files only happens for the prefixes "tmp/" and "globalsnapshots/". This helps products such a "HCP". The new format is applied only to buckets created after the dynamic configuration BucketStorageKeySchemeVersion has been set to "2". Existing cluster can start using the new format for new files by setting this dynamic configuration. The change will take effect after restarting the cluster. When creating a new Humio cluster, the new format is the default. The new format is supported only on Humio version 1.41+.
- Introduced new dynamic configuration GroupMaxLimit. It can be set using GraphQL. See Limits & Standards for details.
- Support for KMS on S3 bucket for Bucket Storage. Specify full ARN of the key. The key_id is persisted in the internal BucketEntity so that a later change of the ID of the key to use for uploads will make Humio still refer the old keyID when downloading files uploaded using the previous key. Setting a new value for the target key results in a fresh internal bucket entity to track which files used kms and which did not. For simplicity it is recommended to not mix KMS and non-KMS configurations on the same S3 bucket.
  - New configuration variable S3_STORAGE_KMS_KEY_ARN that specifies the KMS key to use.
  - New configuration variable S3_STORAGE_2_KMS_KEY_ARN for 2nd bucket key.
  - New configuration variable S3_RECOVER_FROM_KMS_KEY_ARN for recovery bucket key.
- New file format for files uploaded to bucket storage that allows files larger than 2GB to be written to bucket storage. This may be turned on by setting the dynamic configuration BucketStorageWriteVersion to 3. When creating a new Humio clusters, the new format is the default. The new format is supported only on Humio version 1.41+.
- Adds a new logger job that logs the age of an unmerged miniSegment if the age exceeds the threshold set by the env variable MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING. The default value of MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING is 2 x MAX_HOURS_SEGMENT_OPEN. MAX_HOURS_SEGMENT_OPEN defaults to 24 hours. The error log produced looks like: Oldest unmerged miniSegment is older than the threshold thresholdMs={value} miniSegmentAgeMs={value} segment={value}.
- Introduced new dynamic configuration QueryMemoryLimit. It can be set using GraphQL. See also LiveQueryMemoryLimit for live queries. For more details, see Limits & Standards.
Dashboards and Widgets
- Applied stylistic changes for the Inspect Panel used in Widget Editor.
- Dashboards can now be configured to not update after the initial search has completed. This mode is mainly meant to be used when a dashboard is interactive and not for wall-mounted monitors that should update continually. The feature can be accessed from the Dashboard properties panel when a dashboard is put in edit-mode. See Working in Edit Mode.
- Bar Chart widget:
  - The Y-axis can now start at smaller values than 1 for logarithmic scales, when the data contain small enough values.
  - It now has an Auto setting for the Input Data Format property, see Wide or Long Input Format for details.
  - Now works with bucket query results.
- Added empty states for all widget types that will be rendered when there are no results.
- When importing existing dashboard with a static Shared time, recent changes in the time selection would make those dashboards live.
- The Pie Chart widget now uses the first column for the series as a fall back option.
- The Dashboard page now displays the current cluster status.
- Note widget:
  - Default background color is now Auto.
  - Introduced the text color configuration option.
- Sorting of Pie Chart widget categories, descending by value. Categories grouped as Others will always be last.
- Single Value widget:
  - Missing buckets are now shown as gaps on the sparkline.
  - Isolated data points are now visualised as dots on the sparkline.
- The widget legend column width is now based on the custom series title (if specified) instead of the original series name.
- Introducing the Heatmap widget that visualizes aggregated data as a colorised grid.
- The Normalize option for the World Map widget has been replaced by a third magnitude mode named None, which results in fixed size and opacity for all marks.
- Table widgets will now break lines for newline characters in columns.
- Better handling of dashboard connections issues during restarts and upgrades.
- Pie Chart widget now uses the first column for the series as a fall back option.
- Single Value widget new configuration: deprecated field use-colorised-thresholds in favor of color-method.
  Single Value widget Editor: the configuration option Enable Thresholds is being replaced by an option called Method under the Colors section.
Log Collector
- The Log Collector download page has been enabled for on-prem deployments.
Functions
- Added validation to the field and key parameters of the join() function, so empty lists will be rejected with a meaningful error message.
- The groupBy() function now accepts max as value for the limit parameter, which sets the limit to the largest allowed value (as configured by the dynamic configuration GroupMaxLimit).
- Improved the phrasing of the warning shown when groupBy() exceeds the max or default limit.
- Added validation to the field parameter of the kvParse() function, so empty lists will be rejected with a meaningful error message.
Other
- All users will not have access to the audit log or search all view by default anymore. Access can be granted with permissions.
- Bump the version of the Monaco code editor.
- Streaming queries that fail to validate now return a message of why validation failed.
- Fix a bug causing Humio's digest coordinator to allow nodes to take over digest without catching up to the current leader. This could cause the new leader to replay more data from Kafka than necessary.
- Fixed an issue where query auto-completion sometimes wouldn't show the documentation for the suggested functions.
- Adds a new metric for the temp disk usage. The metric name is temp-disk-usage-bytes and denotes how many bytes are used.
- Added a log message with the maximum state size seen by the live part of live queries.
- Include the requester in logs from QuerySessions when a live query is restarted or cancelled.
- The audit log system repository on Cloud has been replaced with a view, so that dashboards etc. can be created on top of audit log data.
- Make BucketStorageUploadJob only log at info level rather than error if a segment upload fails because the segment has been removed from the host. This can happen if node X tries to upload a segment, but node Y beats it to the punch. Node X may then choose to remove its copy before the upload completes.
- When unregistering a node from a cluster, return a validation error if it is still alive. Hosts should be shut down before attempting to remove them from the cluster. This validation can be skipped using the same accept-data-loss parameter that also disables other validations for the unregistration endpoint.
- Added detection and handling of all queries being blocked during Humio upgrades.
- Added a log of the approximate query result size before transmission to the frontend, captured by the approximateResultBeforeSerialization key.
- Add flag whether a feature is experimental.
- Added a log line for when a query exceeds its allotted memory quota.
- The referrer meta tag for Humio has been changed from no-referrer to same-origin.
- Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.
- Make a number of improvements to the digest partition coordinator. The coordinator now tries harder to avoid assigning digest to nodes that are not caught up on fetching segments from the other nodes. It also does a better job unassigning digest from dead nodes in edge cases.
- Fix an unhandled IO exception from TempDirUsageJob. The consequence of the uncaught exception was only noise in the error log.
- Added a new action type that creates a CSV file from the query result and uploads it to Humio to be used with the match() query function. See Action Type: Upload File.
- Java in the docker images no longer has the cap_net_bind_service capability and thus Humio cannot bind directly to privileged ports when running as a non-root user.
- Add warning when a multitenancy user is changing data retention on an unlimited repository.
- Improved performance of NDJSON format in S3 Archiving.
- Fix a bug that could cause Humio to spuriously log errors warning about segments not being merged for datasources doing backfilling.
- Humio now logs digest partition assignments regularly. The logs can be found using the query class=*DigestLeadershipLoggerJob*.
- All feature flags now contains a textual description about what features are hidden behind the flag.
- Adds a logger job for cluster management stats it log the stats every 2 minutes, which makes them searchable in Humio.
  The logs belong to the class c.h.c.ClusterManagementStatsLoggerJob, logs for all segments contains globalSegmentStats log about singular segments starts with segmentStats.
- Remove remains of default groups and roles. The concept was replaced with UserRoles.

Bug Fixes

Security
- Update Netty to address CVE-2022-24823.
- Bump javax.el to address CVE-2021-28170.
Falcon Data Replicator
- FDR Ingest will no longer fail on events that are larger than the maximum allowed event size. Instead, such messages will be truncated.
UI Changes
- Prevent the UI showing errors for smaller connection issues while restarting.
- Websocket connections are now kept open when transitioning pages, and are used more efficiently for syntax highlighting.
- Fixed an issue where some warnings would show twice.
- Intermediate network issues are not reported immediately as an error in the UI.
- Cloud: Updated the layout for license key page.
- Fix the dropdown menus closing too early on the home page.
- Fixed a bug where the "=" and "/=" buttons did not appear on cells in the event list where they should.
- When viewing the events behind e.g. a Time Chart, the events will now only display with the @timestamp and @rawstring columns.
GraphQL API
- Fix the assets GraphQL query in organizations with views that are not 1-to-1 linked.
Configuration
- Fixed a bug that could result in merging small ("undersized") segments even if the resulting segment would then have a wider than desired time span. The goal it to not produce segments that span more than the 10% of the retention setting for time for the repository. If no time-based retention is configured on the repository, then 3 times the value of configuration variable MAX_HOURS_SEGMENT_OPEN is applied as limit. For default settings, that results in 72 hours.
- Fixed an issue where event forwarding still showed as beta.
- Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.
  Index in block needs reading from blockwriter before adding each item.
  Fixed a bug where the @id field of events in live query were off by one.
Dashboards and Widgets
- The theme toggle on a shared dashboard was moved to the header panel and no longer overlaps with any widgets.
- The Time Chart widget regression line is no longer affected by the interpolation setting.
Functions
- Fixed a bug where using eval as an argument to a function would result in a confusing error message.
- Fixed a bug where ioc:lookup() would sometimes give incorrect results when negated.
- Revised some of the error messages and warnings regarding join() and selfJoin().
- Fixed a bug where the writeJson() function would write any field starting with a case-insensitive inf or infinity prefix as a null value in the resulting JSON.
Other
- Make streaming queries search segments newest-to-oldest rather than oldest-to-newest. Streaming queries do not ensure the order of exported events anyway, and searching newest-to-oldest is more efficient.
- Fix a bug where changing a role for a user under a repository would trigger infinite network requests.
- Centralise decision for names of files in bucket, allow more than one variant.
  Improved hover messages for strings.
- Fixed an issue where query auto-completion would sometimes delete existing parentheses.
- If a segment is deleted or otherwise disappears from global while Humio is attempting to upload it to bucket storage, the upload will now be dropped with an info-level log, rather than requeued with an error log.
- Fixes the placement of a confirmation dialog when attempting to change retention.
- Humio will now clean up its tmp directories by deleting all "humiotmp" directories in the data directory when terminating gracefully.
  Fix a regression in the launcher script causing JVM_LOG_DIR to not be evaluated relative to the Humio base install path. All paths in the launcher script should now be relative to the base install path, which is the directory containing the bin folder.
  Fix a bug that could cause merge targets to be cached indefinitely if the associated minis had their mergeTarget unset. The effect was a minor memory leak.
  Fix a bug that could cause Humio to attempt to merge minisegments from one datasource into a segment in another datasource, causing an error to be thrown.
  When configuring thread priorities, Humio will no longer attempt to call the native setpriority function. It will instead only call the Java API for setting thread priority.
- Fixed an issue where JSON parsing on ingest and in the query language was inefficient for large JSON objects.
- Fix performance issue for users with access to many views.
- Improve file path handling in DiskSpaceJob to eliminate edge cases where the job might not have been able to tell if a file was on primary or secondary storage.
- Fix type in Unregisters node text on cluster admin UI.
- Fix a bug that could cause a NumberFormatException to be thrown from ZookeeperStatsClient.
- - Fixed an issue where event forwarder properties were not properly validated.
  - Reduced the timeout used when testing event forwarders in order to get a better error when timeouts happen.
- Fix a bug causing digesters to continue digesting even if the local disk is full. The digester will now pause digesting and error log if this occurs.
- Fix response entities not being discarded in error cases for the proxyqueryjobs endpoint, which could cause warnings in the log.
- Update org.json:json to address a vulnerability that could cause stack overflows.
- Fix an issue causing the event forwarding feature to incorrectly reject topic names that contained a dash (-).
- Fix an issue that could rarely cause exceptions to be thrown from Segments.originalBytesWritten, causing noise in the log.
- Fix an issue causing Humio to create a large number of temporary directories in the data directory.
- Bump woodstox to address SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754.
- Some errors messages wrongly pointed to the beginning of the query.
- Kafka upgrades to 3.2.0 in the Docker images and in the Humio dependencies.
- Fixed an issue where strings like Nana and Information could be interpreted as NaN (not-a-number) and infinity, respectively.
- Fixed a bug where multiline comments weren't always highlighted correctly.

Humio Server 1.50.0 Preview (2022-08-02)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.50.0

Preview

2022-08-02

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

Bug fixes and an updated dependency, released to cloud only.

Improvements, new features and functionality

UI Changes
- The design of the Time Selector has been updated, and it now features an Apply button on the dashboard page. See Time Interval Settings.
- Adds an icon and a hint to a disabled side navigation menu item that tells the user the reason for it being disabled.
- When editing an email action in the UI and adding multiple recipients, it is now possible to add a space after the comma in the comma-separated list of recipients.
Documentation
- All documentation links have been updated after the documentation site has been restructured. Please contact support, if you experience any broken links.
GraphQL API
- The GQL API mutation updateDashboard has been updated to take a new argument updateFrequency which can currently only be NEVER or REALTIME, which correspond respectively to "dashboard where queries are never updated after first completion" and "dashboard where query results are updated indefinitely".
Dashboards and Widgets
- Dashboards can now be configured to not update after the initial search has completed. This mode is mainly meant to be used when a dashboard is interactive and not for wall-mounted monitors that should update continually. The feature can be accessed from the Dashboard properties panel when a dashboard is put in edit-mode. See Working in Edit Mode.
Functions
- Added validation to the field parameter of the top() function, so empty lists will be rejected with a meaningful error message.
- Added validation to the field and key parameters of the join() function, so empty lists will be rejected with a meaningful error message.
- Improved the phrasing of the warning shown when groupBy() exceeds the max or default limit.
- Added validation to the field parameter of the kvParse() function, so empty lists will be rejected with a meaningful error message.
Other
- Streaming queries that fail to validate now return a message of why validation failed.
- Fixed an issue where query auto-completion sometimes wouldn't show the documentation for the suggested functions.
- Added a new action type that creates a CSV file from the query result and uploads it to Humio to be used with the match() query function. See Action Type: Upload File.
- Humio now logs digest partition assignments regularly. The logs can be found using the query class=*DigestLeadershipLoggerJob*.

Bug Fixes

GraphQL API
- Fix the assets GraphQL query in organizations with views that are not 1-to-1 linked.
Configuration
- Fixed an issue where validation of +/- Infinity as integer arguments would crash.
- Fixed an issue where event forwarding still showed as beta.
Functions
- Fixed an issue where join() would not produce the correct results when mode=left was set.
Other
- Fixed an issue where query auto-completion would sometimes delete existing parentheses.
- Fixed an issue where JSON parsing on ingest and in the query language was inefficient for large JSON objects.
- Fix performance issue for users with access to many views.
- Fix an issue that could rarely cause exceptions to be thrown from Segments.originalBytesWritten, causing noise in the log.
- Fix an issue causing Humio to create a large number of temporary directories in the data directory.

Humio Server 1.49.1 Preview (2022-07-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.49.1

Preview

2022-07-26

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

Bug fixes and an updated dependency, released to cloud only.

Removed
Items that have been removed as of this release.
API
The deprecated REST API for parsers has been removed.

Improvements, new features and functionality

UI Changes
- The Save As... button is now always displayed on the Search page, see it described at Saving Searches.
Automation and Alerts
- Fixed a bug where an alert with name longer than 50 characters could not be edited.
Functions
- The groupBy() function now accepts max as value for the limit parameter, which sets the limit to the largest allowed value (as configured by the dynamic configuration GroupMaxLimit).
Other
- Make BucketStorageUploadJob only log at info level rather than error if a segment upload fails because the segment has been removed from the host. This can happen if node X tries to upload a segment, but node Y beats it to the punch. Node X may then choose to remove its copy before the upload completes.
- Fix an unhandled IO exception from TempDirUsageJob. The consequence of the uncaught exception was only noise in the error log.
- Java in the docker images no longer has the cap_net_bind_service capability and thus Humio cannot bind directly to privileged ports when running as a non-root user.
Packages
- Parser installation will now be ignored when installing a package into a system repository.

Bug Fixes

UI Changes
- Fixed an issue where some warnings would show twice.
Functions
- Revised some of the error messages and warnings regarding join() and selfJoin().
Other
- Fix a bug that could cause a NumberFormatException to be thrown from ZookeeperStatsClient.
- Fixed an issue where strings like Nana and Information could be interpreted as NaN (not-a-number) and infinity, respectively.

Humio Server 1.49.0 Not Released (2022-07-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.49.0

Not Released

2022-07-26

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

Not released.

Humio Server 1.48.1 Preview (2022-07-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.48.1

Preview

2022-07-19

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

Bug fixes and an updated dependency, released to cloud only.

Removed
Items that have been removed as of this release.
Installation and Deployment
Remove the following feature flags and their usage: EnterpriseLogin, OidcDynamicIdpProviders, UsagePage, RequestToActivity, CommunityNewDemoData.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated enabledFeatures query. Use the new featureFlags query instead.

Improvements, new features and functionality

UI Changes
- Add missing accessibility features to the login page.
- The Live checkbox is now no longer checked automatically when changing the value of the time window in the Time Selector. See Changing Time Frame for details.
- Updated styling on the log in pages.
GraphQL API
- Expose a new GraphQL type with feature flag descriptions and whether they are experimental.
Other
- Include the requester in logs from QuerySessions when a live query is restarted or cancelled.
- Added detection and handling of all queries being blocked during Humio upgrades.
- Add flag whether a feature is experimental.
- All feature flags now contains a textual description about what features are hidden behind the flag.

Bug Fixes

UI Changes
- When viewing the events behind e.g. a Time Chart, the events will now only display with the @timestamp and @rawstring columns.
Dashboards and Widgets
- The theme toggle on a shared dashboard was moved to the header panel and no longer overlaps with any widgets.
Other
- Fixes the placement of a confirmation dialog when attempting to change retention.
- Fix response entities not being discarded in error cases for the proxyqueryjobs endpoint, which could cause warnings in the log.

Humio Server 1.48.0 Not Released (2022-07-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.48.0

Not Released

2022-07-19

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

Not released.

Humio Server 1.47.1 Preview (2022-07-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.47.1

Preview

2022-07-12

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

Bug fixes and an updated dependency, released to cloud only.

Improvements, new features and functionality

Falcon Data Replicator
- FDR polling is now turned on by default. Whether FDR polling should be turned on or off on a node can be configured using the ENABLE_FDR_POLLING_ON_NODE configuration variable.
UI Changes
- If Humio fails to start because the cluster is being upgraded, a dedicated message will show when launching the UI.
GraphQL API
- Added preview fields isClusterBeingUpdated and minimumNodeVersion to the GraphQL Cluster object type.
- Added a new dynamic configuration flag QueryResultRowCountLimit that globally limits how many results (events) a query can return. This flag can be set by administrators through GraphQL. See Limits & Standards for more details.
Configuration
- Added a new dynamic configuration GroupDefaultLimit. This can be done through GraphQL. See Limits & Standards for details. If you've changed the value of MAX_STATE_LIMIT, we recommend that you also change GroupDefaultLimit and GroupMaxLimit to the same value for a seamless upgrade, see groupBy() for details.
- Introduced new dynamic configuration LiveQueryMemoryLimit. It can be set using GraphQL. See Limits & Standards for details.
- Introduced new dynamic configuration JoinRowLimit. It can be set using GraphQL and can be used as an alternative to the environment variable MAX_JOIN_LIMIT. If the JoinRowLimit is set, then its value will be used instead of MAX_JOIN_LIMIT. If it is not set, then MAX_JOIN_LIMIT will be used.
- Introduced new dynamic configuration StateRowLimit. It can be set using GraphQL. See Limits & Standards for details.
- New configurations BUCKET_STORAGE_SSE_COMPATIBLE that makes bucket storage not verify checksums of raw objects after uploading to an S3. This option is turned on automatically is KMS is enabled (see S3_STORAGE_KMS_KEY_ARN) but is available directly here for use with other S3 compatible providers where verfying even content length does not work.
  Mini segments usually get merged if their event timestamps span more than MAX_HOURS_SEGMENT_OPEN. Mini segments created as part of backfilling did not follow this rule, but will now get merged if their ingest timestamps span more than MAX_HOURS_SEGMENT_OPEN.
- Introduced new dynamic configuration GroupMaxLimit. It can be set using GraphQL. See Limits & Standards for details.
- Support for KMS on S3 bucket for Bucket Storage. Specify full ARN of the key. The key_id is persisted in the internal BucketEntity so that a later change of the ID of the key to use for uploads will make Humio still refer the old keyID when downloading files uploaded using the previous key. Setting a new value for the target key results in a fresh internal bucket entity to track which files used kms and which did not. For simplicity it is recommended to not mix KMS and non-KMS configurations on the same S3 bucket.
  - New configuration variable S3_STORAGE_KMS_KEY_ARN that specifies the KMS key to use.
  - New configuration variable S3_STORAGE_2_KMS_KEY_ARN for 2nd bucket key.
  - New configuration variable S3_RECOVER_FROM_KMS_KEY_ARN for recovery bucket key.
- Introduced new dynamic configuration QueryMemoryLimit. It can be set using GraphQL. See also LiveQueryMemoryLimit for live queries. For more details, see Limits & Standards.
Dashboards and Widgets
- Applied stylistic changes for the Inspect Panel used in Widget Editor.
- Table widgets will now break lines for newline characters in columns.
Other
- All users will not have access to the audit log or search all view by default anymore. Access can be granted with permissions.
- The audit log system repository on Cloud has been replaced with a view, so that dashboards etc. can be created on top of audit log data.
- Improved performance of validation of keys in tags.
- The referrer meta tag for Humio has been changed from no-referrer to same-origin.
- Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.
- Fix a bug that could cause Humio to spuriously log errors warning about segments not being merged for datasources doing backfilling.

Bug Fixes

Functions
- Fixed a bug where using eval as an argument to a function would result in a confusing error message.
Other
- Fix type in Unregisters node text on cluster admin UI.

Humio Server 1.47.0 Not Released (2022-07-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.47.0

Not Released

2022-07-12

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

Not released.

Humio Server 1.46.0 Preview (2022-07-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.46.0

Preview

2022-07-05

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

Bug fixes and an updated dependency, released to cloud only.

Improvements, new features and functionality

UI Changes
- In lists of users, with user avatars containing user initials, the current user would sometimes appear to have an opening parenthesis as their last initial.
- New styling of errors on search and dashboard pages.
GraphQL API
- Improved error messaging of GraphQL queries and mutations for alerts, scheduled searches and actions in cases where a given repository or view cannot be found.
Dashboards and Widgets
- Added empty states for all widget types that will be rendered when there are no results.
- Sorting of Pie Chart widget categories, descending by value. Categories grouped as Others will always be last.
- The widget legend column width is now based on the custom series title (if specified) instead of the original series name.
- Introducing the Heatmap widget that visualizes aggregated data as a colorised grid.
- Better handling of dashboard connections issues during restarts and upgrades.
Other
- Fix a bug causing Humio's digest coordinator to allow nodes to take over digest without catching up to the current leader. This could cause the new leader to replay more data from Kafka than necessary.
- When unregistering a node from a cluster, return a validation error if it is still alive. Hosts should be shut down before attempting to remove them from the cluster. This validation can be skipped using the same accept-data-loss parameter that also disables other validations for the unregistration endpoint.
- Make a number of improvements to the digest partition coordinator. The coordinator now tries harder to avoid assigning digest to nodes that are not caught up on fetching segments from the other nodes. It also does a better job unassigning digest from dead nodes in edge cases.
- Remove remains of default groups and roles. The concept was replaced with UserRoles.

Bug Fixes

Falcon Data Replicator
- FDR Ingest will no longer fail on events that are larger than the maximum allowed event size. Instead, such messages will be truncated.
UI Changes
- Intermediate network issues are not reported immediately as an error in the UI.
Configuration
- Fixed a bug that could result in merging small ("undersized") segments even if the resulting segment would then have a wider than desired time span. The goal it to not produce segments that span more than the 10% of the retention setting for time for the repository. If no time-based retention is configured on the repository, then 3 times the value of configuration variable MAX_HOURS_SEGMENT_OPEN is applied as limit. For default settings, that results in 72 hours.
Functions
- Fixed a bug where the writeJson() function would write any field starting with a case-insensitive inf or infinity prefix as a null value in the resulting JSON.
Other
- Kafka upgrades to 3.2.0 in the Docker images and in the Humio dependencies.

Humio Server 1.45.0 Preview (2022-06-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.45.0

Preview

2022-06-28

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

Bug fixes and an updated dependency, released to cloud only.

Improvements, new features and functionality

Configuration
- Adds a new metric for measuring the merge latency, which is defined as the latency between the last minisegment being written in a sequence with the same merge target, and those minisegments being merged. The metric name is segment-merge-latency-ms.
- Adds a new logger job that logs the age of an unmerged miniSegment if the age exceeds the threshold set by the env variable MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING. The default value of MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING is 2 x MAX_HOURS_SEGMENT_OPEN. MAX_HOURS_SEGMENT_OPEN defaults to 24 hours. The error log produced looks like: Oldest unmerged miniSegment is older than the threshold thresholdMs={value} miniSegmentAgeMs={value} segment={value}.
Dashboards and Widgets
- The Bar Chart widget now works with bucket query results.
- The Pie Chart widget now uses the first column for the series as a fall back option.
- Note widget:
  - Default background color is now Auto.
  - Introduced the text color configuration option.
Other
- Bump the version of the Monaco code editor.
- Added a log message with the maximum state size seen by the live part of live queries.

Bug Fixes

UI Changes
- Websocket connections are now kept open when transitioning pages, and are used more efficiently for syntax highlighting.
- Fix the dropdown menus closing too early on the home page.
Dashboards and Widgets
- The Time Chart widget regression line is no longer affected by the interpolation setting.
Other
- Make streaming queries search segments newest-to-oldest rather than oldest-to-newest. Streaming queries do not ensure the order of exported events anyway, and searching newest-to-oldest is more efficient.
- Fix a bug causing digesters to continue digesting even if the local disk is full. The digester will now pause digesting and error log if this occurs.
- Bump woodstox to address SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754.
- Some errors messages wrongly pointed to the beginning of the query.

Humio Server 1.44.0 Preview (2022-06-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.44.0

Preview

2022-06-21

Cloud

On-Prem

2023-08-31

No

1.30.0

11

No

Bug fixes and an updated dependency, released to cloud only.

Removed
Items that have been removed as of this release.
API
The deprecated REST API for actions has been removed, except for the endpoint for testing an action.

Improvements, new features and functionality

UI Changes
- Toggle switches anywhere in the UI are now tabbable and can be accessed using the keyboard.
- Improved keyboard accessibility for creating repositories and views.
Configuration
- Default value of configuration variable S3_ARCHIVING_WORKERCOUNT raised from 1 to (vCPU/4).
- Introduced new dynamic configuration flag JoinRowLimit. It can be set using GraphQL. The flag can be used as an alternative to the environment variable MAX_JOIN_LIMIT. If the join-row-limit flag is set, then its value will be used instead of MAX_JOIN_LIMIT. If it is not set, then MAX_JOIN_LIMIT will be used.
- Introduced the new dynamic configuration QueryMemoryLimit. It can be set using GraphQL. The flag replaces the environment variable MAX_MEMORY_FOR_REDUCE, so if you have changed the value of MAX_MEMORY_FOR_REDUCE, please use QueryMemoryLimit now instead. See Limits & Standards for more details.
- Added a link to humio-activity repository for debugging IDP configurations to the page for setting up the same.
- Introduced the new dynamic configuration StateRowLimit. It can be set using GraphQL.
- Added a new environment variable GROUPBY_DEFAULT_LIMIT which sets the default value for the limit parameter of groupBy(). See groupBy() documentation for details.
Dashboards and Widgets
- Bar Chart widget:
  - The Y-axis can now start at smaller values than 1 for logarithmic scales, when the data contain small enough values.
  - It now has an Auto setting for the Input Data Format property, see Wide or Long Input Format for details.
  - Now works with bucket query results.
- The dashboards page now displays the current cluster status.
- Single Value widget:
  - Missing buckets are now shown as gaps on the sparkline.
  - Isolated data points are now visualised as dots on the sparkline.
- The Normalize option for the World Map widget has been replaced by a third magnitude mode named None, which results in fixed size and opacity for all marks.
Log Collector
- The Log Collector download page has been enabled for on-prem deployments.
Other
- Adds a new metric for the temp disk usage. The metric name is temp-disk-usage-bytes and denotes how many bytes are used.
- Added a log of the approximate query result size before transmission to the frontend, captured by the approximateResultBeforeSerialization key.
- Add warning when a multitenancy user is changing data retention on an unlimited repository.
- Improved performance of NDJSON format in S3 Archiving.
- Adds a logger job for cluster management stats it log the stats every 2 minutes, which makes them searchable in Humio.
  The logs belong to the class c.h.c.ClusterManagementStatsLoggerJob, logs for all segments contains globalSegmentStats log about singular segments starts with segmentStats.

Bug Fixes

Security
- Update Netty to address CVE-2022-24823.
- Bump javax.el to address CVE-2021-28170.
Other
- Fix a bug where changing a role for a user under a repository would trigger infinite network requests.
- If a segment is deleted or otherwise disappears from global while Humio is attempting to upload it to bucket storage, the upload will now be dropped with an info-level log, rather than requeued with an error log.
- Improve file path handling in DiskSpaceJob to eliminate edge cases where the job might not have been able to tell if a file was on primary or secondary storage.
- Update org.json:json to address a vulnerability that could cause stack overflows.
- Fix an issue causing the event forwarding feature to incorrectly reject topic names that contained a dash (-).
- Fixed a bug where multiline comments weren't always highlighted correctly.

Humio Server 1.42.2 Stable (2022-10-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.42.2

Stable

2022-10-05

Cloud

On-Prem

2023-06-30

No

1.30.0

11

No

JAR Checksum	Value
MD5	c129f5c1d5d5cf469abdfd604267b6d6
SHA1	737393d0e02fc6a3e5599a20d3b7f640d0ce3347
SHA256	e283e268d4d268a21f0e7fe2f6ff08582a96cb6d37dd28b020670eb3600a8e86
SHA512	6cc3f4ad41b46d71ff67db7a4720e1a027583938ec1158b1fa45de8943030caf70e4b7b50dea9c42c92b3bb6d9ab335783a9b5f12dd9b79e240e4eadceac17ba

Docker Image	SHA256 Checksum
humio	4a5399bb43705c9e2f95d745fd87766552d9f1ef74d459feb3e10244b958d37e
humio-core	070dff4cd2a472994ad4999d36b98c1592fb6be703c9f2ae590f278dc47339e4
kafka	a5447202b222b70d6569e03668056e6059621894d3287f6d92f0e4ecbfb50a34
zookeeper	6487f4600d004f1ea797a86bef307781ac8840b438c28c8405ffdfd334205f99

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.2/server-1.42.2.tar.gz

Bug fixes and updates.

Bug Fixes

Security
- Update Scala to address CVE-2022-36944.
Other
- Fix performance issue for users with access to many views.

Humio Server 1.42.1 Stable (2022-07-18)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.42.1

Stable

2022-07-18

Cloud

On-Prem

2023-06-30

No

1.30.0

11

No

JAR Checksum	Value
MD5	0d84ae2bac065c74f033b3f510812cf6
SHA1	aa21f410e29c6189b56526c42d4414398544f3e3
SHA256	6b59d546a2f271d499b857b290f6c283b90282a5d9a213bc037652367f258c4d
SHA512	688242a795f9526828841faabc34e59e048439a1c748842d0a0fdf8eb8dffa99ce2f5281fa1c067dbbbac3db0494af006f46d3917de4f85c73372d536a102d97

Docker Image	SHA256 Checksum
humio	d83d0ea9247637ce91d2b84123659858624fe329583e1c6fe6900bd4eaa4acae
humio-core	14ec97ed7bf950b0e0669627babebfb3e5ca67b38cc40d116254567ee4e9199d
kafka	e9a4ee28381265a1b80071257996003a9bea0e29234a6394477d8859cb546e68
zookeeper	b377e734d662fe80b4dbc6b355965694464e437a2e0855272b9652ac9225b050

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.1/server-1.42.1.tar.gz

Bug fixes and an updated dependency.

Improvements, new features and functionality

UI Changes
- The Save As... button is now always displayed on the Search page.

Bug Fixes

Other
- Compute next set of Prometheus metrics only in a single thread concurrently. If more requests arrive, then the next request gets the previous response.
- Updated dependencies to woodstox to fix a vulnerability.

Humio Server 1.42.0 Stable (2022-06-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.42.0

Stable

2022-06-17

Cloud

On-Prem

2023-06-30

No

1.30.0

11

No

Yes

JAR Checksum	Value
MD5	6f0306d98c1f4931a083fe9211841ea1
SHA1	afee8f0c7c705b0c6b54c5a3321cf7ed6bbfc6f2
SHA256	0167bd6ae46368db74434133b9881380fd6c389c9ea35ac5612d9a643366d3ac
SHA512	e66acd012641e19d6c8c7613a56302c66138902912eb3aaa2157fef4199b6e77b20367be49bd90f2b430573b6317bd7214600436edfaf52cbffc108c0c414fd6

Docker Image	SHA256 Checksum
humio	37cb34cccd8e0b749308f96bc49cd67c92ca6af537e5c01cec0ecf4d26d2712f
humio-core	958fc373d5cf0da75861981cbf6fb3cead3c41388480d72b4bb7ad85734bc0cd
kafka	aea9942f9b789b058984dc348fa91657c8be210ad9d6f85ed8e0fdd6f09e408d
zookeeper	d52cd8f48f55cf09db7426a746b536face085b8b919ed1cdc1ce57f7e74d450e

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.42.0/server-1.42.0.tar.gz

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The Feature Flag, CookieAuthServerSide, has been deprecated as cookie authentication is now enabled by default. Instead, the configuration field ENABLE_BEARER_TOKEN_AUTHORIZATION has been introduced.
The local disk based backup feature described at Making Back-Ups is deprecated, and is planned for removal in September 2022. We have found that restoring backups using this feature is difficult in practice, it is not commonly used, and the backup/restore functionality is covered by the bucket storage feature as well. For these reasons, we are deprecating this feature in favour of bucket storage.
The DELETE_BACKUP_AFTER_MILLIS configuration parameter, which controls the delay between data being deleted in Humio and removed from backup, will be retained, since it controls a similar delay for bucket storage. Customers using local disk based backups should migrate to using bucket storage instead. Systems not wishing to use a cloud bucket storage solution can keep backup support by instead installing an on-prem S3- or GCS-compatible solution, such as MinIO.

Improvements, new features and functionality

Falcon Data Replicator
- Added the fdr-message-count metric, which contains the approximate number of messages on an FDR feed's SQS queue.
- Added the fdr-invisible-message-count metric, which contains the approximate number of invisible messages on an FDR feed's SQS queue.
- Improved error logging, when an FDR feed fails to download data from an S3 bucket. It now clearly states when a download failed because the S3 bucket is located in a different region than the SQS queue.
UI Changes
- The Format Panel is now available for changing the style of the data displayed in the Event list — see Changing the Data Display.
- Both the Scatter Chart and the Bar Chart widgets now support automatically adding/toggling axis and legend titles based on the mapped data.
- The Fields Panel now enables you to fetch fields beyond those from the last 200 events — see Adding and Removing Fields.
Configuration
- Improve the error message if Humio is configured to use bucket storage, but the credentials for the bucket are not configured.
Dashboards and Widgets
- The Gauge widget is being deprecated in favour of the Single Value widget. Configurations of the former widget are compatible with the latter. This means that persisted configurations of the Gauge widget (url / dashboard widgets / saved queries / recent queries) are still valid, but are visualised using the Single Value widget instead.
- The Single Value widget is now available. Construct a query which returns any single value, or use the timeChart() query function to create a single-value widget instance with sparkline and trend indicators.
Log Collector
- The Humio Log Collector can now be downloaded from the Organizational Settings page, see the Log Collector Documentation for a complete list of the supported logs formats and operating systems.
Functions
- ioc:lookup() would sometimes give incorrect results when negated.
- worldMap() accepts more magnitude functions, anonymous functions and the percentile() function.
- worldMap() will warn about licensing issues with IP database.
- sankey() now accepts more weight functions such as anonymous functions and the percentile() function.
Other
- Fixed an issue that if download of IOCs took more than an hour, Humio would indefinitely start a new download every hour which would eventually fail.
- Fixed an underlying bug causing addToExistingJob did not find the existing job to be error logged unnecessarily. Humio may decide to fetch a segment from bucket storage for querying. If this decision is made right as the query is cancelled, Humio could log the message above. With this fix, Humio will instead skip downloading the segment, and not log the error.
- Ensured that errors during view tombstone removal are logged and don't prevent the RetentionJob from performing other cleanup tasks.
- Fixed an issue where Humio's Zookeeper monitoring page would show X/0 followers in sync.
- Email actions can now add the result set as a CSV attachment.
- When cleaning up a deleted data space, don't error log if two nodes race to delete the data space metadata from global.
- Logging to the humio-activity repository is now also done for events in sandbox repositories.
- Specifying a versionless packageId will load the newest version of that package.
- Fixed an issue where a scheduled search could trigger actions multiple times for the same time period if actions took a long time to finish.

Humio Server 1.40.0 Stable (2022-05-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.40.0

Stable

2022-05-12

Cloud

On-Prem

2023-05-31

No

1.30.0

11

No

Yes

JAR Checksum	Value
MD5	8a733e1201103eeef32e63b0bf4c8977
SHA1	5b217fb48f1b5684330ec70fc5d20d322b0a75f8
SHA256	8838d422459feb6a56d1f15578c581fec7983165635fb4e74f312c2cc4da8046
SHA512	94bb617a37475918313decc3bf56696890c90d3e3f91de78dccb9431fee0b1bba8d90f60f0d591f5acbea7c6e09c5cb57ddf95fba088a34efc92a0899ac4aef9

Docker Image	SHA256 Checksum
humio	7c9b77b32fc84e31ecc57461ae3e8bfac9b584fb6fb3af0b909bd7e05903d0d8
humio-core	9326081840d3f852df54702c9d5e72ea492d49c55aab51ed83b1b234439c4ec7
kafka	344a06f56ada7ea9af2c7c5d146fa07f6fda87be750a7283e6f753189b42a0b5
zookeeper	42cdbca9d0ce73516a27beda618390a40db3e086580ce3d6ab2779c1952980ee

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.40.0/server-1.40.0.tar.gz

1.40 REQUIRES minimum version 1.30.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.30.0+ first. After running 1.40.0 or later, you cannot run versions prior to 1.30.0.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Configuration
The selfJoin() query function was observed to cause memory problems, so we have set a limit of .0.0 output events (there was previously no bound). This limit can be adjusted with the GraphQL mutation setDynamicConfig with configuration flag SelfJoinLimit. A value of -1 returns selfJoin to its old, unbounded version.

Improvements, new features and functionality

Falcon Data Replicator
- The static configuration variable ENABLE_FDR_POLLING_ON_NODE is no longer supported, as its functionality has been replaced with the dynamic configurations listed above.
- Introduced dynamic configuration options for changing FDR polling behaviour at runtime. FDR polling is not enabled by default, so you should take care to set up these new configurations after upgrading, or you will risk that your FDR data isn't ingested into Humio before it is deleted from Falcon.
- Using the dynamic configuration option FdrEnable, administrators can now turn FDR polling on/off on the entire cluster with a single update. Defaults to false.
- Using the dynamic configuration option FdrMaxNodes, administrators can put a cap on how many nodes should at most simultaneously poll data from the same FDR feed. Defaults to 5 nodes.
- Using the dynamic configuration option FdrExcludedNodes, administrators can now exclude specific nodes from polling from FDR. Defaults to the empty list, so all nodes will be used for polling.
- It is now possible to test an FDR feed in the UI, which will test that Humio can connect to the SQS queue and the S3 bucket.
- Fixed an issue where exceptions in FDR were not properly logged.
UI Changes
- Introducing the new Scatter Chart widget (previously known as XY):
  - It supports long data format (one field for the series name and one field for the y values) as well as wide format (one field per series value).
  - You can now visualize data in the Scatter Chart when queried with the timeChart(), bucket() and groupBy() functions, as well as the table() function like before.
- Added style options to either truncate or show full legend labels in widgets.
- Improvements to the Sankey Diagram widget, it now has multiple style options; show/hide the y-axis, sorting type, label position, and colors plus labels for series.
- Added support in fieldstats() query function for skipping events. This is used by the UI, but only in situations where we know an approximate result is acceptable and where processing all events would be too costly.
- Improvements to the Pie Chart widget, it now has a max series setting similar to the Time Chart widget.
- Events with JSON data can now be collapsed and expanded in the Json panel.
- Syntax highlighting for XML, JSON and accesslog data now uses more distinguishable colors.
- The @timestamp column is now allowed to be moved amongst the other columns in the event list.
- When using a widget that is not compatible with the current data, the Reset Widget Type button now works again.
- The widget dropdown can now be navigated with the keyboard.
- Keep empty lines in queries when exporting assets as templates or to packages.
GraphQL API
- Added two new organization level permissions: DeleteAllRepositories and DeleteAllViews that allow repository and view deletion, respectively, inside an organization.
- The GraphQL queries and mutations for FDR feeds are no longer in preview.
- Removed the following deprecated GraphQL fields: UserSettings.settings, UserSettings.isEventListOrderChangedMessageDismissed, and UserSettings.isNewRepoHelpDismissed.
- Changed permission token related GraphQL endpoints to use enumerations instead of strings.
- It is now possible to refer a parser by name when creating or updating an ingest listener using the GraphQL API mutations createIngestListenerV3 and updateIngestListenerV3. It is now also possible to change the repository on an ingest listener using updateIngestListenerV3. The old mutations createIngestListenerV2 and updateIngestListenerV2 have been deprecated.
- Removed the deprecated clientMutationId argument from the GraphQL mutation updateSettings.
- Marked experimental language features as preview in GraphQL API.
- Added a GraphQL mutation deleteSearchDomainById that deletes views or repositories by ID.
- It is now possible to refer a parser by name when creating an ingest token or assigning a parser to an existing ingest token using the GraphQL API mutations addIngestTokenV3 and assignParserToIngestTokenV2. The old mutations addIngestTokenV2 and assignParserToIngestToken have been deprecated.
- Added a new GraphQL mutation to rename views or repositories by ID.
Configuration
- Added a new config NATIVE_FADVICE_SUPPORT (default true) to allow turning off the use of fadvice internally.
- Amended how Humio chooses segments to download from bucket storage when prefetching. If S3_STORAGE_PREFERRED_COPY_SOURCE is false, the prefetcher will only download segments that are not already on another host. Otherwise, it will download as many hosts as necessary to follow the configured replication factor. This should help avoid excessive bucket downloads when nodes in the cluster have lots of empty disk space.
- Validate block CRCs before uploading segment files to bucket storage. Can be disabled by setting VALIDATE_BLOCK_CRCS_BEFORE_UPLOAD to false.
- Added a new config NATIVE_FALLOCATE_SUPPORT (default true) to allow turning off the use of fallocate and ftruncate internally.
- Require that {S3/GCS}_STORAGE config must be set before {S3/GCS}_STORAGE_2 is set.
- Added a new configuration variable BUCKET_STORAGE_TRUST_POLICY for the dual-bucket use case. This setting configures which bucket is considered the "trusted" bucket when two buckets are configured, which impacts when Humio considers data to be safely replicated. Supported values are Primary for trusting the primary bucket, Secondary for trusting the secondary bucket, TrustEither for considering data safely replicated if it is in either bucket, and RequireBoth for considering data safely replicated only if it is in both buckets. This config replaces the BUCKET_STORAGE_2_TRUSTED configuration, true in the old configuration equates to Secondary in the new configuration. The default value of the new configuration is Secondary.
Dashboards and Widgets
- Improvements to the Time Chart widget:
  - It now has an option to show the underlying data points, which makes it possible to inspect the behaviour of the different interpolation methods.
  - Trend lines can now be added in the chart.
- Introducing the Single Value widget. Construct a query which returns any single value, or use the timeChart() query function to create a single-value widget instance with sparkline and trend indicators.
- Improvements to the Bar Chart widget:
  - Added style options to name the x and y axis.
  - Added option for interpreting the resulting query data as either wide or long format data.
  - Added option to set a max label length for the x-axis, instead of the bottom padding option. With auto-padding and this style option, it is easier to fit the wanted information in the view.
  - It is now possible to configure bar charts to have a logarithmic y axis.
  - Introduced the stacked bar charts option.
  - It no longer has an artificial minimum height for bars, as this may distort at a glance interpretations of the chart.
  - It no longer has sorting by default, which means that the order will be identical to the query result. You can now sort the x axis of the bar chart by using the sort() query function, if sort by series in the style options is not set.
  - It now has a max series setting similar to the Time Chart widget.
Functions
- The findTimestamp() function now supports date formats like 23FEB2022, that is date, literal month and year without any separators in between. Other formats still require separators between the parts.
Other
- Fixed an ingest bug where, under some circumstances, we would reverse the order of events in a batch.
- Fixed bugs related to repository deletes.
- It is now possible to create a view with the same name as a deleted view.
- Fixed an ingest bug where if multiple types of errors occurred for an event we would only add error fields describing one of them. Now we always report all errors.
- Added a new system-level permission allowing changing the user name of a user.
- Fixed an issue where OrganizationStatsUpdaterJob would repeatedly post the error com.humio.entities.organization.OrganizationSingleModeNotSupported: Not supported when using organizations in single mode when the cluster was configured for only one organization.
- Fixed an issue where query cancellation could in rare cases cause the query scheduler to throw exceptions.
- Fixed how relative time is displayed.
- Ingest listeners are now only stopped, not deleted, when a user deletes a repository. If the repository is restored, the ingest listener will be restarted automatically. When it is no longer possible to restore the repository, the ingest listener will be deleted.
- Added support for restoring deleted repositories and views when using bucket storage. See Delete a Repository or View.
- Humio is now more strict during a Kafka reset to avoid global desyncs. Only one node will be allowed to boot on the new epoch, remaining nodes won't be allowed to use their snapshots, and will need to fetch a fresh global snapshot from that node.
- If the query scheduler attempts to read a broken segment file, it may be able to fetch a new copy from bucket storage in some cases. Humio will now only allow this if it can be guaranteed that no events from the broken segment have been added to the query result. Otherwise the query will receive a warning.
- Fixed an ingest bug where we might discard @timezone and @error fields in events with too many fields. Now we always retain those and only discard other fields.
- Fixed a bug with UTF-8 serialization of 4-byte codepoints (emojis etc.).
- When Humio detects multiple datasources for the same set of tags, it will not deduplicate them by selecting one source to keep and marking the others replaced.
- Added humio-token-hashing.sh to the Humio bin directory. This invokes a utility for generating root tokens.
- Added more visibility on organization limits when changing the retention settings on a repository.
- Fixed an issue that links in alerts from OpsGenie actions were not clickable.
- Added humio-decrypt-bucket-file.sh to the Humio bin directory. This invokes a utility for decrypting files downloaded from bucket storage.
- Fixed an ingest bug where sometimes we wouldn't turn event fields into tags if we fell back to using the key-value parser. Now we always turn fields into tags.
- It is no longer possible to create ingest listeners on system repositories using the APIs. Previously, it was only prohibited in the UI.
- Fixed a caching-related issue with groupBy() in live queries that would briefly cause inconsistent results.
- Webhook action now includes the 'Message Body Template' for PATCH and DELETE requests as well if it is not empty.
- Fixed a race condition between nodes creating the merge result for the same target segment, and also transferring it among the nodes concurrently. If a query read the file during that race, an in-memory cache of the file header might hold contents that did not match the local file, resulting in Broken segment warnings in queries.
- Added a feature that allows deletion of repositories and views on cloud.
- When calculating the starting offset in Kafka for digest, Humio will now trust that if a segment in global is listed as being in bucket storage, that segment is actually present in bucket storage. Humio no longer double checks by asking bucket storage directly.
- Fixed an issue where download of IOCs from another node in the cluster could start before the previous download had finished, resulting in too many open connections between nodes in the cluster.
- Fixed an issue where Filebeat 8.1 would not be compatible unless output.elasticsearch.allow_older_versions was set to true.
- Renamed the Humio tarball distribution to humio-1.39.0.tar.gz instead of humio-release-1.39.0.tar.gz. The file now contains a directory named humio-1.39.0 instead of humio-release-1.39.0.
- Updating alert labels using the addAlertLabel and removeAlertLabel mutations now requires the ChangeTriggersAndActions permission.
- Fixed an issue where the UI would not detect parameters in a query when using saved queries from a package.
- Made changes to Humio's tracking of bucket storage downloads. This should avoid some rare cases where downloads could get stuck.
- Reduced the amount of time Humio will spend during shutdown waiting for in-progress data to flush to disk to 60 seconds from 150 seconds.
- Fixed an issue that could cause creation of two datasources for the same tag set if messages with the same tags happened to arrive on different Kafka partitions.
- During ingest, if an event has too many fields we now sort the fields lexicographically and remove fields from the end. Before, there was no system to which fields were retained, it was effectively random.
- Adding and removing queries from the query blocklist is now audit logged as two separate audit log event types, query-blocklist-add and query-blocklist-remove, rather than the single event type blocklist.
- Improved the phrasing of some error messages.
- Fixed a bug where accessing a csv file with records spanning multiple lines would fail with an exception.
- The REST API for ingest listeners has been deprecated.
- Improved distribution of new autosharded datasources.
- Fixed an issue where an exception in rare cases could cause ingest requests to fail intermittently.
- The query scheduler improperly handled regex limits being hit, it should result in a warning on the query. In some cases it was handled by retrying the segment read.
- Fixed an issue where the set-replication-defaults config endpoint could attempt to assign storage to nodes configured not to store segments.
- Fixed an issue where some errors showed wrong positions in the search page query field.
- It is no longer possible to delete a parser that is used by an ingest listener. You must first assign another parser to the ingest listener.
- Fixed an issue where audit logging of alerts, scheduled searches and actions residing on views would yield incomplete or missing audit logs.
- Fixed an issue where NetFlow parsing would crash if it received an options data record.
- It is now validated, that the parser supplied when creating or updating an ingest listener, exists.
- Fixed an ingest bug where, when truncating an event with too many fields, we wouldn't count error fields, leading to the event still being larger than the maximum size.
- Fixed an issue where Filebeat 8.0 would not be compatible unless setup.ilm.enabled was set to false.
- Create, update and delete operations on ingest listeners are now always audit logged. Previously, they were only logged when performed through the REST API. Also, the audit log format has been updated to be similar to the format of other assets. Look for events with the type field set to ingestlistener.create, ingestlistener.update, and ingestlistener.delete.
- Fixed an issue when using bucket storage alongside secondary storage, where Humio would download files to the secondary storage but register them as present in the primary. It will now download and register them as present on the secondary storage.
- Fixed duplicate Change triggers and actions entry in view permission token page.
- Fixed an issue that could cause an exception to be thrown in the ingest code if digest assignment changed while a local segment file being written was still empty.
- Improved performance of formatting action messages, when the query result for an alert or scheduled search contains large events.
- Improved distribution onto partitions of tag combinations (datasources) that are affected by auto sharding, resulting in less collisions.
- Improved the flow of creating a blocked query.
- Humio will now periodically log node configs to the debug log, in addition to the existing log of config on node boot. These logs will come from com.humio.jobs.ConfigLoggerJob.
- When shared dashboards are disabled or become inaccessible because of IP filters, they will now be completely unreachable, and any dashboards already open will show an informative error message.
- It is no longer possible to use experimental functions in Alerts, Parsers, and Event Forwarding. They are now only available on the search page.
- Webhook action has been updated to only allow the following HTTP verbs: GET, HEAD, POST, PUT, PATCH, DELETE and OPTIONS.
- Added a feature that allows regular users with delete permissions on cloud to rename views and repositories.
- Fixed an issue where non-default log formats such as log4j2-json-stdout.xml that logs to STDOUT were not fully in control of their output stream, as log entries of level ERROR were also printed directly to stderr from within the code. The default log4j2 configuration now includes a Console appender that prints errors to stdout, achieving the same result, while allowing the other formats to fully control their output stream.
- Fixed an issue that could cause the query scheduler to erroneously retry searching a bucketed segment.
- When logging Kafka consumer and producer metrics, Humio will now log repeated metrics like records-lag-max once per partition, with the partition specified in the partition field.
- Automatic system removals of queries expired from the blocklist are now audit logged as well.

Humio Server 1.38.2 Stable (2022-06-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.38.2

Stable

2022-06-13

Cloud

On-Prem

2023-03-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	c00de7af24633422654b3d16a764d753
SHA1	6c3043c27e5c7b3c7353f0f0e5e3e5b876319314
SHA256	6770856e5dcf19eee5384eecc40617fed15d92e2c2872ff7432f63bf43867c4a
SHA512	7660d46ca1700336ce6fd2390e4b6de5b15963693499a6313513ff63ee9cedb6f99e1f595465ae3b1c420d0ba9b4626abe0ba81450f3bd7e92d528b0b1f51c6d

Docker Image	SHA256 Checksum
humio	1290b8e98ae3553b092879867a433077a1eb7ff626c989d01d14f71218644072
humio-core	4a9c5aa23b7842034e34dda4aaffcb12f6f23a8e1c2cf04933b44a8cdafbe74d
kafka	04d14b84378ac9f6787af1b8477a0d2cbd6979da283bde177470d1af85a01637
zookeeper	46aa8bbcaa2c64cfa7afdb6e07df0783658b4983a6727ca6670989364e687477

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.2/server-1.38.2.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

Security
- Updated dependencies to fix vulnerabilities to CVE-2021-22573.
Summary
- Updated java script dependencies to fix vulnerabilities.

Humio Server 1.38.1 Stable (2022-04-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.38.1

Stable

2022-04-27

Cloud

On-Prem

2023-03-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	fcaf2c288bd1f7c0fbc63deca59aa53d
SHA1	aec8d78eb49ee4954f2e542f614c89595da0ec39
SHA256	d31c13fcecfd380562faddb7ba4662484aa2254f1f0f54591241341870c7ae83
SHA512	98134b241d67029255018c24032897623e91a3f54627c53e1c801bd4528b9ea13ab48abe328f2b76f40048bf4cb7dd45480a9398f6bd8dea4edb5db1d296b3da

Docker Image	SHA256 Checksum
humio	2d33f1706e053414996c9ac5d3533a15b637d3b321ad91362ac1a2fb4e54d722
humio-core	7c1a2c853c4d7c348cfe948340a0f4101eb92a9ce365943897bf6c34cf393312
kafka	e3fc06aca9f5df2e628fb6a2b78c39aaf1c1b682728eb74bbd87d018aa83b49a
zookeeper	73746eff47c136fc01bf5898c4fecf43d459d3f103ccd29e10edf2ce7c79255d

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.1/server-1.38.1.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

Summary
- Updated java script dependencies to fix vulnerabilities.
- Updated dependencies to Jackson to fix a vulnerability.
Other
- Use latest version of Java 1.13 on Docker image.
- Use latest version of Alpine on Docker image.

Humio Server 1.38.0 Stable (2022-03-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.38.0

Stable

2022-03-15

Cloud

On-Prem

2023-03-31

No

1.26.0

11

No

Yes

JAR Checksum	Value
MD5	83afa7f6d2c55efbb88387474efd1264
SHA1	5587c3365fcfb22e1a45ea96b9503497b705125e
SHA256	357591952ed12d0d9f93b084cff4b0ff6848d7a464071ff27edee9f921e23174
SHA512	7a88658b07d69f6a2fe151da8fe94ebfe0a1259ffa48c45df6154dcce4f6453fac8f78087cefdf869fb6322fa4e31a01f830d9db998293ebeabb0f2c8e3e5cfb

Docker Image	SHA256 Checksum
humio	9cd0f6a91b150bb51f9407451bd70c40dc49f730f76840e061a6570008d88453
humio-core	cff83e3a3ea8c455040ca31d4e8071a0f1c80be894fdde4cad768e69e1c449e5
kafka	d960ac292f781baa54c1388f4bbc94c77c1ae06b94a082a214777844f1435120
zookeeper	b2ab322170bfab4d221f6f5e4a4cca5751b2d97bcf75d451de4d24a00c775206

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.38.0/server-1.38.0.tar.gz

Humio can now poll and ingest data from the Falcon platform's Falcon Data Replicator(FDR) service. This feature can be used as an alternative to the standalone fdr2humio project. See the Ingesting FDR Data for more information.

Improvements, new features and functionality

Falcon Data Replicator
- Improved performance of FDRJob.
UI Changes
- Minor UX improvements (ie. accessibility) on the queries panel.
- On the time, bar and pie charts you can hold the ALT/OPTION key to display long legend titles.
- When changing focus inside a dialog with the keyboard, the focus will no longer move outside the dialog while it is open.
- Added a quick-fix for unknown escape sequences in the search field.
- When using the table visualisation in dark mode, empty table cells are now clearly discernible.
- First row entry in the statistics table on the repo page is now a table header and added hidden content to the empty table header in the new view page.
- Added a warning for unknown escape sequences in the search field.
- Hover information in the search field is shown despite an overlapping warning.
- Reworked the hover message layout and changed the hover information on text (in the search field).
- Better accessibility for queries panel. You can now tab to focus individual queries, and open a details panel. From here you can also access all actions in the details panel by tabbing.
- Added a quick-fix to convert non-ASCII quotes to ASCII quotes in the search field.
- Fixed a bug where the Package Marketplace would redirect to unsupported package versions on older Humio instances.
- Hover over parameter names and arguments in the search field now includes the default value.
- The Cluster Nodes table has been redesigned to allow for easier overview and copying the version-number.
- Fixed an issue where queries with tail() would behave in an unexpected manner when an event is focused.
- The bar and pie charts now support holding the SHIFT key to display unformatted numeric values.
- Visually hidden clipboard field is now hidden for assistive technologies/keyboard users.
- The search page now has focus states on the Language Syntax, Event List Widget and Save As buttons.
- Pop-ups and drop-downs will now close automatically when focus leaves them.
GraphQL API
- The PERMISSION_MODEL_MODE config option has been removed. All graphql related schema has also been removed.
- Fixed a bug in the response from calling the installPackageFromZip GraphQL mutation. Previously, the response type exposed a deprecated clientmutationid that could not be selected. Also now if form fields are missing they are properly reported in the response.
- Deprecates the ReadContents view action, in favor of ReadEvents. This also means ReadEvents has been undeprecated, as we have slightly changed how we consider read rights, and want the action names to match this.
Configuration
- The Property inter.broker.protocol.version in kafka.properties now defaults to 2.4 if not specified. Users upgrading Kafka can either set inter.broker.protocol.version manually in kafka.properties, or pass DEFAULT_INTER_BROKER_PROTOCOL_VERSION as an environment variable to Docker when launching the container. Please follow Kafka's upgrade guidelines when upgrading a Kafka cluster to avoid data loss https://kafka.apache.org/documentation/#upgrade_3_1_0.
- Reduce default value of INGESTQUEUE_COMPRESSION_LEVEL, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.
- Added new configuration NATIVE_FALLOCATE_SUPPORT (default true) to allow turning off the use of fallocate and ftruncate internally.
- Added config RDNS_DEFAULT_SERVER for specifying what DNS server is the default for the rdns query function.
- Added new settings for how uploads to bucket storage are validated. In the case that validation with etags are not available, content length can be used instead.
- When Kafka topic configuration is managed by Humio (default true) set max.message.bytes on the topics to the value of Config TOPIC_MAX_MESSAGE_BYTES, default is 8388608 (8 MB). Minimum value is 2 MB.
- Added new configuration NATIVE_FADVICE_SUPPORT (default true) to allow turning off the use of fadvice internally.
- Added config IP_FILTER_RDNS for specifying what IP addresses can be queried using the rdns query function.
- Added config IP_FILTER_RDNS_SERVER for specifying what DNS servers can be allowed in the rdns() query function.
- Added the config CORS_ALLOWED_ORIGINS a comma separated list for CORS allowed origins, default allows all origins.
- Fixed a bug where TLS_KEYSTORE_TYPE and TLS_TRUSTSTORE_TYPE would only recognize lower-case values.
Functions
- Fixed an issue where tail() could produce results inconsistent with other query functions, when used in a live query.
Other
- Fixed an issue with epoch and offsets not always being stripped from segments.
- Ensure only a cluster leader that still holds cluster leadership can force digesters to release partition leadership. This could cause spurious reboots in clusters where leadership was under contention.
- For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.
- Published new versions of the Humio Kafka Docker containers for Kafka 3.1.0.
- Added a new system-level permission that allows changing usernames of users.
- The Kafka client has been upgraded to 3.1.0 from 2.8.1. 3.1.0 enables the idempotent producer by default, which implies acks=all. Clusters that set acks to a different number via EXTRA_KAFKA_CONFIGS_FILE should update their config to also specify enable.idempotence=false
- During identity provider configuration, it's possible to fetch SAML configuration from an endpoint.
- Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.
- Fixed a compatibility issue with LogStash 7.16+ and 8.0.0 when using the Elasticsearch output plugin.
- Improved the performance of deletes from global.
- Do not run the Global snapshot consistency check on stateless ingest nodes.
- Fixed an issue where users could be shown in-development feature on the client when running a local installation of Humio.
- Fixed a bug in the Sankey chart such that it now updates on updated query results.
- Added tombstoning to uploaded files, which helps with avoiding data loss.
- Allow cluster managers access to settings for personal sandboxes and to block and kill queries in them.
- Fixed an issue where top(max) could throw an exception when given values large enough to be represented as positive infinity.
- Fixed an issue where live queries would sometimes double-count parts of the historic data.
- Warn at startup if CORES > AvailableProcessorCount as seen by the JVM.
- Fixed a bug where the Add Column button on the Fields panel would do nothing
- Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
- Fixed a bug where providing a bad view/repository name when blocking queries would block the query in all views and repositories.
- Fixed a compatibility issue with FileBeat 8.0.0.
- Fixed several issues where users could add invalid query filters via the Add filter context button after selecting text in the Event List.
- Fixed an ingest bug where under some circumstances we would reverse the order of events in a batch.
- During Digest startup, abort fetching segments from other nodes if the assigned partition set changes while fetching.
- Fixed an issue where negated functions could lose their negation.
- Fixed an issue where percentile() would crash on inputs larger than ~1.76e308.
- Previously a package could be updated with another package with the same name and version, but with different content. This is no longer allowed, and any attempt do so will be rejected and fail.
- LSP warnings don't crash queries any more.
- Ensure a digester can only acquire or release partition leadership if no other digester has leadership of that partition. This could cause spurious reboots if digester leadership became contended.

Humio Server 1.37.1 Preview (2022-02-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.37.1

Preview

2022-02-25

Cloud

On-Prem

2023-03-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	e46117f38ef25afde602a458e5266b4b
SHA1	3b0f5a30a7918a5f08ae8492bf855fadfc36fb90
SHA256	014420dfb22f8521a687eac1179c528afe0477fbb9284dc5381d9f91fd5329d1
SHA512	ee13258be363f1b2103b864517ea4b9de9d6a78dcee0c4fcba95af2ea873dacebb298f6410f12cf68ecde3d17210256f85713ada7f5988726dc4440f5fbeee21

Docker Image	SHA256 Checksum
humio	e131f664f67e5ce98a397431b1f1a9d3c134d47dd24a24ed8ad76ae9e6d79eb0
humio-core	e0de42791dd3e83c2aa9bea871cb6e7a62bf51c835de2142adfd51aa863625a3
kafka	9ab50e070047406cd6316fa2017d15ca24caa6e7a9b20ba741114b9cc1c3feec
zookeeper	47aa1a18a57652f156406021dc61f8bb1042bc2bd23c89e715e14a8be4fb07f9

Minor fixes and improvements.

Improvements, new features and functionality

Falcon Data Replicator
- Improved performance of FDRJob.
Other
- Added a new system-level permission that allows changing usernames of users.
- Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.

Bug Fixes

Other
- Fixed an issue where users could be shown in-development feature on the client when running a local installation of Humio.
- Fixed an issue where QueryFunctionValidator failed giving the error scala.MatchError.
- Fixed an issue where some queries using regex would use an unbounded regex engine.

Humio Server 1.37.0 Preview (2022-02-14)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.37.0

Preview

2022-02-14

Cloud

On-Prem

2023-03-31

No

1.26.0

11

No

Yes

JAR Checksum	Value
MD5	f5c25eee6d9efb0ddf9d86ca74c84a3c
SHA1	6026cc511279e9089bc49d8e5a0dd320e5397712
SHA256	097886ea8a6d2eece7980c46ba0b1002b7f7edf6d68109f91374b002a61e4975
SHA512	7c8fb7d2c53c5aab60ddf54250e47d41289cd9635005d3a765742298a20eb7f35426955a7388caf48fbc044747e917cfdd93003ce252c42358d947a504f73c29

Docker Image	SHA256 Checksum
humio	c27d93d4fd87d253117b1442a7391ea3cd28366a960727482b27b58706211435
humio-core	f43d4a206d9386d601798029df5c02d9b1e1b35bb6ae0f666aa6d8d36bcc60e3
kafka	291d25337324ab70a3490f9b06ed2860215f37b84ced203b26cfa5d10877ce42
zookeeper	606ebc2ffcd28bc36d7d091ad649743f22de21b891f7a75c9048343e019372ef

Humio can now poll and ingest data from the Falcon platform's Falcon Data Replicator (FDR) service. This feature can be used as an alternative to the standalone fdr2humio project. See the Ingesting FDR Data for more information.

Improvements, new features and functionality

UI Changes
- Reworked the hover message layout and changed the hover information on text (in the search field).
- Hover over parameter names and arguments in the search field now includes the default value.
- On the time, bar and pie charts you can hold the ALT/OPTION key to display long legend titles.
- Added a quick-fix for unknown escape sequences in the search field.
- The bar and pie charts now support holding the SHIFT key to display unformatted numeric values.
- First row entry in the statistics table on the repo page is now a table header and added hidden content to the empty table header in the new view page.
- The Cluster Nodes table has been redesigned to allow for easier overview and copying the version-number.
- The search page now has focus states on the Language Syntax, Event List Widget and Save As buttons.
- When using the table visualisation in dark mode, empty table cells are now clearly discernible.
- Better accessibility for queries panel. You can now tab to focus individual queries, and open a details panel. From here you can also access all actions in the details panel by tabbing.
- Visually hidden clipboard field is now hidden for assistive technologies/keyboard users.
- Added a warning for unknown escape sequences in the search field.
- Minor UX improvements (ie. accessibility) on the queries panel.
- Added a quick-fix to convert non-ASCII quotes to ASCII quotes in the search field.
- Hover information in the search field is shown despite an overlapping warning.
- Pop-ups and drop-downs will now close automatically when focus leaves them.
- When changing focus inside a dialog with the keyboard, the focus will no longer move outside the dialog while it is open.
GraphQL API
- Deprecates the ReadContents view action, in favor of ReadEvents. This also means ReadEvents has been undeprecated, as we have slightly changed how we consider read rights, and want the action names to match this.
- Fixed a bug in the response from calling the installPackageFromZip GraphQL mutation. Previously, the response type exposed a deprecated clientmutationid that could not be selected. Also now if form fields are missing they are properly reported in the response.
Configuration
- Fixed a bug where TLS_KEYSTORE_TYPE and TLS_TRUSTSTORE_TYPE would only recognize lower-case values.
- Added config RDNS_DEFAULT_SERVER for specifying what DNS server is the default for the rdns() query function.
- Added config IP_FILTER_RDNS for specifying what IP addresses can be queried using the rdns() query function.
- Added new settings for how uploads to bucket storage are validated. In the case that validation with etags are not available, content length can be used instead.
- Added config IP_FILTER_RDNS_SERVER for specifying what DNS servers can be allowed in the rdns() query function.
- Reduce default value of INGESTQUEUE_COMPRESSION_LEVEL, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.
- The PERMISSION_MODEL_MODE configuration option has been removed. All graphql related schema has also been removed.
- The Property inter.broker.protocol.version in kafka.properties now defaults to 2.4 if not specified. Users upgrading Kafka can either set inter.broker.protocol.version manually in kafka.properties, or pass DEFAULT_INTER_BROKER_PROTOCOL_VERSION as an environment variable to Docker when launching the container. Please follow Kafka's upgrade guidelines when upgrading a Kafka cluster to avoid data loss https://kafka.apache.org/documentation/#upgrade_3_1_0.
- When Kafka topic configuration is managed by Humio (default true) set max.message.bytes on the topics to the value of Config TOPIC_MAX_MESSAGE_BYTES, default is 8388608 (8 MB). Minimum value is 2 MB.
- Added the config CORS_ALLOWED_ORIGINS a comma separated list for CORS allowed origins, default allows all origins.
Other
- Improve the performance of deletes from global.
- Published new versions of the Humio Kafka Docker containers for Kafka 3.1.0.
- Ensure only a cluster leader that still holds cluster leadership can force digesters to release partition leadership. This could cause spurious reboots in clusters where leadership was under contention.
- Allow cluster managers access to settings for personal sandboxes and to block and kill queries in them.
- Added tombstoning to uploaded files, which helps with avoiding data loss.
- Do not run the Global snapshot consistency check on stateless ingest nodes.
- The Kafka client has been upgraded to 3.1.0 from 2.8.1. 3.1.0 enables the idempotent producer by default, which implies acks=all. Clusters that set acks to a different number via EXTRA_KAFKA_CONFIGS_FILE should update their config to also specify enable.idempotence=false
- During Digest startup, abort fetching segments from other nodes if the assigned partition set changes while fetching.
- Ensure a digester can only acquire or release partition leadership if no other digester has leadership of that partition. This could cause spurious reboots if digester leadership became contended.
- During identity provider configuration, it's possible to fetch SAML configuration from an endpoint.

Bug Fixes

UI Changes
- Fixed an issue where live queries would sometimes double-count parts of the historic data.
- Fixed a bug where the Add Column button on the Fields panel would do nothing
- Fixed a bug where the Package Marketplace would redirect to unsupported package versions on older Humio instances.
- Previously a package could be updated with another package with the same name and version, but with different content. This is no longer allowed, and any attempt do so will be rejected and fail.
- Fixed a compatibility issue with FileBeat 8.0.0.
- Fixed several issues where users could add invalid query filters via the Add filter context button after selecting text in the Event List.
- For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.
- Fixed an issue where tail() could produce results inconsistent with other query functions, when used in a live query.
- Fixes an issue with epoch and offsets not always being stripped from segments.
- LSP warnings don't crash queries any more.
- Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
- Fixed an issue where negated functions could lose their negation.
- Fixed an issue where top(max) could throw an exception when given values large enough to be represented as positive infinity.
- Fixed an issue where queries with tail() would behave in an unexpected manner when an event is focused.
- Fixed a bug where providing a bad view/repository name when blocking queries would block the query in all views and repositories.
- Fixed a bug in the Sankey chart such that it now updates on updated query results.
- Fixed a compatibility issue with LogStash 7.16+ and 8.0.0 when using the Elasticsearch output plugin.
- Fixed an issue where percentile() would crash on inputs larger than ~1.76e308.
- Warn at startup if CORES > AvailableProcessorCount as seen by the JVM.

Humio Server 1.36.4 Stable (2022-06-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.36.4

Stable

2022-06-13

Cloud

On-Prem

2023-01-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	ec11e6c40052ff89c3f7a2a2b1fddc95
SHA1	fafb29f0c7fe9638ad0b136ae0e7d1402a750912
SHA256	3b8496c25ac0704d8e42f9261ec93877c7c9148f1f85d8bf0b5a6eaaf83e1820
SHA512	205f646e1a700d38c95916a69830ab2b4f14b7839d8eaefa61cbdaf4404759e3ed8f6b9279b0050008cdaacddad6222cb8a91f730753b84a1fc029e4a5207ab4

Docker Image	SHA256 Checksum
humio	5c7189dfae8441322eea8eddbd25962dfc7e68f26eae3c7516e5a46f5b6313f0
humio-core	57ab8aaa9ce90575fd037da08f2be15df18286e74480594f08dd3c5ae81f39fa
kafka	4a03a4e0cb9aab9a0c3f626c8b49daa64dafb54eafb8ae67298dd86b45624c33
zookeeper	24ba0f7cdcaca8d841dba4ba2cdc7348e82c6c44c1ffff5537ba13d066c7c180

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.4/server-1.36.4.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

Security
- Updated java script dependencies to fix vulnerabilities to CVE-2021-22573.

Humio Server 1.36.3 Stable (2022-04-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.36.3

Stable

2022-04-27

Cloud

On-Prem

2023-01-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	868ce151355a55e1793513eee4af54e2
SHA1	a3e57e2fdbadcbfde4625d46084f25d84c5c2514
SHA256	59792217be1bf5d12ba47e1049df45778c6cefcabbc57d6f7126b5bc98f093c0
SHA512	a93f931491b8c77050adde3c1aa983d3c949ad6708f8be932cfb901ea6e69a03cdd06a62394627f80e593afaa354f2f30edf596a23300f5c3b16faee80afb09c

Docker Image	SHA256 Checksum
humio	be443af484a4131b93cdee2e7a5449fcfa8320a344d2f81f7b432dea89365a65
humio-core	1f3a36d2f6a0d97bc9d4462072e3fafa2355c5bc8352e1bc47a526332c1ec01c
kafka	ef6819d75f850b26a886b67e4e80f2d623eab268c4d2b4f85f7f47aa8daf9ecb
zookeeper	a0edb279463029310c1f43555045297f54882082a70753916394a38b56c3e5be

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.3/server-1.36.3.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

Summary
- Use latest version of Java 1.13 on Docker image.
- Use latest version of Alpine on Docker image.
- Updated dependencies to Jackson to fix a vulnerability.
- Updated java script dependencies to fix vulnerabilities.
Other
- Fix ingest bug where under some circumstances we would reverse the order of events in a batch.

Humio Server 1.36.2 Stable (2022-03-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.36.2

Stable

2022-03-01

Cloud

On-Prem

2023-01-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	4949fefd4012efb53b92595c364a4c7a
SHA1	5350c5df3d0d43a5c08c2766003b28c959c912b1
SHA256	2fac7cb6e1216790893ec0759f697736a9ca2605313bcef53b7af54ee72257d5
SHA512	31fcdae45f52a263d5340b961a6e0feb98ea1fbb4ced0388216add576db9747995150112dee88d9ec3ea49cfc1367da1ca57bff13399d8d665fe9cdb80e9a1d8

Docker Image	SHA256 Checksum
humio	4a80cd68778a6d5ccd734982c46e0355f0acf5c68ad564dd67cdb6e949750970
humio-core	7a3e262871585d8a43df8c4c4dbcf706327cade2f683ffaa9a543afccc3e8687
kafka	6e362a4827f9a41d37b19bdfa63f3cad7f77d2786f6b0366e410474de99113ce
zookeeper	deac05cfaa4762eaf079afa3063cf9271eff7080157d0e785a4c345d280f5d24

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.2/server-1.36.2.tar.gz

Performance and stability improvements.

Bug Fixes

Summary
- Improved off-heap memory handling. Humio now typically uses only 1 GB on systems with 32 vCPUs, down from typically 16 GB. This leaves more memory for other processes and page cache for data.
Other
- Fixed a race condition between nodes creating the merge result for the same target segment, and also transferring it among the nodes concurrently. If a query read the file during that race condition, an in-memory cache of the file header might hold contents that did not match the local file, resulting in "Broken segment" warnings in queries.

Humio Server 1.36.1 Stable (2022-02-14)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.36.1

Stable

2022-02-14

Cloud

On-Prem

2023-01-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	0aee460ed84a4acda917ce6cd61c433d
SHA1	9ea746229c3f1f0f780d356b7ce4b6f6e1bbb78d
SHA256	56a3a2e7ba88e1f5a019184a0d68e83f25b319d54e3aaee3eba4a37f0ef8950c
SHA512	aa3117230e866ae621c3f72e1517a9629f45520ea2fa00b6dc8c2ad3a6a1589ffbde36f38b3b1ec0ad927f89da4a9df7f3e6b59f1e844796553b5675608304e9

Docker Image	SHA256 Checksum
humio	2671bacddfe88f34eaba196332b08659e79eab40c2ce26a0e6c2f7e58a78a213
humio-core	ecfa5dd303d12725f754b4afabc44196ba37df739f04c30432401eb3149874ee
kafka	0d50f27e33bf61f8b76f482fa7b2c4237227af7e429b1080e65daa877c65b457
zookeeper	62a511127a0eaa4ba0f5a29c421063d4c6822371ba6ee16e96ae1b930ca0e7ce

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.1/server-1.36.1.tar.gz

Performance and stability improvements.

Bug Fixes

Summary
- Reading hashfilter in chunks to avoid having huge off heap buffers.
- Performance improvements of IngestPartitionCoordinator.
- Improve the performance of deletes from global.
- Downgrade to Java 1.13 on Docker image to fix rare cases of JVM crashes.

Humio Server 1.36.0 Stable (2022-01-31)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.36.0

Stable

2022-01-31

Cloud

On-Prem

2023-01-31

No

1.26.0

11

No

Yes

JAR Checksum	Value
MD5	87cdf81b183bf1a065596181b873d813
SHA1	8425487e7e3b566ed2eae42cac4cbb6010eb1825
SHA256	76af04b53a689411f4048e743e0491cb437b99503630a87cf5aba2eb0281231f
SHA512	9dca89bf4097b1c4949c458b9010fff12edd25248c2f0f2e18835466e852d6c5fa6981c8763125b769c5a6673bd00a1a385bfb22f7241aeeadf9e826ef208c99

Docker Image	SHA256 Checksum
humio-core	2641650964190056ac10ad0225b712c3a01d844bf2c5f517663187d45adf846c
kafka	99e3a00c93308aa92a8363c65644748d6ace602c1c6e425dcfc32be12432dee7
zookeeper	45c911346e3b58501e1a1b264c178debd33edd692cd901dd9e87cbcd2f93e60a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.36.0/server-1.36.0.tar.gz

Beta: Bucket storage support for dual targets

Support for dual targets to allow using one as the preferred download and the other to trust for durability. One example of this is to save on cost (on traffic) by using a local bucket implementation, such as MinIO, in the local datacenter as the preferred bucket storage target, while using a remote Amazon S3 bucket as the trusted bucket for durability. If the local MinIO bucket is lost (or just not responding for a while) the Humio cluster still works using the AWS S3 bucket with no reconfiguration or restart required. Configuration of the second bucket is via configuration entries similar to the existing STORAGE keys, but using the prefix STORAGE_2 for the extra bucket.

When using dual targets, bucket storage backends may need different proxy configurations for each backend - or not. The new configuration BUCKET_STORAGE_MULTIPLE_ENDPOINTS (default false) controls whether the proxy configuration in the environment is applied to all bucket storage backends. When set to true, each bucket preserves the active proxy/endpoint configuration and a change to those will trigger creation of a fresh internally persisted bucket storage access configuration.

Improvements, new features and functionality

UI Changes
- New feature to select text in the search page event list and include/exclude that in the search query.
- Improved dark mode toggle button's accessibility.
- Disable the option to creating a view if the user does not have Connect a view permission on any repository. This is more intuitive than getting an empty dropdown of repositories to choose from.
- Improved accessibility when choosing a theme.
- Allow more dialogs in the UI to be closed with the Esc key.
- Added ability to resize search page query field by dragging or fitting to query.
- Time Selector is now accessible by keyboard.
- Hovering over text within a query now shows the result of interpreting escape characters.
- New dialogs for creation of parsers and dashboards.
GraphQL API
- Improved the error messages when the GraphQL queries SearchDomain.alert, SearchDomain.action, and SearchDomain.savedQuery do not find the entity with the given ID.
Configuration
- Added the config CORS_ALLOWED_ORIGINS a comma separated list for CORS allowed origins, default allows all origins.
- Added INITIAL_FEATURE_FLAGS which lets you enable/disable feature flags on startup. For instance, setting
  INITIAL_FEATURE_FLAGS=+UserRoles,-UsagePage
  Enables UserRoles and disables UsagePage.
- New configuration BUCKET_STORAGE_MULTIPLE_ENDPOINTS and many configurations using STORAGE_2 as prefix. See Bucket Storage.
- Make ZOOKEEPER_URL optional. When not set, the zookeeper-status-logger job does not run, and the cluster administration page does not display information about a Zookeeper cluster.
- When using ZOOKEEPER_URL_FOR_NODE_UUID for assignment of node ID to Humio nodes, and value of ZOOKEEPER_PREFIX_FOR_NODE_UUID (default /humio_autouuid) does not match contents of local UUID file, acquire a fresh node uuid.
Functions
- Added job which will periodically run a query and record how long it took. By default the query is count().
- Added a limit parameter to the fieldstats() function. This parameter limits the number of fields to include in the result.
Other
- Added option to specify an IP Filter for which addresses hostname verification should not be made.
- Added granular IP Filter support for shared dashboards (BETA - API only).
- Added analytics on query language feature use to the audit-log under the fields queryParserMetrics.
- Allow the query scheduler to enqueue segments and aux files for download from bucket storage more regularly. This should ensure that queries fetching small aux files can more reliably keep the download job busy.
- Remove caching of API calls to prevent caching of potential sensitive data.
- Added exceptions to the Humio logs from AlertJob and ScheduledSearchJob.
- Added ability to override max auto shard count for a specific repository.
- Improved the default permissions on the group page by leaving their view expanded once the user cancels update.
- Allow the same view name across organizations.
- Improved caching of UI static assets.
- Improved the error message when an ingest request times out.
- Added warning logs when errors are rendered to browser during oAuth flows.
- Added a job that scans segments which are waiting to be archived, this value is recorded in the metric:s3-archiving-latency-max.
- Improved Humio's detection of Kafka resets. We now load the Kafka cluster id once on boot. If it changes after that, the node will crash.
- Improved usability of the groups page.

Bug Fixes

UI Changes
- For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.
- Remove script-src: unsafe-eval from content security policy.
- Removed a spurious warning log when requesting a non-existent hash file from S3.
- The action message templates {events_str} and {query_result_summary} always evaluate to the same string. To reflect this, the UI has been updated so that these templates are combined into the same item in the template overview for Email, Slack and Webhook actions.
- Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.
- The query endpoint API now supports languageVersion for specifying Humio query language versions.
- Fixed a compatibility issue with Filebeat 7.16.0.
- Make writes to Kafka's chatter topic block in a similar manner as writes to global.
- Fixed an issue where top would fail if the sum of the values exceeded 2^63-1. Exceeding sums are now pegged to 2^63-1.
- When bootstrapping a new cluster, set the cluster version in global right away. Since nodes will not boot on a snapshot that doesn't specify a cluster version, it is important that this field exists in all snapshots.
- Reenable a feature to make Humio delete local copies of bucketed segments, even if they are involved in a query.
- Fixed an issue where repeating queries could cause other queries to fail.
- Fixed an issue in the Table widget. It will no longer insert 0-values for missing fields in integer columns. Empty fields will be shown consistently, independent of the column data type.
- The /hec endpoint no longer responds to OPTIONS requests saying it supports GET requests. It doesn't and never has.
- Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
- Query partition tables updates are now rejected if written by a node that is no longer the cluster leader.
- Make Humio handle missing aux files a little faster when downloading segments from bucket storage.
- Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
- Fixed an issue in the Export to file dialog on the search page. It is now possible to export fields with spaces.
- The repository/.../query endpoint now returns a status code of .0 (BadRequest) when given an invalid query in some cases where previously it returned 503 (ServiceUnavailable).
- Fixed an issue where the Humio query URLs sent by actions would land users on the search page in editing mode for the alert or scheduled search that had triggered. Now, they still land on the search page, but not in editing mode.
- Fixed a race condition that could cause digesters to calculate two different offsets during startup when determining where to start consuming, and which partially written segments to discard, which could lead to data loss when partially written segments were replayed from Kafka.
- Queries on views no longer restart when the ordering of the view's connections is changed.
- Code completion in the query editor now also works on the right hand side of :=.
- Fixed an issue where MaxMind databases would only update if a license was present at startup and not if it was added later.
- Fixed session() such that it works when events arrive out of time order.
- Fixed an issue that repeatedly tried to restart live queries from a given user upon the deletion of the user.
- Fixed an issue where live queries would sometimes double-count parts of the historic data.
- When interacting with the REST API for files, errors now have detailed error messages.
- Fixed an issue where, if a custom parser was overriding a built-in parser, then the custom parser could accidentally be overwritten by creating a new parser with the same name.
- From the alerts overview and the scheduled searches overview, it is now possible to clear the error status on an alert or a scheduled search.
- Errors on alerts are now cleared more granularly. Errors when starting the alert query are cleared as soon as the query is successfully started, errors from polling the query are cleared when the query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
- Reduce noise in the log when the bucket storage upload job attempts to upload a file that is deleted concurrently.
- Errors on scheduled searches are now cleared more granularly. Errors when starting a query are cleared as soon as another query is successfully started, errors from polling a query are cleared when a query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
- No longer allow organization- and system-level ingest tokens to ingest into sandbox and system repos.
- Reenable a feature to make Humio fetch and check hash files from bucket storage before fetching the segments.
- No longer allow requests to /hec to specify organizations by name. We now only accept IDs.
- SAML and OIDC only - During signout, Humio background tabs will be redirected to a signout landing page instead of to the login page.
- Humio now tries to avoid interrupting threads during shutdown, instead allowing them to finish their work. This should reduce log noise when shutting down.
- The AlertJob and ScheduledSearchJob now only log validation errors from running the queries as warnings, previously, some of these were logged as errors.
- Fixed an issue where nodes could request partitions from the query partitioning table that were not present.
- Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
- When starting ingest, Humio checks that the computed starting position in Kafka is below the Kafka end offset. Ensure that the end offset is requested after the starting position is computed, not before. This might prevent a very rare spurious boot failure.
- Fixed Humio always reading and discarding an already processed message from the ingest queue on boot.
- Fixed a number of instability issues in the query scheduler. The scheduler should now more reliably ensure that each query either completes, or is cancelled.
- Bumped the Humio Docker containers to Java 17. If you manually set any --add-opens flags in your JVM config, you should remove them. The container should set the right flags automatically.
- Fixed an issue where the digest coordinator could consider a host to be alive if the coordinator hadn't seen any timestamps from that host.
- When creating ingest and chatter topic, reduce desired max.message.bytes to what Kafka cluster allows, if that is lower than our desired values.

Humio Server 1.35.0 Preview (2022-01-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.35.0

Preview

2022-01-17

Cloud

On-Prem

2023-01-31

No

1.26.0

11

No

Yes

JAR Checksum	Value
MD5	83b164ea22cbc8a347ee22a4e49d87fb
SHA1	cde673dc3026cf8455e980a7f1ffc17de2a92072
SHA256	a43b1f86fe2f610eadaacfcff50264de578be56959125d24d27e51e1eacc403d
SHA512	a0897d2b8acb1ad888c1f0128bc46a9f3a425cc87adc40192ea3089533f247ce0ddff23971b1298d58cdb9f0e93f1bb24ae3392587de3a313fa4bbd89a32747b

Docker Image	SHA256 Checksum
humio	2f6d1b42b5d2d519bd0152bf6e28952a8f5d9e711bfc6c8c50fb58d917d033f0
humio-core	56193b2add6ece05561e058ffcd1706989b9633cb1da857b26582df7d7bf210a
kafka	149bce1bfa2e9c3e8eb6ff3d8c9416fad058b392134cab5958bf405f2553d264
zookeeper	9393097554e28403372ef38f87eab200292a41f75d8d38a8d102f926e7919eae

Beta: Bucket storage support for dual targets

Support for dual targets to allow using one as the preferred download and the other to trust for durability. One example of this is to save on cost (on traffic) by using a local bucket implementation, such as MinIO, in the local datacenter as the preferred bucket storage target, while using a remote Amazon S3 bucket as the trusted bucket for durability. If the local MinIO bucket is lost (or just not responding for a while) the Humio cluster still works using the AWS S3 bucket with no reconfiguration or restart required. Configuration of the second bucket is via configuration entries similar to the existing STORAGE keys, but using the prefix STORAGE_2 for the extra bucket.

When using dual targets, bucket storage backends may need different proxy configurations for each backend - or not. The new configuration BUCKET_STORAGE_MULTIPLE_ENDPOINTS (default false) controls whether the proxy configuration in the environment is applied to all bucket storage backends. When set to true, each bucket preserves the active proxy/endpoint configuration and a change to those will trigger creation of a fresh internally persisted bucket storage access configuration.

Improvements, new features and functionality

UI Changes
- Added ability to resize search page query field by dragging or fitting to query.
- Allow more dialogs in the UI to be closed with the Esc key.
- New dialogs for creation of parsers and dashboards.
- Improved accessibility when choosing a theme.
- New feature to select text in the search page event list and include/exclude that in the search query.
- Time Selector is now accessible by keyboard.
- Improved dark mode toggle button's accessibility.
- Disable the option to creating a view if the user does not have Connect a view permission on any repository. This is more intuitive than getting an empty dropdown of repositories to choose from.
- Hovering over text within a query now shows the result of interpreting escape characters.
GraphQL API
- Improved the error messages when the GraphQL queries SearchDomain.alert, SearchDomain.action, and SearchDomain.savedQuery do not find the entity with the given ID.
Configuration
- Added INITIAL_FEATURE_FLAGS which lets you enable/disable feature flags on startup. For instance, setting
  INITIAL_FEATURE_FLAGS=+UserRoles,-UsagePage enables
  UserRoles and disables UsagePage.
- When using ZOOKEEPER_URL_FOR_NODE_UUID for assignment of node ID to Humio nodes, and value of ZOOKEEPER_PREFIX_FOR_NODE_UUID (default /humio_autouuid) does not match contents of local UUID file, acquire a fresh node uuid.
- New configuration BUCKET_STORAGE_MULTIPLE_ENDPOINTS and many configurations using STORAGE_2 as prefix. See Bucket Storage
- Reduce default value of INGESTQUEUE_COMPRESSION_LEVEL, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.
- Make ZOOKEEPER_URL optional. When not set, the zookeeper-status-logger job does not run, and the cluster administration page does not display information about a Zookeeper cluster.
Functions
- Added a limit parameter to the fieldstats() function. This parameter limits the number of fields to include in the result.
Other
- Allow the same view name across organizations.
- Improved usability of the groups page.
- Allow the query scheduler to enqueue segments and aux files for download from bucket storage more regularly. This should ensure that queries fetching small aux files can more reliably keep the download job busy.
- Improved the default permissions on the group page by leaving their view expanded once the user cancels update.
- Improved the error message when an ingest request times out.
- Added granular IP Filter support for shared dashboards (BETA - API only).
- Added ability to override max auto shard count for a specific repository.
- Added exceptions to the Humio logs from AlertJob and ScheduledSearchJob.
- Added a job that scans segments which are waiting to be archived, this value is recorded in the metric:s3-archiving-latency-max.
- Added warning logs when errors are rendered to browser during oAuth flows.
- Improved Humio's detection of Kafka resets. We now load the Kafka cluster id once on boot. If it changes after that, the node will crash.
- Added job which will periodically run a query and record how long it took. By default the query is count().
- Added option to specify an IP Filter for which addresses hostname verification should not be made.
- Added analytics on query language feature use to the audit-log under the fields queryParserMetrics.

Bug Fixes

UI Changes
- Fixed session() function such that it works when events arrive out of time order.
- Fixed an issue in the Export to file dialog on the search page. It is now possible to export fields with spaces.
- Fixed a compatibility issue with Filebeat 7.16.0.
- Fixed a number of instability issues in the query scheduler. The scheduler should now more reliably ensure that each query either completes, or is cancelled.
- Fixed an issue where the digest coordinator could consider a host to be alive if the coordinator hadn't seen any timestamps from that host.
- Fixed an issue where live queries would sometimes double-count parts of the historic data.
- Fixed an issue where the Humio query URLs sent by actions would land users on the search page in editing mode for the alert or scheduled search that had triggered. Now, they still land on the search page, but not in editing mode.
- Remove script-src: unsafe-eval from content security policy.
- Removed a spurious warning log when requesting a non-existent hash file from S3.
- Errors on scheduled searches are now cleared more granularly. Errors when starting a query are cleared as soon as another query is successfully started, errors from polling a query are cleared when a query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
- Queries on views no longer restart when the ordering of the view's connections is changed.
- When starting ingest, Humio checks that the computed starting position in Kafka is below the Kafka end offset. Ensure that the end offset is requested after the starting position is computed, not before. This might prevent a very rare spurious boot failure.
- Errors on alerts are now cleared more granularly. Errors when starting the alert query are cleared as soon as the query is successfully started, errors from polling the query are cleared when the query is successfully polled, and errors from invoking actions are cleared when at least one action has been successfully triggered.
- Fixed an issue where, if a custom parser was overriding a built-in parser, then the custom parser could accidentally be overwritten by creating a new parser with the same name.
- The /hec endpoint no longer responds to OPTIONS requests saying it supports GET requests. It doesn't and never has.
- Humio now tries to avoid interrupting threads during shutdown, instead allowing them to finish their work. This should reduce log noise when shutting down.
- Reduce noise in the log when the bucket storage upload job attempts to upload a file that is deleted concurrently.
- The action message templates {events_str} and {query_result_summary} always evaluate to the same string. To reflect this, the UI has been updated so that these templates are combined into the same item in the template overview for Email, Slack and Webhook actions.
- Fixed an issue where nodes could request partitions from the query partitioning table that were not present.
- Make writes to Kafka's chatter topic block in a similar manner as writes to global.
- Fixed an issue where repeating queries could cause other queries to fail.
- From the alerts overview and the scheduled searches overview, it is now possible to clear the error status on an alert or a scheduled search.
- Fixed an issue in the Table widget. It will no longer insert 0-values for missing fields in integer columns. Empty fields will be shown consistently, independent of the column data type.
- Bumped the Humio Docker containers to Java 17. If you manually set any --add-opens flags in your JVM config, you should remove them. The container should set the right flags automatically.
- The AlertJob and ScheduledSearchJob now only log validation errors from running the queries as warnings, previously, some of these were logged as errors.
- SAML and OIDC only - During signout, Humio background tabs will be redirected to a signout landing page instead of to the login page.
- Fixed an issue that repeatedly tried to restart live queries from a given user upon the deletion of the user.
- Query partition tables updates are now rejected if written by a node that is no longer the cluster leader.
- No longer allow requests to /hec to specify organizations by name. We now only accept IDs.
- Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
- Fixed a race condition that could cause digesters to calculate two different offsets during startup when determining where to start consuming, and which partially written segments to discard, which could lead to data loss when partially written segments were replayed from Kafka.
- When bootstrapping a new cluster, set the cluster version in global right away. Since nodes will not boot on a snapshot that doesn't specify a cluster version, it is important that this field exists in all snapshots.
- Fixed Humio always reading and discarding an already processed message from the ingest queue on boot.
- For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.
- Fixed an issue where MaxMind databases would only update if a license was present at startup and not if it was added later.
- Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
- Reenable a feature to make Humio delete local copies of bucketed segments, even if they are involved in a query.
- Code completion in the query editor now also works on the right hand side of :=.
- No longer allow organization- and system-level ingest tokens to ingest into sandbox and system repos.
- The query endpoint API now supports languageVersion for specifying Humio query language versions.
- Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.
- The repository/.../query endpoint now returns a status code of .0 (BadRequest) when given an invalid query in some cases where previously it returned 503 (ServiceUnavailable).
- Reenable a feature to make Humio fetch and check hash files from bucket storage before fetching the segments.
- When creating ingest and chatter topic, reduce desired max.message.bytes to what Kafka cluster allows, if that is lower than our desired values.
- Make Humio handle missing aux files a little faster when downloading segments from bucket storage.
- Fixed an issue where top would fail if the sum of the values exceeded 2^63-1. Exceeding sums are now pegged to 2^63-1.

Humio Server 1.34.3 Stable (2022-03-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.34.3

Stable

2022-03-09

Cloud

On-Prem

2022-12-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	7184f2582bed56c0b29ffb2d39f508a5
SHA1	9d7beb007f9ec9e7603bcbf164b3006dce0932ef
SHA256	ac95c6538dc88b6af31f0c55aaa46740503860ea90ad41d330593402915d885b
SHA512	d4738190dfd9b100ac896969e70a541f1d0242fb822f312142636cb5055009f13f0dbca6193f6cb8ce89d36d9f3f8b9ebec5a684570a4f9500bd8ffc3379ee6a

Docker Image	SHA256 Checksum
humio	955acd05d628a4da69a546ea58134a786c77349bfc21e10631b3f5b2934140ab
humio-core	64547f071a29e5df7eb945f369b28cf6d365b1590f577163fd18fe8b76ce63ce
kafka	b3318e88aa3aaaae09d88fae2bd37882d1a41738983a1ef783f9f07c30c73101
zookeeper	049489e9fcda7ca0ea11d96e45d8dde8d9a6582e0b9740b6865a952ec13332e5

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.3/server-1.34.3.tar.gz

Performance improvements of Ingest and internal caching.

Bug Fixes

Summary
- Performance improvements of Ingest and internal caching.

Humio Server 1.34.2 Stable (2022-02-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.34.2

Stable

2022-02-01

Cloud

On-Prem

2022-12-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	ebca829a100a92c4b96f05f421c9e5d2
SHA1	f9d21990e4ae6f64eac6bd6aa6d65899583d1311
SHA256	2141bd8fb2537f0242b30998938d780bd53cedbf2b04622b956923f677a56350
SHA512	02d33bdfb65bf5ab949da8ae0a1bb9f04a509564c8d4a74cc08f5033040987152abd42743b0720290304f4bd5c4e50550327117efb6eda01d3b0ed8ef357938e

Docker Image	SHA256 Checksum
humio	426715cb9faedce379d6a6add003cfcaa3fe9ce5b5ce706fab202b89eb5c8c45
humio-core	a927eb85f709561b659e3a566a5b0fd3e6b3be84b19db2832d70722897265cbb
kafka	f181a5a1668d6c3f1ebe5e5216a00b393ee20eb0f1845d1a93309fdbfac8406d
zookeeper	361063a0a2eb0361209781f7dff9d5f0067b33806f14882fc4a0a0ff9f434b66

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.2/server-1.34.2.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

Security
- Updated dependencies to Jawn for CVE-2022-21653.
- Updated dependencies to nanoid for CVE-2021-23566.
- Updated dependencies to node-fetch for CVE-2022-0235.
- Updated dependencies to Akka for CVE-2021-42697.
- Updated dependencies to follow-redirects for CVE-2022-0155.
Summary
- Fixes an issue with epoch and offsets not always being stripped from segments.
- Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
- Fixed an issue where live queries would sometimes double-count parts of the historic data.

Humio Server 1.34.1 Stable (2022-01-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.34.1

Stable

2022-01-06

Cloud

On-Prem

2022-12-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	1d6b54fc6b4f52abff6c1106a904e4d1
SHA1	67e6e0cd4e6eb59a0d88f85dc0f511aefacef1dc
SHA256	23f50f620fd5e51755521aba8185b76e4ca0187206fd55e8ed5fbbe14e42578b
SHA512	6ad8fe4040b7c2e80643071e05b1d305f6d66e74c4041d3a4ac56f84ec6fd3f2b63c04c421029c436f081b8ab22e8a60bf17c5330f7fe117d178c596526a344f

Docker Image	SHA256 Checksum
humio	e66c6b3fcf45bd36502c877e8a4a617f9f662c5cf672e6c6c73b45445d41ad20
humio-core	fa7e9355cd4f41e64b404e65e33166c28fdc6c2ce5ceeea382007778f9ff64ce
kafka	459b3a6df8a678493bfb3266d243b867ed3ae4251464276c854afa0b2f784dac
zookeeper	748cfc151533e1e2efc870299bc5c2b10fda97ec0c6f522dd8c8576d9aea315e

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.1/server-1.34.1.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

Security
- Updated dependencies to Netty to fix CVE-2021-43797
- Updated dependencies to log4j 2.17.1 to fix CVE-2021-44832 and CVE-2021-45105
Summary
- Updated dependencies to Jackson to fix a weakness

Humio Server 1.34.0 Stable (2021-12-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.34.0

Stable

2021-12-15

Cloud

On-Prem

2022-12-31

No

1.26.0

11

No

Yes

JAR Checksum	Value
MD5	4dc3b67c42b44e59e0ad6cc02a220f12
SHA1	099a9ae07d5595fb06c145aaa80b46ba9f74dd10
SHA256	22cd6f60f030d56bcae159b853efe6dcd76f7add127e64c37bcca58c66d1a155
SHA512	2645369a9ec989c1b40b190993ecbd4eca8be63b60318a1b1259124819446c06c3bbba92a9c22f1e194133b9da5d05b6c0346369c33e8c33a9777a2a168ae524

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.34.0/server-1.34.0.tar.gz

Humio Server 1.34 REQUIRES minimum previous version 1.26.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.26.0+ first. After running 1.34.0 or later, you cannot downgrade to versions prior to 1.26.0.

You can now use the mouse to resize columns in the event list. Previously you had to click the column header and use the Increase / Decrease Width buttons.

Improvements, new features and functionality

UI Changes
- Added autofocus to the first field when opening a dialog using the save as functionality from the Search page.
- Added buttons for stopping all queries, streaming queries, and historical queries from inside the query monitor.
- Allow resize of columns in the event list by mouse.
- Disable actions if permissions are handled externally.
- Added maximum width to tabs on the Group page, so they do not keep expanding forever.
- Validation error messages are now more precise and have improved formatting.
- The overall look of message boxes in Humio has been updated.
- Updated the links for Privacy Notice and Terms and Conditions.
- Dark mode is officially deemed stable enough to be out of beta.
GraphQL API
- The GraphQL field isEventForwardingEnabled on the HumioMetadata type is deprecated, as it is no longer in use internally. If you rely on this, please let us know.
- Added three GraphQL mutations for stopping queries: stopAllQueries, stopStreamingQueries, and stopHistoricalQueries.
- Added GraphQL mutation clearRecentQueries which a user can run to clear their recent queries in a specific view or repository.
- Added 2-phase migration that will allow old user api tokens to be used and clean global from secrets after a 30 day period.
- Changed old personal user token implementation to hash based.
- Renamed the deleteEvents related GraphQL mutations and queries to redactEvents. The redactEvents API is intended for redacting sensitive data from a repository, not for bulk deletion of events. We think the new name invites fewer misunderstandings.
Configuration
- When checking if the ViewAction.EventForwarding action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if the event forwarding is not enabled on the server.
Functions
- Improved performance of the query functions drop() and rename() by quite a bit.
- Added query function math:arctan2()to the query language.
- Added the communityId() function for calculating hashes of network flow tuples according to the (Community ID Spec).
- The kvParse() query function can now parse unquoted empty values using the new parameter separatorPadding to specify if your data has whitespace around the key-value separator (typically =). The default is "Unknown", which will leave the functionality of the function unchanged.
- Added a minSpan parameter to timeChart() and bucket(), which can be used to specify a minimum span when using a short time interval.
- Refactored query functions join(), selfJoin(), and selfJoinFilter() into user-visible and internal implementations.
Other
- Added new metric: bucket-storage-upload-latency-max. It shows the amount of time spent for the event that that has been pending for upload to bucket storage the longest.
- It is now possible to ingest logs into Humio using LogStash v.7.13 and upwards.
- Added a precondition that ensures that the number of ingest partitions cannot be reduced.
- Added validation and a more clear error message for queries with a time span of 0.
- Added metric for the number of currently running streaming queries.
- Improved shutdown logic slightly, helping prevent thread pools from getting stuck or logging spurious errors during shutdown.
- Made the transfer coordinator display more clear errors instead of an internal server error for multinode clusters.
- Added Australian states to the States dropdown.
- New metric: ingest-request-delay. Histogram of ingest request time spent being delayed due to exceeding limit on concurrent processing of ingest (milliseconds).
- Improved handling of multiple nodes attempting to create views with the same names at the same time, as might happen when bootstrapping a cluster.
- Improved the error reporting when installing, updating or exporting a package fails.
- Create, update, and delete of dashboards is now audit logged.
- Reword regular expression related error messages.
- Added management API to put hosts in maintenance mode.
- Improved error messages when an invalid regular expression is used in replace.
- It is now possible to create actions, alerts, scheduled searches, and parsers from Yaml template files.
- Retention based on compressed size will no longer account for segment replication.
- Query validation has been improved to include several errors which used to first show up after submitting search.
- Prepopulate email field when invited user is filling in a form with this information.
- Node roles can now be assigned/removed at runtime.
- Improved partition layout auto-balancing algorithm.
- Added support in the humio event collector for organization- and system-wide ingest tokens and the ability to use a parser from a different repo than the one being ingested into.
- A compressed segment with a size of 1GB will now always count for retention as 1 GB. Previously, a compressed segment with a size of 1GB might count for more than 1GB when calculating retention, if that segment had more replicas than configured. The effect on the retention policy was that if you had configured retention of .0GB compressed bytes, Humio might retain less than .0GB of compressed data if any of those segments had too many replicas.
- Added checksum verification within hash filter files on read.
- Query editor: improved code completion of function names.
- Minor optimization when using groupBy with a single field.
- Added "export as yaml" function to the list pages of parsers, actions and scheduled searches.
- Reduce limit on number of datasources for sandbox repositories created when a user is created to .0 by default.

Bug Fixes

Security
- Updated dependencies to log4j 2.16 to remove of message lookups (CVE-2021-44228 and CVE-2021-45046)
Automation and Alerts
- Alerts and scheduled searches are no longer run on cloud for organizations with an expired trial license, and on-prem for any expired license.
- Fixed an issue where an alert would not be throttled until after its actions had completed, which could make the alert trigger multiple times shortly after each other if an action was slow. Now, the alert is throttled as soon as it triggers.
- Alerts and scheduled searches are now enabled per default when created. The check disabling these entities if no actions are attached has been replaced with a warning, which informs a user that even though the entity is enabled, nothing will trigger since no actions are attached.
Functions
- Fixed a bug in the validation of the bits parameter of hashMatch() and hashRewrite().
Other
- Fixed an issue where the segment merger could mishandle errors during merge.
- Fixed an issue on on-prem trial license that would use user count limits from cloud.
- Use a fresh (random) name for the tmp folder below the datadir to ensure that it is a proper subdir of the datadir and not a mount point.
- Fixed styling issue on the search page where long errors would overflow the screen.
- Fixed a bug where only part of the Users page was loading when navigating from the All organizations page.
- When an alert query encounters a warning and Humio is not configured to trigger alerts despite warnings ALERT_DESPITE_WARNINGS=true the warning text will now be shown as an error message on the alert in the UI.
- Fixed an issue where certain problems would highlight the first word in a query.
- Addressed an issue causing Humio to sometimes error log an ArrayIndexOutOfBoundsException during shutdown.
- Fixed incorrect results when searching through saved queries and recent queries.
- Fixed an issue where streaming (exporting) query results in JSON format could include extra "," characters within the output.
- Fixed a bug where shared lookup files could not be downloaded from the UI.
- Fixed a bug with the cache not being populated between restarts on single node clusters.
- Fixed an issue when adding a group to a repository or view than an error message is displayed when the user is not the organization owner or root.
- Prevent unauthorized analytics requests being sent.
- Fixed an issue where error messages would show wrong input.
- The field vhost in internal Humio logging is now reserved for denoting the host logging the message. Other uses of vhost now uses the field hostId.
- Fixed a bug where invalid UTF-16 characters could not be ingested. They are now converted to 'ufffd'.
- Removed error query param from URL when entering Humio.
- Fixed an issue that in rare cases would cause login errors.
- No longer return the "Query Plan" in responses, but return a hash in the new field hashedQueryOnView instead. The plan could leak information not otherwise visible to the user, such as query prefixes being applied.
- Fixed some widgets on dashboards reporting errors while waiting for data to load.
- Fixed an issue where the web client could start queries from the beginning of time when scrolling backwards through events in the UI.
- Changes to the state of IOC access on organizations are now reflected in the audit log.
- Fixed an issue where a scheduled search failed and was retried, if it had multiple actions and at least one action was unknown to Humio. Now, the unknown action is logged, but the scheduled search completes successfully and continues to the next scheduled run.
- When a digester fails to start, rather than restarting the JVM as previous releases did, keep retrying to start assuming that the issue is transient, such as data for a single ingest partition being unavailable for a short while. While in this situation the process reports the metric for ingest latency on the affected partitions as being uptime of the JVM process at this point. The idea is to signal that data is not flowing on those partitions, so that a monitored metric can raise an alarm somewhere. In lack of a proper latency in this situation, it's better to have a growing non-zero metrics than having the metrics being zero.
- Fixed an issue where missing undersized segments in a datasource might cause Humio to repeatedly transfer undersized segments between nodes.
- When creating or updating an action, the backend now verifies that the host url associated with the action is prefixed with either http:// or https://. This affects Actions of the type: Webhook, OpsGenie, Single-Channel Slack and VictorOps.
- Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
- Fixed an edge case where Humio might create multiple copies of the same datasource when the number of Kafka partitions is changed. The fix ensures only one copy will be created.
- Changed field type for zip codes.
- Fixed a number of stability issues with the event redaction job.
- Fixed an issue where the segment merger would write that the current node had a segment slightly before registering that segment in the local node.
- Fixed an issue where clicking on the counters of parsed events on the Parsers page would open an empty search page, except for built-in parsers. Now, it correctly shows the latest parsed events for all parsers (except package parsers).
- Fixed an issue where sort() would cause events to be read ina non-optimal order for the entire query.
- Changed default package type to "application" on the export package wizard.
- Fixed an issue where a dashboard installed with a YAML file could be slightly different than what was specified in the file.
- Fixed an issue where a failing event forwarder would be cached indefinitely and could negatively impact Humio performance.
- Fixed an issue where comments spanning multiple lines wouldn't be colored correctly.
- Browser storage is now cleared when initiating while unauthenticated.
- Fixed an issue where OIDC without a discovery endpoint would fail to configure if OIDC_TOKEN_ENDPOINT_AUTH_METHOD was not set.
- Remove the ability to create ingest tokens and ingest listeners on system repositories.
- When checking if the ViewAction.ChangeS3ArchivingSettings action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a view, as the action only makes sense on repositories.
- Fixed an issue on sandbox renaming, that would allow you to rename a sandbox and end up in a bad state.
- When checking if the ViewAction.ChangeRepoConnections action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a repository, as the action only makes sense on views.
- Fixed an issue causing Humio running on Java 16+ to return incorrect search results when the input query contains Unicode surrogate pairs (e.g. when searching for an emoji).
- Fixed a compatibility issue with Filebeat 7.16.0
- Fixed an issue where series() failed to serialize its state properly.
- When performing jobs triggered via the Redact Events API, Humio could restart queries for unrelated views until the delete job completed. This has been improved, so only views affected by the delete will be impacted.
- Crash the node if any of a number of critical threads die. This should help prevent zombie nodes.
- Temporary fix of issue with live queries not having first aggregator as bucket() or timeChart(), but then later in the query having those as a second aggregator. As a temporary fix, such queries will fail. In later releases, this will get fixed more properly.
- Changes to the state of backend feature flags are now reflected in the audit log.
- Fixed an issue where some regexes could not be used.
- Fixed an issue in the interactive tutorial.
- Support Java 17.
- Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.
- Fixed an issue where a digest node could be unable to rejoin the cluster after being shut down if all other digest nodes were also down at the time.
- Fixed a bug where query coordination partitions would not get updated.
- Removed a spurious warning log when requesting a non-existent hash file from S3.
- Include view+parser-name in thread dumps when time is spent inside a parser.
- Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
- Fixed a bug where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there were too many datasources in the repo. This led to a crash loop when the affected node was restarted.
- Fixed an issue where release notes would not close when a release is open.

Humio Server 1.33.3 Preview (2021-12-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.33.3

Preview

2021-12-10

Cloud

On-Prem

2022-12-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	10d2ee69d0bcdc6313fb3529912007ba
SHA1	5be098e4f3f6500704e85c0763c918763b90aa34
SHA256	eaefa5ce2c162fbd9d0a57d3b7c47dee828848eabdd7e96d885a812208c20a46
SHA512	a9268b87f416d9b857eccb506c304ba7ca552cd6408ac13791b160e0d17c3d82e67213025ec7bca820e970676e4a24d1a1f4d20ff27e3cbc5bc30edf874e58a0

More security fixes related to log4j logging.

Bug Fixes

Security
- Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).

Humio Server 1.33.2 Preview (2021-12-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.33.2

Preview

2021-12-10

Cloud

On-Prem

2022-12-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	393be03445adbf84f63ef93b522b85fa
SHA1	36454936dfe7c3863656043a8ee1d8639c1c198e
SHA256	e03616ba1d8d92e80031231ad7e2b7666121e7ccf7eee10f7a816241a90706ac
SHA512	5d0504538cfa1db51f7188d4f6fef03aeb5a69b466f2e8367e91208745c4bf9050f271ffdf52ed6027796487ac11106726fbf3d7c3d6e259efa49f369793aa96

Security fix related to log4j logging, and fix compatibility with Filebeat.

Bug Fixes

Security
- Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).
Summary
- Fixed a compatibility issue with Filebeat 7.16.0

Humio Server 1.33.1 Preview (2021-11-23)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.33.1

Preview

2021-11-23

Cloud

On-Prem

2022-12-31

No

1.26.0

11

No

JAR Checksum	Value
MD5	d9f270df38f2ce472801c81a06fa67af
SHA1	c5740a06b4b86a8615767c388a7cf6d3e3a8ccf1
SHA256	ed3c03b5dcb8fe2c7230bae2775346283d7cdc143854260672a5ba66f11d612b
SHA512	d2762a9fa648af32e85205b4d972ad15d47870fc030c111d31ca4d048ce9459ce6e50a3bce0063f0c7347a6640181b4e3c41d1273a4c82b297fd8d3c844c529a

Critical bug fixes related to version dependencies, alert throttling, etc.; Improve Interactive Tutorial.

Bug Fixes

Summary
- Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
- Updated a dependency to a version fixing a critical bug.
- Fixed an issue that in rare cases would cause login errors.
- Fixed an issue in the interactive tutorial.
Automation and Alerts
- Reverted from 1.33.0 Errors on alerts, which are shown in the alert overview, are now only cleared when either the alert query is updated by a user or the alert triggers. Previously, errors that occurred when actions were triggered would be removed when the alert no longer triggered. Now, they will be displayed until the actions trigger successfully. Conversely, errors that occur when running the query may now remain until the next time the alert triggers, where they would previously be removed as soon as the query run again without errors.
  See original release note entry in 1.33.0
- Fixed an issue where an alert would not be throttled until after its actions had completed, which could make the alert trigger multiple times shortly after each other if an action was slow. Now, the alert is throttled as soon as it triggers.

Humio Server 1.33.0 Preview (2021-11-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.33.0

Preview

2021-11-15

Cloud

On-Prem

2022-12-31

No

1.26.0

11

No

Yes

JAR Checksum	Value
MD5	2964782694b82a39cc5b644d040fae68
SHA1	b520dbabec0321b953c496b960710ba5fb6614a7
SHA256	8b8de633ca08c9592ee2441b0498de1a86aa4093a505821923be7e8501b62526
SHA512	be827349bf450d51b4c42c55c13120ba735196f598eaec798a7eb11b8e1320a6ad86caefca3841a3560013311e30347dc595a96ed59d4cb5c0cf946e72208ac2

1.33 REQUIRES minimum version 1.26.0 of Humio to start. Clusters wishing to upgrade from older versions must upgrade to 1.26.0+ first. After running 1.33.0 or later, you cannot run versions prior to 1.26.0.

Once the release has been deployed, all existing personal api tokens will be hashed so they still can be used, but you will not be able to retrieve them again. If you want to preserve the tokens, be sure to copy it into a secrets vault before the release is deployed. The api-token field on the User type in GraphQL has been removed.

You can now use the mouse to resize columns in the event list. Previously you had to click the column header and use the "Increase / Decrease Width" buttons.

Improvements, new features and functionality

UI Changes
- Validation error messages are now more precise and have improved formatting.
- Updated the links for Privacy Notice and Terms and Conditions.
- Added buttons for stopping all queries, streaming queries, and historical queries from inside the query monitor.
- The overall look of message boxes in Humio has been updated.
- Added maximum width to tabs on the Group page, so they do not keep expanding forever.
- Allow resize of columns in the event list by mouse.
- Disable actions if permissions are handled externally.
- Dark mode is officially deemed stable enough to be out of beta.
- Added autofocus to the first field when opening a dialog using the save as functionality from the Search page.
GraphQL API
- Added GraphQL mutation clearRecentQueries which a user can run to clear their recent queries in a specific view or repository.
- Renamed the deleteEvents related GraphQL mutations and queries to redactEvents. The redactEvents API is intended for redacting sensitive data from a repository, not for bulk deletion of events. We think the new name invites fewer misunderstandings.
- The GraphQL field isEventForwardingEnabled on the HumioMetadata type is deprecated, as it is no longer in use internally. If you rely on this, please let us know.
- Added 2-phase migration that will allow old user api tokens to be used and clean global from secrets after a 30 day period.
- Changed old personal user token implementation to hash based.
- Added three GraphQL mutations for stopping queries: stopAllQueries, stopStreamingQueries, and stopHistoricalQueries.
Configuration
- When checking if the ViewAction.EventForwarding action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if the event forwarding is not enabled on the server.
Functions
- Added query function math:arctan2() to the query language.
- Added a minSpan parameter to timeChart() and bucket(), which can be used to specify a minimum span when using a short time interval.
- The kvParse() query function can now parse unquoted empty values using the new parameter separatorPadding to specify if your data has whitespace around the key-value separator (typically =). The default is "Unknown", which will leave the functionality of the function unchanged.
- Improved performance of the query functions drop() and rename() by quite a bit.
- Added the communityId() function for calculating hashes of network flow tuples according to the Community ID Spec.
- Refactored query functions join(), selfJoin(), and selfJoinFilter() into user-visible and internal implementations.
Other
- Minor optimization when using groupBy with a single field.
- Added checksum verification within hash filter files on read.
- Query editor: improved code completion of function names.
- It is now possible to create actions, alerts, scheduled searches, and parsers from Yaml template files.
- Added management API to put hosts in maintenance mode.
- Create, update, and delete of dashboards is now audit logged.
- Node roles can now be assigned/removed at runtime.
- Retention based on compressed size will no longer account for segment replication.
- Improved handling of multiple nodes attempting to create views with the same names at the same time, as might happen when bootstrapping a cluster.
- Added validation and a more clear error message for queries with a time span of 0.
- A compressed segment with a size of 1GB will now always count for retention as 1 GB. Previously, a compressed segment with a size of 1GB might count for more than 1GB when calculating retention, if that segment had more replicas than configured. The effect on the retention policy was that if you had configured retention of .0GB compressed bytes, Humio might retain less than .0GB of compressed data if any of those segments had too many replicas.
- Added support in the humio event collector for organization- and system-wide ingest tokens and the ability to use a parser from a different repo than the one being ingested into.
- Added new metric: bucket-storage-upload-latency-max. It shows the amount of time spent for the event that that has been pending for upload to bucket storage the longest.
- Query validation has been improved to include several errors which used to first show up after submitting search.
- Improved shutdown logic slightly, helping prevent thread pools from getting stuck or logging spurious errors during shutdown.
- Improved partition layout auto-balancing algorithm.
- Prepopulate email field when invited user is filling in a form with this information.
- Added "export as yaml" function to the list pages of parsers, actions and scheduled searches.
- Reword regular expression related error messages.
- It is now possible to ingest logs into Humio using LogStash v.7.13 and upwards.
- Made the transfer coordinator display more clear errors instead of an internal server error for multinode clusters.
- Added metric for the number of currently running streaming queries.
- Reduce limit on number of datasources for sandbox repositories created when a user is created to .0 by default.
- Improved the error reporting when installing, updating or exporting a package fails.
- New metric: ingest-request-delay. Histogram of ingest request time spent being delayed due to exceeding limit on concurrent processing of ingest (milliseconds).
- Improved error messages when an invalid regular expression is used in replace.
- Added Australian states to the States dropdown.
- Added a precondition that ensures that the number of ingest partitions cannot be reduced.

Bug Fixes

UI Changes
- When an alert query encounters a warning and Humio is not configured to trigger alerts despite warnings ALERT_DESPITE_WARNINGS the warning text will now be shown as an error message on the alert in the UI.
Automation and Alerts
- Alerts and scheduled searches are now enabled per default when created. The check disabling these entities if no actions are attached has been replaced with a warning, which informs a user that even though the entity is enabled, nothing will trigger since no actions are attached.
- Alerts and scheduled searches are no longer run on cloud for organizations with an expired trial license, and on-prem for any expired license.
Functions
- Fixed an issue where sort() would cause events to be read ina non-optimal order for the entire query.
- Fixed an issue where series() failed to serialize its state properly.
- Fixed a bug in the validation of the bits parameter of hashMatch() and hashRewrite().
Other
- Use a fresh (random) name for the tmp folder below the datadir to ensure that it is a proper subdir of the datadir and not a mount point.
- The field vhost in internal Humio logging is now reserved for denoting the host logging the message. Other uses of vhost now uses the field hostId.
- Support Java 17.
- When performing jobs triggered via the Redact Events API, Humio could restart queries for unrelated views until the delete job completed. This has been improved, so only views affected by the delete will be impacted.
- Fixed an issue where clicking on the counters of parsed events on the Parsers page would open an empty search page, except for built-in parsers. Now, it correctly shows the latest parsed events for all parsers (except package parsers).
- Fixed an issue where error messages would show wrong input.
- Fixed an issue on sandbox renaming, that would allow you to rename a sandbox and end up in a bad state.
- Fixed an issue where a digest node could be unable to rejoin the cluster after being shut down if all other digest nodes were also down at the time.
- Changed default package type to "application" on the export package wizard.
- Fixed styling issue on the search page where long errors would overflow the screen.
- Removed a spurious warning log when requesting a non-existent hash file from S3.
- Prevent unauthorized analytics requests being sent.
- Fixed a number of stability issues with the event redaction job.
- Fixed an issue where the web client could start queries from the beginning of time when scrolling backwards through events in the UI.
- Fixed an issue where the segment merger would write that the current node had a segment slightly before registering that segment in the local node.
- Fixed a bug where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there were too many datasources in the repo. This led to a crash loop when the affected node was restarted.
- Fixed an issue where a failing event forwarder would be cached indefinitely and could negatively impact Humio performance.
- When checking if the ViewAction.ChangeS3ArchivingSettings action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a view, as the action only makes sense on repositories.
- Errors on alerts, which are shown in the alert overview, are now only cleared when either the alert query is updated by a user or the alert triggers. Previously, errors that occurred when actions were triggered would be removed when the alert no longer triggered. Now, they will be displayed until the actions trigger successfully. On the other hand, errors that occur when running the query may now remain until the next time the alert triggers, where they would previously be removed as soon as the query run again without errors. This change was reverted in 1.33.1.
- Fixed an issue where some regexes could not be used.
- Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
- Crash the node if any of a number of critical threads die. This should help prevent zombie nodes.
- Fixed incorrect results when searching through saved queries and recent queries.
- Fixed a bug with the cache not being populated between restarts on single node clusters.
- When creating or updating an action, the backend now verifies that the host url associated with the action is prefixed with either http:// or https://. This affects Actions of the type: Webhook, OpsGenie, Single-Channel Slack and VictorOps.
- Fixed a bug where only part of the Users page was loading when navigating from the All organizations page.
- Fixed an issue where a dashboard installed with a YAML file could be slightly different than what was specified in the file.
- Fixed an issue where a scheduled search failed and was retried, if it had multiple actions and at least one action was unknown to Humio. Now, the unknown action is logged, but the scheduled search completes successfully and continues to the next scheduled run.
- Fixed an edge case where Humio might create multiple copies of the same datasource when the number of Kafka partitions is changed. The fix ensures only one copy will be created.
- Fixed an issue where comments spanning multiple lines wouldn't be colored correctly.
- Fixed an issue on on-prem trial license that would use user count limits from cloud.
- Changed field type for zip codes.
- Fixed an issue when adding a group to a repository or view than an error message is displayed when the user is not the organization owner or root.
- Changes to the state of IOC access on organizations are now reflected in the audit log.
- Remove the ability to create ingest tokens and ingest listeners on system repositories.
- Fixed a bug where invalid UTF-16 characters could not be ingested. They are now converted to 'ufffd'.
- Addressed an issue causing Humio to sometimes error log an ArrayIndexOutOfBoundsException during shutdown.
- Fixed an issue where missing undersized segments in a datasource might cause Humio to repeatedly transfer undersized segments between nodes.
- Temporary fix of issue with live queries not having first aggregator as bucket() or timeChart(), but then later in the query having those as a second aggregator. As a temporary fix, such queries will fail. In later releases, this will get fixed more properly.
- Browser storage is now cleared when initiating while unauthenticated.
- Fixed a bug where query coordination partitions would not get updated.
- Fixed an issue where the SegmentMoverJob could delete the local copy of a segment, if a pending download of the segment failed the CRC check. The job will now keep the downloaded file at a temporary path until the CRC check completes, to avoid deleting a local copy created by other jobs, e.g. by bucket downloads.
- Fixed some widgets on dashboards reporting errors while waiting for data to load.
- When checking if the ViewAction.ChangeRepoConnections action is allowed (with e.g. SearchDomain.isActionAllowed), the answer will now be false if checked on a repository, as the action only makes sense on views.
- No longer return the "Query Plan" in responses, but return a hash in the new field hashedQueryOnView instead. The plan could leak information not otherwise visible to the user, such as query prefixes being applied.
- When a digester fails to start, rather than restarting the JVM as previous releases did, keep retrying to start assuming that the issue is transient, such as data for a single ingest partition being unavailable for a short while. While in this situation the process reports the metric for ingest latency on the affected partitions as being uptime of the JVM process at this point. The idea is to signal that data is not flowing on those partitions, so that a monitored metric can raise an alarm somewhere. In lack of a proper latency in this situation, it's better to have a growing non-zero metrics than having the metrics being zero.
- Changes to the state of backend feature flags are now reflected in the audit log.
- Fixed an issue where release notes would not close when a release is open.
- Fixed an issue where the segment merger could mishandle errors during merge.
- Fixed an issue causing Humio running on Java 16+ to return incorrect search results when the input query contains Unicode surrogate pairs (e.g. when searching for an emoji).
- Fixed a bug where shared lookup files could not be downloaded from the UI.
- Removed error query param from URL when entering Humio.
- Fixed an issue where OIDC without a discovery endpoint would fail to configure if OIDC_TOKEN_ENDPOINT_AUTH_METHOD was not set.
- Fixed an issue where certain problems would highlight the first word in a query.
- Include view+parser-name in thread dumps when time is spent inside a parser.

Humio Server 1.32.8 Stable (2022-03-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.32.8

Stable

2022-03-09

Cloud

On-Prem

2022-10-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	94782d07a7feda72ffc831747e6740f1
SHA1	8c1afb6e1b4fe6e5eabe30823e7705b7a03a7af5
SHA256	76eaa3581ad45443af93dd9e6f92f51142bdc082ba8af234b0ffc7f4346ef630
SHA512	6929950a72ee073402aea63a3acc016b15ae435ba5c9cf4c24b94fbf51af01c4ccfa4da223374527b597c154f0ca72a114feb0ec45bfae55fad8be17645bccf5

Docker Image	SHA256 Checksum
humio	d8f1892f444ab53d2e94419a096978da0eba8d7a995096d9b6f031162fd3bb3c
humio-core	49d2631113684a8fc8b3ad53e5545a661961607a3033357ee977ce50d0b49f0a
kafka	3bbbaec63eb2ca089800172d94e95f6bb84266dcbac3e76217f50c4169133546
zookeeper	9830902ac961b08c778f38b8714dcfab6be076c1acc5366db459a8560cb6eb61

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.8/server-1.32.8.tar.gz

Updated dependencies with security fixes and weakness and improved performance.

Bug Fixes

Security
- Updated dependencies to Akka to fix CVE-2021-42697.
- Updated dependencies to jawn to fix CVE-2022-21653.
Summary
- Performance improvements of Ingest and internal caching.
- Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.
- Fixes issue with epoch and offsets not always being stripped from segments.

Humio Server 1.32.7 Stable (2022-01-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.32.7

Stable

2022-01-06

Cloud

On-Prem

2022-10-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	30080b4b84bb4aba37eb11023019bd78
SHA1	c53f4ac43beee249a68c90cae62d0b768b1284d7
SHA256	192b0554f6cbdfd5853cc90d8a418497df800da85bc0795238fc359aae8fa309
SHA512	0119341a2d041b0143a849881279274b7aef6589e8f90730907401562d03c631065bdb6f3e567b9cdffe31e572c570414f9386ef12e39ffaefdb4a8a5d70f479

Docker Image	SHA256 Checksum
humio	c286be555ee8e333acaa87ff010a8b6ecda18cd57c57b2925513b300792c021c
humio-core	c1efbc9ae9dd76ccbaa674e63ff0029625724c1bb82f3b759cf692f65b3861fc
kafka	e0d67223acc40bc46d9205286655b28e5c5adfdacbd86441e57e4939113805ee
zookeeper	c5a7a9ab2dc6be82defe163499b943b727697a3e5d06fc8ead128240e596beb9

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.7/server-1.32.7.tar.gz

Updated dependencies with security fixes and weakness.

Bug Fixes

Security
- Updated dependencies to Netty to fix CVE-2021-43797
- Updated dependencies to log4j 2.17.1 to fix CVE-2021-44832 and CVE-2021-45105
Summary
- Updated dependencies to Jackson to fix a weakness

Humio Server 1.32.6 Stable (2021-12-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.32.6

Stable

2021-12-15

Cloud

On-Prem

2022-10-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	7faf420472dbc06536e7478f9b62ab9b
SHA1	77ab5617ec6a9ea24d5db93d82e44a6baa9b8bc2
SHA256	f77c2758074e6ed3b0543531e8ad8ca8a62b934484ee2ac820eabcdd9c572b20
SHA512	777a8f6e1f2371aea2f9aaeed46633c5c0837e96b1a902433adb7ad8fd98efdaf0f1b21fbae5c8ddb9b5099c4f85e70a0d5a7e9ca00a47b2f2293c9b37c129fe

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.6/server-1.32.6.tar.gz

Security fix related to log4j logging, and fix compatibility with Filebeat.

Bug Fixes

Security
- Updated dependencies to log4j 2.16 to remove of message lookups (CVE-2021-45046)
Summary
- Fixed issue where streaming (exporting) query results in JSON format could include extra "," characters within the output.

Humio Server 1.32.5 Stable (2021-12-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.32.5

Stable

2021-12-10

Cloud

On-Prem

2022-10-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	e4475e8c2f6623ff22465ccd59bbfb8a
SHA1	5affbdbd10674259ec178db75171d73eb2835f1d
SHA256	92c0261e328c43f0ba46ffaa72fc5e8a1ef075438759286ab00ea5dbb5b5ca30
SHA512	e698dd4a2aa8c85ca3d89cc596e05677106d509082f816e46b3dca6b4b3313690d4c41c3a5b5529d08d91e51ebbfb3f9217e7830d1f4ade54fd79b40f366f449

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.5/server-1.32.5.tar.gz

Security fix related to log4j logging.

Bug Fixes

Security
- Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).

Humio Server 1.32.4 Stable (2021-12-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.32.4

Stable

2021-12-10

Cloud

On-Prem

2022-10-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	237975851200cd2a21b749ea3994f307
SHA1	0e6acfcbc13150c83861af51798d8f4510de7bb4
SHA256	99a86034dc2e26f0779a64a11633563f59dbc94959b85f80f996e5c267053ae4
SHA512	aba67fee43c26d832cc9fb0a5ce3af0faabb596bc33c597eaba83f8f7d3e7da1ec61f6554c257ca7063991a802fdd4149f90e25db856751ca538c1d2f5262a40

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.4/server-1.32.4.tar.gz

Security fix related to log4j logging, and fix compatibility with Filebeat.

Bug Fixes

Security
- Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).
- Fixed a compatibility issue with Filebeat 7.16.0

Humio Server 1.32.3 Stable (2021-12-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.32.3

Stable

2021-12-01

Cloud

On-Prem

2022-10-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	a930565c1e42104fcf6b963089db33ec
SHA1	b4818b51348ae64bf79104813d89fb34ec183a71
SHA256	a100e4eb4161b0dc01ac745dffd5bb22839c557fd120f2ddb8359981558af5d5
SHA512	fb2439171324b098a870bb143e4442bacd007c0f18c2fce9ead458e6f05d8672f3f4309e4c59c7b74a6c74763b6936707f67f36eb645847f0daaee75badd4f9a

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.3/server-1.32.3.tar.gz

Bug fix to resolve problem with clusters using bucket storage.

Bug Fixes

Summary
- Fixed an issue that would result in a query not completing when one of the involved segments was deleted locally while the query was running. This could happen on clusters using bucket storage with more data than fits the local disks.

Humio Server 1.32.2 Stable (2021-11-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.32.2

Stable

2021-11-19

Cloud

On-Prem

2022-10-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	098c372a532df86516d89e7d257f86b6
SHA1	ea67955c0cad253a0278fe408fcce7d300491455
SHA256	f2289d4bf0321e0dde905a8d4148d709e5ac846fdd055c7133172f5d33ef9fe0
SHA512	1bb52a2333339201a7c56f2d0d93997e60ea5b62d5b2ec1dc9f84d812b50c3e5ebca8039de029ecdb14e00885f9e9965532acc13dd339589a45a836a5548b849

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.2/server-1.32.2.tar.gz

Critical bug fix regarding version dependency, and race conditions.

Bug Fixes

Summary
- Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.
- Updated a dependency to a version fixing a critical bug.

Humio Server 1.32.1 Stable (2021-11-16)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.32.1

Stable

2021-11-16

Cloud

On-Prem

2022-10-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	7717b075d0e60780caf64c8a70afdf57
SHA1	02e400753b475b1ba668399bc27126a12304e4a6
SHA256	c5d36f6bbcd5c8bc90e5ba2a28ca15cf5f1c3657a56c40e9f46f7bfaf48149e1
SHA512	09d31840cd1442cfed31402bf52132a4c9960e3177b2c14e4b4da687333ae3995732a048c3b71ae7eb81ccfd40afee40e34085d6cc35da6b3cb826a57049f0a6

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.1/server-1.32.1.tar.gz

Bug fixes related to Amazon S3 log entries, saving a User Interface theme, Logtash, and general security.

Bug Fixes

Summary
- Security fix.
- Removed a spurious warning log when requesting a non-existent hash file from S3.
- Fixed an issue where choosing a UI theme would not get saved properly in the user's settings.
- It is now possible to ingest logs into Humio using LogStash v.7.13 and upwards.

Humio Server 1.32.0 Stable (2021-10-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.32.0

Stable

2021-10-26

Cloud

On-Prem

2022-10-31

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	27311d8fb5172cc95aa7cb8d02f5c58c
SHA1	0378ceb4d0ba9255dba6c213e1a728f7095e8ced
SHA256	3dd0434039b1d8eaeb1d1242c860d51593ec222b3d09ae1d732503214edb6d06
SHA512	b29267cd2e89cbbf88386a9c2e617c634ff05567388680b605804a0e3978fca4a55c483395d819ff27fbc53da6e29c09ff573c5f7ff00ab57dda45f5e20c1dd2

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.32.0/server-1.32.0.tar.gz

We now distribute Humio as a tarball in addition to the fat jar format we've previously used. We will continue to distribute the fat jar for the time being. The tarball includes a launcher script, which will set a number of JVM arguments for users automatically. We believe this will help users configure Humio for good performance out of the box. For more information, see Launcher Script.

Search performance via hashfilter-first on segments in buckets

Some searches, including regex and literal string matches, now allow searching without fetching the actual segment files from the bucket, in case the segment is only present in the bucket and not on any local disk. Humio now fetches the hash filter file and uses that to decide if the segment file may have a match before downloading the segment file in this case.

Humio packages can now carry scheduled searches, all types of actions, and files with lookup data (either CSV or JSON formatted). Additionally, we have improved the UI for managing packages, to make it easier to find the package you are looking for. This also marks the point where packages are brought out of beta.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecates the two GraphQL fields id and contentHash on the File type. The two fields are considered unused, so no alternatives are provided. If you rely on them, please let us know.
Deprecates the copyFile GraphQL mutation, as it is no longer used. If you use this mutation, please let us know.

Improvements, new features and functionality

UI Changes
- Updated the style of the email action template and made the wording used dependent on whether an alert or scheduled search was triggered.
- Breadcrumbs are aligned across all pages and show the package name with a link when viewing or editing an asset from a package.
- The left navigation menu hides, and can be opened again, for mobile devices, on organization settings pages and repository settings pages.
- Cluster management pages style updates.
- Fixed some styling issue on Query Quotas page.
- The signup path was removed, together with the corresponding pages.
- Updated design for Package Marketplace and Installed Packages to make them easier to use and more consistent.
- Removed the pop-up link to edit an alert or scheduled search when on the form page. This link is only relevant when creating an entity from the search page via a dialog.
- Identity provider pages style update.
GraphQL API
- Added information about the use of preview fields in the result from calling the GraphQL API. The information will be in the field extensions.preview and will be a list of objects with a name and reason field.
- The GraphQL DateTime type now supports non-UTC time. Timestamps like 2021-07-18T14:13:09.517+02.0 are now legal, and will be converted to UTC time internally.
- When using the GraphQL field allowedViewActions, the two previously deprecated actions ChangeAlertsAndNotifiers and ReadEvents are no longer returned. Look for their replacements ChangeTriggersAndActions and ReadContents instead.
- Deprecates the installPackageFromRegistry and updatePackageFromRegistry GraphQL mutations in favor of installPackageFromRegistryV2 and updatePackageFromRegistryV2.
- The name, displayName, and location GraphQL fields on the File type are deprecated in favor of the new nameAndPath field.
- The fileName, displayName, and location GraphQL fields on the UploadedFileSnapshot type are deprecated in favor of the new nameAndPath field.
- Deprecates the package field on the SearchDomain GraphQL type, in favor of packageV2. The new field has a simpler and more correct return type.
- Added a GraphQL mutation cancelDeleteEvents that allows cancelling a previously submitted deletion. Cancellation is best-effort, and events that have already been deleted will not be restored.
- Extended 'Relative' field type for schema files to include support for the value 'now'.
Configuration
- Added compatibility mode for using IBM Cloud Object Storage as bucket storage via S3_STORAGE_IBM_COMPAT
- The Scheduled Searches feature is no longer in beta and can be used by all users without enabling it first
- On a node configured as USING_EPHEMERAL_DISKS=true allow the local disk management deleting files even if a query may need them later, as the system is able to re-fetch the files from bucket storage when required. This improves the situation when there are active queries that in total have requested access to more segments than the local disk can hold.
Functions
- Improved performance in IP database lookups for the functions ipLocation(), asn() and worldMap().
Other
- Added focus states to text field, selection and text area components.
- Added support for importing packages with CSV and JSON files. Exporting packages with files is not fully supported yet, but will be in a future release.
- Improved handling of local disk space relative to LOCAL_STORAGE_MIN_AGE_DAYS. When the local disk would overflow by respecting that config, Humio can now delete the oldest local segments that are present in bucket storage, even when they are within that time range.
- Raise size limit on ingest requests from 8MB to 1 GB
- Scheduled search "schedule" is explained using human readable text such as "At 9.30 on Tuesdays".
- Improved search for users page.
- Package installation error messages are now much more readable.
- Limit pending ingest requests by rejecting excess invocations. Rejections are signalled as status 429 "Too many requests" and a Retry-After header suggesting to retry in 5 seconds. Limiting starts when queued requests exceed INGEST_REQUEST_LIMIT_PCT of the total heap size, default is 5.
- Warnings when running scheduled searches now show up as errors in the scheduled search overview page if SCHEDULED_SEARCH_DESPITE_WARNINGS is set to false (the default).
- Added a Data subprocessors page under account.
- Improved audit log for organization creation.
- Added maximum width to tabs on the Group page, so they do not keep expanding forever.
- Humio docker images is now based on the Alpine linux.
- New metric: "ingest-request-delay". Histogram of ingest request time spent being delayed due to exceeding limit on concurrent processing of ingest.
- Added explicit distribution information for elastic bulk API for elasticsearch API compatibility.
- Allow launching using JDK-16.
- The test action functionality no longer uses alert terminology, as actions can be invoked from both alerts and scheduled searches. Also, it is now possible to also test the scheduled search specific message templates using it.
- Improved error handling when running scheduled searches, so that a failed schedules search will be retried as long as it is within the Backfill Limit.
- Added loading and error states to the page where user selects to create a new repository or view.
- When selecting actions for alerts or scheduled searches, the actions are now grouped by the package they were imported from.
- Fixed an issue with using the browser back button while "advanced editing" the query text of a scheduled search or an alert would hide the blue bar that allows saving the query.
- Added support for including dashboard and alert labels when exporting a package.
- Scheduled search "schedule" field is now validated, showing accurate help for each part of the crontab expression.
- You can now export and import packages containing any of the action types: Webhook, Email, Humio Repo, Pager Duty, Slack, Slack multi channel, Ops Genie and Victor Ops.
- Added Dark Mode for Query Monitor page.

Bug Fixes

Documentation
- Updated the examples on how to use the match() query function in the online documentation.
Automation and Alerts
- Fixed a bug which potentially have caused alerts to not re-fire after the throttle period for field-based throttling had passed.
Functions
- Fixed an issue where top() with max= can yield the same key multiple times (ei. ...| top([queryId, query], max=totalSize)).
- Fixed an issue with the split() function which caused incorrect (usually, too few) query results in some cases where the output fields were refered to later in the query.
Other
- Fixed an issue where the global consistency check job would fail to perform the consistency check, instead logging lines like "Global dump requested but global had expired". This line can still occur, but only when the consistency check takes too long.
- Amended an internal limit on how many segments can be fetched from bucket storage concurrently. The old limit was based on the number of running queries. The new limit is 32.
- Fixed an issue where, looking at GraphiQL, the dropdown from the navigation menu was partially hidden.
- Fixed an issue that could cause cluster nodes to crash when growing the number of digest partitions.
- Fixed an issue where new groups added to a repository got a query prefix that disallowed search. The default is now to allow search with the queryprefix *.
- Fixed an issue that caused some errors to be hidden behind a message about "internal error".
- Reworded a confusing error message when using the top() function with a limit parameter exceeding the limits configured with TOP_K_MAX_MAP_SIZE_HISTORICAL or TOP_K_MAX_MAP_SIZE_LIVE.
- Fixed an issue that could cause UploadedFileSyncJob to crash if an uploaded file went missing.
- Truncate long user names on the Users page.
- Fixed a bug where a 404 Not Found status on an internal endpoint would be incorrectly reported as an 401 Unauthorized.
- Fixed an issue where Humio would retain segments acquired from read-only buckets if those segments were deleted. Humio will now properly delete the segments locally, and drop the reference to the copy in the read-only bucket.
- Global snapshots are now uploaded to bucket storage more often when there are a lot of updates to it, leading to shorter replay times on startup.
- Introduced a check for compatibility for packages and humio versions.
- Security when viewing installed packages and packages on the marketplace are now less strict. Permissions are still required for installing and uninstalling packages.
- Fixed an issue where the DiskSpaceJob could continue tracking segments if they were deleted from global, but the files were still present locally.
- Fixed an issue where certain problems highlighted the first word in a query, not the location of the problem.
- Creating a new dashboard now opens it after creation.
- Fixed an issue that caused some metrics of type gauge to be reported with a wrong value.
- The DiskSpaceJob now removes newly written backfilled segments off the local disk before it chooses to remove non-backfilled segments.
- Fixed an issue where the {time_zone} Message Templates and Variables for actions would show a full description of the scheduled search instead of only the time zone.
- Fixed an issue - when creating a repository a user is automatically assigned a role but isn't able to see himself in the roles list. Also, when editing roles the assignment is not counted correctly under usage.
- Fixed an issue where Humio attempted to fetch global from other nodes before TLS was initialized.
- Fixed a bug on queries that triggered an error while executing due to the input (such as a regex that exceeds limits on execution time) could result in the client getting 404 as status on poll, where it should get .0.
- Fixed an issue where Shift+Enter would select the current completion rather than adding a newline.
- Removed an old Cloud Signups page. The page is not necessary since organizations were implemented for the Cloud environments.
- Fixed an issue where Humio would create a broken hash file for the merge result when merging minisegments that did not originally have hash files.
- Fixed an issue where the DiskSpaceJob could mark segments accessed slightly out of order during boot.
- Fixed an issue where it was possible to submit queries to the Delete Events API that were not valid for that API. Only pure filtering queries are allowed.
- Updated Slack action for messaging multiple channels, so it propogates errors when triggered. Previously errors were ignored.
- When a search is able to filter out segments based on the hash filter files, and a segment file is not present locally on any node, fetch only the hash filter at first, evaluate that, and only if required, fetch the segment file. This speeds up searches that target segments only present in bucket storage and that have search filters that generate hash filter checks, such as regex and literal text comparisons.
- Fixed a bug where a hidden field named "#humioAutoShard" would sometimes show up in the field list.
- Split package export page into dialog with multiple steps.
- Fixed an issue where the job responsible for deleting segment files off nodes was not deleting as many segments as it should.
- When accessing Humio through a URL with either a repository or view name in it and using an ingest token, it is now checked that the view on the token matches the repository or view in the URL, and a 403 Forbidden status is returned, if not.
- The DiskSpaceJob no longer initializes based off of the segment last-modified timestamp, this only happens if no access order snapshot is stored locally. If a snapshot is present, we trust that.
- Fixed a bug causing the disk space job to use an expensive code path even when a cheaper one was available.
- Fixed an issue where the job responsible for deleting segment files off nodes was not running as often as expected.
- Cloning an asset now redirects you to the edit page for the asset for all assets.
- Fixed an issue where the query scheduler would spend too much time "shelving" queries, and not enough on getting them executed, leading to little progress on queries.
- Fixed an issue where metrics of type gauge with a double value were not reported to the humio-metricsrepository, but only to the humio repository.
- Fixed thread safety for a variable involved in fetching from bucket storage for queries.
- Updated the new asset dialog button text so that it will say 'Continue' when an asset will not be created directly.
- Updated Elastic ingest endpoint to accept 'create' operations in addition to 'index' operations. Both operation types result in the same ingest behavior. This update was added as Fluent-Bit v1.8.3 began using the 'create' operation rather than 'index' for ingest.
- Fixed an issue where Humio would create auxiliary files (hash files) for segments unnecessarily when moving segments between nodes.
- Updated dependencies with security fixes.
- The simple and advanced permission model has been merged, thus allowing users who were using the simple permission model to create their own permission roles and groups, create groups with default roles, and all other features that were previously only available in advanced permissions mode.

Humio Server 1.31.0 Preview (2021-09-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.31.0

Preview

2021-09-27

Cloud

On-Prem

2022-10-31

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	4b4b4411d930d00275bc3a412c0c5c50
SHA1	ca22652ca303a162f81711f43977e14e528f6e85
SHA256	908a907b5c1ffbdce667b932daea0aab46a8ece4e164072f5bae0eb77d3bdd6f
SHA512	bbc65ea8641ac3d9910da4a9dcda0c1817d2a8acc2e81491a389d2671af7e57c12f019ad71af7309d4ad68b67997a6cbd3b0fba3a2048f07b7c7567abd05b8ae

We now distribute Humio as a tarball in addition to the fat jar format we've previously used. We will continue to distribute the fat jar for the time being. The tarball includes a launcher script, which will set a number of JVM arguments for users automatically. We believe this will help users configure Humio for good performance out of the box. For more information, see Launcher Script.

Search performance via hashfilter-first on segments in buckets

Some searches, including regex and literal string matches, now allow searching without fetching the actual segment files from the bucket, in case the segment is only present in the bucket and not on any local disk. Humio now fetches the hash filter file and uses that to decide if the segment file may have a match before downloading the segment file in this case.

Humio packages can now carry scheduled searches, all types of actions, and files with lookup data (either CSV or JSON formatted). Additionally, we have improved the UI for managing packages, to make it easier to find the package you are looking for. This also marks the point where packages are brought out of beta.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecates the copyFile GraphQL mutation, as it is no longer used. If you use this mutation, please let us know.

Improvements, new features and functionality

UI Changes
- Updated the style of the email action template and made the wording used dependent on whether an alert or scheduled search was triggered.
- The signup path was removed, together with the corresponding pages.
- Identity provider pages style update.
- The left navigation menu hides, and can be opened again, for mobile devices, on organization settings pages and repository settings pages.
- Breadcrumbs are aligned across all pages and show the package name with a link when viewing or editing an asset from a package.
- Cluster management pages style updates.
- Removed the pop-up link to edit an alert or scheduled search when on the form page. This link is only relevant when creating an entity from the search page via a dialog.
- Updated design for Package Marketplace and Installed Packages to make them easier to use and more consistent.
- Fixed some styling issue on Query Quotas page.
Automation and Alerts
- When selecting actions for alerts or scheduled searches, the actions are now grouped by the package they were imported from.
GraphQL API
- Added a GraphQL mutation cancelDeleteEvents that allows cancelling a previously submitted deletion. Cancellation is best-effort, and events that have already been deleted will not be restored.
- Deprecates the installPackageFromRegistry and updatePackageFromRegistry GraphQL mutations in favor of installPackageFromRegistryV2 and updatePackageFromRegistryV2.
- When using the GraphQL field allowedViewActions, the two previously deprecated actions ChangeAlertsAndNotifiers and ReadEvents are no longer returned. Look for their replacements ChangeTriggersAndActions and ReadContents instead.
- Added information about the use of preview fields in the result from calling the GraphQL API. The information will be in the field extensions.preview and will be a list of objects with a name and reason field.
- Extended 'Relative' field type for schema files to include support for the value 'now'.
- Deprecates the two GraphQL fields id and contentHash on the File type. The two fields are considered unused, so no alternatives are provided. If you rely on them, please let us know.
- Deprecates the package field on the SearchDomain GraphQL type, in favor of packageV2. The new field has a simpler and more correct return type.
- The name, displayName, and location GraphQL fields on the File type are deprecated in favor of the new nameAndPath field.
- The fileName, displayName, and location GraphQL fields on the UploadedFileSnapshot type are deprecated in favor of the new nameAndPath field.
- The GraphQL DateTime type now supports non-UTC time. Timestamps like 2021-07-18T14:13:09.517+02.0 are now legal, and will be converted to UTC time internally.
Configuration
- The Scheduled Searches feature is no longer in beta and can be used by all users without enabling it first
- On a node configured as USING_EPHEMERAL_DISKS=true allow the local disk management deleting files even if a query may need them later, as the system is able to re-fetch the files from bucket storage when required. This improves the situation when there are active queries that in total have requested access to more segments than the local disk can hold.
- Added compatibility mode for using IBM Cloud Object Storage as bucket storage via S3_STORAGE_IBM_COMPAT
Functions
- Improved performance in IP database lookups for the functions ipLocation(), asn() and worldMap().
Other
- Fixed an issue with using the browser back button while "advanced editing" the query text of a scheduled search or an alert would hide the blue bar that allows saving the query.
- Added support for including dashboard and alert labels when exporting a package.
- Warnings when running scheduled searches now show up as errors in the scheduled search overview page if SCHEDULED_SEARCH_DESPITE_WARNINGS is set to 'false' (the default).
- Scheduled search "schedule" is explained using human readable text such as "At 9.30 on Tuesdays".
- Allow launching using JDK-16.
- Improved error handling when running scheduled searches, so that a failed schedules search will be retried as long as it is within the Backfill Limit. [backfill
- You can now export and import packages containing any of the action types: Webhook, Email, Humio Repo, Pager Duty, Slack, Slack multi channel, Ops Genie and Victor Ops.
- Package installation error messages are now much more readable.
- Added focus states to text field, selection and text area components.
- The test action functionality no longer uses alert terminology, as actions can be invoked from both alerts and scheduled searches. Also, it is now possible to also test the scheduled search specific message templates using it.
- Added Dark Mode for Query Monitor page.
- Improved handling of local disk space relative to LOCAL_STORAGE_MIN_AGE_DAYS. When the local disk would overflow by respecting that config, Humio can now delete the oldest local segments that are present in bucket storage, even when they are within that time range.
- Improved search for users page.
- Added loading and error states to the page where user selects to create a new repository or view.
- Added explicit distribution information for elastic bulk API for elasticsearch API compatibility.
- Added support for importing packages with CSV and JSON files. Exporting packages with files is not fully supported yet, but will be in a future release.
- Humio docker images is now based on the Alpine linux.
- Added maximum width to tabs on the Group page, so they do not keep expanding forever.
- Improved audit log for organization creation.
- Scheduled search "schedule" field is now validated, showing accurate help for each part of the crontab expression.
- Added a Data subprocessors page under account.

Bug Fixes

Documentation
- Updated the examples on how to use the match() query function in the online documentation.
Functions
- Fixed an issue with the split() function which caused incorrect (usually, too few) query results in some cases where the output fields were refered to later in the query.
- Fixed an issue where top() with max= can yield the same key multiple times (ei. ...| top([queryId, query], max=totalSize)).
Other
- Fixed an issue where the job responsible for deleting segment files off nodes was not running as often as expected.
- Fixed an issue where Shift+Enter would select the current completion rather than adding a newline.
- Removed an old Cloud Signups page. The page is not necessary since organizations were implemented for the Cloud environments.
- Updated the new asset dialog button text so that it will say 'Continue' when an asset will not be created directly.
- When a search is able to filter out segments based on the hash filter files, and a segment file is not present locally on any node, fetch only the hash filter at first, evaluate that, and only if required, fetch the segment file. This speeds up searches that target segments only present in bucket storage and that have search filters that generate hash filter checks, such as regex and literal text comparisons.
- Cloning an asset now redirects you to the edit page for the asset for all assets.
- Split package export page into dialog with multiple steps.
- Amended an internal limit on how many segments can be fetched from bucket storage concurrently. The old limit was based on the number of running queries. The new limit is 32.
- Updated dependencies with security fixes.
- Fixed an issue where it was possible to submit queries to the Delete Events API that were not valid for that API. Only pure filtering queries are allowed.
- Fixed an issue where the query scheduler would spend too much time "shelving" queries, and not enough on getting them executed, leading to little progress on queries.
- Fixed an issue where the global consistency check job would fail to perform the consistency check, instead logging lines like "Global dump requested but global had expired". This line can still occur, but only when the consistency check takes too long.
- Fixed a bug where a hidden field named "#humioAutoShard" would sometimes show up in the field list.
- Fixed an issue that could cause UploadedFileSyncJob to crash if an uploaded file went missing.
- Global snapshots are now uploaded to bucket storage more often when there are a lot of updates to it, leading to shorter replay times on startup.
- Introduced a check for compatibility for packages and humio versions.
- Updated Elastic ingest endpoint to accept 'create' operations in addition to 'index' operations. Both operation types result in the same ingest behavior. This update was added as Fluent-Bit v1.8.3 began using the 'create' operation rather than 'index' for ingest.
- Fixed a bug which potentially have caused alerts to not re-fire after the throttle period for field-based throttling had passed.
- Fixed an issue where, looking at GraphiQL, the dropdown from the navigation menu was partially hidden.
- Truncate long user names on the Users page.
- Fixed an issue where the DiskSpaceJob could mark segments accessed slightly out of order during boot.
- Fixed thread safety for a variable involved in fetching from bucket storage for queries.
- Fixed an issue where Humio attempted to fetch global from other nodes before TLS was initialized.
- The simple and advanced permission model has been merged, thus allowing users who were using the simple permission model to create their own permission roles and groups, create groups with default roles, and all other features that were previously only available in advanced permissions mode.
- Fixed an issue where new groups added to a repository got a query prefix that disallowed search. The default is now to allow search with the queryprefix *.
- The DiskSpaceJob now removes newly written backfilled segments off the local disk before it chooses to remove non-backfilled segments.
- Fixed an issue where the job responsible for deleting segment files off nodes was not deleting as many segments as it should.
- Fixed an issue where Humio would create a broken hash file for the merge result when merging minisegments that did not originally have hash files.
- Updated Slack action for messaging multiple channels, so it propogates errors when triggered. Previously errors were ignored.
- Security when viewing installed packages and packages on the marketplace are now less strict. Permissions are still required for installing and uninstalling packages.
- Fixed an issue where the {time_zone} Message Templates and Variables for actions would show a full description of the scheduled search instead of only the time zone.
- Fixed an issue where certain problems highlighted the first word in a query, not the location of the problem.
- Fixed an issue that caused some metrics of type gauge to be reported with a wrong value.
- Fixed an issue that caused some errors to be hidden behind a message about "internal error".
- The DiskSpaceJob no longer initializes based off of the segment last-modified timestamp, this only happens if no access order snapshot is stored locally. If a snapshot is present, we trust that.
- Fixed a bug causing the disk space job to use an expensive code path even when a cheaper one was available.
- Fixed an issue where the DiskSpaceJob could continue tracking segments if they were deleted from global, but the files were still present locally.
- Reworded a confusing error message when using the top() function with a limit parameter exceeding the limits configured with TOP_K_MAX_MAP_SIZE_HISTORICAL or TOP_K_MAX_MAP_SIZE_LIVE.
- Fixed an issue that could cause cluster nodes to crash when growing the number of digest partitions.
- Creating a new dashboard now opens it after creation.
- Fixed an issue where metrics of type gauge with a double value were not reported to the humio-metrics repository, but only to the humio repository.
- Fixed a bug where a 404 Not Found status on an internal endpoint would be incorrectly reported as an 401 Unauthorized.
- Fixed an issue where Humio would create auxiliary files (hash files) for segments unnecessarily when moving segments between nodes.
- When accessing Humio through a URL with either a repository or view name in it and using an ingest token, it is now checked that the view on the token matches the repository or view in the URL, and a 403 Forbidden status is returned, if not.
- Fixed a bug on queries that triggered an error while executing due to the input (such as a regex that exceeds limits on execution time) could result in the client getting 404 as status on poll, where it should get .0.

Humio Server 1.30.7 Stable (2022-01-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.30.7

Stable

2022-01-06

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	9612de72bdd0275e39d6af23c51067c8
SHA1	4ecdf75a4deae2b2c75abcf1101d9b4711cacf31
SHA256	3ae7ba0f40043f10c7fad02ea471bb55373cf38afd31ddfa2f47bdc87528f475
SHA512	5d3cadcb47c1c792c2e643fbaffef5207a2d327a41142a337196863a1be39a5b39de1a527853bc08a285497b6f6791b592c9e0bf69f8aef3a2e16d9db6cee7de

Updated dependencies with security fixes.

Bug Fixes

Security
- Updated dependencies to log4j 2.17.1 to fix CVE-2021-44832 and CVE-2021-45105
- Updated dependencies to Netty to fix CVE-2021-43797

Humio Server 1.30.6 Stable (2021-12-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.30.6

Stable

2021-12-15

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	00b0fbed6da70bb28c130be8bab2f573
SHA1	033f9cb06618af70ebf605534af3d97692b1279e
SHA256	f389991e007489d9f5a0d6ca8b4cd3905b072ff40efcff3284bef47cf65d4e86
SHA512	12fec5a5954f8ec49cbc30f1b206302bdb8d21fc34330cc5120d5af68a08e80c4fa53faad2d9c707535ced94e6134beaaca141212da7daa1d748b29b9df286ee

Fix log4j dependencies.

Bug Fixes

Security
- Updated dependencies to log4j 2.16 to remove of message lookups (CVE-2021-45046)

Humio Server 1.30.5 Stable (2021-12-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.30.5

Stable

2021-12-10

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	e4475e8c2f6623ff22465ccd59bbfb8a
SHA1	5affbdbd10674259ec178db75171d73eb2835f1d
SHA256	92c0261e328c43f0ba46ffaa72fc5e8a1ef075438759286ab00ea5dbb5b5ca30
SHA512	e698dd4a2aa8c85ca3d89cc596e05677106d509082f816e46b3dca6b4b3313690d4c41c3a5b5529d08d91e51ebbfb3f9217e7830d1f4ade54fd79b40f366f449

Fix log4j dependencies.

Bug Fixes

Security
- Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).

Humio Server 1.30.4 Stable (2021-12-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.30.4

Stable

2021-12-10

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	815e193fd910b712d9be4420473101ec
SHA1	f909e62433a8ee4ff3ac2a4b78ab966c311eae54
SHA256	bb2fcd20a21e9d8a7a8e2866ff579259f3f4b9975f31731bb4d57d879072d9ca
SHA512	96f31a00f96e44bf64128b9c58b9007cef78ccd12a2abc7264b884415c62f44df7837f4540780aa5a75c04c64488a33a6977d256333e950a181b861d6966b686

Security fix related to log4j logging, and fix compatibility with Filebeat.

Bug Fixes

Security
- Updated dependencies to address a critical security vulnerability for the log4j logging framework, "log4shell", (CVE-2021-44228).
Summary
- Fixed a compatibility issue with Filebeat 7.16.0

Humio Server 1.30.3 Stable (2021-11-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.30.3

Stable

2021-11-25

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	1d3b908f6da95f2a02a69f220715b9ac
SHA1	110fb83be1979070a55a6d9fc6662abcf8ef551a
SHA256	c87ae3a41303afa5d11750d2ae8fa36bb9892723cefb1ffcb19bf1d93e87dde0
SHA512	1c634b3401485aab33ca5ee6042d88596785f054c37933d37e5830a9b7817ec9dc995dda14bd1620f511f0cf685327b9c78f0e2d118f0b24ef04462c4d132136

Bug fix to resolve problem with race conditions.

Bug Fixes

Other
- Fixed a race condition that could cause Humio to delete more segments than expected when initializing a digester node.

Humio Server 1.30.2 Stable (2021-11-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.30.2

Stable

2021-11-19

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	2395ce5b8017a632b02372da3dc0159b
SHA1	049f9a0ed9c4e9acafcefe1a65997b65ba57d3f7
SHA256	815bcce962ac9f43022424e2abdfa587f8377ba1ecf3b4c5ef423a43175fe424
SHA512	bc93c9bbf9fe89eb0a279d265b775bc4b4590b897f7f08a31d2516cd767b4952c59e7a3bad9986b26592487246c8a54f2e29e85d9a2a248dc790418ec68627d7

Bug fixes related to version dependency, problems with incomplete URLS, as well as requiring organization level permissions in certain situations.

Bug Fixes

Other
- Fixed an issue where a URL without content other than the protocol would break installing a package.
- Require organization level permission when changing role permissions that possibly affects all views and repositories.
- Updated a dependency to a version fixing a critical bug.

Humio Server 1.30.1 Stable (2021-10-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.30.1

Stable

2021-10-01

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	790fc08715648deadf23b204f6e77cc9
SHA1	85ea236e0abbaf29740e7288d7cefeb2b1069260
SHA256	e4f8dcc73fbeaa5dcc7d68aa6a972e3ab5ccbb66848c189743b2f50b8bcea832
SHA512	963ec5f550f5b496b08c9025e3fa9ed08c563e4270973092a4a1944a05bd79192316f3324d9a58e78dd014c2119ab389c1d6c566ef395b73c4df96f6d216e2c2

Fixes Humio ignoring MatchExceptions, the frequency of jobs which delete segment files, problems with USING_EPHEMERAL_DISKS, and upgrades Kafka and xmlsec addresses.

Bug Fixes

Security
- Kafka and xmlsec have been upgraded to address CVE-2021-38153 and CVE-2021-38153.
Other
- Fixed an issue causing Humio to log MatchExceptions from the calculateStartPoint method.
- On a node configured as USING_EPHEMERAL_DISKS=true allow the local disk management deleting files even if a query may need them later, as the system is able to re-fetch the files from bucket storage when required. This improves the situation when there are active queries that in total have requested access to more segments than the local disk can hold.
- Fixed an issue where the job responsible for deleting segment files off nodes was not running as often as expected.
- Fixed an issue where the job responsible for deleting segment files off nodes was not deleting as many segments as it should.

Humio Server 1.30.0 Stable (2021-09-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.30.0

Stable

2021-09-17

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	c8989abb219663a61ae54be021fcd367
SHA1	44e1d48d09ca3ae8fd59a185e77b3c9a55a6de8f
SHA256	25a880f34a0fef72ab3cb4bf93f92eae2fdac0022d116485bed1013b3f6683b4
SHA512	53b8055035bfcdd7176fa4369e607874ca9d5ee84de4a3beb964e3f0caba9578b3c46c04c10cb68657be34d8a165fa1089f1679716ecd4896ff57822d0b1e851

As a new feature Humio now includes an IOC (indicator of compromise) database from CrowdStrike to enable lookup of IP addresses, URLs and domains for malicious activity. This database is updated hourly. This is described in more detail at ioc:lookup()

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.

Bug Fixes

Other
- Fixed an issue where the UI page for new parser could have overflow in some browsers.
- Fixed an issue where the query scheduler would spend too much time "shelving" queries, and not enough on getting them executed, leading to little progress on queries.
- Fixed an issue where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there are too many datasources in the repo. This led to a crash loop when the affected node was restarted.

Humio Server 1.30.0 Includes the following changes made in Humio Server 1.29.0
Version^? Type^? Release Date^? Availability^? End of Support
Security
Updates
Upgrades
From^?
JDK
Compatibility^?
Req. Data
Migration
Config.
Changes^?
1.29.0 Preview 2021-07-09
Cloud
On-Prem
2022-09-30 No 1.16.0 11 No Yes
Warning
This release has been revoked as it contained a known bug fixed in 1.29.1.
As a new feature Humio now includes an IOC (indicator of compromise) database from CrowdStrike to enable lookup of IP addresses, URLs and domains for malicious activity. This database is updated hourly. This is described in more detail at ioc:lookup()
Removed
Items that have been removed as of this release.
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.
Field addIngestToken was deprecated in Mutation type, use addIngestTokenV2 instead.
Field assignIngestToken was deprecated in Mutation type, use assignParserToIngestToken instead.
Improvements, new features and functionality
Bug Fixes

Humio Server 1.30.0 Includes the following changes made in Humio Server 1.29.1
Version^? Type^? Release Date^? Availability^? End of Support
Security
Updates
Upgrades
From^?
JDK
Compatibility^?
Req. Data
Migration
Config.
Changes^?
1.29.1 Preview 2021-07-12
Cloud
On-Prem
2022-09-30 No 1.16.0 11 No Yes
JAR Checksum Value
MD5 6cea304226bb9eb096785375bb8f834f
SHA1 77d7b92df1884b8ec457246d602cc276e46ee032
SHA256 e48d6a5c80e6979621b817c1ac53f778eae170185180ab9e70c295692dd1a7bc
SHA512 c9e8019067a9ae1bd0b62215ee458ecabcee2b3a971688c6f66c58dc1009d498cdd560d4733f64f31e6d4204bebb6c8bc0934354ab04aaa008b3e21ef8bc7dee
Bug fixes.
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.
Bug Fixes

Humio Server 1.30.0 Includes the following changes made in Humio Server 1.29.2
Version^? Type^? Release Date^? Availability^? End of Support
Security
Updates
Upgrades
From^?
JDK
Compatibility^?
Req. Data
Migration
Config.
Changes^?
1.29.2 Preview 2021-09-02
Cloud
On-Prem
2022-09-30 No 1.16.0 11 No No
JAR Checksum Value
MD5 0b32f9520b7a5ec3f1af3321ce7f1dfe
SHA1 4ae2567f9b3348d115819eefd5b9c078d6c2c6ad
SHA256 0383277fd91b8933dfcdb94783e03d151975b01ee62dcc74515cbfb2d3299cdc
SHA512 bbfb1f343f0567394128976ecddc6ad3b74f2996b0dc51e2fe0f9c5e0b60cbd7a935fc709b2ffc3b6a811a0e6a1c2fcc09e4e1552e5c7f87dd3670f07cf33b31
Minor bug fixes
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.
Bug Fixes

Humio Server 1.30.0 Includes the following changes made in Humio Server 1.29.3
Version^? Type^? Release Date^? Availability^? End of Support
Security
Updates
Upgrades
From^?
JDK
Compatibility^?
Req. Data
Migration
Config.
Changes^?
1.29.3 Preview 2021-09-07
Cloud
On-Prem
2022-09-30 No 1.16.0 11 No No
JAR Checksum Value
MD5 96b4a0ff0c02a2dce2bb5ee467bdb9dd
SHA1 b2a1ef55259f6c49ee7bf7de6efecc0f743d1bfa
SHA256 95d9b52d6213d0af43dfc43cb66c878f1f584f446e4ba890137c5fd9923db1a4
SHA512 392489e94b1e6f6799a6340df78e7bdb7d9547b97ba1844cfbf3c525e1e418fd2221543378f2b759acf46d5c02d99627f9b98650447d7c1c32ba599157718bf8
Minor bug fixes
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.
Bug Fixes

Humio Server 1.30.0 Includes the following changes made in Humio Server 1.29.4
Version^? Type^? Release Date^? Availability^? End of Support
Security
Updates
Upgrades
From^?
JDK
Compatibility^?
Req. Data
Migration
Config.
Changes^?
1.29.4 Preview 2021-09-09
Cloud
On-Prem
2022-09-30 No 1.16.0 11 No No
JAR Checksum Value
MD5 8145f9ddc7804a44efe1e46cd71f5c17
SHA1 8db4079f580357162891d0153a70668b4f29d642
SHA256 32adde840164668a96be651ede6052dbef3cf046ec9f83f39f62925d26e14104
SHA512 cadcd2eb07e949f052bd51ecc272d79f7decfec0f3b7613dfdf712aa1ff287471060d25443c5be1b06744aefa43194fb2e78e223c362005cea62a5917a93b62e
Minor bug fixes
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.
Bug Fixes

Humio Server 1.29.4 Preview (2021-09-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.29.4

Preview

2021-09-09

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	8145f9ddc7804a44efe1e46cd71f5c17
SHA1	8db4079f580357162891d0153a70668b4f29d642
SHA256	32adde840164668a96be651ede6052dbef3cf046ec9f83f39f62925d26e14104
SHA512	cadcd2eb07e949f052bd51ecc272d79f7decfec0f3b7613dfdf712aa1ff287471060d25443c5be1b06744aefa43194fb2e78e223c362005cea62a5917a93b62e

Minor bug fixes

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.

Bug Fixes

Other
- Added a GraphQL mutation cancelDeleteEvents that allows cancelling a previously submitted deletion. Cancellation is best-effort, and events that have already been deleted will not be restored.
- Fixed an issue where it was possible to submit queries to the Delete Events API that were not valid for that API. Only purely filtering queries are allowed.

Humio Server 1.29.3 Preview (2021-09-07)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.29.3

Preview

2021-09-07

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	96b4a0ff0c02a2dce2bb5ee467bdb9dd
SHA1	b2a1ef55259f6c49ee7bf7de6efecc0f743d1bfa
SHA256	95d9b52d6213d0af43dfc43cb66c878f1f584f446e4ba890137c5fd9923db1a4
SHA512	392489e94b1e6f6799a6340df78e7bdb7d9547b97ba1844cfbf3c525e1e418fd2221543378f2b759acf46d5c02d99627f9b98650447d7c1c32ba599157718bf8

Minor bug fixes

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.

Bug Fixes

Other
- Fixed an issue where the error TooManyTagValueCombination would prevent Humio from starting
- Remove limit on search interval on cloud sandboxes

Humio Server 1.29.2 Preview (2021-09-02)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.29.2

Preview

2021-09-02

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	0b32f9520b7a5ec3f1af3321ce7f1dfe
SHA1	4ae2567f9b3348d115819eefd5b9c078d6c2c6ad
SHA256	0383277fd91b8933dfcdb94783e03d151975b01ee62dcc74515cbfb2d3299cdc
SHA512	bbfb1f343f0567394128976ecddc6ad3b74f2996b0dc51e2fe0f9c5e0b60cbd7a935fc709b2ffc3b6a811a0e6a1c2fcc09e4e1552e5c7f87dd3670f07cf33b31

Minor bug fixes

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.

Bug Fixes

Other
- Fixed an issue where if a package failed to be installed, and it contained an action, the failed installation might not be cleaned up properly.
- Fixed an issue where, looking at GraphQL, the dropdown from the navigation menu was partially hidden.
- Fixed an issue that could cause UploadedFileSyncJob to crash, if an uploaded file went missing
- Fixed an issue where new groups added to a repository got a query prefix that disallowed search. The default is now to allow search with the query prefix * (wildcard).

Humio Server 1.29.1 Preview (2021-07-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.29.1

Preview

2021-07-12

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	6cea304226bb9eb096785375bb8f834f
SHA1	77d7b92df1884b8ec457246d602cc276e46ee032
SHA256	e48d6a5c80e6979621b817c1ac53f778eae170185180ab9e70c295692dd1a7bc
SHA512	c9e8019067a9ae1bd0b62215ee458ecabcee2b3a971688c6f66c58dc1009d498cdd560d4733f64f31e6d4204bebb6c8bc0934354ab04aaa008b3e21ef8bc7dee

Bug fixes.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.

Bug Fixes

Other
- Fixed an issue that made it appear as though ingest tokens had no associated parser.

Humio Server 1.29.0 Preview (2021-07-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.29.0

Preview

2021-07-09

Cloud

On-Prem

2022-09-30

No

1.16.0

11

No

Yes

Warning

This release has been revoked as it contained a known bug fixed in 1.29.1.

As a new feature Humio now includes an IOC (indicator of compromise) database from CrowdStrike to enable lookup of IP addresses, URLs and domains for malicious activity. This database is updated hourly. This is described in more detail at ioc:lookup()

Removed
Items that have been removed as of this release.
GraphQL API
Deprecated argument repositoryName was removed from Mutation.updateParser field.
Deprecated argument name was removed from Mutation.updateParser field.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.
Field addIngestToken was deprecated in Mutation type, use addIngestTokenV2 instead.
Field assignIngestToken was deprecated in Mutation type, use assignParserToIngestToken instead.

Improvements, new features and functionality

Automation and Alerts
- Integrates the editing of alert searches and scheduled searches better with the search page.
- Packages now support Webhook actions and references between these and alerts in the Alert schema.
GraphQL API
- Field createIngestListener was deprecated in Mutation type, use createIngestListenerV2 instead
- Removed the Usage feature flag which is now always enabled. This breaks backwards compatibility for internal graphql feature flag mutations and queries.
- Field updateIngestListener was deprecated in Mutation type, use updateIngestListenerV2 instead
- Field copyParser was deprecated in Mutation type, use cloneParser instead
- Removed the argument includeUsageView from the graphql mutation createOrganizationsViews which breaks backwards compatibility for this internal utility method.
Configuration
- Allow the internal profiler to be configured via an environment variable. See Environment Variables
- Humio nodes will now pick a UUID for themselves using the ZOOKEEPER_PREFIX_FOR_NODE_UUID prefix, even if Zookeeper is not used. This should make it easier to enable Zookeeper id management in existing clusters going forward.
- Add a soft limit on the primary disk based on PRIMARY_STORAGE_PERCENTAGE and PRIMARY_STORAGE_MAX_FILL_PERCENTAGE (roughly the average of the two values). When the soft limit is hit and secondary storage is configured, the segment mover will prefer moving segments to secondary storage right away, instead of fetching them to primary and waiting for the secondary storage transfer job to move them.
Other
- Internal change to parsers adding an id, where previously they only had a name as key.
- Enabled dark mode for cluster administration pages.
- The "Save Search as Dashboard" Widget dialog now gives user feedback about missing input in a manner consistent with other forms.
- Make GlobalConsistencyCheckerJob shut down more cleanly, it could previously log some ugly exceptions during shutdown.
- When editing a query, Enter no longer accepts a suggestion. Use Tab instead. The Enter key conflicted with the "Run" button for running the query.
- Organization pages refactoring.
- Previously, the server could report that a user was allowed to update parsers for a view, even though parsers cannot be used on views, only repositories. Now the server will always say the user cannot change parsers on views.
- Improved global snapshot selection in cases where a Kafka reset has been performed
- In thread dumps include the job and query names in separate fields rather than as part of the thread name.
- Return the responder's vhost in the metadata json.
- Added dark mode support to Identity provider pages.
- Created a new Dropdown component, and replaced some uses of the old component with the new.
- Speed up the SecondaryStorageTransferJob. The job will now delete primary copies much earlier after moving them to the secondary volume.
- Scheduled searches are now allowed to run once every minute instead of only once every hour.

Bug Fixes

Functions
- Fixed a bug causing match() to let an empty key field match a table with no rows.
Other
- Fixed an issue with "show in context" feature of the event list did not quote the field names in the produced query string.
- Fixed a bug in the Search View. After editing and saving a saved query in the Search View, the notification message would disappear in an instant, making it impossible to read and to click the link therein.
- Fixed an issue where exporting a saved query did not include the options for the visualization, e.g. column layout on the event list.
- Avoiding a costly corner case in some uses of glob-patterns.
- Fixed a bug in the blocklist which caused "exact pattern" query patterns to be interpreted as glob patterns.
- Fixed an issue related to validation of integer arguments. Large integer arguments would be silently truncated and lower limits weren't checked, which led to unspecified behavior. Range errors are now reported in the following functions:
  - concatArray()
  - formatDuration()
  - geohash()
  - hashMatch()
  - hashRewrite()
  - head()
  - json:prettyPrint()
  - parseInt()
  - regex()
  - sort()
  - splitString()
  - subnet()
  - tail()
  - transpose()
  - window()
- Fixed an issue where the axis titles on the timechart were not showing up in dark mode
- Fixed race condition that could cause parsers to not update correctly in rare cases
- Fixed a bug where word wrapping in the event list was not always working for log messages with syntax highlighting (e.g. JSON or XML messages)
- Fixed race condition that could cause event forwarding rules to not update correctly in rare cases
- When testing a Parser and more events are returned in a test an info message is now displayed conveying that only the first event is shown.
- Fixed bugs in the test parser UI, so that it should now always produce a result and be able to handle parsers that either drop events or produce multiple events per input event.
- Address edge cases where QueryScheduler could throw exceptions with messages similar to "Requirement failed on activeMapperCount=-36"

Humio Server 1.28.2 Stable (2021-09-29)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.28.2

Stable

2021-09-29

Cloud

On-Prem

2022-06-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	87f31a6c318d9383a944521ee34b572a
SHA1	fc185c9a2f5f7e6d5425778995f679c49d430105
SHA256	62f25f3fe69239e1615fb6cb2bffe6f16ae0fe8adc2a17a0a9fa03ba226f7b5f
SHA512	6fb65258a9c21a4d681690a0dcc050cd5be96440cc2f1c6273707658504fc0f21fa5fd1ba9cdb664ab0a5f9aabede181dca5e1ff882305db30a0b95c57f6fba9

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.

Bug Fixes

Security
- Kafka and xmlsec have been upgraded to address CVE-2021-38153 and CVE-2021-38153.
Other
- Fix a bug where offsets from one Kafka partition could be used when deciding where to start consuming for another partition, in the case where there are too many datasources in the repo. This led to a crash loop when the affected node was restarted.

Humio Server 1.28.1 Stable (2021-08-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.28.1

Stable

2021-08-24

Cloud

On-Prem

2022-06-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	1a2b8d3acc15ac6789534f7624265ecb
SHA1	3cf96a324147967c1bc7753a7f9d94cbed8cd843
SHA256	8a355f8bbab9a74422ee3456f9bfe93302734a69197b7e12c254f7c0fd9905de
SHA512	e572352be7e71403f52fe0767567232a198861a60f100b7e9e32475e8e2720285902daf6493b62b79052ca71aa6550abe173d5ae5246e14e5ac30bda0883667c

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.

Bug Fixes

Other
- The signup path was removed, together with the corresponding pages. Before, anyone could sign up for the Humio SaaS solution. However, with stricter policies, this became obsolete and had to be removed. The new process redirecta a potential customer to Humio's official website, where they have to fill in a form in order to be vetted. Once the vetting process is complete, Humio support creates an organization for the customer.
- Fixed an issue that could cause UploadedFileSyncJob to crash if an uploaded file went missing
- Fixed an issue that could cause cluster nodes to crash when growing the number of digest partitions.

Humio Server 1.28.0 Stable (2021-06-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.28.0

Stable

2021-06-15

Cloud

On-Prem

2022-06-30

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	1a2b8d3acc15ac6789534f7624265ecb
SHA1	3cf96a324147967c1bc7753a7f9d94cbed8cd843
SHA256	8a355f8bbab9a74422ee3456f9bfe93302734a69197b7e12c254f7c0fd9905de
SHA512	e572352be7e71403f52fe0767567232a198861a60f100b7e9e32475e8e2720285902daf6493b62b79052ca71aa6550abe173d5ae5246e14e5ac30bda0883667c

Major changes, as well as requiring at least a trial license, require accepting privacy, terms, and conditions.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.

Bug Fixes

Summary
- When searching through files in a dashboard parameter, users with CSV files greater than 50.0 records could see incomplete results.
- Fixed a bug that caused previous 1.27.x but not earlier versions to add "host xyz is slow" warnings to query results also when that was not the case.
- While waiting for the upload of files to bucket to complete during shutdown, the threaddumping will continue running, and the node will report as alive as seen from the other nodes.
- All users (including existing users) need to accept the privacy notice and terms and conditions before using Humio.
- Humio trial installations now require a trial license. To request a trial license go to Getting Started.
- Backfilled data gets lower priority on local disk when in over-commit mode using bucket storage.
- Humio will now try to upload more segments concurrently during a shutdown than during normal operation.

Humio Server 1.28.0 Includes the following changes made in Humio Server 1.27.0
Version^? Type^? Release Date^? Availability^? End of Support
Security
Updates
Upgrades
From^?
JDK
Compatibility^?
Req. Data
Migration
Config.
Changes^?
1.27.0 Preview 2021-06-14
Cloud
On-Prem
2022-06-30 No 1.16.0 11 No Yes
JAR Checksum Value
MD5 cce0478c744d183db8491e338949bdfe
SHA1 6dd0bf5c8e0d4ca1f74116e31f28f8cfa7b58323
SHA256 a3425e6141358cbc1115ab3c2691768c64d62f84cea3e018eb7b6debcb05f803
SHA512 ca63e89946e4a12422124adb052b59f8da30ca026b5c34b0bfe1ddcc35cf7546fedd4127d46def6c36b3e0f7278675cf4fe47362fe5070a6d7b29ffbcbd0bc49
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.
Improvements, new features and functionality
Bug Fixes

Humio Server 1.28.0 Includes the following changes made in Humio Server 1.27.1
Version^? Type^? Release Date^? Availability^? End of Support
Security
Updates
Upgrades
From^?
JDK
Compatibility^?
Req. Data
Migration
Config.
Changes^?
1.27.1 Preview 2021-06-15
Cloud
On-Prem
2022-06-30 No 1.16.0 11 No Yes
JAR Checksum Value
MD5 d45c8b1dd900bfaaae7ab6d7173f122a
SHA1 9602b62cab67ca3f1d35fd888303bc642c024518
SHA256 ec2db12be413b83e52fb2f1cefa04bc9634e7c17657349c4e6b9c71c26a804f9
SHA512 6179ff0307e3cd804cb4dfcf56a98d30b67cebf51eb2673accde437a308a2d16fd433db983e2948a06768dfac8fa71aa302a357524ed78b675ccbb8491844f6e
Security fixes and some minor fixes.
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.
Bug Fixes

Humio Server 1.27.1 Preview (2021-06-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.27.1

Preview

2021-06-15

Cloud

On-Prem

2022-06-30

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	d45c8b1dd900bfaaae7ab6d7173f122a
SHA1	9602b62cab67ca3f1d35fd888303bc642c024518
SHA256	ec2db12be413b83e52fb2f1cefa04bc9634e7c17657349c4e6b9c71c26a804f9
SHA512	6179ff0307e3cd804cb4dfcf56a98d30b67cebf51eb2673accde437a308a2d16fd433db983e2948a06768dfac8fa71aa302a357524ed78b675ccbb8491844f6e

Security fixes and some minor fixes.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.

Bug Fixes

Summary
- Fixed an issue where Humio could prematurely clean up local copies of segments involved in queries, causing queries to fail with a "Did not query segment" warning.
- Updated dependencies with security fixes.
- Fixed issue where certain queries would cause NullPointerException in OneForOneStrategy.

Humio Server 1.27.0 Preview (2021-06-14)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.27.0

Preview

2021-06-14

Cloud

On-Prem

2022-06-30

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	cce0478c744d183db8491e338949bdfe
SHA1	6dd0bf5c8e0d4ca1f74116e31f28f8cfa7b58323
SHA256	a3425e6141358cbc1115ab3c2691768c64d62f84cea3e018eb7b6debcb05f803
SHA512	ca63e89946e4a12422124adb052b59f8da30ca026b5c34b0bfe1ddcc35cf7546fedd4127d46def6c36b3e0f7278675cf4fe47362fe5070a6d7b29ffbcbd0bc49

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries, use addRecentQuery in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.

Improvements, new features and functionality

Automation and Alerts
- Fixed an issue where it was possible to create an alert with an empty time interval or a blank name or throttle field.
- The Alert and Scheduled Search dialogs have gotten a makeover.
GraphQL API
- Deprecated GraphQL field SearchDomain.recentQueries in favor of SearchDomain.recentQueriesV2.
Configuration
- Removed the log4j2-stdout-json.xml configuration file. The replacement log4j2-json-stdout.xml has been available for a while, and we want everyone to move to the new configuration, as the old configuration produces logs incompatible with the Insights Package.
- Limit how many times we'll repeat a repeating regexp. The default max number of repetitions is .0 but the value is configurable between 50 and .0 by setting the MAX_REGEX_REPETITIONS env variable.
Functions
- With worldMap() function, you can now see the magnitude value by hovering marks on the map.
- Fixed an issue in timeChart() where the horizontal line did not showing up.
- Reduced memory usage for groupBy() function, etc.; worst-case in particular but also average-case to some degree.
Other
- Inviting users on cloud now requires the invited user to accept the invitation before assigning permissions to him. Moreover, it is possible to invite users who are in another organization on cloud.
- Fixed an issue where worldmap widgets would revert to event list widgets when changing styling options.
- Working on merging of advanced and simple permission models, so that the roles can be added directly to users.
- Fixed a problem when some user-defined styles weren't being applied to a chart after a page refresh or when exported to a dashboard widget
- Improve thread safety of updates to global Hosts entities during bootup
- Started internal work on memory quotas on queries' aggregation states. This should not have any user-visible impact yet.
- Changed implementation of cluster host alive stats to attempt to reduce thread contention when threads are checking for host liveness.
- Removed requirement that SAML Id needs to be an URL (Now, only requirement is that the field is not empty)
- Fixed an issue which caused queries to crash when "beta:repeating()" was used with a time interval ending before "now".
- The New Action dialog validates user input in a more indulgent fashion and provides all validation errors consistently.
- Add a label to the empty option for default queries on the repository settings page.
- Fixed an issue with AuthenticationMethod.SetByProxy where the search page would constantly reload.
- Users with read repository permissions can now access and see files.
- Added button to delete the organization from the Organization Overview page
- Reimplement several part of Humio to use a safer mechanism for listening to changes from global. This should eliminate a class of race condition that could cause nodes to ignore updates received during the boot process.
- The UI now consistently marks required field with a red asterisk across a number of dialogs.
- When looking at the details of an event, long field values will now extend beyond the viewport by default. Word wrapping can be enabled to stop it from extending outside the viewport.
- Improved error messages when exporting invalid dashboards as templates
- Changed implementation of cluster host alive stats to trigger updates in the in-memory state based on changes in global, rather than running periodic updates.
- Updated the interactive tutorial with better descriptions
- Fixed an issue where UI stalled on the "Data Sources" page
- When assigning a role, all the user which need a new role are choosen, and then the same role is assigned to them all.
- Added frontend validation on welcome page and invitation page fields
- Improved styling of header on organization overview page
- Fixed various bugs for the worldmap widget. The bug fixes may cause your world map marks to look different that previously, but should now work as intended and correcting it should be as simple as tweeking the style parameters.
- The list of recent queries on the search page now has headers with the date the query was run.
- Added ability to set organization usage limits manually for cases where automatic synchronization is not possible.
- Automatically reduce the precision of world maps when they exceed a certain size limit
- Fixed an issue for Firefox 78.10.1 ESR where the event list and event distribution chart would not be scrollable and resize incorrectly.
- The Humio frontend no longer sends the Humio-Query-Session header to the backend, since it is no longer used.
- Fixed an issue where optimizeAndSaveQueryCoordinationPartitions could attempt to save a partitioning table to global with gaps in the partition list. This caused queries to fail, and repeated logging of a validation error.
- The event distribution chart would sometimes show a bucket span reported in milliseconds instead of a more appropriate unit, when those milliseconds did not add up cleanly (e.g. "1h"). Now the bucket span can be reported with multiple units (e.g. "1h 30m")
- Add a bit more debug logging to DataSnapshotLoader, for visibility around choice of global snapshot during boot
- In the time selector, you can now write "24" in the time-of-day field to denote the end of the day.
- Debug logs which relate to the invocation of an action now contain an actionInvocationId. This trace id is the same for all logs generated by the same action invocation.
- Fixed an issue in the Query State Cache that could fail a query on time intervals with a fixed timestamp as start and now as end.
- Fixed an OIDC group synchronization issue where users where denied access even though their group membership gave them access.
- Included both ws and wss in csp header
- Fixed a problem where the global consistency check would report spurious inconsistencies because of trivial differences in the underlying JSON data
- Added a quickfix feature for reserved keywords
- Fixed a rare issue that could fail to trigger a JVM shutdown if the Kafka digest leader loop thread became nonfunctional.
- Slightly improve performance of id lookups in global

Bug Fixes

Other
- Humio trial installations now require a trial license. To request a trial license go to getting-started
- All users (including existing users) need to accept the privacy notice and terms and conditions <https://www.crowdstrike.com/terms-conditions/humio-self-hosted> before using Humio.

Humio Server 1.26.3 Stable (2021-06-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.26.3

Stable

2021-06-17

Cloud

On-Prem

2022-05-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	8c880514f42787b5e5f85607bca347de
SHA1	e97e3ea8ebc5de0076186e6daa7aa16d4ca48c8c
SHA256	d906d0938e8c2283ab91dc999cac4f6a966591e3ee0089e309378123d13cd637
SHA512	826aea0625a8daac1801f11f12429a6bcb3b8ee58f4b536172d4602fc5f09252fe0be0afd72a5300520980c962a9caa99aeb4ee6c9ada79544963b4c9687b972

Security fixes and some minor fixes related to Firefox, Worldmap widgets, and problems with local file clean-up.

Bug Fixes

Summary
- Fixed an issue where Worldmap widgets would revert to event list widgets when changing styling options.
- Fixed an issue for Firefox 78.10.1 ESR where the event list and event distribution chart would not be scrollable and resize incorrectly.
- Fixed an issue where Humio could prematurely clean up local copies of segments involved in queries, causing queries to fail with a "Did not query segment" warning.
- Updated dependencies with security fixes.

Humio Server 1.26.2 Stable (2021-06-07)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.26.2

Stable

2021-06-07

Cloud

On-Prem

2022-05-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	1ebc3d89c531e0ea11be7378e2f1d27c
SHA1	4ac77b9dd3532d6e1f3bce39a72a2f337c300ccc
SHA256	6d06e3734f6a5f30715754d210092b31f4225a42d97495d8e0c8a3d6eea53bfa
SHA512	d5c6e9b1b08ed10b5549359306e35734a28557088d3efa98d30ccc0080700ba053a8f83d694790686a6333c54734392e8199127cbaf1719a841979e5e9188e27

Several fixes related to the WorldMap and TimeChart widgets, OIDC group syncronization, and requirements for Humio trial installations, as well as privacy notices and terms and conditions, and other bugs.

Bug Fixes

Summary
- Update the minimum Humio version for Hosts in global when downgrading a node
- Fixes an OIDC group synchronization issue where users where denied access even though their group membership gave them access.
- Humio trial installations requires a trial license from this version, to request a trial license go to getting-started <https://www.humio.com/getting-started/>
- Fixes issue where the world map widget would misbehave in different ways.
- Fixes an issue in Timechart with horizontal line not showing up.
- Fix a number of cases where Humio could attempt to write a message to global larger than permitted.
- All users (including existing users) need to accept the privacy notice and terms and conditions before using Humio.

Humio Server 1.26.1 Stable (2021-05-31)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.26.1

Stable

2021-05-31

Cloud

On-Prem

2022-05-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	8322d138b790cb9839e44c96e0cb4ba8
SHA1	d4f47c97d3faa5ae5d014b5c47ec0221d24b4496
SHA256	bb3fde18139e575a053709c042322604e8e01188f096a764bca9f4338286118e
SHA512	44e699237aca10e0e3c5c219a06260e8715b16d8da6fa8a6e5e878f2c66ad9c639ba0d69ecc5aef8d2afb91c42b7a36fe0b7969d3b36d3b2ace21c6bb2c512c2

Several fixes related to WorldMap widget, applying user-defined styles to a dashboard chart, and partitions.

Bug Fixes

Summary
- Fix an issue where data was not visible on the World Map until the opacity setting had been changed.
- Fix an issue when some user-defined styles weren't being applied to a chart after a page refresh or when exported to a dashboard widget.
- Fix an issue where optimizeAndSaveQueryCoordinationPartitions could attempt to save a partitioning table to global with gaps in the partition list. This caused queries to fail, and repeated logging of a validation error.

Humio Server 1.26.0 Stable (2021-05-20)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.26.0

Stable

2021-05-20

Cloud

On-Prem

2022-05-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	5f8abd037b3f73eaac8d5882fa58e4ec
SHA1	85971d1f18228a81f46f6f6334196fd918647438
SHA256	4e0ad70a2c9275742aee8a0181eee2e20c6496ba16b8f6fb93490b84b5031b5e
SHA512	425cacd3de3f54c2813dd3915ad35aed67de2f11a80d9c2fbf96055b030158b5d60c31686e121e613df855e6f0bdaad9d02f1c9e61a4df24b8f69cfd3193f56d

The HEC ingest endpoint will no longer implicitly parse logs using the built-in kv parser. Previously, a log ingested using this endpoint would implicitly be parsed with the kv parser when the supplied event field was given as a string. For instance, this log:

json

{
  "time": 1537537729.0,
  "event": "Fri, 21 Sep 2018 13:48:49 GMT - system started name=webserver",
  "source": "/var/log/application.log",
  "sourcetype": "applog",
  "fields": { "#env": "prod" }
}

Would be parsed, so that the resulting Humio event would contain the field name=webserver.

If you don't wish this behavior to change, you will have to perform this parsing operation explicitly.

When ingesting into the HEC endpoint, you are using an ingest token to authenticate with Humio. If that token does not have an associated parser, all you need to do is assign the kv parser to the token.

If your ingest token already has an assigned parser, you will need to prepend the code of that parser with this code snippet:

kvParse(@rawstring) | findTimestamp(addErrors=false) |

Dark Mode is a new visual theme throughout Humio (except some settings pages) that is tailored to offer great readability in dark environments, to not brighten the entire room when used on dashboards, and offer a unique visual style that some users prefer simply for its aesthetics. In 1.25 users are going to see a modal dialogue that asks what mode users would like to have; dark mode, light mode or follow the OS theme. This setting can later be changed in the settings menu.

Bug Fixes

Other
- Update the minimum Humio version for Hosts in global when downgrading a node
- Fixes issue where the world map widget would misbehave in different ways
- Humio trial installations requires a trial license from this version, to request a trial license go to: https://www.humio.com/getting-started/
- All users (including existing users) needs to accept the privacy notice: https://www.crowdstrike.com/privacy-notice and terms and conditions https://www.crowdstrike.com/terms-conditions/humio-self-hosted before using Humio.
- Fix a number of cases where Humio could attempt to write a message to global larger than permitted.

Known Issues

Other
- A regression can cause 1.26.0 to repeatedly error log and fail to start queries in cases where the list of hosts in the cluster is not fixed. This is particularly likely to affect clusters running with ephemeral disks. The regression is fixed in 1.26.1.

Humio Server 1.25.3 Preview (2021-05-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.25.3

Preview

2021-05-10

Cloud

On-Prem

2022-05-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	08d8b9bfd9692b992a0f564426041717
SHA1	463df975e2f50c3ae3de888b454a2d1a7285f148
SHA256	06167df8dabc6211a26edc4aede8d2461ded183e7bb6f1ef527f1b8a441f52b0
SHA512	dbbed239b977af08889433e9f020bbdcb02b5f9496ab2a7eb410d967eb72ef7a4dcfde93374d36a3fe8c5798b35527f2594c025b6c68a3517c20e6f32e5d4ad9

Minor bug fixes, including removing error logs from alert jobs running in a Sandbox.

Bug Fixes

Summary
- Minor bug fixes and improvements.
Other
- Removes error logs from the alert job when running alerts on a sandbox repository.

Humio Server 1.25.2 Preview (2021-05-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.25.2

Preview

2021-05-06

Cloud

On-Prem

2022-05-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	29b0554b42990118d22fb674e0f6b397
SHA1	ce0ee5e134123fa5ccde8dc012fb1822722140ff
SHA256	9374d762c00d5aa1884f163391fa13149e74f22e428ff849f15124ded001c033
SHA512	52b14b36db509515fb1d25e2e346b3a920493cdfd7f4862ebdee892014d14394d19e2324da60ec7d1f7137b1eef50c9716499e174e1f910f7a33f437aee1c053

Bug fix related to global consistency checks with nodes.

Bug Fixes

Summary
- Fixes problem where having many nodes and a large global could lead to deadlocks in the global consistency check.

Humio Server 1.25.1 Preview (2021-05-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.25.1

Preview

2021-05-04

Cloud

On-Prem

2022-05-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	7e4477532960f4662ee7f3c11681d640
SHA1	8f7d79294eb27af73333252b2177e3b1467fa01e
SHA256	44b0be0f312c747f1b4f32ca34613bccdc47330100d3d74381731e556e2da999
SHA512	b3624257bd69d0d0e123e7af5010da3d49680f0d286c1ad4daae50f75bfc8ea0cea35836c8e233c09c1f3ee4e5c02ecbc91850c0a0af30afb59e26206c0de125

There is a serious issue affecting larger clusters in this release. The global inconsistency checker job can cause the thread responsible for reading changes from global to hang. It is possible to work around this by disabling the job using RUN_GLOBAL_CONSISTENCY_CHECKER_JOB=false. This is fixed in 1.25.2.

Bug Fixes

Other
- Makes disabled items in the main menu look disabled in dark mode

Humio Server 1.25.0 Preview (2021-04-29)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.25.0

Preview

2021-04-29

Cloud

On-Prem

2022-05-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	aa7d71e3617d71ec800f1e5e898cb328
SHA1	8e815fd8c1d6a0bc1c22e096e8f82d08d40ea172
SHA256	7f26e858df2f1e16a64f44c6ac72948267eb317d884ad1db72b3799adcc95696
SHA512	1f447d204ecb3e60c80835e02a4fe8e6c7984728df5b31827b23f2278e00a0862a78dabe8ef01a2295f925a351693bdbb1d649c83465bf0951b040eab466fbad

There is a serious issue affecting larger clusters in this release. The global inconsistency checker job can cause the thread responsible for reading changes from global to hang. It is possible to work around this by disabling the job using RUN_GLOBAL_CONSISTENCY_CHECKER_JOB=false. This is fixed in 1.25.2 (and 1.26.0).

The HEC ingest endpoint will no longer implicitly parse logs using the built-in kv parser. Previously, a log ingested using this endpoint would implicitly be parsed with the kv parser when the supplied event field was given as a string. For instance, this log:

json
{
  "time": 1537537729.0,
  "event": "Fri, 21 Sep 2018 13:48:49 GMT - system started name=webserver",
  "source": "/var/log/application.log",
  "sourcetype": "applog",
  "fields": { "#env": "prod" }
}
Would be parsed, so that the resulting Humio event would contain the field name=webserver.
If you don't wish this behavior to change, you will have to perform this parsing operation explicitly.
When ingesting into the HEC endpoint, you are using an ingest token to authenticate with Humio. If that token does not have an associated parser, all you need to do is assign the kv parser to the token.
If your ingest token already has an assigned parser, you will need to prepend the code of that parser with this code snippet:
kvParse(@rawstring) | findTimestamp(addErrors=false) |

Dark Mode is a new visual theme throughout Humio (except some settings pages) that is tailored to offer great readability in dark environments, to not brighten the entire room when used on dashboards, and offer a unique visual style that some users prefer simply for its aesthetics. In 1.25 users are going to see a modal dialogue that asks what mode users would like to have; dark mode, light mode or follow the OS theme. This setting can later be changed in the settings menu.

Improvements, new features and functionality

Other
- The query scheduler now prioritizes new queries started by a user based on the cumulative cost of recent queries started by that user. Added new configuration QUERY_SPENT_FACTOR with the default value 0.5, which defines the weight of recent query costs when scheduling. Higher values mean that users with high recent query costs will see their queries penalized harder in the scheduling.

Bug Fixes

Automation and Alerts
- Refreshing actions while creating alerts and scheduled searches now happens automatically, but can also be triggered manually using a button.
- When running alerts and scheduled searches, all logging related to a specific alert or scheduled search will now be logged to the System Repositories repository, instead of the humio repository. Error logs will still be logged to the humio repository as well.
GraphQL API
- The SearchDomain.viewerCanChangeConnections GraphQL field has been deprecated. Use SearchDomain.isActionAllowed instead.
- Deprecates GraphQL fields UserSettings.isEventListOrderChangedMessageDismissed, UserSettings.isNewRepoHelpDismissed, and UserSettings.settings since they are not used for anything anymore, and will be removed in a future release.
- Removes the deprecated Repository.isFreemium GraphQL field.
- The updateSettings GraphQL mutation has been marked as unstable, as it can control unstable and ephemeral settings.
- The SearchDomain.queries GraphQL field has been deprecated. Use SearchDomain.savedQueries instead.
Configuration
- Removed the QUERY_QUOTA_EXCEEDED_PENALTY configuration.
- SEGMENTMOVER_EXECUTOR_CORES allows tuning number of concurrent fetches of segments from other nodes to this node. Defaults to vCPU/8, must be at least 2.
- S3_ARCHIVING_IBM_COMPAT for compatility with S3 archiving to IBM Cloud Object Storage.
Functions
- Make the parseLEEF() function more robust and optimize its memory usage.
- Fixed a bug which could cause head(), tail(), sort() within either bucket() or a live query to return too few results in certain cases.
- Optimized the splitString() function.
- Added a new query function: base64Decode().
- Fixed a bug where cidr() did not respect the include parameter.
Other
- Added documentation link to autocomplete description in the Humio search field
- Added audit logging when assigning a parser to an ingest token or unassigning a parser from an ingest token. Added the parser name to all audit logs for ingest tokens.
- Added new parameters handleNull and excludeEmpty to parseJson() to control how null and empty string values are handled.
- When installing an application package, you sometimes had to refresh the page to get the assets in the package linked to their installed counter parts.
- Added IP ASN Database license information to the Cluster Administration page
- Added a warning to the Cluster Nodes page that warns you if not all Humio servers are running the same Humio version.
- Some minor performance improvements in the ingest pipeline
- Rework how Humio caches data from global. This fixes a number of data races, where Humio nodes could temporarily get an incorrect view of global.
- Improved error logging for event forwarding
- Fixed a bug that made it possible to rename a parser to an existing name and thereby overwriting the existing parser.
- Changed the built-in audit-log parser so that null values are stored as an empty string value. Previously, they were stored as the string "null". The defaults are consistent with the old behavior, so that null values become a "null" string and empty string values are kept.
- Bumped minimum supported versions of Chrome and Chromium from 60 to 69 due to updated dependencies
- Allow user groups to be represented as a json string and not only as an array when logging in with oauth.
- Query poll responses meta data now include Query Quota spent for current user across queries. The cost so far of the current query was there already.
- Made it possible to delete a parser overriding a built-in parser, even though it is used in an ingest token.
- Reworked initialization of Humio's async listener infrastructure, to ensure that listeners do not miss any updates. This fixes a number of flakiness issues that could arise when a node was rebooted.
- The HEC ingest endpoint is no longer implicitly running kvParse. This used to be the case when ingesting events of the form "event" : "Log line...". If the ingested data is to be key-value parsed, add kvParse() to the relevant parser for the input data.
- When a query is cancelled, a reason for canceling the query is now always logged. Previously, this was only done if the query was cancelled due to an internal exception. Look for log lines starting with query is cancelled.
- Fixed an issue where clicking the label of a parser rerouted erroneously
- Fixed a bug that made it impossible to copy a parser to override a built-in parser.
- Fixed a bug where a scheduled search would be executed repeatedly, as long as at least one out of multiple actions was failing. Now, execution is only repeated if all actions are failing.

Humio Server 1.24.4 Stable (2021-05-31)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.24.4

Stable

2021-05-31

Cloud

On-Prem

2022-04-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	83588b8570c97dc8a89b46524ea8d92a
SHA1	15958a097eaba9689a43c557e1d6d14e2d566d6d
SHA256	cafca561035aec00f5971a15cf283b757794c8a2706829518a05ce089f92ea88
SHA512	15352a96bb6b4ed27ef1c7b238cf97142c36cfefe17be25bf671a706bd6afcf0c8ad8951a325838e259eeb52e643f3950b8f47f3186ecea049f34fc81e066eed

Minor bug fixes, as well as fix a stackoverflow bug in large clusters.

Bug Fixes

Summary
- Minor bug fixes and improvements.
- Fix a stackoverflow that could occur during startup in larger clusters.

Humio Server 1.24.3 Stable (2021-05-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.24.3

Stable

2021-05-10

Cloud

On-Prem

2022-04-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	adb3c4827d86d476d104ab2ba8ec3171
SHA1	06a25ba15bf28659900807a8505860f5b32a65d6
SHA256	bae28e700dc6806496fd351ffb865a80420f0757613546076b4a2e9aae719d8d
SHA512	aff4adf71e1140ffdbeebfef7eae451d0bbff41f5af1753dee13d1287635644228336da0de300208fe1e667ae151198c74b74fdf10d830d37ae9b072f136a7a4

Minor bug fixes.

Bug Fixes

Summary
- Minor bug fixes and improvements.

Humio Server 1.24.2 Stable (2021-04-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.24.2

Stable

2021-04-19

Cloud

On-Prem

2022-04-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	69a6ef22d7f295f807ceef46c8c0c6d1
SHA1	6284ee05bd7c583044f6620f385864a3be3bab84
SHA256	cc648f1c4efe01d20e9f93a77b1892291077ae76339d1b5dcbc0e504f9975e25
SHA512	54c60624a5c0ef19c12fcda05b4fecbe8ddf626246c3160d90f29cc76143dfbe4b07f7d884616699486848f0e7b8c519c0e1d5f5dd3e2be3e8b0a6f49fe960c5

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.24.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.24.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Other
- Fixed an issue where cost spent in a long-running query got accounted as spent "now" when the query ended in terms of Query Quota
- Fixed an issue where a repository with very high number of datasources could trigger an error writing an oversized message to kafka from the ingest-reader-leader thread
- Reduced off-heap memory usage

Humio Server 1.24.1 Stable (2021-04-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.24.1

Stable

2021-04-12

Cloud

On-Prem

2022-04-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	b7fec8d3a5c0b521a371dbeb6e56d8b2
SHA1	fbabef325eaaf1bd0a3052f51497f00779efad5f
SHA256	223e48fe647fc681456b47cad81d0fca5936d6283791b2a41fa4c8dc199c1c76
SHA512	51663220d67bb25f67b7e44837e84c87c36c3f24da69918b1a6978fc751543a2f1f25f49f166681def7a0276881907b284a52bb302fa6d745d7b16859d3f7d96

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.24.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.24.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Other
- Fixed a bug where ingestOnly nodes could not start on a more recent version that the statefull nodes in the cluster
- Ensure that if the Kafka leader loop thread dies, it kills the Humio process. In rare cases it was possible for this thread to die, leaving the node incapable of performing digest work
- Fixes an issue where the user would get stuck in infinite loading after having been invited into an organization
- Allow reverse proxies using 10s as timeout to work also for a query that takes longer than that to initialize

Humio Server 1.24.0 Stable (2021-04-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.24.0

Stable

2021-04-06

Cloud

On-Prem

2022-04-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	cbee15b1c1af8d13984fbd938e9f9488
SHA1	8562af8753aca033d6b4966311787c2a681116dc
SHA256	7cda1dd2188ec2ed5899c5a4c26cf45c2f2d4199439342da64819194475b5cf2
SHA512	ad9e05ed84cd08f8774b5bbec44b8075ebb9e2cd7898f7d6f88fc445a5e1476284b86b1d3d5536ecdf1609b7c8b4e05d3ad27302dd79e41f95094140c12ce002

Important Information about Upgrading

This release promotes the latest 1.23 release from preview to stable.

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.24.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.24.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Humio will make some internal logs available in a new repository called humio-activity. This is meant for logs that are relevant to users of Humio, as compared to logs that are only relevant for operators. The latter logs are still put into the humio repository. For this release, only new log events will be put into humio-activity, but in later releases, some existing log events that are relevant for users, will be put into the humio-activity repository instead of the humio repository.

For cloud users, the logs for your organization can be accessed through the humio-organization-activity view.

For on-prem users, the logs can be accessed directly through the humio-activity repository. They are also output into a new log file named humio-activity.log which can be ingested into the humio repository, if you want it available there as well. If you do and you are using the Insights Package, you should upgrade that to version 0.0.4. For more information, see the LogScale Internal Logging.

Humio has decided to adopt an evolutionary approach to its GraphQL API, meaning that we will strive to do only backwards compatible changes. Instead of making non-backwards compatible changes to existing fields, we will instead add new fields alongside the existing fields. The existing fields will be deprecated and might be removed in some later release. We reserve the right to still do non-backwards compatible changes, for instance to fix security issues.

For new experimental features, we will mark the corresponding GraphQL fields as PREVIEW. There will be no guarantees on backwards compatibility on fields marked as PREVIEW.

Deprecated and preview fields and enum values will be marked as such in the GraphQL schema and will be shown as deprecated or preview in the API Explorer. Apart from that, the result of running a GraphQL query using a deprecated or preview field will contain a new field extensions, which contains a field deprecated with a list of all deprecated fields used in the query and a field preview with a list of all preview fields used in the query.

Example:

json

{
  "data": "...",
  "extensions": {
    "deprecated": [
      {
        "name": "alert",
        "reason": "[DEPRECATED: Since 2020-11-26. Deprecated since 1.19.0. Will be removed March 2021. Use 'searchDomain.alert' instead]"
      }
    ]
  }
}

Deprecated fields and enum values will also be noted in the release note, when they are first deprecated. All use of deprecated fields and enum values will also be logged in the Humio repository humio-activity. They will have #category=GraphQL, subCategory=Deprecation and #severity=Warning. If you are using the API, consider creating an alert for such logs.

Removed Support for CIDR Shorthand

Previous version of Humio supported a shorthand for IPv4 CIDR expressions. For example 127.1/16 would be equivalent to 127.1.0.0/16. This was contrary to other implementations like the Linux function inet_aton, where 127.1 expands to 127.0.0.1. Support for this shorthand has been removed and the complete address must now be written instead.

Bug Fixes

Other
- Removed the QUERY_QUOTA_EXCEEDED_PENALTY config (introduced in 1.19.0).
- Fixed an issue on the search page that prevented the event list from scrolling correctly.
- Fixed an issue which prevented Safari users from seeing alert actions
- Fixed an issue which caused problems with forward/backward compatibility of LanguageVersion in GraphQL
- Major changes: 1.23.0 and 1.23.1.
- The query scheduler now prioritizes new queries started by a user based on the cumulative cost of recent queries started by that user. Added new config QUERY_SPENT_FACTOR with the default value 0.5, which defines the weight of recent query costs when scheduling. Higher values mean that users with high recent query costs will see their queries penalized harder in the scheduling.
- Fixed a scrolling issues on the Kafka cluster admin page

Humio Server 1.23.1 Stable (2021-03-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.23.1

Stable

2021-03-24

Cloud

On-Prem

2022-03-31

No

1.16.0

11

No

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.23.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.23.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Configuration
- S3_ARCHIVING_IBM_COMPAT for compatibility with S3 archiving to IBM Cloud Object Storage.
Other
- Allow users group to be represented as a json string and not only array when logging in with oauth.

Humio Server 1.23.0 Preview (2021-03-18)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.23.0

Preview

2021-03-18

Cloud

On-Prem

2022-03-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	882c77cb19e867084fbb26dc80c079d8
SHA1	053d49648f03fd49f0766aa9df64f66921c72638
SHA256	898f1670010d25866f9fb27e054509a2ade615dbae612cdc70ce34371e03ac59
SHA512	eba333bfec11983f6140ca4e64ec725c91c0d724f245c0250f2264a9221036a7d9e89aace2bf096ce7b5ecca72b4c24659348feba7098d89a5a4035359d8b8d3

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.23.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.23.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Humio will make some internal logs available in a new repository called humio-activity. This is meant for logs that are relevant to users of Humio, as compared to logs that are only relevant for operators. The latter logs are still put into the humio repository. For this release, only new log events will be put into humio-activity, but in later releases, some existing log events that are relevant for users, will be put into the humio-activity repository instead of the humio repository.

For cloud users, the logs for your organization can be accessed through the humio-organization-activity view.

For on-prem users, the logs can be accessed directly through the humio-activity repository. They are also output into a new log file named humio-activity.log which can be ingested into the humio repository, if you want it available there as well. If you do and you are using the Insights Package, you should upgrade that to version 0.0.4. For more information, see LogScale Internal Logging.

Humio has decided to adopt an evolutionary approach to its GraphQL API, meaning that we will strive to do only backwards compatible changes. Instead of making non-backwards compatible changes to existing fields, we will instead add new fields alongside the existing fields. The existing fields will be deprecated and might be removed in some later release. We reserve the right to still do non-backwards compatible changes, for instance to fix security issues.

For new experimental features, we will mark the corresponding GraphQL fields as PREVIEW. There will be no guarantees on backwards compatibility on fields marked as PREVIEW.

Deprecated and preview fields and enum values will be marked as such in the GraphQL schema and will be shown as deprecated or preview in the API Explorer. Apart from that, the result of running a GraphQL query using a deprecated or preview field will contain a new field extensions, which contains a field deprecated with a list of all deprecated fields used in the query and a field preview with a list of all preview fields used in the query.

Example:

json

{
  "data": "...",
  "extensions": {
    "deprecated": [
      {
        "name": "alert",
        "reason": "[DEPRECATED: Since 2020-11-26. Deprecated since 1.19.0. Will be removed March 2021. Use 'searchDomain.alert' instead]"
      }
    ]
  }
}

Deprecated fields and enum values will also be noted in the release note, when they are first deprecated. All use of deprecated fields and enum values will also be logged in the Humio repository humio-activity. They will have #category=GraphQL, subCategory=Deprecation and #severity=Warning. If you are using the API, consider creating an alert for such logs.

Removed Support for CIDR Shorthand

Previous version of Humio supported a shorthand for IPv4 CIDR expressions. For example 127.1/16 would be equivalent to 127.1.0.0/16. This was contrary to other implementations like the Linux function inet_aton, where 127.1 expands to 127.0.0.1. Support for this shorthand has been removed and the complete address must now be written instead.

Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutations addAlertLabel, removeAlertLabel, addStarToAlert and removeStarFromAlert as they did not follow the standard for mutation input.

Improvements, new features and functionality

Summary
- Added GraphQL queries and mutations for alerts and actions, which correspond to the deprecated REST endpoints for those entities.
GraphQL API
- Added GraphQL mutations addAlertLabelV2, removeAlertLabelV2, addStarToAlertV2 and removeStarFromAlertV2.

Bug Fixes

Automation and Alerts
- Restyled the alert dialogue.
- Deprecated the REST endpoints for alerts and actions.
Functions
- Deprecated file and column parameter on cidr(). Use match() with mode=cidr instead.
- Fixed a bug which caused glob-patterns in match() to not match newline characters.
- Negated, non-strict match() or lookup() is no longer allowed.
- Added mode parameter to match(), allowing different ways to match the key.
- Fixed a bug which caused tag-filters in anonymous functions to not work in certain cases (causing to many events to be let through).
- Deprecated glob parameter on match(), use mode=glob instead.
- Removed support for shorthand IPv4 CIDR notation in cidr(). See section "Removed support for CIDR shorthand".
- Fixed a bug in event forwarding that made start(), end() and now() return the time at which the event forwarding rule was cached. Instead, now() will return the time at which the event forwarding rule was run. start() and end() were never meant to be used in an event forwarding rule and will return 0, which means Unix Epoch.
- Fixed a bug which caused in() with values=[] to give incorrect results.
- Added support for CIDR matching on match() using mode=cidr.
- Improved performance when using match() with mode=cidr compared to using cidr() with file().
Other
- Enforce permissions to enter Organization Settings page.
- Added a new introduction message to empty repositories.
- Fixed an issue which caused Ingesting Data to Multiple Repositories to break, when the parser used copyEvent to duplicate the input events into multiple repositories
- Refactor how the width of the repository name in the main navigation bar is calculated.
- Improved performance of free-text search using regular expressions.
- The GraphQL API Explorer has been upgraded to a newer version. The new version includes a history of the queries that have been run.
- Added an option to make it easier to diagnose problems by detecting inconsistencies between globals in different Humio instances. Each Humio instance has its own copy of the global state which must all be identical. It has happened that they were not, so now we check and if there is a difference we report an error and dump the global state into a file.
- Allow turning encryption of files stored in bucket storage off by explicitly setting S3_STORAGE_ENCRYPTION_KEY=off (similar for GCP_ )
- The GraphQL API Explorer is now available from inside Humio. You can access it using the Help->API Explorer menu.
- Fixed the requirement condition for the time retention on a repository.
- Removed the deprecated Repository.isFreemium GraphQL field.
- Fixed a bug where the same regex pattern occurring multiple times in a query could cause incorrect results
- Deprecated the ReadEvents enum variant from the ViewAction enum in GraphQL. Use the ReadContents variant instead, which has the same semantics, but a more accurate name. ReadEvents will be removed in a future release.
- UI enhancements for the new repository Access Permissions page.
- Fixed an issue where changes to files would not propagate to parsers or event forwarders.
- Fixed an issue causing undersized segment merging to repeatedly fetch the same segments, in cases where the merger job took too long to finish.
- Fixed an issue where Prometheus metrics always reported 0.0 for humio_primary_disk_usage
- Enforce permissions to enter creating new repository page.
- Refactor Organization Overview page.
- Fixed a bug which caused match() to give incorrect results in certain cases due to incorrect caching
- Fixes a bug where events deleted with the delete-event API would appear deleted at first, but then resurface again after 24h. If user applying delete did not have permission to search the events being deleted.
- Made the S3 archiving save button work again.
- Changed the URL of the Kafka cluster page in the settings.
- Enforce accepting terms and conditions.
- Improved memory use for certain numerical aggregrating functions
- Fixed an issue where regular expressions too large to handle would sometimes cause the query to hang. Now we report an error.
- The SearchDomain.queries GraphQL field has been deprecated, and will be removed in a future release. Use SearchDomain.savedQueries instead.
- Refactor All Organizations page.
- Added IP Filter for readonly dashboard links, and started to audit log readonly dashboard access. In this initial version. The readonly ip filter can be configured with the graphql mutation:
  graphql
  mutation { updateReadonlyDashboardIPFilter(ipFilter: "FILTER") }
  The FILTER is expected in this format: IP Filter. From Humio 1.25 this can be configured in the configuration UI.
- Mark required fields on the Accept Terms and Conditions page.
- Fixed an issue with the Missing Segments API that caused missing segments to not appear in the missing segments list if they had a replacement segment.
- Refactor client side action cache of allowed permissions.
- Implemented toggle button for dark mode.
- It is again possible to sort the events on the test parser page.
- The SearchDomain.viewerCanChangeConnections GraphQL field has been deprecated, and will be removed in a future release. Use SearchDomain.isActionAllowed instead.

Humio Server 1.22.1 Stable (2021-03-02)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.22.1

Stable

2021-03-02

Cloud

On-Prem

2022-03-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	7d2fb4c0736d1c7f03197fba78a33c13
SHA1	36c3c2b7ffe3485fb9f87a75b515cb7b9efc5efc
SHA256	bc3122c71e8c1bdf57fc044912c660b86933c871758818fb93a8d609c9bc340d
SHA512	54e1da57da87480a2b1b0cc577eb731b734b8fe7af0e2ac3afcd406d28f29ffa5b834d836b283dc5e730b10bba43d55484cd8579746c800bd26a26280a088200

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.22.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.22.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Other
- Fixes overflowing editor bug.
- Fixes parserlist having no height on Safari.
- Fixes problem where alertpages have no height in Safari.

Humio Server 1.22.0 Stable (2021-03-02)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.22.0

Stable

2021-03-02

Cloud

On-Prem

2022-03-31

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	115532e6c7c321a1fe737bdde5731f4b
SHA1	8a42ec6f7ba168939c60d521d30eba202479173e
SHA256	4cff315346b9edb1ba625f48fe36105666dc9b95e711190578ff62752fa763e4
SHA512	0173d8b48f8612198cb4a20146b15d23769cacee4fac12a7c710a93ef2f17a30140ccee8e09c8f7c5262815cbb2e03876fe30986f276a9d36155832c4e03a233

Important Information about Upgrading

This release promotes the latest 1.21 release from preview to stable.

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.22.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.22.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

UI revamp In this version the UI has been given a complete makeover.

Bug Fixes

Other
- Restrict concurrency when mirroring uploaded files within the cluster
- Fixed issue where tag filters in anonymous parts within an aggregate did not get applied
- Fix issue where updating account settings would present the user with an error even though the update was successful
- Change log lines creating a 'kind' field. Kind is used as a tag for the different humio logs
- Add the "ProxyOrganization" header to the list of general auth headers used on REST calls
- Fixed issue where local segment files would not get deleted in time, potentially filling the disk
- Major changes: (see version 1.21.0 and 1.21.1 release notes)
- Fixed issue where root users were not allowed to set unlimited time in retention settings
- Increase HTTP chunk size from 16MB to 128MB

Humio Server 1.21.1 Preview (2021-02-23)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.21.1

Preview

2021-02-23

Cloud

On-Prem

2022-03-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	3f2b7ae5265ab8e81d339ebbd260b802
SHA1	e406e539b9d3474a25accc82d49efdbcc94c7f4d
SHA256	0ec0db6bfaa232c30d1e0056442f58e5d2c20d9b7716ba136b8350d2c5c05bdd
SHA512	01383adbe54ceb73679aece980b0a7752b07478a40ac3f811a3aadbf9fb55077ebf08842cb2442628af1200e677d0db289a6007b3706794c79377787ef56e898

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.21.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.21.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Other
- New "prefetch from bucket" job. When a node starts with an empty disk it will download a relevant subset of segment files from the bucket in order to have them present locally for queries.
- Server: header in responses from from Humio HTTP server now includes (Vhost, NodeRole) after the version string.
- Improve performance of "decrypt step" in downloads from bucket storage

Humio Server 1.21.0 Preview (2021-02-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.21.0

Preview

2021-02-22

Cloud

On-Prem

2022-03-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	3175d041a4c0a6948d5e23993b7a3bcd
SHA1	1356a57098602623b5cab8511f530aab3b04a080
SHA256	8f576aca2a00533180ed3710971bd9c4c419e275d618c4c745d004b9a5ad9987
SHA512	475c72b5655744be0a900269478d930942cd7aae9ec8acf0e38c1eff2a4c7ec243c91293996ad8288ec2ed9c72b896436bb8e12b67f44b999fc03d1f43db4a2d

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.21.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.21.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Removed
Items that have been removed as of this release.
Other
The deprecated built-in parser bro-json has been deleted. It has been replaced by the parser zeek-json.
The deprecated built-in parser json-for-notifier has been deleted. It has been replaced by the parser json-for-action.

Bug Fixes

Automation and Alerts
- Create, update and delete of an alert, scheduled search or action is now recorded in the audit log.
Functions
- Fixed a bug in lowercase() which caused the case lowercase(field="\*", include="values") to not process all fields but only the field named "\*".
- Fixed a bug which caused validation to miss rejecting window() inside window() and session().
- subnet() now reports an error if its argument bits is outside the range 0 to 32.
- The replace() function now reports an error if the arguments replacement and with are provided at the same time.
- The split() function no longer adds a @display field to the event it outputs.
- The replace() function now reports an error if an unsupported flag is provided in the flags argument.
- Change handling of groupBy() in live-queries which should in many cases reduce memory cost.
- The functions worldMap() and geohash() now generated errors if the requested precision is greater than 12.
- Fixed a memory leak in rdns() in cases where many different name servers are used.
- Fixed a bug which caused eventInternals() to crash if used late in the pipeline.
- The transpose() function now reports an error if the arguments header or column is provided together with the argument pivot.
- Fixed bugs in format() which caused output from %e and %g to be incorrect in certain cases.
- Fixed a performance and a robustness problem with the function unit:convert(). The formatting of the numbers in its output may in some cases be different now.
- The findTimestamp() function has been changed, so that it no longer has a default value for the timezone parameter. Previously, the default was UTC. If no timezone argument is supplied to the function, it will not parse timestamps that do not contain a timezone. To get the old functionality, simply add timezone=UTC to the function. This can be done before upgrading to this release.
- The experimental function moment() has been removed.
Other
- Humio insights package installed if missing on the humio view when humio is started.
- Fixed an issue causing event redirection to break when using copyEvent to get the same events ingested into multiple repositories.
- Raised the note widget text length limit to .00.
- kvParse() now unescapes backslashes when they're inside (' or ") quotes.
- Fixed an issue where repeating queries would not validate in alerts.
- Make the thread dump job run on a dedicated thread, rather than running on the thread pool shared with other jobs.
- Fixed an issue with lack of escaping in filename when downloading.
- Running test of a parser is no longer recorded in the audit log, and irrelevant fields are no longer recorded upon parser deletion.
- Made loggings for running alerts more consistent and more structured. All loggings regarding a specific alert will contain the keys alertId, alertName and viewId. Loggings regarding the alert query will always contain the key externalQueryId and sometimes also the keys queryId with the internal id and query with the actual query string. If there are problems with the run-as-user, the id of that user is logged with the key user.
- Fixed a bug where analysis of a regex could consume extreme amounts of memory.
- Raised the parser test character length limit to .00.
- Fixed an issue where the segment mover might schedule too many segments for transfer at a time.
- Fixed a number of potential concurrency issues.
- Fixed an issue causing Humio to crash when attempting to delete an idle empty datasource right as the datasource receives new data.
- Made sure the humio view humio default parser is only installed when missing, instead of overwriting it every time humio starts.
- Prevent Humio from booting when Zookeeper has been reset but Kafka has not.
- Improve number formatting in certain places by being better at removing trailing zeros.
- Lowered the severity level for some loggings for running alerts.
- Fixed a bug where referenced saved queries were not referenced correctly after exporting them as part of a package.
- kvParse() now also unescapes single quotes. (')
- Improve hit rate of query state cache by allowing similar but not identical queries to share cache when the entry in the cache can form the basis for both. The cache format is incompatible with previous versions, this is handled internally by handling incompatible cache entries as cache misses.
- Fixed a bug which could cause saving of query state cache to take a rather long time.
- The default parser kv has been changed from using the parseemacs vTimestamp() function to use the findTimestamp() function. This will make it able to parse more timestamp formats. It will still only parse timestamps with a timezone. It also no longer adds a timezone field with the extracted timestamp string. This was only done for parsing the timestamp and not meant for storing on the event. To keep the old functionality, clone the kv parser in the relevant repositories and store the cloned parser with the name kv. This can be done before upgrading to this release. See kv.
- Fixed an issue with the validation of the query prefix set on a view for each repository within the view: Invoking macros is not allowed and was correctly rejected when creating a view, but was not rejected when editing an existing connection.
- Fixed a bug which could potentially cause a query state cache file to be read in an incomplete state.
- Fixed a bug in parseJson which resulted in failed JSON parsing if an object contained an empty key ("").
- Improve performance of writeJson() a bit.
- When using filters on dashboards, you can now easily reset the filter, either removing it completely, or using the default filter if one is present.
- Fixed an issue causing segment tombstones to potentially be deleted too early if bucket storage is enabled, causing an error log.
- Made loggings for running scheduled searches more consistent and more structured. All loggings regarding a specific alert will contain the keys scheduledSearchId, scheduledSearchName and viewId. Loggings regarding the alert query will always contain the key externalQueryId and sometimes also the keys queryId with the internal id and query with the actual query string. If there are problems with the run-as-user, the id of that user is logged with the key user.
- Fixed an issue where cancelled queries could be cached.
- Fixed a bug in upper() and lower() which could cause its output to be corrupted (in cases where no characters had been changed).
- Fixed an issue where merge of segments were reported as failed due to input files being deleted while merging. This is not an error, and is no longer reported as such.
- kvParse() now only unescapes quotes and backslashes that are inside a quoted string.
- Added support for disaster recovery of a cluster where all nodes including Kafka has been lost, restoring the state present in bucket storage as a fresh cluster using the old bucket as read-only, and forming a fresh cluster from that. New Configs: S3_RECOVER_FROM_REPLACE_REGION and S3_RECOVER_FROM_REPLACE_BUCKET to allow modifying names of region/bucket while recovering to allow running on a replica, specifying read-only source using S3_RECOVER_FROM* for all the bucket storage target parameters otherwise named S3_STORAGE*
- When using ephemeral disks on nodes are being replaced with new ones on empty disks no longer download most of the segments they had before being replaced, but instead schedule downloads based on is being searched.
- The Auth0 login page will no longer load a local version of the Auth-Lock library, but instead load a login script hosted on Auth0's CDN. This may require opening access to https://cdn.auth0.com/ if hosting Humio behind a firewall.
Packages
- When exporting a package, you now get a preview of the icon you've added for the package.
- Packages can now be updated with the same version but new content. This makes iterating over a package before finalizing it easier.

Humio Server 1.20.4 Stable (2021-02-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.20.4

Stable

2021-02-22

Cloud

On-Prem

2022-01-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	e84da693a3ca628775ca56a33f27db91
SHA1	fd2a37750456d861a92ee41840701c2040b71d79
SHA256	0fc7d2b010abbc263ef97ae4cb019994804133ff858f23de03e0bce69760011a
SHA512	9af984c0a5896046cf0f3febd3b64aef7af501404df75a612c04452140aa9cd9c97f4ed2a5a95fe241ac227db3f3bbbe072ddaa2bed058053b6cfeafcbc388e5

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.20.4 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.20.4. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Functions
- Fix newline glob handling in in() and match() functions.
Other
- Fixed an issue causing event redirection to break when using copyEvent() function to get the same events forwarded to multiple repositories.
- New "prefetch from bucket" job - When a node starts with an empty disk it will download a relevant subset of segment files from the bucket in order to have them present locally for queries.
- Connecting to the Packages now respects the Humio proxy configuration

Humio Server 1.20.3 Stable (2021-02-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.20.3

Stable

2021-02-11

Cloud

On-Prem

2022-01-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	eb0a1ddfb3bd3440206fc7ce95fedd74
SHA1	0eedbdc67554a9efbb0fcc5f667a99c899ae43bc
SHA256	ecdcb4a299eb3668ed6d5435c97469b4f7b1423f239f4e0a4b95a88d9b8fd566
SHA512	53dd06169c01eaccc6766f53f6a7c71910c131d7600bfdcdb3f9796d61e7ccdcfa801d8b2a2b9ed4b205fa7c3e567dc2a9a3b6879c94e10f408892cd0d57d77d

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.20.3 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.20.3. In case you need to do a rollback, this can also only happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Other
- Improve auto completion suggestions.

Humio Server 1.20.2 Stable (2021-02-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.20.2

Stable

2021-02-11

Cloud

On-Prem

2022-01-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	c8369fd679e4ef4fb1ddad2a632156e1
SHA1	7dc7214d24c3314fa9e60128106aed4078b2c7c9
SHA256	e1c8188fd7e0dc92c648a675514627c4a9ae0f52658aac748d35a0105347c4ba
SHA512	fea474b22bebcbe7c5ad1e142fbf157f495b58726951e8b52820475fdda5eb48503a76bef7e2178ac3aeddcc6087d6bdd66c3ab5c67dbcf721da1ebc4bd671fa

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.20.2 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.20.2. In case you need to do a rollback, this can also only happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Functions
- Fixed a bug in upper() and lower() functions which could cause its output to be corrupted (in cases where no characters had been changed).
Other
- Fixed a bug that exporting a package with dashboard parameters would not set the correct name space for a saved query called in a parameter.
- Fixed a bug that exporting a package using a saved query with spaces in the name would not export the correct name.
- Fixed an issue where cloning a dashboard or parser would clone the wrong entity.
- Query scheduling now tracks cost spent across queries for each user and tends to select next task so that users (rather than queries) each get a fair share of available CPU time.
- Reduce triggering of auto completion in the query editor.
- Fixed a bug in parseJson which resulted in failed JSON parsing if an object contained an empty key ("").
- Fixed an issue where some parts of regexes did not shown in the parser editor.
- Improve query cache hit rate by not starting queries locally when the preferred nodes are down, if the local node has just started — as there is a fair chance the preferred nodes will show up shortly too.
- Handle inconsistencies in the global entities file gracefully rather than crashing.
- Fixed a bug where fields panel was not scrollable in Safari.

Humio Server 1.20.1 Stable (2021-02-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.20.1

Stable

2021-02-01

Cloud

On-Prem

2022-01-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	5f2ccaea9f97572ec047be936d7ff0de
SHA1	5e434cc0df8b437a3974be645e80c3f2c56ec78a
SHA256	74f2fcf3d5d2bc5b1e5830d98a03512395ac7beb6456bf754e69e48e89e1d7cf
SHA512	16a58326069b3dd9e401688627e62e825249654501f63c939d245c6b501bd683c7682a634f9cb0265c17029ac8b7cdf038e57daa27a57478980115bce18c53ce

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.20.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.20.1. In case you need to do a rollback, this can also only happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Other
- Minor fix to Humio internal JSON logging when using the configuration HUMIO_LOG4J_CONFIGURATION=log4j2-json-stdout.xml.

Humio Server 1.20.0 Stable (2021-01-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.20.0

Stable

2021-01-28

Cloud

On-Prem

2022-01-31

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	095aa44f1cbaf9cdffc9753286206248
SHA1	fd4eb8cc488d18e7fedff3af212a9919d399b256
SHA256	79868d79d893ebb3114208e5e7f64d20ded44b76f4342b3b2d932df6288c927e
SHA512	9b91b51b21654ec1961ee9ba31193ad5511850cdb3623d82403356191535a74febeb51a49fb711438408898fe4222f2522f3c37b33c81c75091b6a415c2f0924

Important Information about Upgrading

This release promotes the latest 1.19 release from preview to stable.

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.20.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.20.0. In case you need to do a rollback, this can also only happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

This version introduces Humio packages - a way of bundling and sharing assets such as dashboards and parsers. You can create your own packages to keep your Humio assets in Git or create utility packages that can be installed in multiple repositories. All assets can be serialized to YAML files (like what has been possible for dashboards for a while). With tight integration with Humio's CLI humioctl you can install packages from local disk, URL, or directly from a Github repository. Packages are still in beta, but we encourage you do start creating packages yourself, and sharing them with the community. At Humio we are also very interested in talking with package authors about getting your packages on our upcoming marketplace.

Read more about packages on our Packages.

With the introduction of Humio packages we have created the application Insights Package. The application is a collection of dashboards and saved searches making it possible to monitor and observe a Humio cluster.

The new query editor has a much better integration with Humio's query language. It will give you suggestions as you type, and gives you inline errors if you make a mistake. We will continue to improve the capabilities of the query editor to be aware of fields, saved queries, and other contextual information.

A new function called test() has been added for convenience. What used to be done like: tmp := <expression> | tmp=true can now be done using: test( <expression> ). Inside <expression> field names appearing on the right hand side of an equality test, such as field1==field2 compares the values of the two fields. When comparing using = at top-level field1=field2 compares the value of field1 against the string "field2". This distinction is a cause of confusion for some users, and using test() simplifies that.

We have made small changes to how Humio logs internally. We did this to better support the new Insights Package. We have tried to keep the changes as small and compatible as possible, but we have made some changes that can break existing searches in the humio repository (or other repositories receiving Humio logs). We made these changes as we think they are important in order to improve things moving forward. One of the benefits is the new Insights Package. Read more about the details LogScale Internal Logging.

To see more details, go through the individual 1.19.x release notes.

Bug Fixes

Other
- Enable Package marketplace (in beta)
- Segment download timeout raised from 120s to 1.0s. Avoids situations where large segments could not be moved around a cluster.
- Fixed an issue causing the secondary storage transfer job to plan more segments for transfer than necessary.
- Fixed a bug where merged segments could grow too large if the source events were large.
- Major changes (see version 1.19.0 release notes)

Humio Server 1.19.2 Preview (2021-01-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.19.2

Preview

2021-01-25

Cloud

On-Prem

2022-01-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	01e72a42b56685f50111466e91475e9b
SHA1	7d09c09579a2c00cb2cc0a38c421969861f9c6a0
SHA256	83e7efdf3bd38eb806b30c81603e4eefe5ee17f88fa9c6440fd56d11c86d2869
SHA512	3ccc62d52899ecad9fd7626bb15f90b05bcabaf761d997c4aa63849f93702c6caf32d1f6ed191c981054c1df853ec6fbcdbd07fba0e76e289d4f71d39b542d9b

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.19.2 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded to minimum 1.16.0 before trying to upgrade to 1.19.2. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer, rolling directly back to an earlier release can result in data loss.

Bug Fixes

Other
- Fixed an issue for on-prem users not on multitenant setup by reverted a metric change introduced in 1.18.0, jmx and Slf4j included an OrgId in all metrics for repositories.
Packages
- Fixed automatic installation of Humio insights package to the humio repository.

Humio Server 1.19.1 Preview (2021-01-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.19.1

Preview

2021-01-19

Cloud

On-Prem

2022-01-31

No

1.16.0

11

No

JAR Checksum	Value
MD5	7ba0f9e286f6933cb19b49be72df8078
SHA1	489be0b931419cd128d5a03e2b2fbce819095257
SHA256	2f8a22da0e6f85c4cd4479367635ad9c0a0586f2fc69df55533e349e3ea29bab
SHA512	b306f424ae1425145a382be5847e46f6f56d91777202ef94117c755be5f713dab787ae6da2a4acd0091d04d07d75b3b4154185eab5327f8db558071d1b4d301f

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.19.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded to minimum 1.16.0 before trying to upgrade to 1.19.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer, rolling directly back to an earlier release can result in data loss.

Bug Fixes

Functions
- Fixed bug where the format() function produced wrong output for some floating-point numbers.
Other
- Fixed an issue - Do not delete datasource before the segments have been deleted also in bucket storage if present there.
- Update dependencies with known vulnerabilities
- Do not retry a query when getting a HTTP .0 error
- Do not cache cancelled queries.
Packages
- Fixed bug in a saved query in the Humio insights package.

Humio Server 1.19.0 Preview (2021-01-14)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.19.0

Preview

2021-01-14

Cloud

On-Prem

2022-01-31

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	63d03b5a7d362d1d9a5dfcb5a7d6fcea
SHA1	7ed7776a690ff76afd4ff77ac585a28ef7ee1b2c
SHA256	532dd54bc612b6f771a142899277430469a85c3a431a7824105c1ab69d21974e
SHA512	9edc286d2409cdf36496cc9a7c69ab525ac3207006f1ce3aa194bd17e59e4601f676dbdec0c71cfecd197364b45d83398e5566cebbed82e0a10e1d19ae2e91eb

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.19.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.19.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Deprecation
Items that have been deprecated and may be removed in a future release.
New config MAXMIND_IP_LOCATION_EDITION_ID for selecting the maxmind edition of the IP location database. Deprecates MAXMIND_EDITION_ID, but old config will continue to work.

Improvements, new features and functionality

Other
- Stateless Ingest-only nodes: A node that the rest of the cluster does not know exists, but is capable of ingesting events into the ingest queue. Enable using NODE_ROLES=ingestonly.
- Custom ingest tokens making it possible for root users to create ingest tokens with a custom string.

Bug Fixes

Configuration
- New config AUTO_UPDATE_MAXMIND for enabling/disabling updating of all maxmind databases. Deprecates AUTO_UPDATE_IP_LOCATION_DB, but old config will continue to work.
- New config QUERY_QUOTA_EXCEEDED_PENALTY with value 50 by default. When set >= 1.0 then this throttles queries from users that are over their quota by this factor rather than stopping their queries. Set to 0 to disable and revert to stopping queries.
Functions
- New function hash() for computing hashes of fields. See hash() reference page.
- Fixed an issue with the cidr() function that would make some IPv4 subnets accept IPv6 addresses and some strings that were not valid IP addresses.
- Make the query functions window() and series() be enabled by default. They can be disabled by setting the configuration options WINDOW_ENABLED and SERIES_ENABLED to false, respectively.
- Added a new function for retrieving the ASN number for a given IP address, see asn() reference page.
- Fixed an issue causing queries using kvParse() to be executed incorrectly in certain circumstances when kvParse() assigned fields starting with a non-alphanumeric character.
- Fixed an issue where unit-conversion (by timechart) did not take effect through groupBy() and window().
- Fixed an issue causing queries using kvParse() to filter out too much in specific circumstances when filtering on a field assigned before kvParse().
Other
- New filter function test().
- Removed config IDLE_POLL_TIME_BEFORE_DASHBOARD_QUERY_IS_CANCELLED_MINUTES. Queries on dashboards now have the same life cycle as other queries.
- API Changes (Non-Documented API): getFileContent has been moved to a field on the SearchDomain type.
- The built-in json-for-notifier parser used by the Humio Repository action (formerly notifier) is deprecated and will be removed in a later release. It has been replaced by an identical parser with the name json-for-action, see json-for-action.
- Notifiers have been renamed to Actions throughout the UI and in log statements. The REST APIs have not been changed and all message templates can still be used.
- New feature "Event forwarding" making it possible to forward events during ingest out of Humio to a Kafka server. See Event Forwarding documentation. Currently only available for on-prem customers.
- When a host dies and Humio reassigns digest, it will warn if a fallback host is picked that is in the same zone as existing replicas. Eliminate warning if falling back to a host in the null zone.
- Renamed LOG4J_CONFIGURATION environment variable to HUMIO_LOG4J_CONFIGURATION. See Configuration Settings.
- Custom made saved queries, alerts and dashboards in the humio repository searching for events of the kinds metrics, requests or nonsensitive may need to be modified. This is described in more detail in LogScale Internal Logging.
- Reduced the number of writes to global on restart, due to merge targets not being properly reused.
- Raised the limit for note widget text length to .00
- API Changes (Non-Documented API): Queries and Mutations for Parser now expects an id field in place of a name field, when fetching and updating parsers.
- Improve handling of broken local cache files
- The Humio Repository action (formerly notifier) now replaces a prefix '#' character in field names with @tag. so that #source becomes @tag.source. This is done to make them searchable in Humio. You can change the name by creating a custom parser. See Action Type: Falcon LogScale Repository.
- Fixed bug where repeating queries would not validate in alerts.
- Updated the permission checks when polling queries. This will results in dashboard links "created by users who are either deleted or lost permissions to the view" to get unauthorized. To list all dashboard links, run this graphql query as root:
  graphql
  query { searchDomains { dashboards { readOnlyTokens { createdBy name token } } } }
- Fixed an rare issue where the digest coordinator would assign digest fewer hosts than configured.
- Fixed an issue causing Humio to retain deleted minisegments in global for longer than expected.
- The function parseCEF() now deals with extension fields with labels, i.e. cs1=Value cs1Label=Key becomes cef.label.Key=Value.
- In the GraphQL API, the value ChangeAlertsAndNotifiers on the Permission enum has been deprecated and will be removed in a later release. It has been replaced by the ChangeTriggersAndActions value. The same is true for the ViewAction enum. On the ViewPermissionsType type, the administerAlertsfield has been deprecated and will be removed in a later release. It has been replaced by the administerTriggersAndActions field.
- Fixed an issue where segment merge occasionally reported BrokenSegmentException when merging, while the segments where not broken.
- Introduction of the new log file humio-requests.log. Also the log format for the files humio-metrics.log and humio-nonsensitive.log has changed as described above. See Log LogScale to LogScale.
- Cluster management stats now shows segments as underreplicated if they are replicated to enough hosts, but are not present on all configured hosts.
- unit on timechart (and bucket) now works also when the function within uses nesting and anonymous pipelines.
- Fixed a bug where fullscreen mode could end up blank
- Fixed an issue that could cause node id assignment to fail when running on ephemeral disks and using Zookeeper for node id assignment. Nodes in this configuration will now try to pick a new id if their old id has been acquired by another node.
- Made cluster nodes log their own version as well as the versions of all other nodes. This makes it easier to tell which versions are running in the cluster.
- API Changes (Non-Documented API): Getting Alert by ID has been moved to a field on the SearchDomain type.
- Improved app loading logic.
- The transfer job will delete primary copies shortly after transferring the segments to secondary storage. The copies would previously only be deleted once a full bulk had been moved.
- New ingest endpoint /api/v1/ingest/raw for ingesting singular webcalls as events. See Ingest API - Raw Data documentation.
- Fixed an issue where canceling queries could produce a spurious error log.
- Raised the parser test character length to .00.
- Fixed crash in CleanupDatasourceFilesJob when examining a file size fails due to that file being deleted concurrently.
- Fixed timeout issue in S3 Archiving
- The configuration option HTTP_PROXY_ALLOW_NOTIFIERS_NOT_USE has been renamed to HTTP_PROXY_ALLOW_ACTIONS_NOT_USE. The old name will continue to work.
- In the GraphQL API, on the Alert type, the notifiers field has been deprecated and will be removed in a later release. It has been replaced by the actions field.
- The names of the metadata fields added by the Humio Repository action (formerly notifier) has been changed to accomodate that it can now also be used from scheduled searches. See Action Type: Falcon LogScale Repository.
- The configuration option IP_FILTER_NOTIFIERS has been renamed to IP_FILTER_ACTIONS. The old name will continue to work.
- New feature "Scheduled Searches" making it possible to run queries on a schedule and trigger actions (formerly notifiers) upon query results. See Scheduled Searches.
- No longer overwrite the humio parser in the humio repository on startup.
- Fixed an issue with updating user profile, in some situations save failed.
- New validation when creating an ingest token using the API that the parser, if specified, actually exists in the repository.
- For ingest using a URL with a repository name in it, Humio now fails ingest if the repository in the URL does not match the repository of the ingest token. Previously, it would just use the repository of the ingest token.
- The built-in bro-json parser is deprecated and will be removed in a later release. It has been replaced by an identical parser with the name zeek-json, see zeek-json.
- Added config option for Auth0 based sign on method: AUTH_ALLOW_SIGNUP defaults to true. The config is forwarded to the auth0 configuration for the lock widget setting: allowSignUp
- Fixed an issue causing the secondary storage transfer job to select and queue too many segments for transfer at once. The job will now stop and recalculate the bulk to transfer periodically.
- Kafka client inside Humio has been bumped from 2.4.1 to 2.6.0.
- Fixed an issue where the filter and groupBy buttons on the search page would not restart the search automatically
- Fixed a rare issue where a node that was previously assigned digest could write a segment to global, even though it was no longer assigned the associated partition.
- Fixed an issue where the segment rewrite job handling event deletion might rewrite segments sooner than configured.
- Add an error message to the event if the user is trying to redirect it to another repo using #repo, and the target repo is invalid.
- Fixed logic for when the organization owner panel should be shown in the User's Danger zone.
- Upgraded Log4j2 from 2.13.3 to 2.14.0.
- Added timeout for TCP ingest listeners. By default the connection is closed if no data is received after 5 minutes. This can be changed by setting TCP_INGEST_MAX_TIMEOUT_SECONDS. See Ingest Listeners.
- Added mutation to update the runAsUser for a read only dashboard token.
- Humio no longer deletes an existing humio-search-all view if the CREATE_HUMIO_SEARCH_ALL environment variable is false. The view instead becomes deleteable via the admin page.
- Reduce contention on the query scheduler input queue. It was previously possible for large queries to prevent each other from starting, leading to timeouts.
- Fixed an issue which caused free-text-search to not work correctly for large (>64KB) events.
- Humio will only allow using Zookeeper for node id assignment (ZOOKEEPER_URL_FOR_NODE_UUID) when configured for ephemeral disks (USING_EPHEMERAL_DISKS). When using persistent disks, there is no need for the extra complexity added by Zookeeper.
Packages
- Introduced humio insights package that is installed per default on startup on the humio repository.

Improvement

UI Changes
- The new query editor has a much better integration with Humio's query language. It will give you suggestions as you type, and gives you inline errors if you make a mistake. We will continue to improve the capabilities of the query editor to be aware of fields, saved queries, and other contextual information.
Functions
- A new function called test() has been added for convenience. What used to be done like: tmp := <expression> | tmp=true can now be done using: test( <expression> ). Inside <expression> field names appearing on the right hand side of an equality test, such as field1==field2 compares the values of the two fields. When comparing using = at top-level field1=field2 compares the value of field1 against the string "field2". This distinction is a cause of confusion for some users, and using test() simplifies that.
Other
- With the introduction of Humio packages we have created the Insights Package. The application is a collection of dashboards and saved searches making it possible to monitor and observe a Humio cluster.
- We have made small changes to how Humio logs internally. We did this to better support the new Insights Package. We have tried to keep the changes as small and compatible as possible, but we have made some changes that can break existing searches in the humio repository (or other repositories receiving Humio logs). We made these changes as we think they are important in order to improve things moving forward.
  Read more about the details of LogScale Internal Logging.
Packages
- This version introduces Humio packages - a way of bundling and sharing assets such as dashboards and parsers. You can create your own packages to keep your Humio assets in Git or create utility packages that can be installed in multiple repositories. All assets can be serialized to YAML files (like what has been possible for dashboards for a while). With tight integration with Humio's CLI humioctl you can install packages from local disk, URL, or directly from a Github repository. Packages are still in beta, but we encourage you do start creating packages yourself, and sharing them with the community. At Humio we are also very interested in talking with package authors about getting your packages on our upcoming marketplace.
  Read more about Packages.

Humio Server 1.18.4 Stable (2021-01-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.18.4

Stable

2021-01-25

Cloud

On-Prem

2021-11-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	d6d2999c1640e0b922b79163c9ec83b5
SHA1	a0452151aaa9437a2d4f772f23d3f817080d015c
SHA256	b786cb7edf1d2b8729a44ff73ce8239688aefd2431940d283a15537b3be01b37
SHA512	cfce44d51dce08213bfc26f5bd74cf3596185bc15e87518f63cf9b601f0e8118923d61afa17770827cd1fae6547a5d11decdacc9cffb57f95f0f3b351151632d

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.18.4 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.18.4. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Other
- Fixed an issue for on-prem users not on multitenant setup by reverted a metric change introduced in 1.18.0, jmx and Slf4j included an OrgId in all metrics for repositories.

Humio Server 1.18.3 Stable (2021-01-20)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.18.3

Stable

2021-01-20

Cloud

On-Prem

2021-11-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	2db608cedd7603e6cd595c58aa9fad5d
SHA1	ea622d5f1a706daa3c6345bc1237918836498f9f
SHA256	00f4f144647918d42cf85cb26ece7c0529a76af02d6a56dd483ada74b8028816
SHA512	2335597bf91028e1b476178039e15b47645cca2f8dfdf445514e279133a042ed44a5450c9456710a9843279d431b37fff85ba4c41abab56780d8923e81e6dcc9

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.18.3 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.18.3. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Other
- Do not retry a query when getting a HTTP .0 error
- Update dependencies with known vulnerabilities
- Do not cache cancelled queries.
- Fixed bug where the format() function produced wrong output for some floating-point numbers.

Humio Server 1.18.2 Stable (2021-01-08)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.18.2

Stable

2021-01-08

Cloud

On-Prem

2021-11-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	325cfefc1a6eef3b4f9d1e6beeb5a53a
SHA1	a8af4a4a70c93cb6ff945c999bd0e6ea579d1a2a
SHA256	f2201aab5190ec92b540bc8be9b6ea59c2e840fece63b2d87891aff9d7fc284a
SHA512	8a1e56622041d45db967e6aa003da14fb78143fc63d3dfb936e318d385761f8a10a57823040d68b8f200048fc28006df1d281e74baad1bcdef080334a8634af5

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.18.2 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.18.2. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Bug Fixes

Other
- Resolves problem when starting a query spanning very large data sets, a time-out could prevent the browser from getting responses initially.
- Adds a new configuration option for auth0: AUTH_ALLOW_SIGNUP. Default value is true.
- Improves handling when many transfers to secondary storage are pending.
- Fixed bug so as to reduce contention on the Query input queue.
- Fixed bug where Humio could end in a corrupted state, needing manual intervention before working again.

Humio Server 1.18.1 Stable (2020-12-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.18.1

Stable

2020-12-17

Cloud

On-Prem

2021-11-30

No

1.16.0

11

No

JAR Checksum	Value
MD5	23a1b98323ea040221d9314e181f5048
SHA1	2364af27ee4d0e12ff3732252e31aceaa12534a9
SHA256	9f83caa9a0aa483087c28e083fb10e2d418c9f66c109abe0b7464dd312d3e873
SHA512	682242210795e8b72f82589a01a3933072c7b744a8abdc54adca3964d08c32f02504e86abd44639278cf104d79587f8b0d0b89b807fc3ba321e04c3644c6dfab

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.18.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded to minimum 1.16.0 before trying to upgrade to 1.18.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer, rolling directly back to an earlier release can result in data loss.

Bug Fixes

Automation and Alerts
- Fixes a bug where some valid repeating queries would not validate in alerts.
Other
- Fixes a bug that would allow users with read access to be able to delete a file (#10133)
- Improve handling of a node being missing from the cluster for a long time by letting other nodes handle the parts of the query that node would normally do.
- Add non-sensitive logging that lists the versions of Humio running in the cluster. These logs can be found by searching the Humio debug log for "cluster_versions".
- Improve performance of S3 archiving when many repositories have the feature enabled.
- Fixes a bug where top([a,b], sum=f) ignored events where f was not a positive integer. Now it ignores negative and non-numerical input but rounds decimal numbers to integer value.
- Fixes a bug where the to parameter to unit:convert would cause internal server errors instead of validation errors.
- Add GraphQL mutation to update the runAsUser for a read only dashboard token.
- Fixes a bug where queries with @timestamp=x where x was a timestamp with the current search interval could fail
- Fixes a bug where a query would not start automatically when requesting to filter or group by a value.
- Fixes a bug where the merge of mini segments could fail during sampling of input for compression.
- Fixes a bug where the permissions check on editing a connection from a view to a repository allowed altering the search prefix of connections other than the one the user currently was allowed to edit.
- Increase number of vCPUs used when parsing TCP ingest, twice the number of the 1.18.0 build.
- Only install default Humio parser to the Humio view if it is missing. No longer overwriting local changes.

Humio Server 1.18.0 Stable (2020-11-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.18.0

Stable

2020-11-26

Cloud

On-Prem

2021-11-30

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	0525cf2284207efde5655fd9174c411f
SHA1	9d28fc3e60a033c27746584ac10fd5abedb2af69
SHA256	5f2a5cfa60bc13c859caa2e07a1dbd3a907d15483cc7d5829d02646f8350d61c
SHA512	be22b5126137fa75d0d5ac5a870c716fadee85155bb58822d710397e633de9acbb060c7500f46031a3996e826c5d3b3ee5c0b0c1d572b3944f1be5ebc05cffca

Important Information about Upgrading

This release promotes the latest 1.17 release from preview to stable.

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.18.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded to minimum 1.16.0 before trying to upgrade to 1.18.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer, rolling directly back to an earlier release can result in data loss.

Humio can now run repeating queries using the beta:repeating() function. These are live queries that are implemented by repeatedly making a query. This allows using functions in alerts and dashboards that typically do not work in live queries, such as selfJoin() or selfJoinFilter(). See the beta:repeating() reference page for more information.

In order to prevent alert notifiers being used to probe services on the internal network (eg. Zookeeper or the AWS metadata service), Humio now has an IP filter on alert notifiers. The default is to block access to all link-local addresses and any addresses on the internal network; however, you can opt-in to the old behavior by setting the configuration option IP_FILTER_NOTIFIERS to allow all. See IP Filter documentation.

New experimental query function series()

A new experimental query function called series() has been added. It needs to be explicitly enabled on the cluster using the configuration option SERIES_ENABLED=true.

The function series() improves upon session() and collect() for grouping events into transactions. What used to be done with:

logscale

groupby(id, function=session(function=collect([fields, ...])))

can now be done using:

logscale

groupby(id, function=series([fields, ..])).

See series() reference page for more details.

This new feature stores a copy of live search results to the local disk in the server nodes, and reuses the relevant parts of that cached result when an identical live search is later started. Caching is controlled with the config option QUERY_CACHE_MIN_COST, which has a default value of .0. To disable caching, set the config option to a very high number, such as 9223372036854775807 (max long value).

To see more details, go through the individual 1.17.x release notes (links in the changelog).

Bug Fixes

Other
- Changed behaviour when the config ZONE is set to the empty string. It is now considered the same as omitting ZONE.
- Major changes (see 1.17.0 release notes)
- Fixed a bug where TCP listener threads could take all resources from HTTP threads
- Removed config IDLE_POLL_TIME_BEFORE_DASHBOARD_QUERY_IS_CANCELLED_MINUTES. Queries on dashboards now have the same life cycle as other queries.

Humio Server 1.17.0 Preview (2020-11-18)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.17.0

Preview

2020-11-18

Cloud

On-Prem

2021-11-30

No

1.16.0

11

No

Yes

JAR Checksum	Value
MD5	9c47009810132eb67177966d10471544
SHA1	341a2607265420b1a2d461ad111c88aca06419ed
SHA256	59001d9a738930f8774c11864ce3c36b3b4b4003f8cad0d4b36af13275ceefa9
SHA512	ee8e2837a8fba2b28aab8d18b16269f452f19a5c80ad9826ecbeb73eaa062236acdf2191cc448e60d81390f1a2881374637adce7603ebf9f0861ca6246f6c82f

Important Information about Upgrading

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.17.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded to minimum 1.16.0 before trying to upgrade to 1.17.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer, rolling directly back to earlier release can result in data loss.

Humio can now run repeating queries using the beta:repeating() function. These are live queries that are implemented by repeatedly making a query. This allows using functions in alerts and dashboards that typically do not work in live queries, such as selfJoin() or selfJoinFilter(). See the beta:repeating() reference page for more information.

In order to prevent alert notifiers being used to probe services on the internal network (eg. Zookeeper or the AWS metadata service), Humio now has an IP filter on alert notifiers. The default is to block access to all link-local addresses and any addresses on the internal network; however, you can opt-in to the old behavior by setting the configuration option IP_FILTER_NOTIFIERS to allow all. See IP Filter documentation.

A new experimental query function called series() has been added. It needs to be explicitly enabled on the cluster using the config option SERIES_ENABLED set to true.

The function series() improves upon session() and collect() for grouping events into transactions. What used to be done with

groupby(id,function=session(function=collect([fields, ...])))

Can now be done using

groupby(id, function=series([fields, ..])).

See series() reference page for more details.

This new feature stores a copy of live search results to the local disk in the server nodes, and reuses the relevant parts of that cached result when an identical live search is later started. Caching is controlled with the config option QUERY_CACHE_MIN_COST, which has a default value of .0. To disable caching, set the config option to a very high number, such as 9223372036854775807 (max long value).

Improvements, new features and functionality

Functions
- New query function parameter to parseJson(), removePrefixes, see parseJson() reference page.
- New query function concatArray, see concatArray() reference apge.

Bug Fixes

UI Changes
- Setting the default query for a view in the UI has been moved from the "Save as Query" to the View's "Settings" tab.
Automation and Alerts
- The notifier list is sorted when selecting notifiers for an alert.
Configuration
- New configuration option ALERT_DESPITE_WARNINGS makes it possible to trigger alerts even when warnings occur.
- New configuration option IP_FILTER_NOTIFIERS to set up IP filters for Alert Notifications, see IP Filter reference page.
- New configuration option DEFAULT_MAX_NUMBER_OF_GLOBALDATA_DUMPS_TO_KEEP.
- New configuration option ENABLE_ALERTS makes it possible to disable alerts from running (enabled by default).
Functions
- New experimental query function, see beta:repeating() reference page.
- Fixes a bug causing the sub-queries of join() etc. to not see events with an @ingesttimestamp occurring later than the search time interval.
- New experimental query function window(), enabled by configuration option WINDOW_ENABLED=true, see window() reference page.
- Fixes a bug causing join() to not work after an aggregating function.
- Fixes a bug where join() function in some circumstances would fetch subquery results from other cluster nodes more than once.
- Fixes a bug causing sort(), head(), tail() to work incorrectly after other aggregating functions.
- New experimental query function series(), enabled by configuration option SERIES_ENABLED=true, see series() reference page.
- New query function used to parse events which are formatted according to the Common Event Format (CEF), see parseCEF() documentation page.
Other
- Reduce the max fetch size for Kafka requests, as the previous size would sometimes lead to request timeouts.
- API Changes (Non-Documented API): Saved Query REST API has been replaced by GraphQL.
- Fixes the issue where Humio could behave incompatibly with Kafka versions prior to 2.3.0 if KAFKA_MANAGED_BY_HUMIO was true.
- Fixes an issue causing Humio to fail to upload files to bucket storage in rare cases.
- Crash the node if an exception occurs while reading from the global Kafka topic, rather than trying to recover.
- API Changes (Non-Documented API): View Settings REST API has been replaced by GraphQL.
- The Humio-search-all view will no longer be removed if CREATE_HUMIO_SEARCH_ALL is set to false. The view will instead become possible to delete manually via the admin UI.
- Refuse to boot if the global topic in Kafka does not contain the expected starting offset.
- Periodically release object pools used by mapper pipeline, to avoid a possible source of memory leaks.
- Tweaked location of diagnostics regarding missing function arguments.
- Fixes an issue where Humio might try to get admin access to Kafka when KAFKA_MANAGED_BY_HUMIO was false.
- It is again possible to override a built-in parser in a repository by creating a parser with the same name.
- Fix negating join expressions.
- Changed default TLS ciphers and protocols accepted by Humio, see TLS.
- Fix several cases where Humio might attempt to write a message to Kafka larger than what Kafka will allow.
- Fixes the case where datasources receiving data might not be marked idle, causing Humio to retain too much ingest data in Kafka.
- Fixes an issue which caused free-text-search to not work correctly for large (>64KB) events.
- Switch from JDK to BouncyCastle provider for AES decrypt to reduce memory usage.
- Allow running Humio on JDK-14 and JDK-15 to allow testing these new builds.
- Rename a few scheduler threads so they reflect whether they're associated with streaming queries ("streaming-scheduler") or not ("normal-scheduler")
- The {events_html} notifier template will now respect the field order from the query.
- Improve logic attempting to ensure other live nodes can act as substitutes in case the preferred digest nodes are not available when writing new segments.
- Reduce the number of merge target updates Humio will write to global on digest leader reassignment or reboot.
- Free-text search has been fixed to behave more in line with the specification.
- Improved wording of diagnostics regarding function arguments.
- If KAFKA_MANAGED_BY_HUMIO is true, Humio will ensure unclean leader election is disabled on the global-events topic.
- Fixes a bug where unit:convert couldn't handle numbers in scientific notation.
- Fixes the case where Humio would consider local node state when deciding which ingest data was safe to delete from Kafka.
- Refuse to boot if the booting node would cause violations of the "Minimum previous Humio version" as listed in the release notes.

Humio Server 1.16.4 Stable (2020-11-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.16.4

Stable

2020-11-26

Cloud

On-Prem

2021-10-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	d83c60916b9cb3c12501c541253b5aee
SHA1	fa164160b4874f1f1524ff61d49584a62c471868
SHA256	362d0640d4673b985c6ad9fcdcac7404dc127a65d33d0d423d15e20a5478c642
SHA512	1803bf4fa4cd533e7fd569584cd9d5ae86d649dfccbf92fdd6cf3eae6155fee9baf40ab7d252681e84ea4045264b5408cc9144fa0d6ef3b0a8a9b631cfdce45c

Many bug fixes: related to join( ), TCP listerner threads, etc.

Bug Fixes

Summary
- Switched from JDK to BouncyCastle provider for AES decrypt to reduce memory usage.
- Fix negating join expressions.
- Fixed an issue preventing the metric datasource-count from counting datasources correctly.
- Fixed a bug where TCP listener threads could take all resources from HTTP threads.
- Fixed an issue causing Humio to fail to upload files to bucket storage in rare cases.
Automation and Alerts
- Fixed a bug where the {events_html} message template was formatted as raw HTML in alert emails.
Functions
- Fixed a bug causing sort(), head(), tail() to work incorrectly after other aggregating functions.
Other
- Fixed a bug causing the sub-queries of join() etc. not to see events with an @ingesttimestamp occurring later than the search time interval.

Humio Server 1.16.3 Stable (2020-11-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.16.3

Stable

2020-11-10

Cloud

On-Prem

2021-10-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	294a84c0d1a54ccb83045af2a59a711e
SHA1	74088d0dcce3e2e853d236e00d18af18ad06c0e6
SHA256	8bd243f29dbafa1ece847aff22ce9754b3ec3fd6fe8726d1517ed5462c5653fe
SHA512	ad95a600b21990508e9e174273726b8c2514b2a0f688bf45422394971375c0ad8821626ca6ca7672faffd41e4b2f80a62c357e581cdc6b34f4c482ddb5389410

Improved memory usage of some query functions, and fixes problems with datasource cleanup, resource usage of HTTP requests, and with large free-text searches.

Bug Fixes

Summary
- Fixed an issue when starting a query, where resources related to HTTP requests were not released in a timely manner, causing an error log when the resources were released by hitting a timeout.
- Fixed an issue which caused free-text-search to not work correctly for large (>64KB) events.
Other
- Fixed an issue where cleanup of empty datasource directories could race with other parts of the system and cause issues.
- Reduce memory usage when using the match() or regex() query functions.

Humio Server 1.16.2 Stable (2020-10-30)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.16.2

Stable

2020-10-30

Cloud

On-Prem

2021-10-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	625e7c2ab7d9ae2ad61c6b5a6847e0ec
SHA1	092049bbc1604af6fd2e0a6b8f6f53fe7f6132ae
SHA256	3850217dcbda7666178a475fcf135b3c94715ef83a4b66236921b3bb2ee4c2f9
SHA512	d7aec9e4c0bdd6102ce56df5dbac36cb896182c987b1cb8c84d1065610ed78e9e519bce7ef94b784412fa8946b63bfe51f6ef78071b60e59e955588c22ccf6d4

Improved delete options in large clusters, and fix problems with generating http links.

Bug Fixes

Summary
- Optimize how certain delete operations in the global database are performed to improve performance in large clusters.
- Prevent automatic URL to link conversion in email clients.

Humio Server 1.16.1 Stable (2020-10-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.16.1

Stable

2020-10-21

Cloud

On-Prem

2021-10-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	f5a2ac232db869d279159781ba5cdf57
SHA1	e165eff2f323df2702e8eb697602739ad8e71af8
SHA256	eda9a02789d70732451e0bdd01a329ca878a39dc160c95c3902acc5db693f22b
SHA512	aa13e65ce4b6896aaecfeb8dcb3996681d7014bacde126045c01d230c8f3b75a34a594653b9b7785ee8c4417a71df1908263c2931c8806893db30293780e1bf4

Several bug fixes related to Humio UI, Prometheus, Clusters, RegEx queries, etc. — as well as improved GroupBy(), jvm-hiccup, etc.

Bug Fixes

Summary
- Avoid logging the license key.
- Fixed an issue where errors were not properly shown in the Humio UI.
- Fixed an issue where it was impossible to bootstrap a new cluster if ingest or storage replication factors had been configured greater than 1.
- Returning bad request when hitting authentication endpoint without a provider id.
- Improved the performance for GroupBy().
- Ensure metric label names can be sent to Prometheus.
- Fixed an issue where RegEx field extraction did not work in a query.
- HTML sanitization for user fields in invitation mails.
- Fixed an issue where sorting of work in the Humio input could end up being wrong.
- Convert some non-fatal logs to warning level instead of error.
- Add query parameter sanitization for login and signup pages.
- Fixed an issue with truncating files on the XFS file system, leading to excess data usage.
- Raise time to wait until deleting data to improve handling of node failures.
- Added new metric jvm-hiccup for measuring stalls/pauses in the JVM.
- Log information about sorting of snapshots.
Automation and Alerts
- Fixed an issue where missing input validation in alerts could lead to HTML injection in email notifications.

Humio Server 1.16.0 Stable (2020-10-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.16.0

Stable

2020-10-09

Cloud

On-Prem

2021-10-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	41a3eb30f6d92f92b414661545f0c8bc
SHA1	31829cf2558430a4a6f170d4adf00573f7a7db08
SHA256	f04127a4195e8e1e576bc9a32e9b582b48ffb6eb3fdbc368b4f2c0e2fc22e1c6
SHA512	45e067a2b79618e979e9839cb987ce6bd76a27514a0d3da22dd3e9b5259f48b8b75c5c9730078ccba81f10516a456b733956bc48bdec6c9bd5adb9dd0de13363

This release promotes the latest 1.15 release from preview to stable. To see more details, go through the individual 1.15.x release notes (links in the changelog).

Humio will set ingest timestamps on all events. This is set in the field named @ingesttimestamp. In later versions, Humio will also support specifying the search time interval using @ingesttimestamp when searching. This will support use cases where data is backfilled etc.

Field based throttling: It is now possible to make an alert throttle based on a field, so that new values for the field trigger the alert, but already seen values do not until the throttle period has elapsed.

Notifier logging to a Humio repository: It is now possible to configure an alert notifier that will log all events to a Humio repository.

Slack notifier upgrade to notify multiple Slack channels: It is now possible to use the Slack notifier to notify multiple Slack channels at once.

Events as HTML table: In an email notifier, it is now possible to format the events as an HTML table using the new message template {events_html}. Currently, the order of the columns is not well-defined. This problem will be fixed in the 1.17.0 release.

Configure notifier to not use the internet proxy: It is now possible to configure an alert notifier to not use the HTTP proxy configured in Humio.

Redesigned signup and login pages. For cloud, we have have split the behavior so users have to explicitly either login or signup.

Invite flow: When adding a user to Humio they will now by default get an email telling them that they have been invited to use Humio.

Configure Humio to not use the internet proxy for S3: It is now possible to configure Humio to not use the globally configured HTTP proxy for communcation with S3.

Auto-Balanced Partition Table Suggestions

When changing digest and storage partitions it is now possible to get auto-balanced suggestions based on node zone and replication factor settings (via ZONE, DIGEST_REPLICATION_FACTOR and STORAGE_REPLICATION_FACTOR configurations). See Configuration Settings.

The AWS SDK Humio uses has been upgraded to v2. When configuring Humio bucket storage with Java system properties, the access key must now be in the aws.secretAccessKey property instead of the aws.secretKey property.

Bug Fixes

Automation and Alerts
- Add view to log lines for alerts
Other
- Bulk Global operations for segments in S3 to avoid overloading Kafka with writes.
- Log Humio cluster version in non-sensitive log.
- Fixed a problem where some deleted segments could show up as missing.
- Added metrics for:
  - JVM Garbage Collection
  - JVM Memory usage
  - Missing nodes count
- Fixed a problem where errors would not be shown in the UI
- Major changes: (see 1.15.0 release notes)
- Other changes: (see 1.15.2 release notes)
- Fixed a problem with auto sharding not working when two repositories had the same tags but differing shard counts.
- Fixed an issue where Humio could behave incompatibly with Kafka versions prior to 2.3.0 if KAFKA_MANAGED_BY_HUMIO was true.
- Fixed a problem where the Zone configuration would not be propagated correctly.
- Fixed a problem where the QueryScheduler could spend time idling even though there was work to do in situations where digest delays were high.
- Support for license files in ES512 format.
- Log query total cost when logging query information.
- Improved merging of segments by evaluating less data.
- Changed limits for what can be fetched via HTTP from inside Humio.
- Other changes: (see 1.15.1 release notes)
- Fixed several cases where Humio might attempt to write a larger message to Kafka than what Kafka allows.
- Fixed a problem preventing saved queries from being edited.
- Added background job to fix problems with inconsistent data in global.
- Fixed a problem preventing file export/download from the search page.
- Fixed a problem where it was not possible to rename a dashboard.
- Fixed missing cache update when deleting a view.
- Fixed a problem with the retention job calculating what segments to delete.

Humio Server 1.15.2 Preview (2020-09-29)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.15.2

Preview

2020-09-29

Cloud

On-Prem

2021-10-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	682ce1370121f12351ade4d22aac9d59
SHA1	4b0a7d089cadc867582ab067e80ccbaa421d6869
SHA256	64179665b0993212736c526d4c9e5af57511d2225673646c6de9f54c6685e9f9
SHA512	3d63d22285b955637128bfaaf8223e4f59c32a92b66180997307b22cdda6d360c2436f0b63fb55ee57b52cdb34a0b0ddc2ad28f4db9d63ae62e10c8f0846dc80

Many bug fixes, including fixes related to login from Safari and Firefox, the join() function.

Bug Fixes

Summary
- Fixed a problem with scrolling on the login page on screens with low resolution.
- Fixed a bug causing an authentication error when trying to download a file when authenticating by proxy.
- Fixed an issue showing duplicate entries when searching for users.
- Generate ingest tokens in UUID format, replacing the current format for any new tokens being created.
- Changed priorities when fetching segments to a node which have been offline for a longer period. This avoids waiting too long before the cluster becomes fully synced.
- Fixed an issue where a slow data stream could cause Humio to retain more data in Kafka than necessary, as well as cause a restarted Humio node to reprocess too much data.
- Only consider fully replicated data when calculating which offsets can be pruned from Kafka.
- Improved naming of threads to get more usable thread dumps.
- Made the login and sign up pages responsive to the device.
- Fixed a memory leak when authenticating in AWS setups.
- Added logging to detect issues when truncating finished files.
- Fixed a bug in the partition table optimizer that lead to unbalanced layouts.
- Avoid overloading kafka with updates for the global database by collecting operations in bulk.
- Improved handling of sub-queries polling state from the main query when using join().
- Fixed a problem where the login link did not work in Safari and Firefox.
- Changed the query scheduling to account for the work of the overall query, rather than per job started. This allows fairer scheduling of queries hitting many dataspaces e.g. when using search-all.
- In the dialog for saving a search as an alert, the save button is no longer always grey and boring, but can actually save alerts again.

Humio Server 1.15.1 Preview (2020-09-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.15.1

Preview

2020-09-22

Cloud

On-Prem

2021-10-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	ec66230819ad11297969c2f8d6641c6d
SHA1	f3b0201a632842dd67f104c325c241b201d246a6
SHA256	81de2fd8b1ccc692f30083f0461364155f83b96b893c0cdff4444fbbb97abf32
SHA512	2281a3fbf186bd96d56343a7ec46caefcd59fa6656ca8885f841af2ce16c32068739d510b7a0913e9c5db5670948fbf43e998595b8a535246299d7ecd418e21b

Fixes bugs related to AWS and STS tokens, timestamp display results, reverting Humio UI login method.

Bug Fixes

Summary
- Revert login Humio User Interface to same behavior as before version 1.15.0.
- Fixed a problem in the UI, where the wrong timestamp was displayed as @ingesttimestamp.
- The job for updating the IP location database now uses the configured HTTP proxy, if present.
- Fixed a problem with AWS, where STS tokens would fail to authenticate.

Humio Server 1.15.0 Preview (2020-09-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.15.0

Preview

2020-09-15

Cloud

On-Prem

2021-10-31

No

1.12.0

11

Yes

JAR Checksum	Value
MD5	516ed995115eeaa9218bdbc96aec01b2
SHA1	79bd7daeaa49644e7d7bcc429862f43c5d028057
SHA256	26c95dacd1164ba20db16917dcc436cc8a8f5a86811b697917b6febfae9fbd61
SHA512	64841a7ddfcb7c9cff0e7636e78c05c8e52cd63f5c537c858f70795e6dfb5ff52efa8705cf9d3e3fccc1f2ca3901fbae25fb3920fe09f440813f2e587b367173

Improves ingest timestamps, field based throttling, the ability to configure better alert notifiers, Slack notifiers, etc.

Humio will set ingest timestamps on all events. This is set in the field named @ingesttimestamp. In later versions, Humio will also support specifying the search time interval using @ingesttimestamp when searching. This will support use cases where data is backfilled etc.

It is now possible to make an alert throttle based on a field, so that new values for the field trigger the alert, but already seen values do not until the throttle period has elapsed.

Notifier Logging to Humio Repository

It is now possible to configure an alert notifier that will log all events to a Humio repository.

It is now possible to use the Slack notifier to notify multiple slack channels at once.

In an email notifier, it is now possible to format the events as an HTML table using the new message template {events_html}.

Configure Notifier Not to use Internet Proxy

It is now possible to configure an alert notifier to not use the HTTP proxy configured in Humio.

We introduce new signup/login pages for social login and have split the behavior so users have to explicitly either login or signup.

When adding a user to Humio they will now by default get an email telling them that they have been invited to use Humio.

The AWS SDK Humio uses has been upgraded to v2. When configuring Humio bucket storage with Java system properties, the access key must now be in the aws.secretAccessKey property instead of the aws.secretKey property.

Configure Humio Not to use Internet Proxy for S3

It is now possible to configure Humio to not use the globally configured HTTP proxy for communcation with S3.

Auto-Balanced Partition Table Suggestions

When changing digest and storage partitions it is now possible to get auto-balanced suggestions based on node zone and replication factor settings (via ZONE, DIGEST_REPLICATION_FACTOR, STORAGE_REPLICATION_FACTOR configurations). See Configuration Settings.

Bug Fixes

Automation and Alerts
- Alert notifiers can be configured to not use an HTTP proxy.
- Field based throttling on alerts.
- New alert notifier template {events_html} formatting events as an HTML table.
Other
- S3 communication can be configured to not use an HTTP proxy.
- Humio will set the field @ingesttimestamp on all events.
- If automatically creating users upon login and syncing their groups from the authentication mechanims, the configuration ONLY_CREATE_USER_IF_SYNCED_GROUPS_HAVE_ACCESS now controls whether users should only be created if the synced groups have access to a repository or view. The default is false.
- Upgraded to AWS SDK v2. When using Java system properties for configuring Humio bucket storage, use aws.secretAccessKey instead of aws.secretKey.
- Newly added users will by default get an email.
- New alert notifier type logging to a Humio repository.
- Auto-balanced partition table suggestions. See ZONE, DIGEST_REPLICATION_FACTOR, STORAGE_REPLICATION_FACTOR in configuration. See Configuration Settings.
- Improved error handling when a parser cannot be loaded. Before, this resulted in Humio returning an error to the log shipper. Now, data is ingested without being parsed, but marked with an error as described in Parser Errors.
- CSV files can no longer contain unnamed columns and also trailing commas are disallowed. Queries based on such files will now fail with an error.
- New explicit signup and login pages for social login.

Humio Server 1.14.6 Stable (2020-10-30)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.14.6

Stable

2020-10-30

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	d49223f102edc33a255dd9d7178d95f0
SHA1	70b446b461381e1e02d3a994deb88c5ba3e682f2
SHA256	17d82d593a4f290867819f8095a59d0367083c022d45d9db1c33417337d7a5b8
SHA512	1d7bcdd2bd5d8385af487b8cd5a1b6da11d6a1893ade5ac5b06d44817f57e48e2679df13e9fe0f99e73723b2c306e282807fdfde9650176c19ef461c646c39fc

Email Notification Improvements

Bug Fixes

Summary
- Fixed an issue where missing input validation in alerts could lead to HTML injection in email notifications.
- Prevent automatic url to link conversion in email clients.

Humio Server 1.14.5 Stable (2020-10-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.14.5

Stable

2020-10-21

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	097c33aba188611a3157a00cdb7366af
SHA1	3ac3a1722ff46530ebdf6cf1a2e977437a8917e9
SHA256	cb4aa5b17dba7ca6a79494401cfaaa3e1aefce77fb029b33e24a551e9fab9a22
SHA512	e737fa3bddab0c236a37b0725f2210efd4d761977646581addb29833c31081f0cc6e84f5c514be7e860dc4e848afeae5a77ab0b3536347a1d6757ba4b1547be7

Bug Fixes and New Metric

Bug Fixes

Summary
- Fixed an issue where Humio could behave incompatibly with Kafka versions prior to 2.3.0 if KAFKA_MANAGED_BY_HUMIO was true.
- Fixed an issue where Humio might attempt to write a larger message to Kafka than what Kafka allows.
- Added new metric jvm-hiccup for measuring stalls/pauses in the JVM.

Humio Server 1.14.4 Stable (2020-10-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.14.4

Stable

2020-10-09

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	1a728a2eee16db13d2c5114ada74382c
SHA1	ec61329a161dce7a387976343babf7d3ff44527b
SHA256	2b49f98b2b112e54ec310ffb08013debcf9005af35bf97eca36cb69e438f1366
SHA512	61e0628975aee35f01b9b6d63770c307b0a2f47fe41623bef56a0bdc2f6758ec3fe3145ed1e2b4118a482c5cd0f65b1d8fc4dbf881cc63e53a724b271f4634a7

Bug Fixes and Stability Enhancements

Bug Fixes

Summary
- Changed limits for what can be fetched via HTTP from inside Humio.
- Log Humio cluster version in non-sensitive log.
- Fixed a problem where some deleted segments could show up as missing.
- Fixed a problem where duplicated uploaded files would not be deleted from /tmp.
- Avoid overloading Kafka with updates for the global database by collecting operations in bulk.
- Fixed several cases where Humio might attempt to write a larger message to Kafka than Kafka allows.

Humio Server 1.14.3 Stable (2020-09-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.14.3

Stable

2020-09-24

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	98d17b3fcca4f158e5cfe0c7d95d0ac7
SHA1	57dd7e54bc414213de946119b102d6612cd0f7a1
SHA256	661b21efd3128da29f20d987cd6d9e89541bdfacd8e0391a99bef5ba3255d7ba
SHA512	7ccf6574c4da5a92975029236e762713be319c09032f066d28473ded25462d39e446ed402fa6463f8172077e05f9d91cd224c6d3a9ad3de5876fdd472bae8c0d

Bug Fixes and Improved Query Scheduling

Bug Fixes

Summary
- Fix missing cache update when deleting a view.
- Changed the query scheduling to account for the work of the overall query, rather than per job started. This allows fairer scheduling of queries hitting many dataspaces e.g. when using search-all.
- Improve naming of threads to get more usable thread dumps.
- Add logging to detect issues when truncating finished files.
- Change priorities when fetching segments to a node which have been offline for a longer period. This avoids waiting too long before the cluster becomes fully synced.
- Fixed an issue where a slow data stream could cause Humio to retain more data in Kafka than necessary, as well as cause a restarted Humio node to reprocess too much data.
- Improve handling of sub-queries polling state from the main query when using join().

Humio Server 1.14.2 Stable (2020-09-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.14.2

Stable

2020-09-17

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	c3eb561c270dce0fe7468c34cbd4322f
SHA1	85c1c0e16507fa152c7adbba5844aed2c83c0e03
SHA256	5f4e382586a6069c5ebde1d1a620ab3d1f8f1c532e9ecce972a348ab669b2c2d
SHA512	f3be7379941c9f3ae677b351dc65f90da71aaf43fdc78e93eca99d3b8dfc4fd28618c9fd4d22bf4657cdc0d9b9f80d59589c3984860958aefff61f0a769251a7

Bug Fixes, HEC Endpoint Validation and New Metrics

Bug Fixes

Summary
- Fixed a problem where too many segments could be generated when restarting nodes.
- Fixed a race condition when cleaning up datasources.
- The job for updating the IP location database now uses the configured HTTP proxy, if present.
- New metrics for scheduling of queries:
  - local-query-jobs-wait: Histogram of time in milliseconds that each query waited between getting any work done including exports
  - local-query-jobs-queue: Count queries currently queued or active on node including exports
  - local-query-segments-queue-exports-part: Count of elements in queue as number of segments currently queued for query for exports
  - local-query-jobs-queue-exports-part: Count queries currently queued or active on node for exports
- Added log rotation for humio-non-sensitive logs.
- Include user email in metrics when queries end.
- Improved handling of data replication when nodes are offline.
- Fixed a problem where segments could be downloaded to stateless frontend nodes from Bucket storage.
- HEC endpoint is now strictly validated as documented for top-level fields, which means non-valid input will be rejected. See HTTP Event Collector (HEC).

Humio Server 1.14.1 Stable (2020-09-08)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.14.1

Stable

2020-09-08

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	b57e75be1b07018a158585f04cdcb9d8
SHA1	6e1754ba60abeb35233a728dcb78ae11f0986d8a
SHA256	5939bb412601b4356ccc431d87e3e8290a48db967a0739f638b0ea587e1a9eb7
SHA512	a90b03b4081cd8ee73d06c0f925705740c769ff405b09cb1c06a51b8566775d7e2540bd6275ae1f8f7e4e0a65d241d7f1f195d26c6c3474894639d6b19b7d3d3

Bug fixes and updates.

Bug Fixes

Summary
- Improve performance when processing streaming queries.
- Remove restriction on expire time when creating emergency user through the emergency user API. See Enabling Emergency Access.
- Remove restriction on length of group names from LDAP.

Humio Server 1.14.0 Stable (2020-08-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.14.0

Stable

2020-08-26

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	d0ede2c5d1075119507701bff7a04b29
SHA1	b4fc3f50fabe0abdea5db2a2b502c0b2b0b71aa7
SHA256	e9ddafa574576eb890cf22d241e0307caf613cc5b1bd9fdc84e50e975a40d67b
SHA512	16506530541f87579660b630265171c137b8de787b5c5d11b145fc1d18ff04038514b91469b040212dbd27bddc2cee4cb5cca0054f547917624137fedb23ba20

Bug fixes and updates.

Free Text Search, Load Balancing of Queries and TLS Support. This release promotes the latest 1.13 release from preview to stable. To see more details, go through the individual 1.13.x release notes (links in the changelog).

Free text search now searches all fields rather than only the @rawstring field.

Humio can now balance and reuse existing queries internally in the cluster. Load balancer configuration to achieve this is no longer needed. See Configuration Settings and Manual Cluster Deployment.

TLS encrypts communication using TLS to/from Zookeeper, Kafka, and other Humio nodes.

IPlocation Database Management Changed

The database used as data source for the ipLocation() query function must be updated within 30 days when a new version of the database is made public by MaxMind. To comply with this, the database is no longer shipped as part of the Humio artifacts but will either:

Be fetched automatically by Humio provided that Humio is allowed to connect to the db update service hosted by Humio. This is the default behaviour.
Have to be updated manually (See ipLocation() reference page).

If the database cannot be automatically updated and no database is provided manually, the ipLocation() query function will no longer work.

Controlling what nodes to use as query coordinators. Due to the load balancing in Humio, customers that previously relied on load balancing to control which nodes are query coordinators now need to set QUERY_COORDINATOR to false on nodes they do not want to become query coordinators. See Manual Cluster Deployment and Configuration Settings.

Bug Fixes

Configuration
- Improved handling of query restarts to avoid unnecessary restarts in some scenarios.
- Handling of digest in the case where a node has been offline for a long time has been improved. As an example, running a Humio cluster with a replication factor of 2 and having one node go offline for a long time would leave some ingested data to only reside on one Humio node (and on the ingest queue in Kafka). But this data would not be regarded as properly replicated until the second node returned. If the only node that was left handling a digest partition did a failover, Humio would end up going far back on the Kafka ingest queue to reread data. This has been changed. Now another node from the set of digest nodes will take over if a node goes offline, to keep the replication factor as desired. This means that other hosts, than those specified for a given digest partition on the cluster management page, can actually be handling the digest data for that partition. Only digest nodes will be selected as hosts.

Humio Server 1.13.5 Preview (2020-08-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.13.5

Preview

2020-08-12

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

Yes

JAR Checksum	Value
MD5	0e9345ea59cb8f76a14cf84c7889de19
SHA1	6e27b7e2ec68090ad2c6019e0b3dea56d03d4059
SHA256	3f9e0865df1c28dc69d45f764c65c39aeccfacfadeb0ec04165655ef423c7fff
SHA512	256ba3cbd99245327176569cdfde8d8cee3f8c15c2f60c0c2e02115e8fd6eefec0be3cd3dac5592d4fd2b6d5e2a609e414a963af2c6ead317171228cc001666b

Security and Bug Fixes

Bug Fixes

Summary
- export to file now allows for fieldnames with special characters.
- missing migration of non-default groups would result in alerts failing until the user backing the alert logs in again.
- This release fixes a security issue. More information will follow when Humio customers have had time to upgrade. See: Security Disclosures
- export to file can now include query parameters

Humio Server 1.13.4 Preview (2020-08-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.13.4

Preview

2020-08-05

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

Yes

JAR Checksum	Value
MD5	56dd1acc53af27871de4260ff14c03f2
SHA1	10e4f5ad2079fb9c85f5fbf7f970a40a3951910c
SHA256	256b45cb00097da6ff219713d8ed4d5bf8c4dc5b1094f856de3586c2a9f7618f
SHA512	411a0f5aa3b6c96eb72dd7680d9fa94ea51e3da927c318bac0df37a2c7dee0cac9714e9807473a10417f11a3106f65107982669f9c3e29f2ac7a7a1a901a93df

Security and Bug Fixes

Bug Fixes

Summary
- Fix issue where a query could fail to search all segments if digest reassignment was occurring at the same time as the query.
- Fix issue where a node with no digest assignment could fail to delete local segment copies in some cases.
- This release fixes a security issue. For more information see: Security Disclosures

Humio Server 1.13.3 Preview (2020-08-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.13.3

Preview

2020-08-04

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

Yes

JAR Checksum	Value
MD5	93a48eb23b149780fac8e065d28e3bc1
SHA1	6f78a25d48e79482c6e98cf2dc2125208d3c906f
SHA256	d526f5d0d1b9f1d1061b93e0a5c1c66d5ecd2a88cf732318d6f8fe8fcee9df30
SHA512	a7fed48de308a679b5907a485ac7dc54008d9dfee32a08d41c23df2f3bc2ff7f3184a0283cf211562eaf4a9b7cc926e70ef22243ba8e3d3ed463dc872b3662bd

Security and Bug Fix

Bug Fixes

Summary
- This release fixes a security issue. For more information see: Security Disclosures
- avoid forbidden access error on shared dashboard links by ensuring correct use of time stamps

Humio Server 1.13.2 Preview (2020-08-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.13.2

Preview

2020-08-03

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

Yes

JAR Checksum	Value
MD5	32b80ba726b370fc740ba7960d537ccc
SHA1	fc8a67b2fad623b0806405f9409b6e2d94d713a6
SHA256	fcdac4812ef43784c3dc575e8970ecdc2d45f954773867a2b43bde97c9176142
SHA512	4a0e86276d19da61b795bd937ecb0145bcfdb59a9678a5d1ed93045964db7b61d937ec69d1bd13bc79447ef74555f9de925bc416388b6cb742765191f79cb08e

Bug Fixes

Bug Fixes

Summary
- joins will now propagate limit warnings from sub queries to the main query
- avoid saving invalid bucket storage configurations
- all ingest methods now support the ALLOW_CHANGE_REPO_ON_EVENTS configuration parameter
- make sure join-subqueries gets canceled when the main query is canceled
- Default groups added
- export to file no longer fails/timeouts on heavy sub queries

Humio Server 1.13.1 Preview (2020-07-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.13.1

Preview

2020-07-03

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	f097c9c95c06f12ec55c008b9963f9ee
SHA1	8acc122717d30f5a3333175a172e4c26a3c20569
SHA256	9dd7736569cc823182140ffd7ed91609cdafb97f99586d0d91def412a37bd548
SHA512	eaceff5d2ffc55c18f6175f519ecd0c97a684cb2a1d46c3e242513181bf29217331deb934eba45ba7d55f795a1cccd0ae25cf76b685dd484ed681a2f66791f01

Bug Fixes and Improved Search Speeds for Many-Core Systems

Bug Fixes

Summary
- Support for a new storage format for segment files that will be introduced in a later release (to support rollback)
- S3Archiving could write events twice in a special case (When a merge happens where all inputs have been archived, write in global that the merge-result was archived too).
- Improved query scheduling on machines with many cores. This can improve search speeds significantly.
- Bucket storage in GCP could did not clean up all tmp files

Humio Server 1.13.0 Preview (2020-06-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.13.0

Preview

2020-06-24

Cloud

On-Prem

2021-08-31

No

1.12.0

11

No

JAR Checksum	Value
MD5	c9dca247bec107fa41c6ec1fe5bb5d3b
SHA1	51e898057d10d80e6a50ab86ab5bedf71d348f5b
SHA256	b5c21c0028f1d61104821e5d4749b15cea7e208aa9bfb9307a9b10e077f6f7b6
SHA512	5b148d8d8fd8680fd61c642bda45f7dba2cb0aa21efeb2752b02a6467a7063036f1b31ea347816ecdcba676cf1d9d199e409620bd6b1acd2cc2fdeff78767375

Many improvements, including some related to free-text searching, load balancing queries, TLS support, IPlocation() query function, and some configuration changes.

Bug Fixes

Configuration
- Humio can now balance and reuse existing queries internally in the cluster. See Configuration Settings.
- The data source for the ipLocation() query function is no longer shipped with humio but installed/updated separately.
- Free text search now searches all fields rather than only @rawstring.
- Added support for WebIdentityTokenCredentialsProvider on AWS.
- Introduced a new ChangeViewOrRepositoryDescription permission for editing the description of a view or repository. This was previously tied to ConnectView and any user with that permission will now have the new permission as well.
- Internal communication in a Humio installation can now be encrypted using TLS. See TLS.

Improvement

Configuration
- Controlling what nodes to use as query coordinators. Due to the load balancing in Humio, customers that previously relied on load balancing to control which nodes are query coordinators now need to set QUERY_COORDINATOR to false on nodes they do not want to become query coordinators. See Configuration Settings and Manual Cluster Deployment.
Other
- Humio can now balance and reuse existing queries internally in the cluster. Load balancer configuration to achieve this is no longer needed. See Configuration Settings and Manual Cluster Deployment.
- Free text search now searches all fields rather than only @rawstring.
- TLS encrypts communication using TLS to/from Zookeeper, Kafka, and other Humio nodes.
- The database used as data source for the ipLocation( ) query function must be updated within 30 days when a new version of the database is made public by MaxMind. To comply with this, the database is no longer shipped as part of the humio artifacts but will either:
  - Be fetched automatically by Humio provided that Humio is allowed to connect to the db update service hosted by Humio. This is the default behaviour.
  - Have to be updated manually (see ipLocation() reference page).
  If the database cannot be automatically updated and no database is provided manually, the ipLocation() query function will no longer work.

Humio Server 1.12.7 Stable (2020-09-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.12.7

Stable

2020-09-17

Cloud

On-Prem

2021-06-30

No

1.10.0

11

No

JAR Checksum	Value
MD5	438fc3f94d9e252184cbeaee2dacc740
SHA1	08254ec21b51d6522a0336b92548943d9fe0b140
SHA256	814d522ef2aef4f3a81ab8380c5ad746ef9d13f302124bc0c13c64378ef4feec
SHA512	e2e936e1d20a6e60e312e995d1557085976531cfa2c50daa19cd0ce474ff398acdda3cf2431ab4a0aa33625ee45dc798685e6e485d282281f668c2c587bf69be

Bug Fix and Additional Metrics

Bug Fixes

Summary
- Fixed a race condition when cleaning up datasources
- New metrics for scheduling of queries:
  - local-query-jobs-wait: Histogram of time in milliseconds that each query waited between getting any work done including exports
  - local-query-jobs-queue: Count queries currently queued or active on node including exports
  - local-query-segments-queue-exports-part: Count of elements in queue as number of segments currently queued for query for exports
  - local-query-jobs-queue-exports-part: Count queries currently queued or active on node for exports

Humio Server 1.12.6 Stable (2020-09-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.12.6

Stable

2020-09-03

Cloud

On-Prem

2021-06-30

No

1.10.0

11

No

JAR Checksum	Value
MD5	43c5c6e2a7de76e73d63002c04f8693c
SHA1	dfff8f766cedca6a7b1888e2d060b07fba035b61
SHA256	3928f42354195c4217d60a86d4df70307477af81fa4ca2d87d29c921dbc1ae5a
SHA512	32e8e1b008b945545159b87d183ab1ef76d649a8a96ac92f54799446c345e205a1e13953f43a8feac264596ee69de7e10e57e2a532bb860bef062559c60442a6

Bug Fixes

Bug Fixes

Summary
- Remove restriction on length of group names from LDAP.
- Improved handling of query restarts to avoid unnecessary restarts in some scenarios.

Humio Server 1.12.5 Stable (2020-08-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.12.5

Stable

2020-08-12

Cloud

On-Prem

2021-06-30

No

1.10.0

11

No

JAR Checksum	Value
MD5	99fc31c507d0a6193c0257b3a1a1e708
SHA1	d0c7fa652713473d04923d1c5921374144a38aed
SHA256	94c3f8cbb84dfe6870bdcfa4771f46a124ba8bca5d85332f0a0150a3e6f54a49
SHA512	1b25c775757af29f65597dbb3d5504637485a75f2fc5b29412ea646527aebee31b4f0b96f732c70e7ed9e0d4e1c48776c4c893398e3da3222c9ccce8d762676c

Security and Bug Fixes

Bug Fixes

Summary
- This release fixes a security issue. More information will follow when Humio customers have had time to upgrade. See Security Disclosures
- Fix issue where a node with no digest assignment could fail to delete local segment copies in some cases.
- missing migration of non-default groups would result in alerts failing until the user backing the alert logs in again.
- avoid forbidden access error on shared dashboard links by ensuring correct use of time stamps.

Humio Server 1.12.4 Stable (2020-08-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.12.4

Stable

2020-08-05

Cloud

On-Prem

2021-06-30

No

1.10.0

11

No

JAR Checksum	Value
MD5	33fe0d36c64e58ff875496facf68e65a
SHA1	7122a470bf146e40ddce711349007dd1a4f7961c
SHA256	4cd4fa7b21fbdd14b095cb20e7d5d6af0c78bccc0bbc152c7417149db5d0d194
SHA512	879822ef357dbb1dcdd969ba053bd09cabaf42b4748495543b72b63f43f8c9c6b0feb25911446f07ae37468ec663e7b278c752dc441a52136762d429c18a7f5b

Security Fix

Bug Fixes

Summary
- This release fixes a security issue. For more information see: Security Disclosures

Humio Server 1.12.3 Stable (2020-08-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.12.3

Stable

2020-08-04

Cloud

On-Prem

2021-06-30

No

1.10.0

11

No

JAR Checksum	Value
MD5	b6de082e67d662de761d5b79915152b8
SHA1	78cf6419a7a092e7d2a8200000ada4535f2f5b5c
SHA256	cec300a428f0f5998bbd13d56283fb54dbe47f1205d97115b23dfabf4f3dcbc7
SHA512	0704b189c70073e304ce115808441e6b44b6aa267df66fe9cac3998a80adc340fe5692829469c99dfceae3cb60e6bcc152ba7f77d509331d50d9621cfc7a1bfc

Security Fix

Bug Fixes

Summary
- This release fixes a security issue. For more information see: Security Disclosures

Humio Server 1.12.2 Stable (2020-07-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.12.2

Stable

2020-07-03

Cloud

On-Prem

2021-06-30

No

1.10.0

11

No

JAR Checksum	Value
MD5	33890ac97e42a107f8f8618312029ca0
SHA1	0a097631134aa0078e0aea54f32cf58c0be8066b
SHA256	446acdcd64f3c33cdffd886e530201576e75c781184708da30af2dfc7b4bcd14
SHA512	1931cf27039d17b5aeb4c6fe4022b88a263d41464cb304ba4d30dd936a9cb6202af36dd6c97a5c3e183dd60042def96538e62de3ee86a3204e1108b60a9d9852

Bug Fixes and Improved Search Speeds for Many-Core Systems

Bug Fixes

Summary
- S3Archiving could write events twice in a special case (When a merge happens where all inputs have been archived, write in global that the merge-result was archived too).
- Improved query scheduling on machines with many cores. This can improve search speeds significantly.
- Support for a new storage format for segment files that will be introduced in a later release (to support rollback)
- Bucket storage in GCP could did not clean up all tmp files

Humio Server 1.12.1 Stable (2020-06-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.12.1

Stable

2020-06-24

Cloud

On-Prem

2021-06-30

No

1.10.0

11

No

JAR Checksum	Value
MD5	d6a8a2fa268c92a46024af8e8ba7b27a
SHA1	20660ae440fdcaf818c3919f4b3d467f71da37ce
SHA256	16c96f36554425939b78c5df889cc689368f598a3b14ce336e3a28ad1dc1abbd
SHA512	e518b4778b7c6c50861fbaa25a2d95fc3f639e1dfcbb526c0a7727aefe650177d6975ee50caa51d8ccfd636eacdb6fba2ee3cd3a7d1f150eae09147a06c3e2f4

Bug Fixes: Safari Freeze, SAML, Bucket Storage Clean-Up, Regex and Field-Aliasing

Bug Fixes

Summary
- Fixed an issue with CSP that could cause the Humio UI to freeze on Safari browsers
- Fixed an issue where queries using lookahead in regex would fail to parse - "invalid or unsupported Perl syntax"
- Fixed an issue where events could be skipped even though they should not, for queries containing field-aliasing (e.g., a:=b) and using subsequent checks on the aliasing field.
- Fixed an issue with SAML IDPs requiring query parameters to be passed via the configuration SAML_IDP_SIGN_ON_URL
- Fixed an issue that prevented deletion of unused objects in bucket storage, if the bucket contained .0 millions of objects or more

Humio Server 1.12.0 Stable (2020-06-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.12.0

Stable

2020-06-09

Cloud

On-Prem

2021-06-30

No

1.10.0

11

No

JAR Checksum	Value
MD5	73a3fc77b4b603df3d492a3c8f740cb2
SHA1	0e70382492ca4a59b3139fad1ee22344f0b257e8
SHA256	dbf34321f44a4e60726a10d67d1a73db7915c94d7e786ad332d5832f34a81c81
SHA512	4f2840a8b552395735006481107c55567dbbd865025fb0fbfdf5d590938eafb541a780b4065a4ed4419b12e7e894c9a768902ea8f5c21ed7debc3368e6a7e528

Export to Bucket, findTimestamp(), selfJoin(), Emergency User Sub-System This release promotes the 1.11 releases from preview to stable. To see more details go through the individual 1.11.x release notes (links in the changelog).

The selfJoin() query function allows selecting log lines that share an identifier; for which there exists (separate) log lines that match a certain filtering criteria; such as "all log lines with a given userid for which there exists a successful and an unsuccessful login".

The findTimestamp() query function will try to find and parse timestamps in incoming data. The function should be used in parsers and support automatic detection of timestamps. It can be used instead of making regular expressions specifying where to find the timestamp and parsing it with parseTimestamp(). Checkout the findTimestamp() for details.

As an alternative to downloading streaming queries directly, Humio can now upload them to an S3 or GCS bucket from which the user can download the data. See Buckets & Archive Storage.

If there are issues with the identity provider that Humio is configured to use, it might not be possible to log in to Humio. To mitigate this, Humio now provides emergency users that can be created locally within the Humio cluster. See Enabling Emergency Access.

Fluent Bit users might need to change the Fluent Bit configuration. To ensure compatibility with the newest Beats clients, the Elastic Bulk API has been changed to always return the full set of status information for all operations, as it is done in the official Elastic API. This can however cause problems when using Fluent Bit to ingest data into Humio.

Fluent Bit in default configuration uses a small buffer (4KB) for responses from the Elastic Bulk API, which causes problems when enough operations are bulked together. The response will then be larger than the response buffer as it contains the status for each individual operation. Make sure the response buffer is large enough, otherwise Fluent Bit will stop shipping data. See: https://github.com/fluent/fluent-bit/issues/2156 and https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch

Bug Fixes

Other
- Other changes: (see 1.11.1 release notes)
- Major changes: (see 1.11.0 release notes)

Humio Server 1.11.1 Preview (2020-05-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.11.1

Preview

2020-05-28

Cloud

On-Prem

2021-06-30

No

1.10.0

11

No

JAR Checksum	Value
MD5	5cb65fb38f5882c86e170fc19932bc2c
SHA1	d8639e7541b0de1b2ef5c3909f88d864b18faf63
SHA256	63e5264b32fc02774e1f4dd3a7dbd1ddbb124158e915d5df219b355faaf278d0
SHA512	7c7832559a5a1f43f87d7cf12bbb63b5a7ea6c0922a4c917b652caba08fe77375b49517f2675f819f9fdf0519e90310e572bee1cee8e72bade531605ddd14942

Bug Fixes and Memory Optimizations

Bug Fixes

Other
- Dashboard widgets now display an error if data is not compatible with the widget
- Several improvements to memory handling
- Several improvements to query error handling
- Elastic Bulk API change

Known Issues

Other
- Fluent Bit users might need to change the Fluent Bit configuration. To ensure compatibility with the newest Beats clients, the Elastic Bulk API has been changed to always return the full set of status information for all operations, as it is done in the official Elastic API.
  This can however cause problems when using Fluent Bit to ingest data into Humio.
  Fluent Bit in default configuration uses a small buffer (4KB) for responses from the Elastic Bulk API, which causes problems when enough operations are bulked together. The response will then be larger than the response buffer as it contains the status for each individual operation. Make sure the response buffer is large enough, otherwise Fluent Bit will stop shipping data. See: https://github.com/fluent/fluent-bit/issues/2156 and https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch

Humio Server 1.11.0 Preview (2020-05-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.11.0

Preview

2020-05-19

Cloud

On-Prem

2021-06-30

No

1.10.0

11

Yes

JAR Checksum	Value
MD5	70406b0710c9c999ec5293357e03b05a
SHA1	f50294f5d0267d582d7207f7df33e16eee2744af
SHA256	c1a79a8f1ca41e14158992ba5dfff0a05ce39292b5ed5bfa8d5507973d054fdb
SHA512	f0f210d24aac849457839588202d662294911bf095e0f5a791093c61c435969b300f0a303d457a0e8cdbb13d742a81b3d09c6e11fad28f927ee9782153d05fc8

Export to Bucket, findTimestamp(), selfJoin(), Emergency User Sub-System

The selfJoin() query function allows selecting log lines that share an identifier; for which there exists (separate) log lines that match a certain filtering criteria; such as "all log lines with a given userid for which there exists a successful and an unsuccessful login".

The findTimestamp() query function will try to find and parse timestamps in incoming data. The function should be used in parsers and support automatic detection of timestamps. It can be used instead of making regular expressions specifying where to find the timestamp and parsing it with parseTimestamp(). See the findTimestamp() reference page for details.

As an alternative to downloading streaming queries directly, Humio can now upload them to an S3 or GCS bucket from which the user can download the data. See Bucket Storage.

If there are issues with the identity provider that Humio is configured to use, it might not be possible to log in to Humio. To mitigate this, Humio now provides emergency users that can be created locally within the Humio cluster. See Enabling Emergency Access.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Other
Allow for emergency logins if the primary login provider is having problems. See Enabling Emergency Access.

Bug Fixes

Configuration
- New configuration MAX_CHARS_TO_FIND_TIMESTAMP. Default value should work for most deployments. See Configuration Settings.
Dashboards and Widgets
- Guage widget now works for arbitrary numbers not only for aggregated numbers.
Functions
- Query function unit:convert()
- Query function findTimestamp()
- Query function selfJoin()
- Query function formatDuration()
- Query function selfJoinFilter()
Other
- New built-in parser zeek-json.

Humio Server 1.10.9 Stable (2020-08-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.10.9

Stable

2020-08-05

Cloud

On-Prem

2021-04-30

No

1.10.0

11

No

JAR Checksum	Value
MD5	a9fc2ea12707d4b1c581151e0026f1b9
SHA1	d4f374af166c4138a1c5ef715ae7e6299fc4a51f
SHA256	b2f676c80a61a444b799295f6ca5e3284209aa1d4611182503e78c4b4ca64623
SHA512	146baf45e4181694b327849665771cc859a4757e32e0b982990da80171f144b12a01a47fcba2bdb728a4c10fede2a1ff0ff25c7b5bbf8be3a80caf6a982af9e2

Security Fix

Bug Fixes

Summary
- This release fixes a security issue. For more information see: Security Disclosures

Humio Server 1.10.8 Stable (2020-08-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.10.8

Stable

2020-08-04

Cloud

On-Prem

2021-04-30

No

1.10.0

11

No

JAR Checksum	Value
MD5	ebc006bf64fc1f310f6c29a8854da2f7
SHA1	1461cd0e70f1ddb30b316cf9d0010a0840a11241
SHA256	7432902332b1a87f6899870e3bd47a18077a04980a63427896a0eac204300e2d
SHA512	c63714a10b7d06a869ab47bf4a84c31e88656f7e78c14281fdc9b78dc6139fc94b08f02dfd810352844bc0662838790227c18877a518b11cf67ad39c12e7ca0b

Security Fix

Bug Fixes

Summary
- This release fixes a security issue. For more information see: Security Disclosures

Humio Server 1.10.7 Stable (2020-07-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.10.7

Stable

2020-07-03

Cloud

On-Prem

2021-04-30

No

1.8.5

11

No

JAR Checksum	Value
MD5	36d8bcdffeb41720006c2d07ae38669a
SHA1	83fda60fe22239101cf1e81fd41bec04071f5ae5
SHA256	4aa66055218f4f4d7ad65a7476e7f8b6ddd57f8187472e80e2bef1506aa3484f
SHA512	c34ae669043a70d4ebc760365bcb82477fbbbaadb0f3229083732b1549e646444ffbb42d2e1285b9f0ca8e1213e9fef42a14d587b66ba3adf883fedc8ba09c72

Bug Fixes and Improved Search Speeds for Many-Core Systems

Bug Fixes

Summary
- S3Archiving could write events twice in a special case (When a merge happens where all inputs have been archived, write in global that the merge-result was archived too).
- Bucket storage in GCP could did not clean up all tmp files
- Support for a new storage format for segment files that will be introduced in a later release (to support rollback)
- Improved query scheduling on machines with many cores. This can improve search speeds significantly.

Humio Server 1.10.6 Stable (2020-06-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.10.6

Stable

2020-06-24

Cloud

On-Prem

2021-04-30

No

1.8.5

11

No

JAR Checksum	Value
MD5	ff8b12b453b9e600ac6a5f917a799f8b
SHA1	c6bf4610bc284c7838d92e0c110461349511afeb
SHA256	04503cb6691db596b5237e65e9f639013caab3010c753796392d1d59a9e06413
SHA512	d6a8c3c898c4d93ac8dd564ec0394a5d5db4d06711bd498e38ce58a2b026bd8d6e1f2b664e30de92eb60afb7b452b34b4c17e0e6370331afdcc2030407f74674

Bug Fixes: Safari Freeze, SAML and Bucket Storage Clean-Up

Bug Fixes

Summary
- Fixed an issue with CSP that could cause the Humio UI to freeze on Safari browsers
- Fixed an issue with SAML IDPs requiring query parameters to be passed via the configuration SAML_IDP_SIGN_ON_URL
- Fixed an issue that prevented deletion of unused objects in bucket storage, if the bucket contained .0 millions of objects or more

Humio Server 1.10.5 Stable (2020-06-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.10.5

Stable

2020-06-09

Cloud

On-Prem

2021-04-30

No

1.8.5

11

No

JAR Checksum	Value
MD5	e26c8dcab38cf8ae70146af0c20de708
SHA1	38b4cd3f334845ebdc91d02b9f24cab628290805
SHA256	3234edd2ec5a01b67c07f8d87d57a967fb37a2e6b29a34317545a37796650a83
SHA512	281bfc2da26ef9f14c123c695943149499f43f7c67e20ff2150420bed7e745a7f6e2483b6073a366e453589f657a3717031071e6374b124657cb5b8c77542255

Bug Fixes: humio-search-all and Query Timeouts

Bug Fixes

Summary
- Fixed an issue where a query could get a "Result is partial" warning when the query took more then 15 minutes to complete while a merge of segments addressed by the query happened in the background
- Fixed an issue where long running queries started as part of an export, or by calls to the /query API would time out
- Fixed a number of issues with export and alerts in the humio-search-all repository.

Humio Server 1.10.4 Stable (2020-05-29)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.10.4

Stable

2020-05-29

Cloud

On-Prem

2021-04-30

No

1.8.5

11

No

JAR Checksum	Value
MD5	8fd134e50a88aa016037aff59bca7f70
SHA1	184f4c0d1b477eef81357e7efcbe2cafb2920fef
SHA256	3398a9e1cc4f3e2f70e952f0c6481fe3c31f447e68d1589904ee26e614cb9a30
SHA512	fab832e462afeaed828a55bc7a6b3d637317ace396ff0751fbf1813d4f0ce01f8cf11e4d3ed6cb6eda898e5521739de766b8ade609fcc98ca774a5d079f76509

Bug Fixes for Long-Running Queries

Bug Fixes

Summary
- Fixed a number of bugs that would cause long-running queries using join, selfJoin or selfJoinFilter to timeout or fail

Humio Server 1.10.3 Stable (2020-05-20)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.10.3

Stable

2020-05-20

Cloud

On-Prem

2021-04-30

No

1.8.5

11

No

JAR Checksum	Value
MD5	b534f6427bbc73720246c88df097d962
SHA1	4fd7b762eefcd241c14a0dcc74642ab5f96066a3
SHA256	03fbcdfffbd4e730ab6ac97ce1e0c88dfa2b2c544de01767647ac9fc1a606c97
SHA512	cc1cd46e9e38cf9215e82da0246ba7cfd27b50becbe9b9a17c0c3c88427649b93339b6cffc6780bc241c2bd152d8f781b7f6d421dcd641def3cef66a8290841f

Bug Fixes

Bug Fixes

Summary
- An issue could result in malformed messages being put into the ingest queue. This version is able to read and skip such messages. The issue causing such malformed messages has been fixed.

Humio Server 1.10.2 Stable (2020-05-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.10.2

Stable

2020-05-19

Cloud

On-Prem

2021-04-30

No

1.8.5

11

No

JAR Checksum	Value
MD5	34618e12957e3394f06dd86d7b283bb7
SHA1	b9e75509bbec4093019a475cc3660c28295bd1c4
SHA256	c4868bd4067833744cceaa44dac29a5af2b450d112c34f3dfd8d46906cf115f8
SHA512	5789415e8c6d748c7a724f702606e96ba48f7595517787d76b7e7581766e23c1de7af1eec5b66cc22d73241d61fb4866f3b12a88d73ee6ca453c8bab255fb331

Optimizations, Improved Humio Health Insights and Bug Fixes

Bug Fixes

Summary
- A couple of memory leaks have been found and fixed.
- Better sorting when computing query prefixes in order to reuse queries.
- Improvements made to speed of frontpage loading. Noticeable for customers with many repositories and groups.
- Autocreate users on login when synchronizing groups with external provider.
- Paging in UI. administration/Users & Permissions.
- Humio search all repo interaction with alerts and notifiers.

Humio Server 1.10.1 Stable (2020-05-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.10.1

Stable

2020-05-04

Cloud

On-Prem

2021-04-30

No

1.8.5

11

No

JAR Checksum	Value
MD5	abca8999c6542ff0a4d60b897eb5acf3
SHA1	176e416e63d13200dee21a509fa9ae2401b8a0ca
SHA256	8a1a419c3bd664a006918ee0b957ed2f1fbdea20dda2ea8114ab4db7b039425a
SHA512	93a8d7a1c86e646f9e7fb26f8feeb05f5bf22774cd69e2b0ac113c48f7736242554ddeb0065ff19ab9723546aa75a064af4e7f7779a8d2efa91651aa7f61f630

Optimizations, Improved Humio Health Insights and Bug Fixes

Bug Fixes

Summary
- New metric: "query-delta-cost": 30s delta cost on queries per repo, for the entire cluster.
- This release fixes a security issue. For more information see: Security Disclosures
- New internal jobs logging system stats: Search for #type=humio | NonSensitive | groupby(kind) to see them.
- Thread pools have been reorganized to require fewer threads and threads have been given new names.
- Memory requirements set using -XX:MaxDirectMemorySize is much lower now. Suggested value is ((#vCpu+3)/4) GB.
- Improved protocol within cluster for submitting queries to allow faster start of queries on huge repositories.

Humio Server 1.10.0 Stable (2020-04-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.10.0

Stable

2020-04-27

Cloud

On-Prem

2021-04-30

No

1.8.5

11

Yes

JAR Checksum	Value
MD5	4f1ed6fa41cb1f96c7a68b4242ff7280
SHA1	5e334e72d7a2e59ece26062007fd3baa6361cfb6
SHA256	36245d9e2d93650455dd2e69f7ad4b48f625c482334d9742674a9e4edfed17d4
SHA512	fce509692d77f483a919e5e5abbe82b5c58edbeec05afd25add03cb5500603e741ef66fdb886b85bfe3db535d3ce41d43e57bbb31e72c5cd4517bfb7321c941e

UI for Role Based Access Control (RBAC), Health Check API, Kafka Version Update, Vega Charts. This release promotes the 1.9 releases from preview to stable. This release is identical to 1.9.3 apart from the version string. To see more details go through the individual 1.9.x release notes (links in the changelog).

This release fixes a number of security issues. For more information see: Security Disclosures.

Updated Humio to use Kafka 2.4. Humio can still use versions of Kafka down through 1.1. Be aware that updating Kafka also requires you to update Zookeeper to 3.5.6. There is a migration involved in updating Zookeeper. See Zookeeper's migration FAQ here. Use the migration approach using an empty snapshot. The other proposed solution can loose data.

Updated Kafka and Zookeeper Docker images to use Kafka 2.4. Updating to Kafka 2.4 should be straightforward using Humio's Kafka/Zookeeper Docker images. Zookeeper image will handle migration. Stop all Kafka nodes. Stop all Zookeeper nodes. Start all Zookeeper nodes on the new version. Start all Kafka nodes on the new version. Before updating Kafka/Zookeeper, we recommend backing up the Zookeeper data directory. Then, add the Zookeeper properties described below. If you are deploying Kafka/Zookeeper using other tools, for example Ansible scripts, be aware there is a migration involved in updating Zookeeper.

When updating Kafka/Zookeeper we recommend setting these Zookeeper properties

# Do not start the new admin server. Default port 8080 conflicts with Humio port.
      admin.enableServer=false
      # purge old snapshot files
      autopurge.purgeInterval=1
      # Allow 4 letter commands. Used by Humio to get info about the Zookeeper cluster
      4lw.commands.whitelist=*

Bug Fixes

Other
- Dealing with missing data points in timecharts
- Add Role Based Access Control (RBAC) to the Humio UI
- New line interpolation options
- Support for controlling color and title in widgets
- Several improvements to Query Functions
- NetFlow support extended to also support IPFIX.
- Added humio Health Check APIs
- Time Chart series roll-up
- Linear interpolation now default. New interpolation type: Basis
- Replaces chart library with Vega, can be disabled using the ENABLE_VEGA_CHARTS=false flag.
- Control widget styling directly from dashboards
- Chart styling support (Pie, Bar)

Humio Server 1.9.3 Preview (2020-04-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.9.3

Preview

2020-04-22

Cloud

On-Prem

2021-04-30

No

1.8.5

11

No

JAR Checksum	Value
MD5	e2a84e14721946391ec9dddf66412723
SHA1	4b439142bf46d49c9e1b9c9685a2beacb921ef18
SHA256	646c3069015b1516dae2ef577d827a30d0deb62a393360fead05074a37edc670
SHA512	bf673036d37ec539d1abeb04b9388e87f8c6ddfc781602d67bb7e28a5beda6195b827bba61bc9f769836f4a764330d93a33ae4788700758ca23cd7f8ecb88ae4

Security Fixes, Bug Fixes, and timeChart() improvements

A few security vulnerabilities have been discovered as part of a proactive penetration test. None are known to have been exploited. More information will be forthcoming.

Bug Fixes

Functions
- More efficient collect() function implementation.
- New query function fieldstats().
Other
- New Time Chart interpolation options.
- New options for dealing with missing data in Time Charts.
- Improve disk space monitoring when using bucket storage.
- api-explorer not working due to CSP inline script.
- the query metric only measured time for streaming queries, now it includes non-streaming as well.
- The segment queue length metric was not correct when segments got fetched from bucket storage by a query.
- If at startup the global-snapshot.json file is missing, then try loading the ".1" backup copy.
- Improves responsiveness of the recent queries dropdown, and limits the number of stored recent queries to .0 per user per repository.
- Allow dots in tagged field names.
- Styling improvements in the "Style" panel for widgets.
- Security: [critical] Fixed more security vulnerabilities discovered through proactive penetration testing (more information will be forthcoming).
- Allow more concurrent processing to take place in "export" query processing.

Improvement

Dashboards and Widgets
- Deal with Missing Data Points in Timecharts
  This release improves the handling of missing data points in time charts. Previously you could either interpolate missing data points based on the surrounding data, or leave gaps in the charts. With the introduction of the new charts in 1.9.0 the gaps became more apparent than previously, and we have added new options to deal with missing data points. These replace the previous option "Allow Gaps", with four new options:
  - Do Nothing - This will leave gaps in your data
  - Linear Interpolation - Impute values using linear interpolation based on the nearest known data points.
  - Replace by Mean Value - Replace missing values with the mean value of the series.
  - Replace by Zero - Replace missing values with zeros.
  The release also introduces new options for line interpolation.
  - Monotone
  - Natural
  - Cardinal
  - Catmull-Rom
  - Bundle
  The latter three are impacted by the 'tension' setting in the timechart Style editor.

Humio Server 1.9.2 Preview (2020-03-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.9.2

Preview

2020-03-25

Cloud

On-Prem

2021-04-30

No

1.8.5

11

No

JAR Checksum	Value
MD5	f457859662db92bd00c282aa3daa1393
SHA1	a7d40e09f6a2e09a90fd2e3a2fc53618ac96a57f
SHA256	b33d955d51ddbc2b067b4539f1a447f4e6268e3944ead92dd7e03e56e754d95f
SHA512	e24b7f6b31c42b6e2b138eaa23bc6a1760dfff18b53bed6c16d1dcca79c31aabf01bbe913eee7cbe3629f410491754af77415bee14a81220099a7c4c8d1bb316

Security Fix and Bug Fixes

Bug Fixes

Summary
- Added API to the list and deleted missing segments from global.
- Security: [critical] Fixed a security vulnerability discovered through proactive penetration testing (more information will be forthcoming).

Humio Server 1.9.1 Preview (2020-03-23)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.9.1

Preview

2020-03-23

Cloud

On-Prem

2021-04-30

No

1.8.5

11

No

JAR Checksum	Value
MD5	a3fb1c5f2be309f2fca630f151522bc9
SHA1	c9bee3ec060d2b0cc75fba8fd085769c66224dcb
SHA256	4ae4ed141342c8daa193d61351919832bf63f07b02b103c2d97eac18888b61e7
SHA512	6e43adfff7e5bf9a6078060ec2660fb23e799b97b45b3f895eacf95bf344fc4b5acef9562018db133460ff97f8bd7dd883d1c9284b6e34cd1462a257597e37b9

Security Fix and Bug Fixes

Bug Fixes

Summary
- This is a critical update. Self-hosted systems with access for non-trusted users should upgrade immediately. We will follow up with more details when this update has been rolled out.
- the health-check failed-http-status-check would get stuff in warn state, this has now been fixed

Humio Server 1.9.0 Preview (2020-03-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.9.0

Preview

2020-03-12

Cloud

On-Prem

2021-04-30

No

1.8.5

11

Yes

JAR Checksum	Value
MD5	81a34e3166d583b2a3479b7a4d82f64c
SHA1	3f6646fc133c955d2c51977081da118f5b9b3fac
SHA256	f0877cc533ed58c3ca9630989b6848c79ba69f5217ee2dc6278909d4e586d076
SHA512	e932eacb43d25cd10a95ad59ce07a0e7b68e7859e6b5ccf1d463cb9a23ddbf8cd0d186776a538a59ab3dcd57f1048f8dc9e6fe020ca907334f195ea22f3acdf8

UI for Role Based Access Control (RBAC), Health Check API, Kafka Version Update, Vega Charts

Bug Fixes

Summary
- Now, you can click Edit Styling in the widget menu and modify styling directly from the dashboard view.
- Improved (reduced) memory consumption for live groupby, and for groupby involving many distinct keys.
- Since charts are such a central feature, we allow disabling the new implementation of widgets if you are experiencing issues with them. You can disable Vega charts globally using the ENABLE_VEGA_CHARTS=false flag.
- When updating Kafka/Zookeeper we recommend setting these Zookeeper properties
  - Do not start the new admin server. Default port 8080 conflicts with Humio port.admin.enableServer=false
  - purge old snapshot files autopurge.purgeInterval=1
  - Allow 4 letter commands. Used by Humio to get info about the Zookeeper cluster 4lw.commands.whitelist=*
- This version replaces our chart library with Vega. The goal is to create a better, customizable, and more interactive charting experience in Humio. This first iteration is largely just a feature replacement for the existing functionality, with a few exceptions
- You can now style your pie charts, and they will default to having a center radius (actually making them donuts!).
- Be aware that updating Kafka also requires you to update Zookeeper to 3.5.6. There is a migration involved in updating Zookeeper. See Zookeeper's migration FAQ here. Use the migration approach using an empty snapshot. The other proposed solution can loose data.
- You can now style your bar charts to control things like label position and colors.
- Queries involving join can now be with 'used export to file' and the /query HTTP endpoint.
- Role Based Access Control (RBAC) through the UI is now the only permission model in Humio. Please see the Managing Users & Permissions documentation for more information.
- To prevent the charts from getting cluttered, you can adjust the maximum number of series that should be shown in the chart. Any series that are not part of the top-most series will be summed together and added to a new series called Other.
- Updated Kafka and Zookeeper Docker images to use Kafka 2.4. Updating to Kafka 2.4 should be straightforward using Humio's Kafka/Zookeeper Docker images. Zookeeper image will handle migration. Stop all Kafka nodes. Stop all Zookeeper nodes. Start all Zookeeper nodes on the new version. Start all Kafka nodes on the new version. Before updating Kafka/Zookeeper, we recommend backing up the Zookeeper data directory. Then, add the Zookeeper properties described below. If you are deploying Kafka/Zookeeper using other tools, for example Ansible scripts, be aware there is a migration involved in updating Zookeeper.
- Each chart type now supports assigning colors to specific series. This will allow you to, for instance, assign red to errors and green to non-errors.
- Linear interpolation is now the default, and we have added a new type of interpolation: Basis.
- You can find the series configuration controls in the Style tab of the Search page.
- The overall health of a Humio system is determined by a set of individual health checks. For more information about individual checks see the Health Checks page and the Health Check API page.
- Updated Humio to use Kafka 2.4. Humio can still use versions of Kafka down through 1.1.
- Humio's NetFlow support has been extended to also support IPFIX. See Humio's documentation for NetFlow Log Format.
Functions
- New caseSensitive option added to the parseTimestamp()query function.
- New selectLast() function, which is like select() but aggregate.

Humio Server 1.8.9 Stable (2020-03-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.8.9

Stable

2020-03-25

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

JAR Checksum	Value
MD5	f366932ccffe66883cbf84fc1ab7c9e0
SHA1	8a37d7255ec24d2c3fe85b7fcdcf5fe9020746d9
SHA256	fc42241e1f7dd2f928ddcf145eee85906764c004b765bf3509a65a33817a0f3a
SHA512	9c5d08fd844f1058b036c2e588120ac70c3d2abe5e98eddedbdb85f6674d57acf4f0425fc66d8b175953f98c312ed44a5943333083a4a6c45ecb4e7014ce2027

Security Fixes

Bug Fixes

Summary
- Security: [critical] Fixed a security vulnerability discovered through proactive penetration testing (more information will be forthcoming).

Humio Server 1.8.8 Stable (2020-03-23)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.8.8

Stable

2020-03-23

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

JAR Checksum	Value
MD5	0c0359bdfe15cb2f8f14487038c8043e
SHA1	994919268e463ed643ff4977d9f131873833717b
SHA256	3918516569ff4a03f9ac1131658b8ac4046186f5f4d17333e0ec555227136f63
SHA512	c12b2e7630d97b618a7552290b942b443017005e607fa819459b0979b0e05e553b0bdd61fc5d508ce766247269e711ad370df7acb755b4928b54f7e25790ef5d

Security Fixes

Bug Fixes

Summary
- Fix security problem. This is a critical update. On-prem system with access for non-trusted users should upgrade. We follow up with more details when this update has been rolled out.

Humio Server 1.8.7 Stable (2020-03-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.8.7

Stable

2020-03-12

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

JAR Checksum	Value
MD5	7c6181f950bb99ca50c5b444dc072cd8
SHA1	0cf020232fb2b5621c288dded8d3d9d3626db521
SHA256	8c003212b861957529332ad8d62facf2796bdbe58a66107559eb691c44762dea
SHA512	c8e7acdd3812408fa87ad6afa29573c09a8b9ec7518b03a6f41e7caa8205f4e172f78fe7f0d146020cc68eb80b0519d1e11571675b340639e0a73aa666e0cf8f

Bug Fixes

Bug Fixes

Summary
- Alerts and exports now work on the special view "humio-search-all".
- When a merge of segment files fails, delete the tmp-file that was created.
- The Kafka and Zookeeper images tagged with "1.8.6" were partially upgraded to Kafka 2.4.0.

Humio Server 1.8.6 Stable (2020-03-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.8.6

Stable

2020-03-09

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

JAR Checksum	Value
MD5	59a11140391a8f7a47de89bb2c3cf932
SHA1	05cf1d4355af997b5591f1b77e517d0f703cc5db
SHA256	cfc9736d19dac1a9b2c1f3ce082bd28e900178b4aeb781d7aef350557778a215
SHA512	47dbe78aba22795cbdbea741099bb5abe2c03d491479a8a0795793c6605cbbcad2b62eca3953e87c7635cafe57f496341887fff1704725e9a2d2db4071865d6a

Fixes bug related assigning ingest tokens in a Sandbox.

Note: Do not install the Kafka, Zookeeper or "single" Docker images of this build. Install 1.8.7 or later.

Bug Fixes

Summary
- Note: Do not install the Kafka, Zookeeper or "single" Docker images of this build. Install 1.8.7 or later.
- Assigning ingest tokens to parsers in sandbox repos.

Humio Server 1.8.5 Stable (2020-02-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.8.5

Stable

2020-02-28

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

JAR Checksum	Value
MD5	d9e4b78b03e7c5f53eba4bc0c75f865c
SHA1	56725db4c01ea082769143361c978d17cffb931e
SHA256	ec3fc0e337a01b5e772176b708620bbeca16a871d7a3fced6451704546b960be
SHA512	6ec7cfca8f64bd72e372540a0b375581e6b115e5e84108bdbd9f2606619887f940d8d0f213eba0011381a1a835b6ad3793ffe74741bd1fcd5571d11026149898

Bug Fixes

Bug Fixes

Summary
- TCP socket ingest listener would spend a lot of CPU when connected but not receiving any data.
- "Export" queries could hit an internal limit and fail for large datasets.
- Lower ingest queue timeout threshold from 90 to 30 seconds.
- Fixed a race in upload of segment files for systems set up using ephemeral disks.

Humio Server 1.8.4 Stable (2020-02-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.8.4

Stable

2020-02-19

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

JAR Checksum	Value
MD5	628055e8a489f8da436795da3b74c83b
SHA1	693c732a14ab780fd2160194bb909599ef016a0f
SHA256	cb784f6287b75195d624013005b2ac6db3dfc1d3d56ed777efaf6502cb00a629
SHA512	9a30326b010e8e09288f9112d34017fcb2d3a7d26c9f6bf85804abb2977dc99784d32146b2236989230360e0b5525c92b46282bc768f3f42787cbcd5b1af4246

UI Scroll Bug Fix for Chrome 80 (again). This release is purely a fix for the Humio UI. After upgrading to Chrome 80, people have been experiencing issues with scrolling in some of Humio's widgets. We did not find all the problems in the previous release.

Bug Fixes

Summary
- Fix more scrolling issues in Chrome 80 and above.

Humio Server 1.8.3 Stable (2020-02-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.8.3

Stable

2020-02-13

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

JAR Checksum	Value
MD5	f975edf282bf83febc974c154906611c
SHA1	a1e49cd77ffeae0e95daf3380d3d4138ee6b4b04
SHA256	28dc5287957bdfcb414f0f1ecd71ea8721ff8b87e713d6f02b26922c5e44f97b
SHA512	a6f251ab388038d54e40efec2e51e967c6c276f320a615f95bcbc9f139134ba25182430208d0917496bb2228c1608f296f979a2d24e10b32ede3fe301c29d364

UI Scroll Bug Fix for Chrome 80. This release is purely a fix for the Humio UI. After upgrading to Chrome 80 people have been experiencing issues with scrolling on the Search page - specifically when the "Field" panel is visible.

Bug Fixes

Summary
- Fix scrolling issue in Chrome 80 on the Search Page.

Humio Server 1.8.2 Stable (2020-02-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.8.2

Stable

2020-02-10

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

Yes

JAR Checksum	Value
MD5	b3b553543c7db54d05b721550a4c9b3d
SHA1	7a24873c6485caaf99abfed3bac79d982056793e
SHA256	995787f60bcf744d6447b53282f48d547a89962202a81f3f4ba65dbf0dbe6398
SHA512	1814b6a443381fd0191f93bfdf49fa6c57b4bbf163500b56f742673780384a44d8a603121d5b0417b593ad24a4752edd82f8a3c965b56bfdb5d58de8f1014351

This is a bug fix release.

Bug Fixes

Summary
- When a node was missing for an extended period of time the remaining nodes would create smaller segment files than they should.
- Bucket storage download could report "download completed" also in case of problems fetching the file.
- The new feature for ephemeral servers using Zookeeper to UUID did not properly reconnect when the network failed.

Humio Server 1.8.1 Stable (2020-02-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.8.1

Stable

2020-02-03

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

Yes

JAR Checksum	Value
MD5	e99a4e6eb8ae5174416f3ba2ac6f975a
SHA1	c0ed5c06b6fc6d9f2bb6bc2c7d4afeb4aeabcd01
SHA256	156eadb8a285e688aecde7040505e6266407ab5ce6c58826ef9d6d12299fb5db
SHA512	86acc3eef2c2817ba7e5f83b030319bb70a63ca90568fd1a949210177653951cfa76687c22d23518626fdcc08719b9ff67c66c918842b0010860c56696b171a5

Bug Fixes

This is a bug fix release.

Bug Fixes

Summary
- Fix edge case errors in the regex engine. Some case insensitive searches for some Unicode characters were not supported correctly.
- Avoid calling fallocate on platforms that do not support this (for example, ZFS).
- New feature for ephemeral servers: Let Zookeeper assign the UUID that in turn assigns the node ID in the cluster. This is turned on by setting the config option ZOOKEEPER_URL_FOR_NODE_UUID to the set of Zookeepers to use for this. The option ZOOKEEPER_PREFIX_FOR_NODE_UUID (default /humio_autouuid_) sets the prefix to allow rack awareness. Note: Do not turn this on for an existing cluster. Do not turn on if running older 1.7.x or 1.8.x builds.

Humio Server 1.8.0 Stable (2020-01-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.8.0

Stable

2020-01-27

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

Yes

JAR Checksum	Value
MD5	323f7c8a332086ce7f5f0d9796d346f7
SHA1	4423ccb2afcfcc7f83fe9802ee494abe4085f314
SHA256	318d70019a0678d65b721dccff6643818bd151497d5b873a59d9e9cc95ad4f77
SHA512	a196b0f8cde842b395bf6e0401410ebc61d1052507d07aa37b78214acc0ba460cd0f926cb54c5be5530d8eb6d6e80998845bb2f0b1f148d683a3685c67c868e8

Joins, Bucket Storage Backend, Query Quotas, UI Improvements. This release promotes the 1.7 releases from preview to stable.

Bug Fixes

Summary
- Major changes: (see 1.7.0 release notes)
- Other changes: (see 1.7.1, 1.7.2, 1.7.3, and 1.7.4 release notes)
- The ability to use Bucket Storage providers such as S3 and Google Cloud Storage for data storage.
- Query Quotas limits on the amount of resources a given user can spend. Besides those, there are a number of UI improvements, back-end improvements, and Bug Fixes.
Functions
- join() search function.

Humio Server 1.7.4 Preview (2020-01-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.7.4

Preview

2020-01-27

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

JAR Checksum	Value
MD5	cdfb4241fdc8daa44f9f2e54cca1355e
SHA1	b5e01c98c21e4ffcbc115b8585ab28ec90bc79f7
SHA256	63a8945e903755bcfc430d1b404f3a64558e8b7e26728f4a2c10ca22f6c67347
SHA512	dedbf948de640e141ab246cdb431dbbcbfd190b1947dde2fe7896c0a3ad904e60ee7d2aaaffcf6efb63e8a65919a8554fab1fa5ea111b5ab2111b195d5d48fd3

Bug Fixes

Bug Fixes

Summary
- Allow webhook notifiers to optionally not validate certificates.
- Allows "Force remove" of a node from a cluster.
- Stabilized sync of uploaded files within a cluster in combination with bucket storage.
- Add Chromium to the list of compatible browsers
- join now accepts absolute timestamps in millis in start and end parameters.

Humio Server 1.7.3 Preview (2020-01-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.7.3

Preview

2020-01-17

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

JAR Checksum	Value
MD5	4265deddaccfa78f648a6426faa28ce6
SHA1	abc76135b365f4bb09793af9749a03b157b56176
SHA256	0becd94c687e07aa6a0ce116a96b2b6e7bace87e77e6fd7a4c01a5e837050c8f
SHA512	2b5606a0ae94e95d9c8271628b2c3fc4c56c9a74f27c9735e334957fb7baf8d5de5cc7cd50f8f2fb5ee3cea6e3323bfb645efb4bc083e3f65f4a3803c6811a8f

Bug Fixes

Bug Fixes

Summary
- ERROR logs get output to stderr instead of stdout to avoid breaking the potential stdout format.
- New log output option for the LOG4J_CONFIGURATION configuration now allows the built-in: log4j2-stdout-json.xml to get the log in NDJSON format, one line for each event on stdout.
Functions
- top() function allows limit up to 20.0 by default now. Used to be 1.0.

Humio Server 1.7.2 Preview (2020-01-16)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.7.2

Preview

2020-01-16

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

JAR Checksum	Value
MD5	b523d1cdac2d03b7f215379080eb9053
SHA1	3846dfc31446f7788c1ac6b86821073397b0d462
SHA256	7bed62c85e26ff73feb19554b4296d0d9590c6d65f45e9685b9b5ffb356963a3
SHA512	54192cfc366ba7b3626ae3b6e0e5fb47bdc8dffb828a68198e9fa1f1800b4c2763abe765c4da34533b5beb1906b79dc3e40aa1234be684e34c1b266ae348070b

Bug Fixes

Bug Fixes

Summary
- Bucket storage: Also keep copies of the "metadata files" that you use for lookup() and match() functions in the bucket and restore from there when needed.
- USING_EPHEMERAL_DISKS allows running a cluster on disks that may be lost when the system restarts by assuming that only copies in Bucket Storage and the events in Kafka are preserved across restarts. If the filesystem remains during restart this is also okay in this mode and more efficient then fetching the files from the bucket.
- #repo=* never matched but should always match.
- LIVEQUERY_CANCEL_TRIGGER_DELAY_MS and LIVEQUERY_CANCEL_COST_PERCENTAGE controls canceling of live queries that have been consuming the most cost for the previous 30s when the system experiences digest latency of more than the delay. New metrics:
  - livequeries-canceled-due-to-digest-delay
  - livequeries-rate-canceled-due-to-digest-delay
  - livequeries-rate
- Top(x, sum=y) now also support non-integer values of y (even though the internal state is still an integer value)
- Bucket storage: Continue cleaning the old buckets after switching provider from S3 to GCP or vice versa.
- The "query monitor" and "query quota" new share the definition of "cost points". The definition has changed in such a way that quotas saved by version up to 1.7.1 and earlier are disregarded by this (and later) versions.
- Retention could in fail to delete obsolete files in certain cases.
- New Utility inside the jar. Usage:
  java -cp humio.jar com.humio.main.DecryptAESBucketStorageFile <secret string> <encrypted file> <decrypted file>
  Allows decrypting a file that was uploaded using bucket storage outside the system.
- Change: When the system starts with no users at all, the first user to log get root privileges inside the system.
- LOG4J_CONFIGURATION allows a custom log4j file. Or set to one of the built-in: log4j2-stdout.xml to get the log in plain text dumped on stdout, or log4j2-stdout-json.xml to get the log in NDJSON format, one line for each event on stdout.
- Bucket storage, GCP variant: Remove temporary files after download from GCP. Previous versions left a copy in the tmp dir.
- Bucket storage: Support download after switching provider from S3 to GCP or vice versa.
- Query of segments only present in a bucket now works even if disabling further uploads to bucket storage.
- The Zookeeper status page now shows a warning when the commands it needs for the status page to work are not whitelisted on the ZK server.
Functions
- Restart of queries using lookup() / match() / cidr() when the uploaded file changes only worked for top-level functions, not when nested inside another function.

Humio Server 1.7.1 Preview (2020-01-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.7.1

Preview

2020-01-06

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

Yes

JAR Checksum	Value
MD5	df8268ca40d896676a0d771e40e84766
SHA1	f2826fed2741cc74128a07f5f67c2bed498d58bc
SHA256	6f29f7d3abb1df8547cc0be5470ec714469febfd2c8553ed58555e5936b27fbb
SHA512	14529ec3496dcafee383a2d6ef85d0862a8071f144e9b0ac59bd59f3b9742a8d1e46092f16e0db32e0ab071bdd2235754f319c4fc95007d470c34bb304c52ce9

Bug Fixes and Removal of Limitations

Bug Fixes

Summary
- Reuse of live dashboard queries on the humio-search-all repository did not work correctly. As an effect the number of live queries could keep increasing.
- The Postmark integration was always assuming a humio.com from address. This has been fixed by introducing a new POSTMARK_FROM configuration parameter.
- Remove 64 K restriction on individual fields to be parsed by parsers.
- Saved Queries/macros was not expanded when checking if a live dashboard query could reuse an existing query.
- Allow explicit auto as argument to the span parameter in bucket and timechart. This makes it easier to set span from a macro argument.
- Handle large global snapshot files (larger than 2 G).

Humio Server 1.7.0 Preview (2019-12-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.7.0

Preview

2019-12-17

Cloud

On-Prem

2021-01-31

No

1.6.10

11

No

Yes

JAR Checksum	Value
MD5	949b46169cff1182c3da25c6f7f641f3
SHA1	9b9187c045ee4a4a8051ed233b7a8fdf056f514d
SHA256	aa53e3998b390863edb435a4658b5c51551d54c68f1b1983886063e297cd8cbc
SHA512	f3766baf64dbf62450970207cafabd65588a660cebceb8f447dd8d8d6baba8f5e26ac69e4873d8170a84c011264a5f16247d8beed28604e3fb91073af8435ba2

Join, Bucket Storage Backend, Query Quotas, UI Improvements

Humio now supports joins in the query language; the functionality is largely similar to what could previously be done by running a query, exporting it as a .csv, uploading said .csv file, and then using the match() function to filter/amend a query result. See Join search function.

Humio now supports storing segment files on Amazon S3 (and Google cloud storage) and compatible services to allow keeping more segment files than the local disks have room for and managing the local disk as a cache of these files. See Bucket Storage.

New Stable/Preview Release Versioning

Stable release will have an even Minor version. If Minor is an odd number (like in this release), it is a preview release. Critical fixes will be back ported to the most recent stable release.

To make it easier to integrate with external systems Humio dashboards, can now be passed URL parameters to set the dashboard's global time interval. By passing query parameters ?time=<unix ms timestamp>&window=5m the dashboard will be opened with a 10m time window (5m before and after the the origin specified by time). The feature is not available for shared dashboards - since they do not support changing time intervals.

You can now also disable shared dashboards completely using the SHARED_DASHBOARDS_ENABLED=false configuration setting.

Bug Fixes

Configuration
- Autosharding can now bet set "sticky" which means fixed as set by user on a specific (input) datasource. The API also allows listing all autosharding rules, both system-manages and sticky.
- COMPRESSION_TYPE=high is now the default compression type. Clusters running with default configuration, will change to high compression unless the configuration COMPRESSION_TYPE=fast is set.
- Add SHARED_DASHBOARDS_ENABLED configuration setting which allows disabling access to the shared dashboards feature - if e.g. your organization has strict security policies.
Dashboards and Widgets
- UI: Allow disabling automatically searching when entering a repository search page, on a per-repo basis.
- Top Feature: Joins allowing subqueries and joining data from multiple repositories, see Join.
- UI: Word-wrap and event list orientation is now sticky in a session, meaning revisiting the search page will keep the previous selected options.
- UI: The time selector on dashboards now allow panning and zooming - like the one on the search page.
- UI: Improved Query Monitor in the administration section, making it much easier to find expensive queries. See Query Monitor.
- UI: Add support for loading a specific time window when launching a dashboard, by setting time= and window= in the URL.
- Queries page removed, and delete and edit saved query functionality moved into "Queries" dropdown on search page.
- UI: Improve word-wrap and allow columns in the event list to be marked as 'autosize'. Autosizing columns will adapt to the screen size when word-wrap is enabled.
- UI: Don't show "unexpected error" screen when Auth Token expires.
- Top Feature: Query quotas allowing limiting how many resources users can use when searching, see Query Quotas.
- Top Feature: The "Queries" page has been replaced with a dropdown on the Search page, that allows searching saved and recent queries.
- Top Feature: Bucket Storage with support for S3 and Google cloud storage, see See Bucket Storage.
- Top Feature: Query errors will now be highlighted as-you-type in on the search page.
- UI: Ensure counts of fields and value occurrences on the event list are reliable.
- Upgrading: After installing this version, it is not possible to roll back to a version lower than 1.6.10. Be on version 1.6.10 before upgrading to this version.
Functions
- The implementation of the percentile() function has been updated to be more precise (and faster).
- New function callFunction, allows you to call a Humio function by name. This is useful if you for instance want a dashboard where you can control what statistics your widgets show based on a parameter, e.g. timechart(function=callFunction(?statistic, field=response_time))
- New function xml:prettyPrint()
- The function top() has a new max=field argument, that can be used to make it work as a more efficient alias a groupby/sort combination, like top(field, max=value, limit=5) is equivalent (and much faster than) groupby(field, function=max(value)) | sort(limit=5).
- New function json:prettyPrint()
Other
- Java 13 is the recommended Java version. Docker images are now running Java 13.
- New stable/preview release versioning scheme. See description.
- Use case-insensitive comparison of usernames (historically an email address) when logging into Humio.

Humio Server 1.6.11 Stable (2020-01-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.11

Stable

2020-01-06

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

JAR Checksum	Value
MD5	95b8814ef3035ec68887dd3605e10b1f
SHA1	42c2fbff389d6e75a05450abd326b3dd7da71bce
SHA256	fddbe1edb8b7501d277550e3a044f97d3448de6ccd0c3e02390d239841d3be2e
SHA512	8238028be9c1fb9ce1c027b7fcb21d4cea6b1db4e984d2aaf951c6e3a1ecf961285ce6d4ff41a373abe7c8a94f3d3cd7eca80284a126efa5e4bf90903a38e822

Handle Large Global Snapshot File

Bug Fixes

Summary
- Handle large global snapshot files (larger than 2 G).

Humio Server 1.6.10 Stable (2019-12-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.10

Stable

2019-12-12

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

Yes

JAR Checksum	Value
MD5	c8cfd22a5be0456f5905247b6f2bab3b
SHA1	4c4b734217c5ac90bd9be5f6e2f34c4e182f8fa6
SHA256	2a2529e2b2bdbd54162075adb55b514d80bbe60ec1854b8044fb7cbea985c006
SHA512	883ee5a113ceeab99063d07d3b19b935e382dfdab598903fb896392d225d8dddc91716db56e29f4a92053d7b37e818806fcdad86126b9a5e2b68c17ad4f32c76

Bug Fixes and LDAP improvements. There are some changes to the configuration that will be required. See the change log below.

Breaking Changes
The following items create a breaking change in the behavior, response or operation of this release.
Summary
LDAP: It is now possible to specify an attribute within the LDAP record to use for the username rather than the default (an email address). This is only the case when using ldap-search method by specifying the LDAP_USERNAME_ATTRIBUTE in the environment. Group names when using LDAP have historically been the distinguished name (DN) for that group, it is now possible to specify and attribute in the group record for the name by setting LDAP_GROUPNAME_ATTRIBUTE. These changes necessitated a breaking change in the ldap-search code path in cases where users of Humio authenticate with a username (e.g. user) rather than an email address (e.g. user@example.com). To elicit the same behavior as previous versions of Humio simply specify the LDAP_SEARCH_DOMAIN_NAME which in the past would default to the value of LDAP_DOMAIN_NAME but no longer does.

Bug Fixes

Summary
- Require setting LDAP_SEARCH_DOMAIN_NAME explicitly when using ldap-search authentication method.
- Add LDAP_USERNAME_ATTRIBUTE and LDAP_GROUPNAME_ATTRIBUTE configuration settings to enable more control over names carried from LDAP into Humio.
- Query sessions were not properly cleaned up after becoming unused. This lead to a leak causing high amount of chatter between nodes.
- Username/email is treated case-insensitive in Humio. This is more expected behavior of usernames as emails addresses are often used. In some rare occasions duplicate accounts might have been created with difference in casing and this change can trigger the otherwise dormant account to be chosen when logging in the next time. If this happens, use the administrations page to delete the unwanted user account and let the user log in again.

Humio Server 1.6.9 Stable (2019-11-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.9

Stable

2019-11-25

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

JAR Checksum	Value
MD5	078266ac0716bd634fdc03fc7ef24ee7
SHA1	2457f4a35cef44b75351ed1ce794e32a253416b4
SHA256	26934b20ede90d7b4d4a855fe9fb2af749ec37a27bfbf44e79cb5d6c38c133d9
SHA512	dce9bdffddf89c9de819feb46bfbf59cd7bbc22da4d9131de588236a82306b131dacffbed3d6969f50e40a34e74b31d073cb31c814fa04a43e68e1063f89c435

Bug Fixes and a new background job that reduces number of small files on disk. No configuration changes required, but see changes to backup in 1.6.6.

Bug Fixes

Summary
- Improved memory usage from having large global.
- New background job: Find segments that are too small compared to the desired sizes (from current config) and merge them into larger files. For COMPRESSION_TYPE=high this will recompress the inputs while combining them. This job runs by default.
- Detect when event ingested are more than MAX_HOURS_SEGMENT_OPEN (24h by default) old and add the tag humioBackfill to them in that case to keep "old" events from getting mixed with current "live" events.

Humio Server 1.6.8 Stable (2019-11-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.8

Stable

2019-11-19

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

JAR Checksum	Value
MD5	002f3f8e6d2139542912f503d9a97b6c
SHA1	acf4b53e6363b85bb94ee7afff1961c712a3d21a
SHA256	e25243edf2fa906c18b61ce838b7114bf7cf03e787a638effc0881d645161227
SHA512	258b86a43f403caed0852903cdbcfd10664bbced66ea773f5a517bbca7c45143b07829a73bed4c92c12b29166cce3a22d5314b633ef8e091f8480d122432dae6

Bug Fixes

No configuration changes required, but see changes to backup in 1.6.6.

Bug Fixes

Summary
- Segment merge could leave out some parts when merging, leading to segments not on average becoming a large as is desired.
- Support for "sticky autosharding" and listing of current autosharding settings for all datasources in a repository.

Humio Server 1.6.7 Archive (2019-11-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.7

Archive

2019-11-04

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

JAR Checksum	Value
MD5	cc498d9bfbbae9fc815d046887e93ace
SHA1	bb9c4e01199a5c8727e4b825651139c808964b2f
SHA256	ede04107d73323f9b24374e9d6f45a8d62f56b484a2d042a4e3e0cd7781ddfc8
SHA512	a13ae84ae29339410d5de53cc77a2975f529c6baed9e61941ed9eb2f35130eea6ae0cb14595f7c7f8fb320e2c0cecd7a3e6e690a0f156ba87ceb404d5035f21e

Bug Fixes and Performance Improvements

No configuration changes required, but see changes to backup in 1.6.6.

Bug Fixes

Summary
- Fix security bug. See Security Disclosures

Humio Server 1.6.6 Archive (2019-10-23)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.6

Archive

2019-10-23

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

Yes

JAR Checksum	Value
MD5	6f5f5a9ca0cc982b8368feab633178bf
SHA1	82feebc7020bda86e42acdb18db6bc162020539a
SHA256	b969805efafe28497a2517ca3a3268dd1bb849bc39eb56ab31d62070ae07a5e0
SHA512	02df102a6589da27b9027b36447bc11222c616ca2c83bd00978d756001843464332b6cfcf886bc4dd749a31abe89ef62ba426bfce286ff37330a95c2ba809566

Bug Fixes and Performance Improvements

See changes to backup in 1.6.6.

Bug Fixes

Summary
- It's now possible to change the description for a repository or view.
- Looking at the events for e.g. a timechart was previously untenable, due to a scrolling bug.
- Improved error recovery in query language. This should make query error messages easier to read.
- Humio's built-in backup has been changed to delay deleting segment data from backup. By default Humio will wait 7 days from a segment file is deleted in Humio until it is deleted from backup. This is controlled using the config DELETE_BACKUP_AFTER_MILLIS. Only relevant if you are using Humio's built-in backup.
- Performance improvements in digest pipeline.
- In Chrome, saving a query and marking it as the default query of the repo would previously not save the default status.

Humio Server 1.6.5 Archive (2019-10-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.5

Archive

2019-10-01

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

JAR Checksum	Value
MD5	d5426b20769fcea54bdb6a296a1b853d
SHA1	7881a0845b5548afd23938731abef349259a5002
SHA256	d4d8abbdc1e4730141a36718101444377ed106c8a3db8557e572ca3eaec35bfa
SHA512	b71876f6d325b99cadbabb65acd304ca713ffb62e319a29941e16c5645540bf824a07c0fcc3d8820c735ae1e027bff1fad05ec150b36bf5bb973bc71d34ac274

Bug Fixes and Performance Improvements

No data migration required, but see version 1.6.3.

Bug Fixes

Summary
- Redefined the event-latency metric to start measuring after parsing the events, just before inserting them into the ingest queue in Kafka. This metric is the basis of autosharding decisions and other scheduling priority choices internally and thus needs to reflect the time spent on the parts influenced by those decisions.
- Support reading events from the ingest queue in both the format written by 1.6.3 and older and 1.6.4.
- The new metric event-latency-repo/<repo> includes time spent parsing too and is heavily influenced by the size of the bulks of events being posted to Humio.
- Apply the extra Kafka properties from config also on deleteRecordsBefore requests.
- Improved performance of internal jobs calculating the data for the cluster management pages.
- The new metric ingest-queue-latency measures the latency of events through the ingest queue in Kafka from the "send" to kafka and until it has been received by the Digest node.

Humio Server 1.6.4 Archive (2019-09-30)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.4

Archive

2019-09-30

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

Bug Fixes and Performance Improvements. Retracted - did not properly support existing events in ingest queue.

No data migration required, but see version 1.6.3.

Bug Fixes

Summary
- New metrics tracking number of active datasources, internal target latency of digest, number of threads available for queries, latency of live query updating and segment building, and latency of overall ingest/digest pipeline tracked for each repository.
- /query endpoint and queryjobs endpoint now coordinate thread usage lowering the maximum total number of runnable threads from queries at any point in time.
- Improved performance of timecharts when there are many series and timechart need to select the "top n" ones to display.
- Creating new labels while adding labels to a dashboard did not actually show the labels as available.
- Do not install this build. Do not roll back from this build to 1.6.3 - update to 1.6.5 instead.
- Improved word wrap of events list.

Humio Server 1.6.3 Archive (2019-09-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.3

Archive

2019-09-25

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

JAR Checksum	Value
MD5	b4a29de04d375c5f71eda06a73ddb324
SHA1	e3d60d5ec6fb651b35b12dbf4e004872e4558ee2
SHA256	1ea140db06de2ebe78769e1bc1d827f6d5b007fb9419ecd746250d2a1abfa984
SHA512	4c472f8250e41729b73295296816094eb0b8bd53265a4dede89091c413bf9288b5b03c3864f16aba40bcd1cdede28438df4b0aad7fa79dae5acc0c7312f1061c

Dashboard parameters improvements and Bug Fixes. Data migration is required: Hash filters need rebuilding.

Dashboard parameters can depend on each other. Fixed various small UI bugs in data table. Improvements to event list column headers.

Improvements, new features and functionality

Other
- File based parameters on dashboards can now filter parts of a file out, by specifying a subset of entries in the file that should be used. This filtering can also be based on other parameters, so entries pulled from the file can depend on e.g. a query based parameter.

Bug Fixes

Functions
- Using dropEvent() in a parser did not work when using the "Run Tests" button.
Other
- EventList column header menu opens on click now, instead of on mouse hover.
- Exporting a search (Or using /query endpoint in other contexts) would fail if any node was down even when the files needed to satisfy the search were available on other nodes. Note that a search in progress will still fail if a node goes missing while the search runs. (Searches in the UI restart in this case but that is not possible for an export.)
- MAX_EVENT_SIZE defaults to 1 MB. Increasing this may have adverse affects for overall system performance.
- When setting up Humio the server will refuse to start if Kafka is not ready in the sense that the number of live Kafka brokers is less than number of Kafka bootstrap hosts in the configuration for Humio.
- Regex matching gets rejected at runtime if it spends too many resources.
- Improved names and states in thread dumps and added a group field to the traces. Run #type=humio class=threaddump state=RUNNABLE | timechart(group,limit=50,span=10s) in the Humio repo to get an idea of variations in what the CPU time is being spent on.
- The Show in context window on event list would "jump" when used and a live query on dashboards.
- Fix issue that made the timestamp column wrap on some platforms.
- In Chrome, it was sometimes not possible to rename a dashboard, clone a dashboard, duplicate a widget, and other actions. This has been fixed.
- LDAP login code rewritten.
- Make JSON word-wrapping work when a column is syntax highlighted.
- Fix issue with layout of pagination of table widgets in dashboards overflowing when it has a horizontal scroll bar
- Latin-1 characters (those with code point 128 - 255) were not added correctly to hash filters. To fix this, Humio needs to rebuild the existing hash filters: The old hash files get deleted, and a new file prefix "hash5h3" is applied to the new files. This will be done in the background after updating to this version. For estimation of time to complete use a rate of .0GB/core/hour of original size. While rebuilding hash filter files the system will have a higher load from this and from searches that would benefit from the filters but need to run without them.
- HASHFILTER_MAX_FILE_PERCENTAGE defaults to 50. Hash filter files that are larger than this relative to their segment file do not get created. This trades the work required to scan them on search for disk space for files that are not very large.
- Replication of segment files among nodes now runs in multiple threads to allow faster restore form peers for a failed node.
- Previously, exporting data from queries with parameters would always fail. This now works as expected.
- MAX_JITREX_BACKTRACK default to 1.0.0: Limits CPU resources spent in a regex match, failing the search if exceeded.
- Fix issue where streaming queries failed when a node in the cluster was unavailable.
- The Event List widget no longer shows column menus on dashboards. Editing was not possible, but the menus would open anyway.

Humio Server 1.6.2 Archive (2019-09-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.2

Archive

2019-09-04

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

JAR Checksum	Value
MD5	dbd67c77d4a876f223d5cf30f5765d7b
SHA1	5d4f8b045ed5a98b85c906bbf190d5ea95de4c88
SHA256	407b5f8e24843bb18072ed4ce43e381a1022efb275f18c0f717e8e3784a92228
SHA512	872c39a7893b7196d65fde5d9ddcac31d30ba70ba2b7f4613e59396d06565a6410193036713eb3a4792e0fcfdf75b77bb83673ed8afce7f4f0a47aef568eb1f9

Event List Columns and Bug Fixes. The release replaces the event list on the search page with a table view where you can control which columns you would like to see.

Bug Fixes

Summary
- The UI now only checks the version of the Humio installation when determining if it should reload dashboards.
- Improve scheduling of uploads in S3 archiving to achieve better throughput.
- The special handling of @display has been removed. The field is now like any other. If you use it today, you can add it as a column in your default columns.
- If a field that you would like a column for is not present in the list of fields. You can manually add it from the toolbar of the fields panel.
- Users are now notified about the dashboard reload 5s before reloading.
- New Event List with customizable columns.
- Saving a default query for your repository also saves the selected columns and will show them by default.
- Fixed issue where some cluster nodes where configured differently than others, it would trigger a dashboard reload every 10s.
- The default order of the events on the search page has been reversed. It is more natural to have newer events (lines) below older ones - just like logs appear in a log file. This can be changed in "Your Account".
- Use the keyboard arrows and Enter key to quickly add and remove columns while in the "Filter Fields" textbox.
- timechart with limit selecting top series was nondeterministic when live.
- You can now add favorite fields to your views. These fields will always be started to the top of the fields panel, and be visible even if they are not part of the currently visible events.
- Browser minimum versions get checked in the UI to warn if using a version known to miss required features.
- The fields panel is open by default. You can change this in "Your Account" preferences.
Functions
- New query function hashRewrite() to hide values of selected fields
- New query function hashMatch() to be able to search (for exact value) on top of the hashed values.

Humio Server 1.6.1 Archive (2019-08-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.1

Archive

2019-08-26

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

JAR Checksum	Value
MD5	333a5243ca407814dc5437c71d7affc7
SHA1	fa3be4c0332421af5b5531fcda456f5a404199f0
SHA256	dd22a4a6c291d78537a4711aea71c0243646b3bdd6b645b9626c6266629c3039
SHA512	5c600ee0f7e88cbcb47500e235a9d2e9581b5630e4cfe596b000d2801219c6dc363ec9d0572a40a3bdd93c77868fbe7603d4502f4bdcbb008ab9e30af09d8f92

Bug Fixes

Bug Fixes

Summary
- Live queries could lock the HTTP pool, leading to a combination of high CPU and problems accessing the HTTP interface.
- Fixed issue preventing you from clicking links in Note Widgets.

Humio Server 1.6.0 Archive (2019-08-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.6.0

Archive

2019-08-22

Cloud

On-Prem

2020-11-30

No

1.5.19

11

No

JAR Checksum	Value
MD5	19c48ed4689582534bdb4d2351224497
SHA1	8cb74a483006d732fedb52d835120663800d53a2
SHA256	4e519242ffa15eb15344e912479e350e60376c493d9c51b056c0c1f6b5349122
SHA512	a51db1066c5c7fc21c52a6a1a47d03ddb0b2a7bc977f37c1a65f27fb553ca9099587a5af74a942110f4cbd345b1a468f98407d320ea37e87b4a3cfe70892e044

Improved compression. Note Widgets and YAML Template Files

Dashboard Note Widgets can include descriptions and can contain template expressions and links to external systems using the current parameter and time values

Read more about note widgets at Note Widget

We are also introducing a new YAML file format for dashboard templates. The new format is much human-readable. It is the first step to being able to persist all entities (parsers, queries, alerts) as files.

Support for the now deprecated dashboard file import API and JSON format will continue, but expect it to be removed in a later release.

Bug Fixes

Configuration
- COMPRESSION_TYPE=high turns on a stronger compression when segments get merged. This results in better compression, at the expense of having slightly lower compression for the very recent events. The improvement is typically 2-3 times better compression for the merged segments.
- COMPRESSION_TYPE=extreme uses the stronger compression also in the digest part, even though it is not as effective there due to the gain from having a larger file after the merge.
Functions
- New function start() and function end() functions provides the time range being queried as fields.
- New function urlEncode() and function urlDecode() functions allow for encoding or decoding the value of a field for use in urls.
- The function parseJson() now accepts an exclude and include parameter. Use this to specify which fields should not be included.
Other
- New function copyEvent() function allows duplicating an event into another datasource while ingesting. Use case to make the two events differ.
- COMPRESSION_TYPE=fast (Default!) corresponds to versions before 1.6.x
- Styling of the dashboard "Labels" dropdown has been fixed.
- Introducing a new YAML dashboard file format.
- Pending parameter edits toggle, so that parameter changes are not immediately applied if the user desires not to.
- Added GraphQL fields for shared dashboards.
- Renaming a repository is now possible in settings.
- The function sort() query function now ignores case when sorting strings.
- The sizes of the compressed files and the associated hash-filter files are tracked separately for the merged part, allowing you to see in the UI how well the long-term compression works as part of the total set.
- Removed internal REST API for shared dashboards.
- Added Note Widget support for dashboards.
- Changing Dashboard labels will no longer trigger a "Dashboard was modified remotely" notification.
- Note! Rolling back to v1.5.x is supported only for COMPRESSION_TYPE=fast which is the default in this release. The default is expected to change to "high" later on. The new compression types "high" and "extreme" are considered BETA release.
- This update does not support rolling updates. Stop all Humio nodes. Then start them on the new version.
- Added cluster information pages for the Zookeeper & Kafka Cluster used by Humio. Both are available under Administration.
- Changed GraphQL fields for dashboard widgets.
- Drawer heights were not being persisted between browser sessions.

Humio Server 1.5.23 Archive (2019-07-31)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.23

Archive

2019-07-31

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	11cc896c1d0f7157e63acc1b34428106
SHA1	54b32056d10f567c56dcbad58f658ad88d5f0617
SHA256	0495a5384f2759d6e1adb9ff9030f9ded72b463ac667f74481878b8f2b0df5ed
SHA512	7013f12452a3f191a69630a105a171f6f496d6eca88ca8bae794d7f304669e99a296d17d1b9a9123ed97da8514f657abfa01403048412016be44f250671eb09c

Maintenance Build

Bug Fixes

Summary
- Include size spent on hash filter files on disk in the cluster overview as Humio data rather than system data.
- case that assigned fields inside was not handled properly when pre-filtering using the hash filters.
Configuration
- CACHE_STORAGE_SOURCE defaults to both, and also allows secondary to only cache files from the secondary storage
Functions
- Function collect() now requires the set of fields to collect.

Humio Server 1.5.22 Archive (2019-07-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.22

Archive

2019-07-11

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	03a4585d4f91d76dcf32eb2605b2f2a5
SHA1	8b449045065f1fcac5fa4720154dd5c07b671dec
SHA256	dcf4c3c2646071ef7ec4e96daba79fc62b10b7d23e7afab168fdd0f1047ffee7
SHA512	e455968440ae5b86d001f700616789dbfa3298cd02e769b473478bf5ff04f888b5c162d1afe5322cc35b040fdbe5d5817feaa850f26770e4f91b0928e595b78e

Maintenance Build

Bug Fixes

Summary
- Improved performance of "/query" endpoint.
- There is now a humio-query-id response header on responses to "/query" search requests.
- Always close everything when Akka actorsystem is terminated.

Humio Server 1.5.21 Archive (2019-07-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.21

Archive

2019-07-04

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	3e69e9568f9def1fe56c9772266e529e
SHA1	17a1f945b825bb6220aa6cf4cf1d4675420578ac
SHA256	84550bd4f356c57e37055b34f5a0fc00c25a20e08faa2d6a0f8843e029550932
SHA512	dcbf18ea92afa7f5c0cbf1f41835a948e3aa0a6b2e303d1c40d8c2c8bd9c9084186e73c1a2aa76221381bf6f66872b7708e994243969273344e28fcb73b7db1c

Maintenance Build

Bug Fixes

Summary
- If an events gets @error=true in the ingest pipeline (including in the parser) it will also get #error=true as a tag. This makes events with an error become a separate datasource in Humio allowing you to delete them independent from the others and makes problems from parsing timestamps not disrupt the pipeline when back filling old events.
Functions
- New function: function dropEvent() lets you discard an event in the parser pipeline. If a parser filters out events using e.g. a regex match that does not match the parser will just keep the incoming events. Use this new function (typically in a case) to explicitly drop an event while parsing it when it does not match the required format.

Humio Server 1.5.20 Archive (2019-07-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.20

Archive

2019-07-04

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	6e7fc0c55dcb7e983c3e9ed01fe2a998
SHA1	bee0844d369a237d7ce7da118806be97bb1fab83
SHA256	d647ba881452c4905e44894168461f389bce43e9aa93c58d719f1ec9de62dd13
SHA512	4631ea0f892c5a6044a7c0b008b1350ce2d3408883e73fb3d357bb4f9920c762efbcf7efbb26b1fa3bb5577c327f260c243371c6a367d566ed0dc48794600499

Maintenance Build

Bug Fixes

Summary
- "services" is no longer a reserved repo name.

Humio Server 1.5.19 Archive (2019-07-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.19

Archive

2019-07-03

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	fa9d61d17a037583bbe067a4aab64ab3
SHA1	1793534d22cfc53c5b15dde0dc60d008ad9c9204
SHA256	6e21cd3874a948a3ddf3554911c3104e60a2ca33e8e4a039755eca42c03e1508
SHA512	ec09a60164c981970b20fd401140a5dac2e3814f6e1254c3472721ace2db957b92f9035b8833436008054220385b55e1e83b93f6b1547842c289a0194522913c

File based parameters on dashboards. This release makes it easier to configure load balancers by adding sticky session headers to most UI Http requests.

The existing header Humio-Query-Session is used. For non-search related HTTP requests it will contain a random sticky session ID. For search related HTTP requests it contains a hash of the query being executed - just like it has done previously.

New file based parameter type is added to dashboards.

Bug Fixes

Other
- Make failover to the next node in digest when a node gets shut down gracefully faster by delaying the shutdown a few seconds while letting the follower catch up.
- Fixed Interval Queries on dashboards used the time of the dashboard being loaded as the definition of "now". It will now use the time of the last change in the dashboard's global time.
- Improved performance on servers with many cores for functions (such as top) that may require large states internally.
- The HTTP request header Humio-Query-Session is now added to most requests from the UI.
- New shared files. Shared files can be used like the existing files, that are uploaded to repositories. A shared file is visible in all repositories and can be used by everyone. Only root users can create and manage them. For now, shared files can only be added using Humio's Lookup API. Shared files are visible in the files tab in all repositories for all users. Root users can also edit and delete shared files there. Shared files can be used from query functions like function lookup() and function match() they are referenced using the path /shared/filename.
- New type of parameter: Dashboards can now have file based parameters, which are populated with data from files uploaded to Humio

Humio Server 1.5.18 Archive (2019-06-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.18

Archive

2019-06-26

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	c4d0166d229209681cd23f4d34ce0e75
SHA1	23aeac090b6069258d168f235d025d497baf6147
SHA256	db78a9fdc47bc3f3687e758c9e1dc5c13c14525626199568889226121eca4629
SHA512	a8b66956d7d58a6bba71884ea01c91fea88d96b1c58ff9ba63a0f111da84f270e8bee16e87e1148415635425704472a5d4156b4300b1d7bb58ddd96091cdee49

New function parseXml() and support ephemeral drives for caching.

Bug Fixes

Summary
- Humio can now keep a cache of the latest files on when told the path of a cache-dir using CACHE_STORAGE_DIRECTORY. Humio will then write copies of some of the files from primary and secondary storage here, assuming it is faster to read from the cache. The cache does not need to remain after a restart of Humio. CACHE_STORAGE_PERCENTAGE (Default 90) controls how much of the available space on the drive Humio will try to use. This is useful on system such as AWS where the primary data storage is durable but slow due to being across a network (e.g. EBS) while the server also has fast NVME-drives that are ephemeral to the instance.
- Certain regular expressions involving ^ and $ could fail to match.
- MAX_EVENT_FIELD_COUNT (default .0) controls the enforced maximum number of fields in an even in the ingest phase.
- New built in parser corelight-es to parse Corelight data send using the Elastic protocol.
- Reduce size of global snapshots file.
- Remove configuration flags: REPLICATE_REMOTE_GLOBAL_HOST and REPLICATE_REMOTE_GLOBAL_USER_TOKEN
- Parameter input fields for query based parameters initially always showed * even when a default value was set. It now correctly shows the default value for the parameter.
Functions
- New function parseXml() for use in parsers

Humio Server 1.5.17 Archive (2019-06-20)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.17

Archive

2019-06-20

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	d40aa67958efee188fbbd801389ca6a0
SHA1	912ff791cc76312bdc3c3e72877e9872b0cebca7
SHA256	45a48f7cdb99d4e08f95f1ef6802ecf730e8ae997b23ad1ba6f2f1e5fec14e91
SHA512	ce51829c5152bed8c2d67581239365c4055ddc038545f20877c6a1d499aca6f69b920bc006d2499659194d0b4bf1ebdef7be7d55262318620dd73ee76c8d822b

Maintenance Build

Bug Fixes

Summary
- Update BitBucket OAuth integration to version 2
- Updates to repos with reserved names on legacy repos did not work.

Humio Server 1.5.16 Archive (2019-06-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.16

Archive

2019-06-11

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	1ae08e9fa6216dd50b413b0b733054d3
SHA1	9da479f33fa955645eb6f8c048a335dee59ff5a8
SHA256	a5738bb660340e67570f673652c49efc2b6e9e4281ddab1c2bc6fdd242418644
SHA512	b96b45050e0cb5d0a1b90968bf22b2bc8ee746076a266f147802b33f920cbac73dc2d5418ff86ed672411758c304fe4d387bb1bdc8c068594acda682fd66ec5b

Maintenance Build

Bug Fixes

Summary
- On Windows, the Ctrl+O shortcut no longer opens the "jump" menu on the home page, but Ctrl+Y does instead, to avoid conflicts with browser shortcuts.
- Ability to read global-snapshot.json when the file is larger than 1GB.
- Invalid parser no longer prevents ingest token page from loading.

Humio Server 1.5.15 Archive (2019-06-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.15

Archive

2019-06-06

Cloud

On-Prem

2020-11-30

No

1.5.8

11

Yes

No

JAR Checksum	Value
MD5	ad5393b90a76798037d974eb15274170
SHA1	a39f7d6a55a9e20d35a76cc77d1593e733f82fa0
SHA256	ef07ed1498a14912ae33c438dbce446bd3c515598b56a53590bb28e0da764eac
SHA512	35d8cf32cfffc01456fea778186098acc17fadd6003ca910eca6165c6113cbd5ad9a68a5fcd52a9ab9934a51bc3e9175f1f139a5b400e4249cfcd7f2b7faddda

Dashboard Improvements and Bug Fixes

Bug Fixes

Summary
- Regex with [^\W] did not execute [\w] as it should.
- Dashboard parameters with fixed list of values now keep the order they were configured with
- Dashboard parameters with fixed list of values can now have labels for each of the values
- Humio metrics have now been documented.
Configuration
- VALUE_DEDUP_LEVEL default to the compression level. Range is [0 ; 63]. Higher values may trade extra digest time to get lower storage of events with many fields.
Functions
- New function eventFieldCount() that returns the number of fields that this event uses internally for the values, use along with eventSize() to get statistics on how your events are stored.

Humio Server 1.5.14 Archive (2019-05-29)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.14

Archive

2019-05-29

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	a04ea786b04438c4028a880948ab4ac0
SHA1	8d82c939347c1a28e46efa5605b5592e5b25824d
SHA256	edc162b7dcd604948cca55d924838754ca0162e3d5d97ba26a5e8cfd0df512b2
SHA512	30935d7230af57de26beb316a5d7c79a35a01d23e41dc4a5d06268910a7aa95535e1f7fbe88448a9f504e7e9a2c97fd43bfa0f90e4ce2a12c1976e5250a0999a

Improved Pre-Filters

Bug Fixes

Summary
- The disk space occupied by the pre-filter files now get included when enforcing retention by compressed size.
- Improved pre-filters to support more searches while adding less overhead in disk space.
- The format of the new hash5h2 files is different from the previous bloom5h1 and the system will generate new files from scratch for all existing segment files and delete any existing bloom5h1 file.
- When file and column parameters to the cidr() function used together, load subnet list from given CSV.
Automation and Alerts
- When an alert fails to send the notification, don't restart the query, just retry the notification later.

Humio Server 1.5.13 Archive (2019-05-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.13

Archive

2019-05-27

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	894e1bbdc1a57f2f0b46c162f42c3f46
SHA1	ba223177715e7090610100557f0929eb9c628ac0
SHA256	5eb2a227ca5964915ebdd96bce5ae7bb0adb611e983714459440685ab45c86b6
SHA512	07a7237614c98045b72e5dffc3cb5d480adbf7b62747e9932e1599579128b205c9a80cf73983ea2c724dab0a9ba0d2226c84b9cffdbb45ab9e7bdb4eb938d623

Metrics are now send to a separate file humio-metrics.log.

Bug Fixes

Summary
- New log file humio-metrics.log. Metrics data has been removed from the humio-debug.log and moved to humio-metrics.log. Metrics will still also be in the default Humio repository. If you are collecting the Humio log files, with for example Filebeat, you need to add humio-metrics.log to the collector.
- Fix some cases where parameters would not be picked up by the UI because of regex or string literals in the query.

Humio Server 1.5.12 Archive (2019-05-20)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.12

Archive

2019-05-20

Cloud

On-Prem

2020-11-30

No

1.5.8

11

Yes

No

JAR Checksum	Value
MD5	a560cb0ce83c1809b9a5058b69591d7e
SHA1	b631299178941b9b104a35c5d446942b183889ec
SHA256	de58549b4e0b8cc5e1f57c75592259cea90eb022f280f422f1bcb8bdd7068c6b
SHA512	58c40dae601d284b1a4c4fdf19629955c19c74abcb186aec61a8ce1f3c192909c21503f4eec8fc17ede7238f473e497dfe32b24a4e1a6a4c36902cf1ae4c4c0f

Parameters can be used to make dashboards and queries dynamic.

Bug Fixes

Summary
- You can now use the syntax ?param in queries. This will add input boxes to the search and dashboard pages. Read more in the Managing Dashboard Parameters documentation.
- Parallel upload of segment files to S3. Degree of parallelism can be controlled with e.g. S3_ARCHIVING_WORKERCOUNT=4. Default is 1 if nothing is specified.
- URLs now contain parameter values making it easy to share specific dashboard configurations.

Humio Server 1.5.11 Archive (2019-05-16)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.11

Archive

2019-05-16

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	4f01eabfd30739ac228e423a5f51582f
SHA1	e7c174433f19fbe81a13f6e7b2b8d849c480d22b
SHA256	e2eb4d827bd1a1a67923c30a535d8b968f4574c9bbf59bfc84c8a2fcfbccaec2
SHA512	952f9de0089c9528accfee959951a54ef400a3ce49d37d1666234a7ec3f1d9de1e7e164d8ff101e461e62f31faf4331575e63eb2fc4b54484bb9f6d9267e8bb2

Bug Fix Release

Bug Fixes

Summary
- Bloom filters are now always on.
- Named groups in regular expressions supports having . [ ] in their names.
- Moving segments to secondary storage can no longer be blocked by merging of segment files / s3 archiving.

Humio Server 1.5.10 Archive (2019-05-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.10

Archive

2019-05-13

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

Yes

JAR Checksum	Value
MD5	1b828fd0d80aa3c80aa9f1d4bba0dbd6
SHA1	998c039c894acdbe30d83efa414428ab77de2d7e
SHA256	b18d7b1844f4482f0e1aa8afe7e67ad1bf06e8bb5f40faebe9179c49dc72a412
SHA512	cb3efdf806231d2f3d71d378054e7513eed3bd73ccb445159f8232da4df14bae1f1165bde27d5536554f178dbcde3973d2d64e2f33271247e734cc3d6b88fd3f

New bloom filters, but please upgrade to 1.5.11 to avoid known problems in this build.

Bug Fixes

Summary
- When enabled, this will write files along with the segment files with prefix bloom5h1., which add approximately 5% storage overhead.
- It is safe to just delete any bloom5h1. files while the system is running, or in case the feature needs to be disabled.
- MUST be enabled with BLOOMFILTER_ENABLED=true (Note! defaults to false in this release, which makes searches skip events they should not).
- New experimental bloom filters that speed up searching for constant strings such as UUIDs and IP-addresses; the longer the search string, the bigger the speedup. The bloom filters also help regular expression searching, including case insensitive ones.
- The bloom filter files will be generated as part of digest work, and also generated for "old" segment files when Humio is otherwise idle. Thus, when the feature is initially enabled, it will be visible that the CPU load is higher for a period of time.

Humio Server 1.5.9 Archive (2019-05-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.9

Archive

2019-05-06

Cloud

On-Prem

2020-11-30

No

1.5.8

11

No

JAR Checksum	Value
MD5	b6dc38838aac82596ea8eebf294b9a97
SHA1	ca35bf05425265706467adc415c8ff558bad12f9
SHA256	4d0af39687972dc6bb476928edf9c0b10d956336a564d0a828b8e036174e1da5
SHA512	a2b8e9512fc287c8ff3f2d40a734d5bab872ccedf995bdeeb8a3fc900169a7d1bfaa85a6a30e43e0272ea97bf3e3f44e6f397535818e6e7b1fac15ca0ced98d2

Bug Fix Release

Bug Fixes

Summary
- Add information on query prefixes to the Query Monitor. When inspecting a running query in the Query Monitor the query prefix can now be found in the details pane.
- Enable sourcetype field in the HEC endpoint to choose parser (unless another parser is attached to the parser token).
- Default filters in dashboards could cause search to not find anything.
Automation and Alerts
- Alerts with multiple notifiers could result in notifications not adhering to the configured notification frequency resulting in notification spam.

Humio Server 1.5.8 Archive (2019-04-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.8

Archive

2019-04-25

Cloud

On-Prem

2020-11-30

No

1.4.x

11

No

Yes

JAR Checksum	Value
MD5	4898c50c07b21c557e16f9ecb0525b64
SHA1	6f7de5e75418ab04752927081ac4af0156b78df9
SHA256	449c36c1b9cf793db02250e1d089594491fde458f46b33b2b4b2967ef7e0bef7
SHA512	d382620aa86df5fc7d24977d6097f1d40829e5b1c5cce5431ce6110ca256be99a636bdb1d5b0d322fee1cc784d55f7b4cc12ae78da059b4089cbb9739494e7e0

New dashboard editing code and many other improvements

Bug Fixes

Summary
- In tableview, if column data is of the form \[Label](URL) it is displayed as Label with a link to URL.
- Dashboard queries that are not live and uses a timeinterval relative to now, are migrated to be live queries. Going forward, queries with timeintervals relative to now will be live queries when added to dashboards.
- S3 archiving now supports forward proxies.
- parseTimestamp() now handles dates, e.g. 31-08-2019.
- @source and @host is now supported for Filebeat v7.
- The Auth0 integration now supports importing Auth0-defined roles. New config AUTH0_ROLES_KEY identifies the name of the role attribute coming in the AWT token from Auth0. See new auth0 config options Map Auth0 Roles.
- Validation of bucket and region when configuring S3 archiving.
- Alerts notifiers with standard template did not produce valid JSON.
- Built-in audit-log parser now handles a variable number of fractions of seconds.
- Humio's own Jitrex regular expression engine is again the default one.
Configuration
- Config property KAFKA_DELETES_ALLOWED has been removed and instead DELETE_ON_INGEST_QUEUE is introduced. DELETE_ON_INGEST_QUEUE is set to true by default. When this flag is set, Humio will delete data on the Kafka ingest queue, when data has been written in Humio. If the flag is not set, Humio will not delete from the ingest queue. No matter how this flag is set, it is important to configure retention for the queue in Kafka. If Kafka is managed by Humio, Humio will set a 48hour retention when creating the queue. This defines how long data can be kept on the ingest queue and thus how much time Humio has to read the data and store it internally.

Humio Server 1.5.7 Archive (2019-04-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.7

Archive

2019-04-10

Cloud

On-Prem

2020-11-30

No

1.4.x

11

No

JAR Checksum	Value
MD5	5ed44bb802f54fc03ea606da0e5d2afe
SHA1	d3c3d7705366851dfa019214c3cf2b653914c7f2
SHA256	41d0da3dd48732136ae245209cb549946e46f31ff0bca9a2fd37d2d9c73b05f4
SHA512	f07ac6a204637973c64f830082245475b7ec3b6dfe01eb98d63a68adaa5f352a0c4647ec189cbc12f543c50e093d63475377031b869538be076c097394a853dc

Bug Fix Release

Bug Fixes

Summary
- Temporarily disable deletes of events from the ingest queue to allow recovering events skipped in the queue due to the above infinite loop problem.
- Revert default Regex engine from jitrex to RE2J. jitrex has a case where it may loop infinitely and this will break the digest pipeline if this happens in a live query.

Humio Server 1.5.6 Archive (2019-04-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.6

Archive

2019-04-04

Cloud

On-Prem

2020-11-30

No

1.4.x

11

No

JAR Checksum	Value
MD5	614a06c67d4e93e1a3f2083ce5cfe4c0
SHA1	57d3259a0469703caa38975a0be19062f0954e57
SHA256	e410583413293132f0e6f09884c3387282892b31164c77472cb0f4343f4d6ec6
SHA512	0a00735576c700ee063824ead2845452cbf1f00530014be127d13cb7da89a55143d64192755b00e3039f175cc64985cad736cd9dbe08f54005163f43008c1a1c

Bug Fix Release

Bug Fixes

Summary
- LDAP integration.

Humio Server 1.5.5 Archive (2019-04-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.5

Archive

2019-04-03

Cloud

On-Prem

2020-11-30

No

1.4.x

11

No

JAR Checksum	Value
MD5	39a4777bd2dae7d69177426d063dc6df
SHA1	6d27f9ae18dbcb49bfc37f7c014db93f331652ea
SHA256	e3ec14f8cbc6d78c4beede209fe4be958e5c727fe3a7fcb2d7919afc81c3c85d
SHA512	7d3c645974227a9e9dfd8ea261923f516b626d02eea73ab5bd7fdccd3bfdfbfab7f05e37abe49019d7a0ff97bd3824646e4de1ff8f587fdbf3623bed77c9da42

Event Context

Bug Fixes

Summary
- The size of the Drawer, showing event details on the search page, is remembered (by being saved to local storage)
- New event context searches let users select and search around one specific event.
- Segment merging could reuse a tmp file when the system was restarted, which would block the merging process on that host from making progress.
- Fix bug in regex not recognizing [0-9] as part of \w
- Restart all relevant queries when an uploaded file gets changed. This allows live queries and alerts to refresh using the latest version of the file.
- Live timecharts could accumulate data for 2 buckets instead of 1 into the bucket that was right-most when the charts starts.
- A GET on /api/v1/users that lists all known users on the system no longer includes information on the repositories for the user, as that made it too slow.
- Display information on disk space usage of primary / secondary storage location in cluster management UI.
- Uploaded files cannot be bigger than specified in the config MAX_FILEUPLOAD_SIZE. Default value is .0 megabytes. The default value is used in our cloud.
Configuration
- New parameters MAX_SERIES_LIMIT and MAX_BUCKET_POINTS.

Humio Server 1.5.4 Archive (2019-03-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.4

Archive

2019-03-26

Cloud

On-Prem

2020-11-30

No

1.4.x

11

No

JAR Checksum	Value
MD5	d3c301554f98e7540728d412b6452e49
SHA1	c172bf5c456df3ded1e08f37f232b0ea7fbf96eb
SHA256	d4b23822b1a63846913dbd9421cfc3a7d937af4c3b3d17262b3674e5a4a99a16
SHA512	82a2f80540e623f05eab2219cf79283f406255b18ae10083de1eecf30038ab8b413d497138c1cfa6c758978c490cbfbc21b3e4abc63e19c1d3bf47c8f1625fb9

Bug Fix Release

Bug Fixes

Summary
- Query scheduler could get into a state of doing no work when overloaded during startup. Workaround while working on proper solution: Raise the queue size internally.

Humio Server 1.5.3 Archive (2019-03-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.3

Archive

2019-03-26

Cloud

On-Prem

2020-11-30

No

1.4.x

11

No

JAR Checksum	Value
MD5	64439aad4fb74f03ab9cf140de039d2e
SHA1	16f55ee1018400f92aec8fd0330e54b81077d4dd
SHA256	6acb0265a88ee250390a1021db382724148e8b09a7738fa7c948fd6f95d06870
SHA512	9705984865b1852aff9b4237d391ea94b40e0cee972e1ed82fc4e5b9f84a08a69e71bfd5614ad2b141479ff1b1b50523ab1ef9e7b05c5ce31eb6a35d51f40c96

Bug Fix Release

Bug Fixes

Summary
- Webhook request could end up with malformed requests.
- New Config flag WARN_ON_INGEST_DELAY_MILLIS. How much should the ingest delay fall behind before a warning is shown in the search UI. Default is 30 seconds.

Humio Server 1.5.2 Archive (2019-03-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.2

Archive

2019-03-25

Cloud

On-Prem

2020-11-30

No

1.4.x

11

No

JAR Checksum	Value
MD5	5df6f461a9703cdf6ae3095f73502e53
SHA1	5400b067c8e7c56b1febc4ed4903e62499f83470
SHA256	8814989d98be9aa7b53ddcdeaffa394056ca70c08edf6c5e2cdcf05a4db21c86
SHA512	de757392b3ae568ed348af4bd0153ebc76b15e4f2b16a540f9af756235479f833b0a8f1d92cd3a87ea011dded75841f1dea91f1d15675ec7c465cc6db32f637d

New functions for Math and Time operations.

Bug Fixes

Summary
- Query prefixes for users were not properly applied to the "export" api.
- Repositories with names starting with "api" were inaccessible.
- Date picker marked the wrong day as current.
- New functions for "Math" and "Time" operations.
- Java version check: Allow JDK-11 and 12.

Humio Server 1.5.1 Archive (2019-03-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.1

Archive

2019-03-22

Cloud

On-Prem

2020-11-30

No

1.4.x

11

No

JAR Checksum	Value
MD5	669f2e0e026ac5ce1ada07221cbd2397
SHA1	9157d3100b8c35d1c36ef03323aa1431de11b0d4
SHA256	846f0de0235cf4835e5da75853d4fbc069ad6d0fb2c74bafda3a0d471e1041c7
SHA512	5e27430929861a3ef0c3aea3accc88d7b57b8ac133d87dd1757cbc8ed88cb3914a93592c368886eed2b938c576d81099ee97fa60a79118fb4f6d120060dbb705

The default regex engine has been replaced.

Bug Fixes

Summary
- New regex engine (Humio jitrex) is now the default; configure using DEFAULT_USER_INPUT_REGEX_ENGINE=HUMIO|RE2J. If you experience issues with regular expressions try setting configuration back to the previous default RE2J. You can also pass the special flags /.../G (for Google re2j) or /.../H (for Humio jitrex) to compare.
- Timechart more efficient in the backend, better supporting more than 1 series.
- New implementation backing match(...) for exact matching (glob=false) allows using .csv files up to 1 million lines. The limit for exact match state size can be set using EXACT_MATCH_LIMIT=.0.0.
- No owls were hurt in the production of this release.
- Kill query or blacklist query was not always killed on all nodes.

Humio Server 1.5.0 Archive (2019-03-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.5.0

Archive

2019-03-15

Cloud

On-Prem

2020-11-30

No

1.4.x

11

Yes

No

JAR Checksum	Value
MD5	c3615501d40a6cb19301c26174548841
SHA1	0cb80023e27a2e43e6b0281711ed4483e1415caf
SHA256	5ec7ad5370a1768d886885ecf118ea6bcd09af362175011521e1209308ab35b6
SHA512	f5e5d71332d774f87e13143b458707c1ddbf114901292c4b1cbdef27844f0c6e7460afde36c6fa0f5e638c6251b908fcae3b22bcb908506726824399d568b78c

All parsers are now written in Humio's query language.

Bug Fixes

Summary
- permission for editing retention when running with ENFORCE_AUDITABLE=true.
- Migrated regex parsers with the option 'PARSE KEY VALUES' enabled has different parse semantics. If the regex fails key values will no longer be extracted.
- All parsers created before the introduction of parsers written in Humio's query language are migrated.
- New BETA feature: Delete Events allows deleting a set of events from the internal store using a filter query and a time range. At this point there is only API (Graphql and REST) for this but no UI.
- Non root users could not see sandbox data when using RBAC.
- The option 'PARSE NESTED JSON' on the old json parser creation page is no longer available/supported. Instead use parseJson on specific fields, e.g. 'parseJson() | parseJson(field=foo)'. This has to be done manually for migrated json parsers!

Humio Server 1.4.9 Archive (2019-03-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.4.9

Archive

2019-03-13

Cloud

On-Prem

2020-11-30

No

1.3.2

11

No

JAR Checksum	Value
MD5	658abeee302dd14ad05a2b7d50ca5a6a
SHA1	c5bf3e514152899299880a77faf08fb7bb0595d8
SHA256	dc48a0753a3113ced36f67fd91814735ba31f01cf51cdd6cd4ab31614460acb0
SHA512	fa0f2732aaca9ad7bfde148270547efeec8da6a1d237c88d5d315e25269666054fb0ef76e08d2cfbebef5a29b460a947d75d3994f18c9e0bf0676d226b16fffd

Bug Fix of retention not working.

Bug Fixes

Summary
- Retention was not applied to all segment files in a clustered setup. The bug was introduced in 1.4.4.
- Increasing AUTOSHARDING_MAX default from 8 to 16 and start autosharding at 4 instead of 2,
- Prevent labels in gauge widgets from being clipped.
Automation and Alerts
- white space in field templates in alerts.

Humio Server 1.4.8 Archive (2019-03-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.4.8

Archive

2019-03-11

Cloud

On-Prem

2020-11-30

No

1.3.2

11

No

JAR Checksum	Value
MD5	b4757d785261fc262a3d618296d690d1
SHA1	1dc9f2712b87567e40889262da8095086e060d6a
SHA256	0eed830ffdd0ae4bfbacf5f2627a29104a0928e1e3b6635553cf841cef5f0aa2
SHA512	0950bc904e0b80b501c4fca4ee8634db2ca9fcca4fd9154e77dd8c223e867e754d1147b9013434cf15566d5fe21ccfe6056416d1ecf6d242a974141f88673acd

Bug Fix Release

Bug Fixes

Summary
- Bug Fix create default directories in the Zookeeper Docker Image
- Bug Fix introduced in last release for handling error messages

Humio Server 1.4.7 Archive (2019-03-07)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.4.7

Archive

2019-03-07

Cloud

On-Prem

2020-11-30

No

1.3.2

11

No

Yes

JAR Checksum	Value
MD5	d09b1e4945cff155ce459cdd293bb4e9
SHA1	d44e10514f3c9b1e46c9b3ccaef5f9418226b4e1
SHA256	bd950358b9eb8f20269ee2823fd579a856c535237d49002891f6f9455c117fd7
SHA512	f3b838a1c2b284467b99e395963685e47ca57a2c774c8a77ef3b51878fece9a8d6dd5371818f9897c6f591996a50f158a233b9cf511ce3167bd887047f4aec92

Saved queries allowed in case and match.

Bug Fixes

Summary
- Humio now requires Java version 11. The docker images for Humio now include Java 11. If you run the "plain jar" you must upgrade your Java to 11.
- Improved handling of the "Kafka reset" aka "Start from fresh Kafka" aka "Set a new topic prefix". Humio detects and properly handles starting after the user has wiped the Kafka installation, or pointed to a fresh install of Kafka.
- Upgraded to Kafka to 2.1.1 in our Docker images and the Java client in Humio. Humio is still be compatible with older versions of Kafka. Lowest supported Kafka version is 1.1.0.
- Saved queries now supported in case and match.

Humio Server 1.4.6 Archive (2019-03-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.4.6

Archive

2019-03-04

Cloud

On-Prem

2020-11-30

No

1.3.2

11

No

JAR Checksum	Value
MD5	8cf206c7d6972c1268f9b01d78b231a7
SHA1	b2b550a80c08715ee6a5f073612e05da7e16468d
SHA256	38aaad962f12cd6d3bc44d0d2467cd9c8e6d12568f9fbe2cd527fbfa23895968
SHA512	f078c07a386aa88ac910f198d81fd6d8d230c5e5e3b205afad6a29741ab1a4e6cb918828d8e2e1fe16e8c3e705705b6eeab5d0cfce17740367ba97b8d0804fe4

Bug Fix Release

Bug Fixes

Summary
- Prevent 'http response splitting' attack in the "export as" function.
- The personal sandbox was missing in list of visible repos for non-root users when READ_GROUP_PERMISSIONS_FROM_FILE was enabled.
- ENABLE_PERSONAL_API_TOKENS defaults to true. When set to false the API tokens are no longer valid as auth-tokens.
- When @timestamp is in the filter part of the search then let that limit the timeinterval as if selected in the Time Selector.

Humio Server 1.4.5 Archive (2019-02-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.4.5

Archive

2019-02-27

Cloud

On-Prem

2020-11-30

No

1.3.2

11

No

JAR Checksum	Value
MD5	a40c7e599b3e4fafc887ef8712552f70
SHA1	61f99d83c67f6a8d993f5bb13ca5f59887f85358
SHA256	5af2499bd32943ccdc3377b609b244ebf87c32e5c4d4d2c632dc2e7ee1921c3f
SHA512	21f1a835d97f96347b0480b3a9b122cf7ff2a6e2cab7ad0a47b00d8b36ba3a24dafd78d34ee2404659388bbbf319ca066ce47cee7aa2048037fd03a475324c3f

Bug Fix Release

Bug Fixes

Summary
- Many background tasks now get executed only on hosts with segment storage partitions assigned, and the hosts use the storage partition assignments as the key to decide which hosts must execute the tasks, thus freeing up resources on the other hosts.
- Shutdown of digest had a timeout of 10 seconds internally, which could lead to being dropped too soon while shutting down or restarting. This could result in ingest lag rising to over .0 seconds, where the expected lag is the time from the shutdown is initiated until a fe seconds after the new instance is started. There is a new config SHUTDOWN_ABORT_FLUSH_TIMEOUT_MILLIS which defaults to .0.0 millis (5 minutes) to allow proper shutdown also on systems with many datasources or slow filesystems / disks.
- Timechart in "steps mode" now displays the the the right of the label instead of to the left, which matches the fact that the labels are the start time.
- NODE_ROLES being applied in more background tasks.

Humio Server 1.4.4 Archive (2019-02-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.4.4

Archive

2019-02-26

Cloud

On-Prem

2020-11-30

No

1.3.2

11

No

JAR Checksum	Value
MD5	03050687bddbd6ffe56830ed84f827e4
SHA1	f1f9cabbcbddb014e4aef0f8e1869fbbd8c60c8d
SHA256	8ab6c51081d0b918de61340f7a6d241f740b3ec77ae9d3a7517805c925412af3
SHA512	718e7abf3b89076d07bc36c89606b9a72cc5b7c15432550b903931172ce6fca323aff85a0feecc4e1de5de5a02cc7ccb099c79166d59376ca8dc5dee78c8f2ee

Bug Fix Release

Bug Fixes

Summary
- Making a repository or view a favorite failed on recently created items.
- Detect if a host in the cluster is being set to have the same vHost index as this host, and exit in this case.
- On a cluster with many segments and a node with no segments, the cluster administration page could time out.
- Repository statistics displayed on frontpage were out of date on servers without any digest partitions. This also made the search page display the warning "You don't have any data yet, consider the following options..." when searching until a result of the search was returned.
- Having timezone offset larger than the span in a timechart could result in errors.

Humio Server 1.4.3 Archive (2019-02-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.4.3

Archive

2019-02-21

Cloud

On-Prem

2020-11-30

No

1.3.2

11

No

JAR Checksum	Value
MD5	fb4d7742cb6418b51024f84bb61f9346
SHA1	6ba6f2f9636a28db9c4b882e07df356e2c255f6b
SHA256	440bc3d0321042007c8b0c3749d93175e15d554dae66c1863495bb7464a9dcc4
SHA512	f7a5c820e7482889371217d32faabda602f31389242876b5f7e49a2a8081804707b4013be6dd3323da03b3518aa852cb88c2820ebc44732fbb26330b03102436

Improved restart of live queries.

Bug Fixes

Summary
- Restart live queries if their query prefixes change when using Role based authentication and access control (RBAC).
- Remove migration from internal data formats older than what v1.3.x writes. Do not start this version without having upgraded to 1.3.2 or 1.4.x first.
- Improved restart performance to better support restarting (or upgrading) the servers in a large cluster with large amounts of data.
- Humio's UI is programmed in Elm and we upgraded to use Elm 0.19.
Configuration
- NODE_ROLES with current options being "all" or "httponly". The latter allows the node to avoid spending cpu time on tasks that are irrelevant to a nodes that has never had any local segments files and that will never be any assigned segments either.

Humio Server 1.4.2 Archive (2019-02-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.4.2

Archive

2019-02-19

Cloud

On-Prem

2020-11-30

No

1.3.2

11

No

JAR Checksum	Value
MD5	cf5177de7c89a5c02121d29b4d359dab
SHA1	08fc9b230423eb1abde2f8f3c43c6c06e230b457
SHA256	4cfef752ca7286a2cbb91e33ca7619488c06e59079640f7f8f2fd11779066b11
SHA512	2997e1f2a5ea57ce2e7b8ce2c360e113f9dfa2a983abb2e02bcab8e555591783cf7b7b29f4f567bb0531aa83136daa98461b3b4b8cf217d22eb8f4fa8fe513fa

Minor release. Improve restarting of queries and Ingest listener performance.

Bug Fixes

Summary
- Bug Fix ldap authentication code.

Humio Server 1.4.1 Archive (2019-02-18)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.4.1

Archive

2019-02-18

Cloud

On-Prem

2020-11-30

No

1.3.2

11

No

JAR Checksum	Value
MD5	78e0cf1a91b21be2f13f92f4551c212a
SHA1	4f0dc81ffd99d0a7802f2a5f4a1cc492646a5ffc
SHA256	68b99a2998f50c77c91f098e5d033347ab51912e8c639751a6012b29559abd5e
SHA512	1d877446dba301b5e39d723b2e58a88edba98bc46d7c969821adf2db32ae115ef46b90f1ce3d2b0ddfc7df6aa75e5d5f3042e59840007d03c2433197f9c6de87

Minor release. Improve restarting of queries and Ingest listener performance.

Bug Fixes

Summary
- Improved restarting searches when a node go away.
- Improved Ingest listener performance. One socket can more throughput than before.

Humio Server 1.4.0 Archive (2019-02-14)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.4.0

Archive

2019-02-14

Cloud

On-Prem

2020-11-30

No

1.3.2

11

No

JAR Checksum	Value
MD5	fb0290d5203f178cfbbef8df7b89106a
SHA1	7e2f17d867734264c91c697849884bb530fbc450
SHA256	cce65b639ab277dd50cf29f2d53ff119d705c64d33a4a118b8e49b899d8dd27c
SHA512	7cfad54614ef63f35fe6d3cc50d2239650845b390e0aea63f1e2e199745a68854524fdb24cad5f59867339cbe0eb2432bd904cef7e7a90e9b115d5abe6f1a52a

High availability for ingest and digest.

Bug Fixes

Summary
- Emphasis is on efficiency during normal operation over being efficient in the failure cases: After failure the cluster will need some time to recover during which ingested events will get delayed. The cluster needs to have ample cpu to catch up after such a fail-over. There are both new and reinterpreted configuration options in the config environment for controlling how the segments get build for this.
- Digest partitions can now be assigned to more than one host. Doing so enables the cluster to continue digesting incoming events if a single host is lost from the cluster.
- Segments are flushed after 30 minutes. This makes S3 archiving likely to be less than 40 minutes after the incoming stream.
- Clone existing dashboard when creating from the frontpage was broken.
- If rolling back, make sure to roll back to version 1.3.2+
Functions
- Limit match() / lookup() functions to 20.0 rows or whatever MAX_STATE_LIMIT is set to.

Humio Server 1.3.2 Archive (2019-02-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.3.2

Archive

2019-02-12

Cloud

On-Prem

2020-11-30

No

1.3.0

11

No

JAR Checksum	Value
MD5	78600bc158479cc9f830aa5091a2e5b2
SHA1	ae23e67395282d4d639a074e38e83194d7830a6d
SHA256	22756db5d14705888e67f6dc0d70bd42e55af29e72dc33511e405139a637c0d7
SHA512	bd64769af08191c2fb79bd332b891c38adf6484d56b211768efadb952b94b666bad30abd484514c2d49420d2c8fd944cc571491f4f04fdac7036cac0aba27434

Allow an alert to have multiple notifiers, e.g. both Slack and PagerDuty

Improvements, new features and functionality

Automation and Alerts
- Allow an alert to have multiple notifiers, e.g. both Slack and PagerDuty.

Bug Fixes

Summary
- Bar charts got incorrect height.
- Sandbox permissions for the owner of the sandbox.
- HEC ingest of array of numbers fixed.

Humio Server 1.3.1 Archive (2019-02-08)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.3.1

Archive

2019-02-08

Cloud

On-Prem

2020-11-30

No

1.3.0

11

No

JAR Checksum	Value
MD5	d4a36b05d6937062d63eb86bc4b8c605
SHA1	c1cb90603d98ea824f0b86a8fa1e6d8763023533
SHA256	513759afc48f71d35a23c3ab6bf9bace08737175ab721aef4bb4c658f23ffd72
SHA512	e911929e8e2cbf0bbf0727735d8ce36b265b0f5a664dc1f1e6a70fc36740998dbc217614e5411846cffa123a27d2039d1785228583075947fca4cbe0691b5ebe

Bug Fixes in addition to a new permission model.

Bug Fixes

Summary
- LDAP changes being rolled back to allow users to login using just their username again.

Humio Server 1.3.0 Archive (2019-02-07)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.3.0

Archive

2019-02-07

Cloud

On-Prem

2020-11-30

No

1.2.0

11

Yes

JAR Checksum	Value
MD5	c2c8064b9528569f55bae4809823d688
SHA1	0ca51526a8fb204a6d7f5d98ef3df9b99b9d9bb8
SHA256	0f4b789dfe2a36cab77850f9a2c1aa2c5d6db9f13527760fb58d428ff3bf6edc
SHA512	d6ec65028371383b770fedb57488530a144edc3ec5a684ed829d1997ff4a2bc6d4607a22d100e6729fcf8c3d30b3e480d45cd9975507754e2a891d0bafee43aa

New permission model

Bug Fixes

Summary
- Metric of type=HISTOGRAM in the internal "humio-metrics" repo had all values a factor of 10^6 too low.
- New permission model used for Role Based Access Control is now in use all the time. Default setup includes the roles member, admin, and eliminator as usual.
- LDAP fix; may require users to login with full user@domain user name, not just user.
- The config for RBAC has changed (config file has a new name, environment variable names have changed).
Functions
- worldMap() function forgot about normalize option.

Humio Server 1.2.12 Archive (2019-02-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.12

Archive

2019-02-05

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

JAR Checksum	Value
MD5	8e5166154004d10cc532edf628ff9a75
SHA1	52d1c821efb9faa1e2929e37c18d4b31301ba06c
SHA256	27c07d34ab9f3f1b71f4c69bdd6fa416fbb4e64a6c150dd25fef19261b0541da
SHA512	87f05b4ab55a92ed45c3f0b0594a281b2ebf47b13656b69da0e7c698e0ec2676ad7000fd6bb3cca656057931319af27536ca68e290447b610afeffa7efc18645

Optimizations and Bug Fixes

Bug Fixes

Summary
- Running queries now show only top-.0 queries to avoid overloading the browser in case of many queries.
- Added a timechart of bulk size to built-in dashboard "Humio stats".
- Optimizing for many datasources in a repo by removing a bottleneck related for "tag grouping" auto-detection.
- Improvements to Query Monitor
Functions
- lowercase() function now preserves unmodified fields in the "include=both" case, and no longer modifies "@timezone".

Humio Server 1.2.11 Archive (2019-01-31)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.11

Archive

2019-01-31

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

JAR Checksum	Value
MD5	abb43dfa8ee8f12402a76a179410176b
SHA1	1a03197336c007c67d50dbee4a10fb9255f6babc
SHA256	31917a8d9b99a7374e84d2992bf4c7abf17e9a584b1a87ad2c0c4b2ef7413563
SHA512	e808107e58221d854235b2eb4b882ce6f7ce607fe5ad7daf6e3d9cebaef34cf2be39530f9f3f90c7e1af3ee3f007c755e7c9f4570712d776b82ac66e8b857d8b

Support for non-loadbalanced queries, optimizations and Bug Fixes

Bug Fixes

Summary
- When your query matches more than .0 events, you can now scroll further back in time than those .0, "paging" through the older events. This works for any "non-aggregate query".
- New "Zoom and pan" buttons to quickly change the search interval: Double the time-span or move the search interval 1/8th of the span to either side.
- When your load-balancer does not act as "sticky" as described in Manual Cluster Deployment, Humio now internally proxies requests to the proper internal node for search requests.
- Write Humio metrics into the new repo humio-metrics. Any user can query metrics but only for the repos they can search. Looking at metrics that are not repo-specific requires being a member of the humio-metrics repo.
- Allow any user to query the humio-audit log, but only for the actions of the user. Looking at the actions of others requires being a member of the humio-audit repo.
- Changes to desired digest partition to node assignments did not get reflected in other nodes until a restart of the other nodes.
Functions
- New function for parseFixedWidth().

Humio Server 1.2.10 Archive (2019-01-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.10

Archive

2019-01-28

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

JAR Checksum	Value
MD5	9dc2a50e634009d50bca66d3bcfc5f84
SHA1	72e5306849274de3274367e6a681e331103a2b0a
SHA256	06dd50f0aba251dbbc1d26c653e180786319c945c25a35650f98bab376a55340
SHA512	5dfa5517f83781d1a107dc87ae5948ab7d50ce3fb0131d4d17cf0c244badfd4f3e70b7bf7ef0b4d1639c2a579766d0e607b6d9a85de3cf586e3c3af997613928

Load Balanced Queries, Optimizations and Bug Fixes

Bug Fixes

Summary
- Added HTTP header to support loadbalancing queries. The header Humio-Query-Session is described in Manual Cluster Deployment.
- parseCsv did not handle broken input gracefully.
- New built-in parser for the popular .NET Serilog logging library.
- Improved HEC performance.

Humio Server 1.2.9 Archive (2019-01-18)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.9

Archive

2019-01-18

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

JAR Checksum	Value
MD5	9263f70e884f582a3bf29cf33b30dd23
SHA1	7c2ece55d70d8bf0f6a4809259033d42b54a92f7
SHA256	235a22e311557b26a2493c885cc0875df7de0b36e098149271f7230dee1d6e7f
SHA512	ac8f52d1f342b01978744521d6489c1efcaa98f01a678057642ea194ba097c86832d97c12d79e78d4e1aa2ba1db74c48c5b458bea66890f770916b29962e12fd

Maintenance Build

Bug Fixes

Summary
- Delete of queries on the http endpoint now lets the query live for 5 seconds internally, to allow reusing the same query if resubmitted.
- RetentionJob would not delete remaining segments marked for deletion if one delete failed.

Humio Server 1.2.8 Archive (2019-01-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.8

Archive

2019-01-17

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

JAR Checksum	Value
MD5	988ba57c9b42c57a996e3cca5874e4f8
SHA1	eff65659bcef942f04e32f13882dd89dd592c00b
SHA256	8ea328361f1a1b0d08177696aecc0239e1802caffd971e93ffc2302bc4bb912b
SHA512	d7f7ea99cc6de3b72adb419ffc52095c1ec7c02b9bc436bd73de7998b04429747c660faa2f672d8a8995c574d9321211000c8586eff753a37c7c1505826da8a3

Maintenance Build

Bug Fixes

Summary
- Live queries in a cluster where not all servers had digest partitions could lead to events being stuck in the result when they should have been outside the query range at that point int time.
- Better names for the metrics exposed on JMX. They are all in the com.humio.metrics package.
- Cloning built-in parsers made them read-only which was not intentional.
- Config KAFKA_DELETES_ALLOWED can be set to "true" to turn on deletes on the ingest queue even when KAFKA_MANAGED_BY_HUMIO=false.
- Support for applying a custom parser to input events from any "beat" ingester by assigning the parser to the ingest token.
- Handle HTTP 413 errors when uploading too large files on the files page
Functions
- New function, mostly for use in parsers scope: parseCSV() parses comma-separated fields into columns by name.

Humio Server 1.2.7 Archive (2019-01-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.7

Archive

2019-01-15

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

JAR Checksum	Value
MD5	204a89d9d15e30118198c14b0776426a
SHA1	f99f0bfc8df24c6bf6df30143c74b70b99ffce55
SHA256	c56ad4cda1ec9a447c4170540e2d8338767333e775152e27a521cf0948aae08e
SHA512	3225863a2801a30b0a9da59bf14bf1c7d5eac14469fa23d7a312cd765e88e8001a981d537e848067caeae656ad04455db5cde8ee484cd7370e1a58e469330961

Maintenance Build

Bug Fixes

Summary
- New function eventSize that provides an estimate of the number of bytes being used to represent the event, uncompressed.
- enable escape to clear sticky events in all scenarios
- A race condition could lead to memory being leaked.
- Humio metrics on the Prometheus endpoint now have help texts and use labels where appropriate.
- Short time zone names such as "EST" did not work properly in function that accept a time zone name.
- S3 archiving has completed testing with customers and is no longer considered BETA, but ready for use now.
- Export as CSV allows selecting the fields in the download dialog when the query does no set the fields through table or select.
- A new built-in parser for "syslog" in the format of both the old and new RFC, that uses case to auto-detect the format.

Humio Server 1.2.6 Archive (2019-01-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.6

Archive

2019-01-11

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

JAR Checksum	Value
MD5	442b0eea2bda0e1e882d793bce5baf4d
SHA1	622fe45e4c3c6ba2c519ce277a4a490cd385b80d
SHA256	517ee1cca7921aa396584589353690dd8e4d236ceae0e285fcf969e0c559c89d
SHA512	6426c8aa972831d898538e5978446ff379dadd76cd36f557b109898fbdc214fc6c4676dcba7847abf8784f1206b5751cc8d732c1334f3bd2ff608411505ac4cd

Maintenance Build

Bug Fixes

Summary
- S3 archiving: Include all tag keys in generated file names, also those listed in the configuration.
- Allow GET/HEAD on elastic _bulk emulation API without auth. Some client poll that API before posting event.
- Extracting a field from within a tag-field could make the query optimizer fail.
- When using select() and not including @timestamp, that field got included in exported files anyway. Now it gets included when specified as a selected field.
- Expose Humio metrics as JMX.
- Allow both Basic-auth and OAuth on all ingest endpoints. We recommend putting tokens in the password field of the authentication.
- Expose Humio metrics to Prometheus. The port needs to be configured using the configuration parameter PROMETHEUS_METRICS_PORT.
- HEC endpoints now accepts input from Docker Splunk logging driver. You can thus get your docker container logs into Humio using this logging driver. All you need to do is add --log-driver=splunk --log-opt splunk-token=$TOKEN --log-opt splunk-url=https://humioserver to your docker run.
- Calendar in query interval selector had time zone problems.
Automation and Alerts
- Improved detection of alerts that are canceled to get them restarted.
Functions
- stats() function (the [] operator for functions) did not pass on the data used to select default widget.
- worldMap() function now accepts the precision parameter for the geohash function embedded inside worldMap().

Humio Server 1.2.5 Archive (2019-01-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.5

Archive

2019-01-09

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

JAR Checksum	Value
MD5	7d419a81a0a59bcfb2dc0b6cc02bbdb3
SHA1	07d793802c31377f8a60ea0bec52a351176ed948
SHA256	419cadb92f32a3c4f8275c5d2b303c979e4f7fbe5c676d6396f6f40710771f9c
SHA512	cbe4a472c820225a4dff2c8145bf485b819172af6b0295a18593c4e90e7b16233bc069af9a2c030bef586bd32f38bbd60fa33b5be2fac798bfe17c4716bc1e7c

Maintenance Build

Bug Fixes

Summary
- Timeouts on the http endpoint have been changed from 60s to infinite. This allows exporting from queries that hit very little data, e.g. a live query that receives one event every hour.
- When running with PREFIX_AUTHORIZATION_ENABLED=true Alerts and Shared dashboards now run as the user who saved them, restricted to those prefixes that the users has at the time the query starts.
- Added new query functions lower and upper.
- Query performance improved by fixing a bottleneck that was noticeable on CPUs with more than 16 cores.
- HEC protocol now accepts data at "/services/collector" url too. And accepts authorization in the form of a "Authorization" header with any realm name, as long as the token is a valid Humio token. This allows using e.g fluentd and other software to ship to Humio using HEC.
- Segments with blocks where all timestamps are zero were reported as broken when trying to read them.
- Allow * as fields for lowercase function to allow lower casing all field names and values. Recommended use case is in the ingest pipeline as this is an expensive operation.
- Basic auth (used mostly on ingest endpoints) now allows putting the token into the password field instead of the username field. Use of the password field is recommended as some software treats the password as secret and the username as public.
- Audit-logging did not happen for queries using the "/query" endpoint i.e. using the export button in the UI.
- If the parser ends up setting a timestamp before 1971, or does not set a timestamp, use now as timestamp for the ingested event. Same for timestamps more than 10 seconds into the future.
Configuration
- Humio will by default write threaddumps to the file humio-threaddumps.log every 10 seconds. This is configurable using the configuration parameter DUMP_THREADS_SECONDS. Before this was disabled by default.

Humio Server 1.2.4 Archive (2019-01-02)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.4

Archive

2019-01-02

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

Yes

JAR Checksum	Value
MD5	8f00b74da1609381950edf68d769f7e2
SHA1	ed33fa097e5f203b16efcefdd349cdbac9023cf4
SHA256	6a88855fa503b5275b2dec27c8f4d8e0259abd5deba4134416ee3acb4dad4806
SHA512	b888ec3903f91be343df410a56647903fb0763e81b08c0cef0740d64c364b35f8c3cd72ddd1657bb3a794fd3c39aaf5a1453651f9fb44f6439606e1e1aa5f05b

Secondary storage of segment files

Bug Fixes

Summary
- Performance fix: Running live queries for weeks with a small time span for the bucket size was expensive.
- Extended the internal latency measurement to include the time spent in the custom parsers as well.
- When a segment file was deleted while being scheduled in a query, the query would end up being "99%" done and never complete.
- Secondary Storage of segment files. This allows using a "fast" disk primarily, and a "slow" one for older files.
- HTTP Event Collector (HEC) out of beta. Endpoint is located at /api/v1/ingest/hec.
- Deleting an ingest listener did not stop the listener.

Humio Server 1.2.3 Archive (2018-12-18)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.3

Archive

2018-12-18

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

JAR Checksum	Value
MD5	4f6da960a7c21c65a8625b168504e151
SHA1	62589a92f1a2b9759d970d2a2d828c667c1d1471
SHA256	ed0242a2a159733babc22e912141ced535e2a4721dfd1ec03c80043e9d2c6976
SHA512	9d1c59e90b0220fb000fcf42bc0dfb71c727703e4d948c1d3dd2185354f2699e073f009b5d569e3c324a430cc7f99b8829433946b5303032c4cb122b1a5f7f92

Maintenance Build

Bug Fixes

Summary
- Performance improvement: queries with NOT NotMatching were much slower than the plainfilter NotMatching.
- New ingest endpoints without the repo in the path, as the repo is specified by the token for authentication, repo and and parser selection.
- Widget auto-selection improved.
- Default to running queries on only vcores/2 threads.
- Display of query speed in clustered version was multiplied by (n+1)/n in a n-node cluster.

Humio Server 1.2.2 Archive (2018-12-14)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.2

Archive

2018-12-14

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

Yes

JAR Checksum	Value
MD5	24df9210b046af907c826c8151885ab4
SHA1	54649576e7e8960552f094a079e19fcaa81dd42b
SHA256	a1c0d3a35759c707eabad6dc459b059e550916328bd6676a76d5acd1d8a2fcbe
SHA512	d68a3f5d6ed53ee52921b1f4d175dcb74b8270618b291a8a04685992f41222a912b31803c7a5da23710dffe5c7dfb729977d5d9e56515e47f6ef9543c2244074

Maintenance Build

Bug Fixes

Summary
- Configuration change. ALLOW_UNLIMITED_STATE_SIZE has been replaced by MAX_STATE_LIMIT. MAX_STATE_LIMIT limits state size in Humio searches and now allows specifying a number. For example the number of groups in the groupBy() function is limited by MAX_STATE_LIMIT.
- sandbox did not work properly with PREFIX_AUTHORIZATION_ENABLED=true

Humio Server 1.2.1 Archive (2018-12-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.1

Archive

2018-12-13

Cloud

On-Prem

2020-11-30

No

1.2.0

11

No

JAR Checksum	Value
MD5	edc9569eac0a6b53871bbc2d45128841
SHA1	554b0a1c5d98f5eae3a705f6a30677b1a4ba2059
SHA256	2c73145e4c8fdf986ec57f523c19a4184ccded3e3a20b8529169d320d97dfab1
SHA512	21cac90fa422cb78458c07958db8d9ee284831b7ffefbacd75193eacc6ec405c42dc8c18e26b8170d8803d1aee06388209f6fb1753edc613aaf5f390df0672e0

Maintenance Build

Bug Fixes

Summary
- Improve maximum throughput of a TCP-listener ingest up to 4 times the previous level for a single socket. Maximum throughput can reach .0.0 events/s when testing with .0 bytes/event on localhost. Use more sockets in parallel to achieve higher throughput.
- Editing a parser with syntax errors did not work.
- When pushing the query sub-system to the limit with many simultaneous long-running live queries for more than 10 seconds, a query could end up triggering a restart of itself.

Humio Server 1.2.0 Archive (2018-12-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.2.0

Archive

2018-12-11

Cloud

On-Prem

2020-11-30

No

1.2.0

11

Yes

JAR Checksum	Value
MD5	8c08fdaf29d88da3508f64dbaaa3b640
SHA1	e940c781a712f4b3c4561557170a2762dfc296f4
SHA256	812a322cba7f784422262f61cc256cfcad91c81f6e3ea28082150307b69b0a5d
SHA512	5e5dfdc312c51751ec9ffd24173add4acfdbbc2fb679924b05bc4b592c7848389b1d5d3b81326e154b97dd688702a23d4a220f897641546abf5248655f89bd7d

Create parsers using Humio's search language. Changes to "Backup" layout.

Bug Fixes

Summary
- In a cluster where any node did not have any digest roles, queries could get polled much too frequently.
- kvParse() function no longer overrides existing fields by default. To override existing fields based on input use: kvParse(override=true). See docs kvParse().
- New parsers. It is now possible to create parsers using Humio's search syntax. Check out the Creating a Parser documentation. Existing parsers has not been migrated and it is still possible to use the old parsers. We encourage using the new parsers and will automatically migrate old parsers in a future release.
- Blacklist queries. In the administration section of Humio it is now possible to blacklist queries. This can also be done from the Query Monitor page, by clicking a query and then block it in the details section, or using the Query Blacklist page directly.
- The parser overview page now shows parser errors. This is a quick way to detect if parsers are working as expected.
- The backup feature now stores the copies of the segment files in separate folders for each Humio node. This allows the Humio nodes to delete files that are no longer owned by that node also in the case where all Humio nodes share a shared network drive. This change has the effect that existing backups are no longer valid and cannot be read by this version. Delete any existing backups when upgrading, or reconfigure Humio to use a fresh location for the backups.
- parseTimestamp() function has changed signature. The parameter nowIfNone has been removed and a new addErrors introduced. This can break existing searches/alerts/dashboards (but the parameter has not been widely used). See docs parseTimestamp().

Humio Server 1.1.37 Archive (2018-12-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.37

Archive

2018-12-03

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

JAR Checksum	Value
MD5	4bceede76af7c3bce25ebd5aea43f247
SHA1	45fb2bb7f927ac376c7b79f851c6e15624b0daa8
SHA256	9e021b952271054906c7d0c926ab21ef3a70cb36114819fa860d03827eed77d1
SHA512	dc68309d17ed2815b3bf1219c36ae343eb778356cc07a819a23db046b48f013f65c464e24e1dab90713ce35a1dee6fd21d8f513539a93ddfd5081a5d8995d673

Maintenance Build

Bug Fixes

Summary
- Field-extracting using regex did not work in live queries in an implicit AND.
- Fix bug in UI when uploading file.
- Add debug logs for LDAP login.

Humio Server 1.1.36 Archive (2018-11-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.36

Archive

2018-11-28

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Yes

JAR Checksum	Value
MD5	cb5614ccde77ea9789a0cfb300cd5a16
SHA1	fc269cc45480142120ec11949f89cb2212df60d4
SHA256	b41d9ecf30c02199cb5a3a954da1e80457b643d85622c0790ed9ee6ba1eb7a97
SHA512	8270540462fb03756b02bc6f6d4af37eef7c033c45664b05649c8aaf7484b1ae20ddbe707a6261a4b71c017372b916b835694e16138b6732807db2f42acdf4f9

Role-based auth support for SAML & LDAP

Bug Fixes

Summary
- Config variable AUTO_CREATE_USER_ON_SUCCESSFULL_LOGIN renamed to (the correctly spelled) AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN.
- GELF over HTTP support. Note that this format is a good fit for uncommon events, but due to lack of bulk support not efficient for streams with high amounts of traffic. Authentication is required using basic auth with an ingest token (or personal API token, but using that is not recommended).
- Role-based access control is now supported for on-prem when using SAML or LDAP for authentication.
- Set thread priorities on internal threads.
Functions
- Extended session() function to accept an array of function instead of only one.

Humio Server 1.1.35 Archive (2018-11-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.35

Archive

2018-11-27

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

JAR Checksum	Value
MD5	72a131e4c17781a44b449624dd2c6c5f
SHA1	831ce32e06c543a661e91f3f52ee577db2aaa0d3
SHA256	20a57eb91dbf23a1aef0b6fce605ac238536881b4f4f7a7eb2b178a444797fe9
SHA512	0d148f4a13c104bf70d403ba948f4723074d5cf6e15dd59e69d5f2195f8697f56f6e26146361e21831b35c5b14455c3c644da7718379c3c5e7adeb1f321185d5

Graylog compatible ingest support.

Bug Fixes

Summary
- Allow ingest in "GELF" v1.1 format. See GELF Payload Specification. Humio supports ingest on using the UDP and UDP chunked encodings, and both may optionally be compressed using ZLIB. (Gzip not supported yet.) TCP is supported as zero-byte-delimited uncompressed.
Automation and Alerts
- Alerts did not properly encode all parts of the query in the URL that is sent in the notification.

Humio Server 1.1.34 Archive (2018-11-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.34

Archive

2018-11-22

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Yes

JAR Checksum	Value
MD5	ab1eafa8442d6ed275c94527ed96ed19
SHA1	7a48b49cba75653d610cc700fab5237707fada44
SHA256	4aa7256991fbc5275ede446402ae9540281bcf39ba8a4503a0510d559ddcd45f
SHA512	2c4b1ff36ee3d4409f0ae142cfd749d1ada4228b4a6c533685ff476093117f3a472ecc8c5b3e7354ab4412406d488488cc6ffb5f4ca905c8bd5144a128925d1a

Improved LDAP support

Bug Fixes

Summary
- By default users must be added inside Humio before they can log in using external authentication methods like LDAP and SAML. This can be controlled using the configuration flag AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=false. If users are auto created in Humio when they successfully login for the first time, the user will not have access to any repositories unless explicitly granted. A new user will only be able to access the users personal sandbox.
Functions
- Bug Fix for match() function. In some cases it did not match quoted strings.

Humio Server 1.1.33 Archive (2018-11-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.33

Archive

2018-11-15

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

JAR Checksum	Value
MD5	5a840e455815bf24e87ae39348effcfe
SHA1	af4b4f35e2269622f4caaa37c3cc498029bd17bc
SHA256	85ca4356d4ec798ed19fa36c647701a316b6d6b83bc5d1685741c96e1cbe951c
SHA512	7153862acd7603bc213137e42a1bc28f2ed1d80a057dec7513d8a65b0fdece6e7d87e6145744bbeabdd3bd87966cfb81f507c76b6c4ea8961eaadf239a6524ac

Bug Fix and digest performance

Bug Fixes

Summary
- Digest throughput improvements
- Fixed: Parsers did not show the build-in parsers

Humio Server 1.1.32 Archive (2018-11-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.32

Archive

2018-11-15

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

JAR Checksum	Value
MD5	d33e3e5efff00f0b1d85d385ea269462
SHA1	4f31157403313e8b17137366b3a8328773f026f5
SHA256	3c1122d4bea20462bbbabcd0dc42650756c7da2dd90c6460d6de304d3c3bf210
SHA512	0e0e0182678ae1b6ce1f46b15a9d2fb2818d3ac625920feca372d024510d3cecef0dd79dcd46a3839e4123211d834d5124cc019cbb43c8d6fea24f075deb52f2

stripAnsiCodes() function, top on multiple fields and Bug Fixes, default repository query

Bug Fixes

Summary
- Repositories' default search interval has been replaced with the possibility to choose a default repository query. All default search intervals will be migrated to default queries. A default query can be set by saving a query and checking the "Use as default" checkbox.
- Added support for Java 11. Humio can now be run with Java 9 or Java 11. Humio's Docker images are updated to use Java 11 and we encourage people to update to Java 11 and use Azul's OpenJDK Zulu builds.
Configuration
- Bug Fix connecting to Kafka when using the property EXTRA_KAFKA_CONFIGS_FILE.
Functions
- New range() function: finds numeric range between the smallest and largest numbers for the specified field over a set of events.
- New stripAnsiCodes() function: strips ANSI color codes from a field.
- top() function now supports more than one field to group on combination of fields.

Humio Server 1.1.31 Archive (2018-11-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.31

Archive

2018-11-09

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

JAR Checksum	Value
MD5	60e957fae4f61ea8176aa2575546d400
SHA1	eae8ff212e0f53a72a202358510fc91e33a022f3
SHA256	2db5c9571a7c7ea60587ecb96af1b427db7171b9fa8a81a50bf6e80bb51d478e
SHA512	53f21f1352d9df0f7c0e13ab3e41f19b708129065cbbfa2b0c98054b49f6fac1d6ee3a198e56d0a3809f82e32fec9191f02ddc11f8827c8dd186adb1c9a66382

Reduce latency of incoming events.

Bug Fixes

Summary
- Improved build-in dashboards, allowing them to be shared using share links like any other dashboard.
- The latency measured from an event arrive at Humio until live queries have been updated with that event has been reduced by approximately 1 second to now be in the 0 - .0 millisecond range.
- It is now possible to block ingestion in a repository. It can be done from the repository's settings page.

Humio Server 1.1.30 Archive (2018-11-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.30

Archive

2018-11-04

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

JAR Checksum	Value
MD5	32a2d83501170709e29b4773382ed9da
SHA1	56b88c67f4c46fe9353d52992935340e7654c1d8
SHA256	04c3cc3efdeb71d79865081a9fee70acc0751af27bceb1efb80188ac1fb0a0ca
SHA512	0e6bbedaac7ccec7fbe163ad23522be0cb00bdf391716b75cedab92426bdd4deec864ce6ae8cadf4d0b4e1a23a7f43d611ebbe7023c4f237b34b5b3c295f4d2a

'Create Parser' button opened a beta page for creating parsers

Bug Fixes

Summary
- 'Create Parser' button opened a beta page for creating parsers.
- Handle clients posting empty bulks of events.

Humio Server 1.1.29 Archive (2018-11-02)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.29

Archive

2018-11-02

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

JAR Checksum	Value
MD5	bfd7b069334c3e9fcc3f669ef7108284
SHA1	249dabc85c1d0846dbd92e5c12c2fbcbeaae61ba
SHA256	26071929b87a33ac4ae913521b16e8d9791358a615db84194a6b63e195106329
SHA512	7967a83ba7157b9e22e73a1fa19d69f40bc3269ff27bbd13f367e3f691f5df5ed3a29a3715ca84cad9e3e3b105d6e254545982564e92f635561d13f349961489

Bug Fixes

Bug Fixes

Summary
- Allow '.' in S3 paths.
- Live queries could get false sharing of eval() results.
Configuration
- QUERY_EXECUTOR_CORES allows setting cores for query engine individually.

Humio Server 1.1.28 Archive (2018-10-31)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.28

Archive

2018-10-31

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Yes

JAR Checksum	Value
MD5	3e64aa4a09bef57eea35d35f1b4fa33e
SHA1	02c468696787e5720abb007ce79976256a8d368c
SHA256	5859b357a306c1acf606a6e5fce75cc28d5891a950a320e3522c25998298d777
SHA512	95b9ff0929f7f80941586311e3f2623f7d8357fdb2ef2b9d537c8f1672a987afcd5dd1bce7873ab9a08f4353b5bbebd7c2bbfc98ff90afd94bbea748c99dd3f4

Improved SAML authentication and digest performance

Bug Fixes

Summary
- When zooming to a wider time range on a timechart with a fixed "span" parameter, widen the span and a dd a warning to allow the chart to work instead of failing with "too many bucket".
- Back-pressure on ingest should not be applied to internal log lines, such as the internal debug and audit log entries.
- The first search to hit a repository in a cluster with millions of segments would fail while listing those files.
- Dashboard searches are kept running for 3 days, when they are not polled. After that they are not kept alive on the server. This is configurable using the config IDLE_POLL_TIME_BEFORE_DASHBOARD_QUERY_IS_CANCELLED_MINUTES. This replaces IDLE_POLL_TIME_BEFORE_LIVE_QUERY_IS_CANCELLED_MINUTES.
- Performance improvements for digest on systems with many sparse datasources.

Humio Server 1.1.27 Archive (2018-10-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.27

Archive

2018-10-24

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

JAR Checksum	Value
MD5	8517a2486d8c6dcc9219b186c26c2f7f
SHA1	cf1fb05f32d5675cdb3faca53416c0de3faab22c
SHA256	d29498ec6e65c0a38d3c6ba50ef0c6d9c106df32aa96dba237b52d418d8809e3
SHA512	4045bf8dfde298fee12b8f37abc0ea3a0ec37733c47582342450bd59e5b4f7a8a783878926dfe1d2605e9d27fe9bbc98f7fbf907125ce54aa600e88f74ebbb1b

Back-pressure on ingest overload and Bug Fixes

Bug Fixes

Summary
- When too much data flows into Humio for Humio to keep up, apply back-pressure by responding statuscode 503 and header Retry-After: .0.
- The event list on the search page now correctly resets the widget when a new search is started
- The max value of the y-axis of timecharts is now correctly updated on new results
- Many changes internally to prepare for having more than one node in the "Digest rules" for fail-over handling of ingest traffic.
- Pagination now works for tables on dashboards

Humio Server 1.1.26 Archive (2018-10-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.26

Archive

2018-10-15

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

JAR Checksum	Value
MD5	38fb6d4e13106b90ee91060def4741a9
SHA1	b196f3f6337b3e5b519ed8e95c694b11ddecda1f
SHA256	4804482761ce478d55d30226790c2ed3ee5fb4266940810663cab39971a394e8
SHA512	f9f6368ad401811ff7d2af18995e5f025822d3a5d8d3f69d5da50a0aa8fcf7cb246168311828dc87a3bef2770700796a46e3f36c0390208085edb2df3f464a36

Minor Release

Bug Fixes

Summary
- Performance improvement in table, sort and tail especially when using a large limit.
- Using the field message instead of log (as described in v1.1.25) did not work properly.
Functions
- select() function did not render results if they did not have @timestamp and @id . (The select() is like table() but unsorted and allows exporting an unbounded set of events).
- session() function could miss events in some situations.

Humio Server 1.1.25 Archive (2018-10-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.25

Archive

2018-10-12

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Adds World Map and Sankey visualizations and SAML authentication support.

Bug Fixes

Summary
- S3 archiving now handles grouped tags properly, generating one file for each tag combination also for grouped tags.
- The new visualizations require a change to the CSP. If you have your own CSP, you need to add 'unsafe-eval' to the script-src key.
- Importing repositories from another Humio instance has repository ID where repository name was required.
- New visualization helper functions geohash(), worldMap(), sankey().
- The update services widget that "phones home" to update.humio.com can now only be disabled if you have a license installed.
- New visualizations: World Map and Sankey .
- Support using filebeat to ship logs from Helm chart for ingest logs from a Kubernetes cluster. The message can be in the field log or message.
- Searching using ... | *foo*** | ... is identical to ... | foo | ... since plain text searches are always substring matches. But the former got turned into a full-string regex match for ^.*foo.*$ which is 10-30 times slower compared to the fast substring search in Humio.
- New query syntax: match on a field that eases matching for several cases on a single field.
Functions
- split() function could use the timestamp of one event in more of the following events than those that originated in that event.
- Performance regression in functions table(), sort(), tail() and head() that slowed them down a lot when the limit was larger than .0.

Humio Server 1.1.24 Archive (2018-10-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.24

Archive

2018-10-05

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Maintenance Build

Bug Fixes

Summary
- Segments deleted by retention-by-size would sometimes get left behind in global, adding warnings to users searching at intervals including deleted segments.
- Reorder query prefixes to execute queries more efficiently. Moves tags to the front of query string to allow better start-of-query datasource filtering.

Humio Server 1.1.23 Archive (2018-10-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.23

Archive

2018-10-01

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

No

Update Kafka server version to 1.100.0

Bug Fixes

Summary
- Do not reassign partitions in Kafka when there is already sufficient replicas (Only applied when KAFKA_MANAGED_BY_HUMIO=true, the default).
- Handle empty uploaded files.
- Improved performance of parsers that have (?<@timestamp>\S+) as their timestamp extractor regex.
- Humio's Kafka and Zookeeper Docker images have been upgraded to use Kafka 1.100.0. We recommended to keep the update procedure simple and not do a rolling upgrade. Instead shutdown Humio Kafka and Zookeeper. Then fetch the new images and start Zookeeper, Kafka and Humio. For details see Kafka's documentation for upgrading. (Note: This change was listed in release notes for v1.1.20 even though it was applied only to the kafka client there, and not to the server).
- The query planner has been improved, so it can more precisely limit which data to search based on tags.
Configuration
- Do not remove other topic configs in Kafka when setting those needed by humio (Only applied when KAFKA_MANAGED_BY_HUMIO=true, the default).

Humio Server 1.1.22 Archive (2018-09-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.22

Archive

2018-09-27

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Fix Kafka prefix configuration problem. Faster percentiles. Allow globbing when using match().

Bug Fixes

Summary
- The key/value parser now (also) considers characters below 0x20 to be separators. Good for e.g. FIX-format messages.
- The UI for setting node ID on an ingest listener did not work.
- Add flag match(..., glob=true|false) allowing the key column of a CSV file to include globbing with *.
- If using Kafka prefix configuration, the server would always assume Kafka has been reset. Releases 1.1.20 introduced this problem.
Functions
- percentile() function changed to use 32bit precision floating point making it ~3x faster.

Humio Server 1.1.21 Archive (2018-09-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.21

Archive

2018-09-25

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Bug fix release.

Bug Fixes

Summary
- The implicit tail(.0) that is applied when no aggregate function is in the query input did not sort properly in certain cases.
- Query Monitor now also shows cpu time spent in the last 5 seconds.
- Timechart on views broke in previous version 1.1.20

Humio Server 1.1.20 Archive (2018-09-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.20

Archive

2018-09-24

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

No

Use Kafka version 1.100.0

Bug Fixes

Summary
- Humio's Kafka and Zookeeper Docker images have been upgraded to use Kafka 1.100.0.~~ (Update: See 1.1.23)
- Added the possibility to add extra Kafka configuration properties to Kafka consumers and producers by pointing to a properties file using EXTRA_KAFKA_CONFIGS_FILE. This makes it possible to connect to a Kafka cluster using SSL and SASL.
- Humio is upgraded to use the Kafka 2.0 client. It is still possible to connect to a Kafka running version 1.X

Humio Server 1.1.19 Archive (2018-09-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.19

Archive

2018-09-21

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Cluster administration, dashboard clone/export/import and faster startup on large datasets.

Bug Fixes

Summary
- Auto-nice long running queries, making them take on lower priority compared to younger queries, measured by cputime spent.
- Allow negative index in splitString, which then selects from the end instead of from the start. -1 is the last element.
- Fix #2263, support for !match().
- Generate pretty @display value in split() function.
- HUMIO_KAFKA_TOPIC_PREFIX was not applied to all topics used by Humio, only where the name matched global-*".
- Startup of the server is now much faster on large datasets.
- Setting INGEST_QUEUE_INITIAL_PARTITIONS in config decides the initial number of partition in the ingest queue. This only has effect when starting a fresh Humio cluster with no existing data.
- Dashboards can now be copied to other repos and exported and imported as templates.
- Faster response on cluster management and entering the search page.
- Upgrading to this version requires running at least v1.1.0. If you run an older version, upgrade to v1.1.18, then v1.1.19.
- New cluster management actions for reassigning partitions to hosts and moving existing data to other hosts.

Humio Server 1.1.18 Archive (2018-09-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.18

Archive

2018-09-13

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Ease using your own Kafka including older versions of Kafka.

Bug Fixes

Summary
- Ease using your own Kafka including older versions of Kafka
- Added MAX_HOURS_SEGMENT_OPEN to the number of hours after which you want a segment closed and a new one started even if it has not filled up. Note that you may want to disable segment merging in this case to preserve these smaller segment files by also setting ENABLE_SEGMENT_MERGING=false
- Set KAFKA_MANAGED_BY_HUMIO=false to stop Humio from increasing the replication of the topics in Kafka.

Humio Server 1.1.17 Archive (2018-09-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.17

Archive

2018-09-10

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Show Events Per Second (EPS) when searching.

Bug Fixes

Summary
- Improve search performance when adding fields to events.
- Dashboards can now be copied to other views.
- Show Events Per Second (EPS) when searching.

Humio Server 1.1.16 Archive (2018-09-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.16

Archive

2018-09-06

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

No

Add CRC to data files. Migrates data to support upcoming features to later serve as a potential roll back point.

Bug Fixes

Summary
- New 'cluster overview' tab in admin page (this is work in progress, feedback appreciated).
- Bug Fix. Regular expressions using /.../ syntax sometimes matched incorrectly.
- Scheduling of queries now take cpu time spent in each into account, allowing new queries to get more execution time than long-running queries.
- Adds CRC32c to the segment file contents.
- Support CSV downloads. End the query with | table([...]) or | select([...]) to choose columns.
- Note! v1.1.15 is able to read the files generated by v1.1.16. Rolling back to version 1.1.14 or earlier is not possible, as those versions cannot read the files that have CRC.
- Regular expression matching with a 'plain' prefix is now faster.

Humio Server 1.1.15 Archive (2018-09-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.15

Archive

2018-09-03

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Support for setting parsers in our Kubernetes integration and a new parseHexString() function.

Bug Fixes

Summary
- Updated instructions for configuring the PagerDuty notifier.
- Bug Fix. Tables now sort globally instead per page.
- Our Helm chart for ingest logs from a Kubernetes cluster now support setting a parser using the pod label humio-parser.
  For more information, see Use Case: Migrating from Helm Chart to Operator.
Functions
- New function: parseHexString().

Humio Server 1.1.14 Archive (2018-08-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.14

Archive

2018-08-21

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Starring alerts and Introduce a displaystring for formatting log strings.

Bug Fixes

Summary
- Bug Fix. Slack notifier had the message twice in the request.
- Improve Netflow parser to handle packets coming out of order.
- Introduced @displaystring.
Automation and Alerts
- Starring alerts. Get your favorite alerts to the top of the list.

Humio Server 1.1.13 Archive (2018-08-16)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.13

Archive

2018-08-16

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

No

Improve LDAP support.

Bug Fixes

Summary
- Enable logging in with LDAP without providing domain name. Domain name can be set as a config using LDAP_DOMAIN_NAME. See Authenticating with LDAP.
- Enforce an upper bound of the number of fields allowed for one event. The limit is .0. If an event has too many fields, .0 are included.

Humio Server 1.1.12 Archive (2018-08-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.12

Archive

2018-08-15

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

No

SMTP support for sending emails, new Files UI and support for self-signed certs for ldap.

Bug Fixes

Summary
- New Files UI. Possible to manage files for use in the lookup() function.
- LDAP users must now be added with their domain. For example add <user@myorganisation.com> (instead of just user). Existing users are migrated by the system, so no actions are required.
- Segment file replication did not (re-)fetch a segment file if the file was missing on disk while the "global" state claimed it was present.
- Eliminate the backtics syntax from eval(), the same effect can be obtained with transpose().
- Add operators >, <, >=, <=, and % to eval expressions.
- SMTP support for Email Configuration
- LDAPS can use a self-signed certificate through config.
Functions
- Add new functions now(), transpose() and drop() to the query language.
- Fix bug with tail() inside groupBy(), bucket(), [...] or stats() expressions.

Humio Server 1.1.11 Archive (2018-08-03)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.11

Archive

2018-08-03

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Release

Bug Fixes

Summary
- "Export to file" did not work in the UI.
- Performance improvement in the internal logging to the Humio dataspace.
- Eliminated a race condition in the ingest pipeline that could drop data in overload conditions.

Humio Server 1.1.10 Archive (2018-08-02)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.10

Archive

2018-08-02

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Release

Bug Fixes

Summary
- Now using Google's RE2/j as the default, not the JDK's. Can be configured using USE_JAVA_REGEX.
- Autosharding now happens after tag grouping. Improves performance in case where some datasources are slow and others very fast when those are grouped.

Humio Server 1.1.9 Archive (2018-07-30)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.9

Archive

2018-07-30

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Release

Bug Fixes

Summary
- Bug Fix. When encountering a broken segment file, let the server start and ignore the broken file.

Humio Server 1.1.8 Archive (2018-07-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.8

Archive

2018-07-26

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Release

Bug Fixes

Summary
- Bug Fix. Autosharded tags should not get tag-grouped.
- Improve handling color codes in Humio's built in key-value parser

Humio Server 1.1.7 Archive (2018-07-05)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.7

Archive

2018-07-05

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

No

Minor Release

Bug Fixes

Summary
- Bug Fix. Remove race condition that could create duplicate events on restart.
- Update embedded GeoLite2 database to 20180703 version.
- Verify Java version requirement on startup.
- Datasource autosharding is now able to reduce the number of shards.
Functions
- Bug Fix. Fix split() to allow splitting JSON arrays of simple values.
- New function match() is like lookup() but better suited for filtering.
- Bug Fix. sort() with multiple fields was not stable for missing values.

Humio Server 1.1.6 Archive (2018-07-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.6

Archive

2018-07-04

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Release

Bug Fixes

Summary
- Bug Fix. Log rotation of Humio's own log files. Files was not deleted, but now they are.
- Improved datasource autosharding to be less eager.
- Bug Fix. Viewing details of a logline while doing a live query did not pause the stream. This resulted in the details view being closed when the logline went out of scope.
- Restructured documentation.

Humio Server 1.1.5 Archive (2018-06-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.5

Archive

2018-06-28

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Release

Bug Fixes

Summary
- Remove supervisors from the Docker image humio/humio-core

Humio Server 1.1.4 Archive (2018-06-28)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.4

Archive

2018-06-28

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Release

Bug Fixes

Summary
- Bug Fix. Repo admins that are allowed to delete data can now delete datasources.

Humio Server 1.1.3 Archive (2018-06-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.3

Archive

2018-06-27

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Release

Bug Fixes

Summary
- Fix memory problem when streaming events using the query endpoint.
- Rename a widget on dashboard directly from the dashboard itself.
- Supporting links in tables.

Humio Server 1.1.2 Archive (2018-06-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.2

Archive

2018-06-25

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Release

Bug Fixes

Summary
- Fix clock on dashboards page.
- Fix creating the sandbox dataspace in the signup flow.
Automation and Alerts
- Allow fields in alert webhooks.

Humio Server 1.1.1 Archive (2018-06-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.1

Archive

2018-06-21

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Release

Bug Fixes

Summary
- fix fullscreen mode for readonly dashboards

Humio Server 1.1.0 Archive (2018-06-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.1.0

Archive

2018-06-21

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

No

Minor Release

Bug Fixes

Summary
- Added documentation for Kafka Connect Log Format.
- It is not possible to rollback to previous versions when upgrading. Backup Global data by copying the file /data/humio-data/global-data-snapshot.json. Then it will be possible to rollback (with the possibility of loosing new datasources, users, dashboards etc that was created while running this version).
- Moved some of the edit options from the dashboard list to the dashboard itself.
- Amazon AMI available in the Amazon marketplace.
- Improved Fluentbit integration to better support ingesting logs from Kubernetes.
- Dataspaces has been split into views and repositories. This allows searching across multiple repositories and adds support for fine grained access permissions. Read the introduction in this blogpost and check out the Repositories & Views documentation.
Functions
- Added query function parseUrl().

Humio Server 1.0.69 Archive (2018-06-12)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.69

Archive

2018-06-12

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Hotfix Release

Bug Fixes

Summary
- Canceling a query in 1.0.68 would consume resources, blocking worker threads for a long time. Please upgrade.

Humio Server 1.0.68 Archive (2018-06-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.68

Archive

2018-06-11

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Yes

Regular update release.

Bug Fixes

Summary
- Changes to Humio's logging. Humio now logs to 2 files /data/logs/humio-debug.log and /data/logs/humio_std_out.log. Std out has become less noisy and is mostly error logging. This is only relevant for on-prem installations.
- Ingest queue replication factor in Kafka is now by default set to 2 (was 1). If it is currently set to 1 Humio will increase it to 2. The configuration parameter INGEST_QUEUE_REPLICATION_FACTOR can be used to control the replication factor.
- Deeplinking did not work in combination with having to log in.

Humio Server 1.0.67 Archive (2018-06-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.67

Archive

2018-06-01

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Support for GDPR: Hardened Audit Logging.
- Improved search performance when reading data from spinning disk

Humio Server 1.0.66 Archive (2018-05-23)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.66

Archive

2018-05-23

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Added "prune replicas" method on on-premises HTTP API to remove extra copies when reducing replica count in cluster.
- Increased default thread pool sizes a bit, but still only 1/4 of what the were before 1.0.65

Humio Server 1.0.65 Archive (2018-05-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.65

Archive

2018-05-22

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Search performance improvement: Reduce GC-pressure from reading files.
- Reduced default thread pool sizes.
- Fixed bug: Importing a dataspace from another Humio instance did not handle multi-node cluster properly

Humio Server 1.0.64 Archive (2018-05-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.64

Archive

2018-05-15

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Search scheduling is more fair in cases with multiple heavy searches.

Humio Server 1.0.63 Archive (2018-05-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.63

Archive

2018-05-15

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Read segment files using read instead of mmap.
Automation and Alerts
- Bug Fix. Alerts could end up not being run after restarting a query.

Humio Server 1.0.62 Archive (2018-05-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.62

Archive

2018-05-09

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Increase timeout for http query requests.

Humio Server 1.0.61 Archive (2018-05-08)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.61

Archive

2018-05-08

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Worked on http request handling - do not starve requests under load.
- Improved "connect points" option in timecharts.

Humio Server 1.0.60 Archive (2018-05-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.60

Archive

2018-05-04

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Timeout idle http connections after 60 seconds.
- Removed logging of verbose data structure when querying.
- Increase maximum allowed http connections to 2.00.
- Fix dashboard links on frontpage.
- Removed error logging when tokens has expired.
- Possible to expose Elastic compatible endpoint on port 9.0, which is the Elastic default. Use the configuration parameter ELASTIC_PORT

Humio Server 1.0.59 Archive (2018-04-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.59

Archive

2018-04-26

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

Regular update release.

Requires data migration and configuration changes — Auth0 changes.

Deprecation
Items that have been deprecated and may be removed in a future release.
The configuration options AUTH0_API_CLIENT_ID and AUTH0_API_CLIENT_SECRET have been deprecated in favor of AUTH0_CLIENT_ID and AUTH0_CLIENT_SECRET respectively - the old names will continue to work as aliases.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Summary
If you are using Auth0 in your on-prem installation of Humio you must update your Auth0 Application configuration and re-configure Humio(or start using your OAuth identity provider directly). We at Humio will be happy to help. Below configuration changes are only relevant if Auth0 is used for authentication:

Bug Fixes

Summary
- New convenience syntax for passing the as parameter using assignment syntax. minx := min(x) is equivalent to min(x, as=minx). This can be used at top-level | between bars |, or within [ array blocks ].
- The parser handles left and right double quotes which can easily occur if you edit your queries in a word processor, i.e., Protocol := "UDP - 17"
- The Auth0 configuration properties AUTH0_WEB_CLIENT_ID and AUTH0_WEB_CLIENT_SECRET have been removed. You can safely delete the associated Auth0, as Humio only requires on Auth0 Application in the future.
- New syntax for computing multiple aggregates for example, to compute both min and max ... | [min(foo), max(foo)] | .... This syntax is shorthand for the stats() function.
- Existing users on cloud.humio.com will need to re-authenticate the application 'humio' to use their account information.
- Users that are authenticated through Auth0 will need to configure the PUBLIC_URL option, you must add add
  INI
  $PUBLIC_URL/auth/auth0
  To the list of callback URLs in your Auth0 Application.
- New convenience syntax for passing the field= parameter to a function using curly assignment syntax. ip_addr =~ cidr("127.0.0.1/24") is equivalent to cidr("127.0.0.1/24", field=ip_addr). This can also be used for regex i.e., name =~ regex("foo.*").
- The configuration option AUTH0_WEB_CLIENT_ID_BASE64ENC has been remove.
- Humio Auth0 no longer requires the grant read:users, you can safely disable that on your Auth0 Application - or just leave it.
- New naming convention for function names is camelCase() which is now reflected in documentation and examples. Functions are matched case-insensitively, so the change is backwards compatible.
- Humio now support authenticating with Google, GitHub and Atlassian/Bitbucket directly (see Authenticating with OAuth Protocol), without the need to go through Auth0. This is part of our GDPR efforts for our customers on cloud.humio.com, so as to avoid more third parties involved with your data than necessary.
- Renamed the alt keyword to case. alt will still work for a few releases but is now deprecated.
- Depending on how you set up your Auth0 application, you may need to update your Auth0 Application Type to "Regular Web Application" in the your Auth0 account, more details can be found in our Authenticating with OAuth Protocol documentation.
- The head() function allows you to do deduplication by using groupBy([ field1, field2, ... ], function=head(1))
Functions
- The query language has several new functions: formatTime(), ipLocation(), rename(), splitString(), parseInt() (updated version of to_radix_10 function), stats(), head(). See Query Functions documentation for details of each one.

Humio Server 1.0.58 Archive (2018-04-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.58

Archive

2018-04-19

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Improved versioning. The version now starts with an actual version number. This version matches the version in Docker Hub.
- Documentation has moved into its own project online at https://docs.humio.com.
- JSON parsers can be configured to parse nested JSON. That means it will look at all strings inside the JSON and check if they are actually JSON.
- Small improvements to Grafana plugin.
- New on-boarding flow supporting downloading and running Humio.
- Humio is available as a downloadable Docker image. It can be used in trial mode for a month. After that a license is required.

Humio Server 1.0.57 Archive (2018-04-16)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.57

Archive

2018-04-16

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Cloud-only release.

Bug Fixes

Summary
- Added an update service widget to the menu bar that will announce new updates and give access to release notes directly in Humio. The service contacts a remote service: update.humio.com. If you do not want to allow this communication you can disable it from the Root Administration interface.
- Updated Humio and Kafka Docker images to use Java 9.
- New Query coordinator for handling distributed queries. This should improve the error messages on communication problems.

Humio Server 1.0.56 Archive (2018-03-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.56

Archive

2018-03-26

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Bug Fix Release.

Bug Fixes

Summary
- Fixed bug: Auto suggestions selection using mouse.
- Fixed bug: Race condition in segment merging code. Could lead to loss of data when changing size of segment files. The problem was introduced in the previous release as a case of the out-of-order processing fix.

Humio Server 1.0.55 Archive (2018-03-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.55

Archive

2018-03-22

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Fixed bug: When system got overloaded - events could get lost if processed out of order in a datasource.
- JSON is not pretty printed when showing the details for an event in the message tab.
- Improved Grafana integration).
- Added a JSON tab when showing event details. The tab pretty prints the event and is only visible for JSON data.
- Improved ingest performance by tuning LZ4 compression.

Humio Server 1.0.54 Archive (2018-03-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.54

Archive

2018-03-15

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

No

Regular update release.

Data migrations are required, but compatible both ways: Users on dataspace can now have multiple roles.

Bug Fixes

Summary
- Fixed bug: "Export to file" failed on Sandbox dataspaces.
- Fixed bug: In uncommon cases when ingesting a large bulk of events that were not compressible at all, the non-compression could fail.
- Audit Logging BETA feature. There is now a humio-audit dataspace with audit log of user actions on Humio.
- License keys in UI now ignore whitespace for ease of inserting keys with line breaks.

Humio Server 1.0.53 Archive (2018-03-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.53

Archive

2018-03-13

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Fixed bug: In some scenarios the browsers back button had to be clicked twice or more to go back.
- Introduced License Installation. Humio requires a license to run. It can run in trial mode with all features enabled for a month.
- Fixed bug: Enter does not start search after navigating using the browsers back button

Humio Server 1.0.52 Archive (2018-03-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.52

Archive

2018-03-06

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Cloud-only release.

Bug Fixes

Summary
- Disconnect points on timecharts if there are empty buckets between them.
- Fixed bug: Make /regex/ work with AND and OR combinators.
- Labeling dashboards. Put labels on dashboards to organize them.
- Fixed bug: gzipping of http responses could hit an infinite loop, burning cpu until the process was restarted.
- Starring dashboards. They will go to the top of the dashboard list and there is a section with starred dashboards on the frontpage.

Humio Server 1.0.51 Archive (2018-02-23)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.51

Archive

2018-02-23

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Update Release

Bug Fixes

Summary
- Fix bug: Retention was not deleting anything.

Humio Server 1.0.50 Archive (2018-02-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.50

Archive

2018-02-22

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor Update Release

Bug Fixes

Summary
- Fixed bug: Clustered on-premises installs could stall in the copying of completed segment files inside the cluster.
- Fix issue with : occurring in certain query expressions, introduced with the new := syntax. A query such as foo:bar | ... using an unquoted string would fail to parse.
- Allow | before and after query.
- Allow saving dashboards with queries that do not parse. Allows editing dashboards where another widget is failing.

Humio Server 1.0.49 Archive (2018-02-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.49

Archive

2018-02-21

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Improvements, new features and functionality

Summary
- Show Widget Queries on Dashboards. You can toggle displaying the queries that drive the widgets by clicking the "Code" button on dashboards. This makes it easier to write filters because you can peek at what fields are being used in your widgets.
- Dashboard Filters. Dashboard Filters allow you to filter the data set across all widgets in a dashboard. This effectively means that you can use dashboards for drill-down and reuse dashboards with several configurations. Currently filters support writing filter expressions that are applied as prefixes to all your widgets' queries. We plan to extend this to support more complex parameterized set-ups soon - but for now, prefixing is a powerful tool that is adequate for most scenarios. Filters can be named and saved so you can quickly jump from e.g. Production Data to Data from your Staging Environment. You can also mark a filter as "Default". This means that the filter will automatically be applied when opening a dashboard.
- Better URL handling in dashboards. The URL of a dashboard now includes more information about the current state or the UI. This means you can copy the URL and share it with others to link directly to what you are looking at. This includes dashboard time, active dashboard filter, and fullscreen parameters. This will make it easy to have wall monitors show the same dashboard but with different filters applied, and allow you to send links when you have changed the dashboard search interval.

Bug Fixes

Summary
- Improvements to the query optimizer. Data source selection (choosing which data files to scan from disk) can now deal with more complex tag expressions. For instance, now queries involving OR, such as #tag1=foo OR #tag2=bar are now processed more efficiently. The query analyzer is also able to identify #tag=value elements everywhere in the query, not only in the beginning of the query.
- Improvement: Better handling of reconnecting dashboards when updating a Humio instance.
- Configure when Humio stops updating live queries (queries on dashboards) that are not viewed (not polled). This is now possible with the config option IDLE_POLL_TIME_BEFORE_LIVE_QUERY_IS_CANCELLED_MINUTES. Default is 1 hour.
- Improvement: Better and faster query input field. We are using a new query input field where you should experience less "input lag" when writing queries. At the same time, syntax highlight has been tweaked, and while still not supporting some things like array notation, it is better than previous versions.
- New alt language construct. This allows alternatives similar to case or cond in other languages. With:
  logscale
  ... | alt { <query>; <query>; ...; * } | ...
  Every event passing through will be tried to the alternatives in order until one emits an event. If you add ; * in the end, events will pass through unchanged even if no other queries match. Aggregate operators are not allowed in the alternative branches.
- Clock on Dashboards. Making it easier to know what time/timezone Humio is displaying result for.
- New eval syntax. As a shorthand for ... | eval(foo=expr) | ... you can now write ... | foo :=expr | .... Also, on the left hand side in an eval, you can write att := expr, which assigns the field that is the current value of att.

Humio Server 1.0.48 Archive (2018-02-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.48

Archive

2018-02-19

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

No

Regular update release. Data migration is required: the backups are incompatible.

Improvements, new features and functionality

Summary
- Export to file. It is now possible to export the results of a query to a file. When exporting, the result set is not limited for filter queries, making it possible to export large amounts of data. Plain text, JSON and ND-JSON (Newline Delimited JSON) formats are supported in this version.
Functions
- top() function. Find the most common values of a field.
- format() function. Format a string using printf-style.

Bug Fixes

Summary
- global-snapshots topic in Kafka: Humio now deletes the oldest snapshot after writing a new, keeping the latest 10 only.
- Backup feature (using BACKUP_NAME in env) now stores files in a new format. If using this, you must either move the old files out of the way, or set BACKUP_NAME to a new value, thus pointing to an new backup directory. The new backup system will proceed to write a fresh backup in the designated folder. The new backup system no longer require use of "JCE policy files". Instead, it needs to run on java "1.8.0_161" or later. The current Humio docker images includes "1.8.0_162".
- Performance improvement for searches using in particular "expensive" aggregates functions such as groupby and percentile.

Humio Server 1.0.47 Archive (2018-02-07)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.47

Archive

2018-02-07

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Log4j2 updated from 2.9.1 to 2.10.0. If you are using a custom logging configuration, you may need to update your configuration accordingly.
- To eliminate GC pauses caused by compression in the Kafka-client in Humio, Humio now disables compression on all topics used by Humio. Humio compresses internally before writing to Kafka on messages where compression is required (Ingest is compressed). This release of Humio enforces this setting onto the topics used by humio. This is the list of topics used by Humio. (Assuming you have not configured a prefix, which is in then used on all of them)
  global-events global-snapshots humio-ingest transientChatter-events
  You can check the current non-default settings using this command:
  cd SOME_KAFKA_INSTALL_DIR ./bin/kafka-configs.sh --zookeeper localhost:2181 --entity-type \ topics --entity-name humio-ingest --describe
- Removed GC pauses caused by java.util.zip.* native calls from compressed http-traffic triggering "GCLocker initiated GC", which could block the entire JVM for many seconds.
- Reduced query state size for live queries decreasing memory usage.
- Added concat() function.

Humio Server 1.0.46 Archive (2018-02-02)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.46

Archive

2018-02-02

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Functions
- rdns() function now runs asynchronously, looking up names in the background and caching the responses. Fast static queries may complete before the lookup completes. Push rdns as far right as possible in your queries, and avoid filtering events based on the result, as rdns is non-deterministic.

Humio Server 1.0.45 Archive (2018-02-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.45

Archive

2018-02-01

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Improved performance on live queries with large internal states

Humio Server 1.0.44 Archive (2018-01-30)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.44

Archive

2018-01-30

Cloud

On-Prem

2020-11-30

No

1.1.0

11

Yes

No

Regular update release. Data migration is required. Rollback to previous version is supported with no actions required.

Bug Fixes

Summary
- If the "span" for a timechart is wider than the search interval, the default span is used and a warning is added. This improves zooming in time on dashboards.
- Fix bug in live queries after restarting a host.
- OnPrem: Configuration obsolete: No longer supports the KAFKA_HOST / KAFKA_PORT configuration parameters. Use the KAFKA_SERVERS configuration instead.
- Added VictorOps notifier
- Regular expression parsing limit is increased from 4K to 64K when ingesting events.
- Added PagerDuty notifier
- On timechart, mouse-over now displays series sorted by magnitude, and pretty-prints the numbers.
- OnPrem: Size of query states are now bounded by the MAX_INTERNAL_STATESIZE, which defaults to MaxHeapSize/128.

Humio Server 1.0.43 Archive (2018-01-25)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.43

Archive

2018-01-25

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Stop queries and warn if too big query states are detected
- Warnings are less intrusive inn the UI.

Humio Server 1.0.42 Archive (2018-01-23)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.42

Archive

2018-01-23

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Added "tags" to "ingest-messages" endpoint to allow the source to add tags to the events. It's still possible and recommended to add the tags using the parser.
- Firefox is now supported.
- Fixed bug: Ingesting to a personal sandbox dataspace using ingest token was not working.
- Added OpsGenie notification template
- Support ANSI colors
Documentation
- Added documentation of the file formats that the lookup() function is able to use.
Automation and Alerts
- Fixed bug: An alert could fire a notification on a partial query result, resulting in extra alerts being fired.

Humio Server 1.0.41 Archive (2018-01-19)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.41

Archive

2018-01-19

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Fix bug #35 Preventing you from doing e.g. groupby for fields containing spaces or quotes in their field name.
- New front page page. You can now jump directly to a dashboard from the front page using the dropdown on each list item. All dashboards can also be filtered and accessed from the "Dashboards Tab" on the front page.
- Added suggestions on sizing of hardware to run Humio: Instance Sizing.
- Fixed bug: Cancelled queries influenced performance after they were cancelled.
- Better Page Titles for Browser History.
- New implementation of Query API for integration purposes.
- Fixed bug: Multiple problems on the Parsers page have been fixed.
- Startup time reduced when running on large datasets.
- Fixed bug: replace() function on rawstring@ now work also for live part of query.
- Fixed bug: If Kafka did not respond for 5 seconds, ingested events could get duplicated inside humio.
- More guidance for new users in the form of help messages and tooltips.
- Renewing your API token from your account settings page.
Functions
- sort() and table() function now supports sorting on multiple fields. Sort also supports sorting using "type=hex" as numbers when the field value starts with "(-)0x", or the type=hex argument is added.

Humio Server 1.0.40 Archive (2018-01-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.40

Archive

2018-01-09

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Added option to do authentication in a http proxy in front of Humio, while letting Humio use the username provided by the proxy.
- Fixed performance regression in latest release when querying, that hit in particular data sources with small events
Functions
- percentile() function now accepts as parameter, allowing to plot multiple series as percentiles in a timechart.

Humio Server 1.0.39 Archive (2018-01-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.39

Archive

2018-01-04

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Filebeat now utilises tags in parsers. The Filebeat configuration is still backward compatible.
- Netflow support for on premises customers. It is now possible to send Netflow data directly to Humio. It is configured using Ingest listeners.
- Tags can be defined in parsers (see Event Tags).
- Tag sharding. A tag with many different values would result in a lot of small datasources which will hurt performance. A Tag will be sharded if it has many different values. For example, having a field user as tag and having .0.0 Different users could result in .0.0 datasources. Instead the tag will be sharded and allowed to have 16 different values (by default). In general do not use a field with high cardinality as a tag in Humio.
- Root user management in the UI. A gear icon has been added next to the "Add Dataspace" button, if you are logged in as a root user. Press it and it is possible to manage users.
- Better Zeek (Bro) Network Security Monitor integration.
- Datasources are autosharded into multiple datasources if they have huge ingest loads. This is mostly an implementation detail.
Functions
- Fix bug #19 uploading files to be used with the lookup() function.
- Added stdDev() function.

Humio Server 1.0.38 Archive (2017-12-18)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.38

Archive

2017-12-18

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Fixed a bug where the "parsers" page the fields found in parsing were hidden.
- Fixed a bug that leaked Kafka-connections.
- Turn off LZ4 on connection from Humio to kafka. Note: Storage of data in Kafka is controlled by broker settings, although having "producer" there will turn compression off now. The suggested Kafka broker (or topic) configuration is to have "compression.type=lz4"

Humio Server 1.0.37 Archive (2017-12-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.37

Archive

2017-12-15

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Set default timechart(limit=20). This can cause some dashboards to display warnings. But we decided that "for the greater good" and simplicity, it's the best default behavior.

Humio Server 1.0.36 Archive (2017-12-14)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.36

Archive

2017-12-14

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Different View Modes have been made more prominent in the Search View by the addition of tabs at the top of the result view. As we extend the visualization to be more specialized for different types of logs we expect to add more Context Aware tabs here, as well as in the inspection panel at the bottom of the screen.
- Styling improvement on several pages.
- Event List Results are now horizontally scrollable, though limited in length for performance reasons.
- Typo Corrections in the Tutorial
- Performance improvements in timecharts.
- New Search View functionality allows you to sort the event list to show newest events at the end of the list.
- Syntax highlighting in the event list for certain formats including Json.
- Scrolling the event list or selecting an event will pause the result stream while you inspect the events, this especially makes it easier to look at Live Query results. Resume a stream by hitting Esc or clicking the button.

Humio Server 1.0.35 Archive (2017-12-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.35

Archive

2017-12-13

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- New parameter timechart(limit=N) chooses the "top N charts" selected as the charts with the most area under them. When unspecified, limit value defaults to .0, and produces a warning if exceeded. When specified explicitly, no warning is issued.
- Filter functions can now generically be negated !/foo/, !cidr(...), !in(...), etc.
- Upgraded to kafka 1.0. This is IMPORTANT for on premises installations. It requires updating the kafka docker image before updating the humio docker image

Humio Server 1.0.34 Archive (2017-12-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.34

Archive

2017-12-11

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Tags can now be sharded, allowing to add e.g IP-addresses as tags. (Only for root users, ask your admin.)
- Support datasources with large data volumes by splitting them into multiple internal datasources. (Only for root users, ask your admin.)

Humio Server 1.0.33 Archive (2017-12-07)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.33

Archive

2017-12-07

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Kafka topic configuration defaults changed and documented. If running on-premises, please inspect and update the retention settings on the Kafka topics created by Humio to match your Kafka . See Kafka Configuration.

Humio Server 1.0.32 Archive (2017-12-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.32

Archive

2017-12-06

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Improved ingest performance by batching requests more efficiently to the kafka ingest queue. Queue Serialization format changed as well
- Fixed bug with some tables having narrow columns making text span many lines
- Fixed bug in timechart graphs, The edge buckets made the graph go to much back in time and also into the future
- New implementation of the timeChart() function with better performance.
- When saving queries/alerts - the query currently in the search field is saved - not the last one that ran

Humio Server 1.0.31 Archive (2017-11-26)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.31

Archive

2017-11-26

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Fixed failure to compile regexp in query was reported as an internal server error
- Make Kafka producer settings relative to Java max heap size
- Humio now sets a CSP header by default. You can still replace this header in your proxy if needed

Humio Server 1.0.30 Archive (2017-11-24)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.30

Archive

2017-11-24

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor update release.

Bug Fixes

Summary
- Improve support for running Humio behind a proxy with CSP
- Possible to specify tags for ingest listeners in the UI
- Fix links to documentation when running behind a proxy

Humio Server 1.0.29 Archive (2017-11-21)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.29

Archive

2017-11-21

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- New sandbox dataspaces. Every user get their own sandbox dataspace. It is a personal dataspace, which can be handy for testing or quickly uploading some data
- New interactive tutorial
- Ui for adding ingest listeners (Only for root users)
- Added pagination to tables
- Fixed a couple of issues regarding syntax highlighting in the search field

Humio Server 1.0.28 Archive (2017-11-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.28

Archive

2017-11-15

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Add documentation for new regular expression syntax
- Fix bug with "save as" menu being hidden behind event distribution graph
- Fix bug where Humio ignored the default search range specified for the dataspace

Humio Server 1.0.27 Archive (2017-11-14)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.27

Archive

2017-11-14

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- New Humio agent for Mesos and DC/OS
- Possible to specify tags when using ingest listeners
- Grafana integration. Check it out
- Alerts are out of beta.
- Improved Error handling when a host is slow. Should decrease the number of warnings

Humio Server 1.0.26 Archive (2017-11-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.26

Archive

2017-11-09

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- When no field is named, i.e. as in /err/i, then @rawstring is being searched.
- Performance has improved for most usages of regex (we have moved to use RE2/J rather than Java's java.util.regex.)
- When such a regex-match expression appears at top-level e.g. | between two bars |, then named capturing groups also cause new fields to be added to the output event as for the regex() function.
- New syntax field = /regex/idmg syntax for matching. Optional flags i=ignore case, m=multiline (change semantics of $ and ^ to match each line, nut just start/end), d=dotall (. includes \n), and g=same as repeat=true for the regex() function. I.e. to case-insensitively find all log lines containing err (or ERR, or Err) you can now search /err/i
- A bug has been fixed where searching for unicode characters could cause false positives.
- Improve syntax highlighting in search field

Humio Server 1.0.25 Archive (2017-11-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.25

Archive

2017-11-06

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Anonymous Composite Function Calls can now make use of filter expressions: #type=accesslog | groupby(function={ uri=/foo* | count() })
- Support for C-style allow comments // single line or /* multi line */
- New HTTP Ingest API supporting parsers.
- Saved queries can be invoked as a macro (see User Functions) using the following syntax: $"name of saved query"() or $nameOfSavedQuery(). Saved queries can declare arguments using ?{arg=defaultValue} syntax. Such arguments can be used where ever a string, number or identifier is allowed in the language. When calling a saved query, you can specify values for the arguments with a syntax like: $savedQuery(arg=value, otherArg=otherValue).

Humio Server 1.0.24 Archive (2017-11-01)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.24

Archive

2017-11-01

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Improved handling of server deployments in dashboards
- Event timestamps are set to Humio's current time, at ingestion, if they have timestamps in the future. These events will also be annotate with the fields @error=true and @error_msg='timestamp was set to a value in the future. Setting it to now'. Events are allowed to be at most 10 seconds into the future, to take into account some clock skew between machines.
- Created a public github repository with scripts to support on-premises Humio installation and configuration.
- Timecharts are redrawn when series are toggled
- Fix bug with headline texts animating forever

Humio Server 1.0.23 Archive (2017-10-23)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.23

Archive

2017-10-23

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor release.

Bug Fixes

Summary
- Fixed Bug in search field when pasting formatted text
- Fixed Session timeout bug when logging in with LDAP
- Better support for busting the browsers local cache on new releases

Humio Server 1.0.22 Archive (2017-10-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.22

Archive

2017-10-17

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Added time range parameterization to dashboards
- Fixed visual bug in the event distribution graph
Functions
- The in() function now allows wildcards in its values parameter

Humio Server 1.0.21 Archive (2017-10-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.21

Archive

2017-10-17

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Added syntax highlighting of the query in the search field.
- Allow resizing the search field.

Humio Server 1.0.20 Archive (2017-10-13)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.20

Archive

2017-10-13

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Minor release.

Bug Fixes

Summary
- A system job will now periodically compacts and merges small segment files (caused by low volume data sources) improving performance and reducing storage requirements.
- Fixed bug showing basic authentication dialogue in browser when logging token expires
- Add parameter cidr(negate=true|false) flag
- Add ipv6 support to cidr

Humio Server 1.0.19 Archive (2017-10-11)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.19

Archive

2017-10-11

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Mouse over in timecharts now displays values for all series in hovered bucket
- Since using the ingest queue is on by default, if running a clustered setup, make sure to update the ingest partition assignments. At the very least reset them to defaults (see Cluster Management API).

Humio Server 1.0.18 Archive (2017-10-10)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.18

Archive

2017-10-10

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Cloud-only release.

Bug Fixes

Summary
- Ingest queue is used by default (if not disabled)
- Events are highlighted in the eventdistribution graph when they are hovered.
- Improved Auth0 on-prem support.
- Heroku Log Format
- Possible to migrate dataspaces from one Humio to another.
- Improved query scheduling for dashboards starting many queries at the same time.
Functions
- New query functions: in(), length(), sample() and lowercase().

Humio Server 1.0.17 Archive (2017-09-29)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.17

Archive

2017-09-29

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

This is a release for Humio Cloud users only.

Bug Fixes

Summary
- Cloud-only release.

Humio Server 1.0.16 Archive (2017-09-06)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.16

Archive

2017-09-06

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Fix bug with Events list view for aggregate queries
- Generic UDP/TCP ingest added (for e.g. syslog). Config with HTTP/JSON API only, no GUI yet.
- UI improvements with auto suggest / pop up documentation.
- New LDAP config options adding adding ldap-search to AUTHENTICATION_METHOD for using a bind user.
- Fix bug with combination of add-cluster-member and real-time-backup-enabled.
Functions
- New function: shannonEntropy().

Humio Server 1.0.15 Archive (2017-08-30)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.15

Archive

2017-08-30

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Copy dashboard feature
- Improve Auth0 dependencies. (Better handling of communication problems)
- Change styling of list widgets
- Syslog ingestion (Line ingestion) in Beta for on premises installations

Humio Server 1.0.14 Archive (2017-08-17)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.14

Archive

2017-08-17

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Make it possible to show event details, when looking at raw events inside a timechart (1438)
- Show warning when there are too many points to plot in a timechart and some are discarded (1444)
- Fix scrolling in safari for tables (1308)

Humio Server 1.0.13 Archive (2017-08-16)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.13

Archive

2017-08-16

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Remember which tab to show in event details drawer (Same as the last one)
- Documentation for cluster management operations
- Dataspace type ahead filter on frontpage
- Ingest request waits for 1 Kafka server to ack the request by default (improves data loss scenarios with machines failing)
- Widget options now use radio buttons for many options

Humio Server 1.0.12 Archive (2017-08-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.12

Archive

2017-08-04

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Background tabs are only updated minimally, resulting in much less CPU usage.
- Fix an issue with scrollbars appearing in dashboards. (1403)
- Various minor UI changes.
- Fixed a bug that would prevent wiping the kafka used to run Humio. (1347, 1408)
- New 'server connection indicator' shows that the server is currently reachable from the browser.

Humio Server 1.0.11 Archive (2017-07-09)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.11

Archive

2017-07-09

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Cloud-only release.

Bug Fixes

Summary
- Improved the update logic for read-only dashboards (#1341)
- Fix an issue where login fails and the UI hangs w/auth0. (#1368)
- Improved rendering performance for dashboards (#1360)
- When running an aggregate query (such as a groupby) the UI now shows an Events list tab to see the events that were selected as input to the aggregate.

Humio Server 1.0.10 Archive (2017-06-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.10

Archive

2017-06-22

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Support for LDAP authentication for on-premises installations. (#1222)
- For calculations on events containing numbers, the query engine now maintains a higher precision in intermediate results. Previously, numbers were limited to two decimal places, so now smaller numbers can show up in the UI. (#603)
- Certain long queries could crash the system. (#781)
- The event distribution graph is not aligned better with graphs shown below.
- The limit parameter on table() and sort() functions now only issues a warning if the system limit is reached, not when the explicitly specified limit is reached. (#1323)
- Various improvements in the scale-out implementation. Contact us for more detail if relevant.
- Ingest requests are not rejected with an error, when incoming events contain fields reserved for humio (like @timestamp). Instead an @ is prepended to the field name and extra fields are added to the event describing the problem(@error=true). (#1320)

Humio Server 1.0.9 Archive (2017-06-15)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.9

Archive

2017-06-15

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- The event details view has been improved in various ways: remember height, new buttons for 'groupby attribute' and 'filter without'. (#1277)
- In certain cases, live queries producing a warning would add the same warning repeatedly for every poll. (#1255)
- While running a query, the UI will now indicate progress 0-.0%. (#1262)
- The scale-out implementation is improved in several ways. Most significantly, functionality adding a node to a cluster has been added. Contact us for more detail if relevant.
- Fixed a bug where read-only dashboards allowed dragging/resizing widgets. (#1274)
- For UI queries (and those using the queryjob API) the limit on the result set is lowered to 1.0 rows/events. This avoids the UI freezing in cases where a very large result set is generated. To get more than 1.0 results the query HTTP endpoint has to be used. (#1281, #960)
- Timecharts with span=1d now uses the browser's timezone to determine day boundary. (#1250)
- Humio can optionally use re2j (google's regex implementation), which is slightly slower than the default Java version, but avoids some strange corner cases that can sometimes cause stackoverflow. Controlled with USE_JAVA_REGEX. Defaults to true.
- Add parameters unit and buckets to timeChart(). The parameter buckets allows users to specify a specific number of buckets (maximum 1.0) to split the query interval into, as an alternative to the span parameter which has issues when resizing the query interval. The unit parameter lets you convert rates by e.g. passing unit="bytes/bucket to Mibytes/hour". As the bucket (or span) value changes, the output is converted to the given output unit. (#1295)

Humio Server 1.0.8 Archive (2017-05-22)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.8

Archive

2017-05-22

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Major release includes early access for new multi-host scale-out functionality. See separate documentation for how to install and configure these functions.

Bug Fixes

Summary
- Fixed a bug with time charts that did not always include the Plotline Y. (#1111)
- Fixed a bug which made docs not redirect properly for on-prem installations (#1112)
- Dashboards now indicate errors in the underlying queries with an transparent overlay (#775)
- Fixed minor bug in parser selection (only used in undocumented tags selection mechanism)
- For +2 seconds aggregate queries, shuffle order logs are processed. This lets the user get a rough estimate of the nature of the data, which works well for such queries using e.g. avg or percentiles aggregates. (#1227)
- Fixed a bugs with live aggregate queries which could cause results to inflate over time. (#1213)
- Dashboards can now be reconfigured by dragging and resizing widgets (#1205)

Humio Server 1.0.7 Archive (2017-05-04)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.7

Archive

2017-05-04

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release.

Bug Fixes

Summary
- Improve scroll behavior in tables on dashboards (#1190)
- Added UI to allow root users to set the retention on data spaces (#502)
- New flag to groupby(limit=N) allows specifying the maximum number of groups (0 up to ∞). If more than N entries are present, elements not matching one of the existing are ignored and a warning is issued. The system has a hard limit of .00, which can be removed by the operator by setting the property ALLOW_UNLIMITED_GROUPS=true in Humio's configuration file (env file for Docker). (#1199)

Humio Server 1.0.6 Archive (2017-04-27)

Version^?

Type^?

Release Date^?

Availability^?

End of Support

Security

Updates

Upgrades

From^?

JDK

Compatibility^?

Req. Data

Migration

Config.

Changes^?

1.0.6

Archive

2017-04-27

Cloud

On-Prem

2020-11-30

No

1.1.0

11

No

Regular update release

Bug Fixes

Summary
- Fixes for logarithmic scale graphs (#1111)
- In the event-list view, a toggle has been added to enable line wrapping. (#1121)
- Dashboard settings have been moved to the dataspace's own page, rather than on the front page (#1125)
- Save metadata locally to the file global-data-snapshot.json rather than to the Kafka topic global-snapshots. This file should only be edited while the server is down, and even then with care.
- Allow configuration for standard search interval other than 24h (#1149)

Release Notes

Release Notes

Understanding Releases and Notes

LogScale Metrics

Limits & Standards

LogScale Notices

Falcon LogScale 1.137.0 Preview (2024-05-07)

Falcon LogScale 1.136.0 Preview (2024-04-30)

Falcon LogScale 1.135.0 Preview (2024-04-23)

Falcon LogScale 1.134.0 Preview (2024-04-16)

Falcon LogScale 1.133.0 Preview (2024-04-09)

Falcon LogScale 1.132.0 Preview (2024-04-02)

Falcon LogScale 1.131.1 Stable (2024-04-17)

Falcon LogScale 1.131.0 Preview (2024-03-26)

Falcon LogScale 1.130.0 Preview (2024-03-19)

Falcon LogScale 1.129.0 Preview (2024-03-12)

Falcon LogScale 1.128.0 Preview (2024-03-05)

Falcon LogScale 1.127.0 Preview (2024-02-27)

Falcon LogScale 1.126.0 Preview (2024-02-20)

Falcon LogScale 1.125.0 Preview (2024-02-13)

Falcon LogScale 1.124.2 Stable (2024-03-20)

Falcon LogScale 1.124.1 Stable (2024-02-29)

Falcon LogScale 1.124.0 Preview (2024-02-06)

Falcon LogScale 1.123.0 Preview (2024-01-30)

Falcon LogScale 1.122.0 Preview (2024-01-23)

Falcon LogScale 1.121.0 Preview (2024-01-16)

Falcon LogScale 1.120.0 Preview (2024-01-09)

Falcon LogScale 1.119.0 Preview (2023-12-19)

Falcon LogScale 1.118.4 Stable (2024-02-23)

Falcon LogScale 1.118.3 Stable (2024-02-06)

Falcon LogScale 1.118.2 Stable (2024-01-17)

Falcon LogScale 1.118.1 Internal (2023-12-20)

Falcon LogScale 1.118.0 Preview (2023-12-12)

Falcon LogScale 1.117.0 Preview (2023-12-05)

Falcon LogScale 1.116.0 Preview (2023-11-28)

Falcon LogScale 1.115.0 Preview (2023-11-21)

Falcon LogScale 1.114.0 Preview (2023-11-14)

Falcon LogScale 1.113.0 Preview (2023-11-09)

Falcon LogScale 1.112.4 Stable (2024-02-23)

Falcon LogScale 1.112.3 Stable (2024-01-30)

Falcon LogScale 1.112.2 Stable (2024-01-22)

Falcon LogScale 1.112.1 Stable (2023-11-15)

Falcon LogScale 1.112.0 Preview (2023-10-24)

Falcon LogScale 1.111.1 Preview (2023-10-28)

Falcon LogScale 1.111.0 Preview (2023-10-10)

Falcon LogScale 1.110.1 Preview (2023-10-28)

Falcon LogScale 1.110.0 Preview (2023-10-03)

Falcon LogScale 1.109.1 Preview (2023-10-28)

Falcon LogScale 1.109.0 Preview (2023-09-26)

Falcon LogScale 1.108.0 Preview (2023-09-19)

Falcon LogScale 1.107.0 Preview (2023-09-12)

Falcon LogScale 1.106.6 Stable (2024-01-22)

Falcon LogScale 1.106.5 Stable (2023-11-15)

Falcon LogScale 1.106.4 Stable (2023-10-28)

Falcon LogScale 1.106.3 Not Released (2023-10-28)

Falcon LogScale 1.106.2 Stable (2023-09-27)

Falcon LogScale 1.106.1 Preview (2023-09-18)

Falcon LogScale 1.106.0 Preview (2023-09-05)

Falcon LogScale 1.105.0 Preview (2023-08-29)

Falcon LogScale 1.104.0 Preview (2023-08-22)

Falcon LogScale 1.103.0 Preview (2023-08-15)

Falcon LogScale 1.102.0 Preview (2023-08-08)

Falcon LogScale 1.101.1 Preview (2023-10-28)

Falcon LogScale 1.101.0 Preview (2023-08-01)

Falcon LogScale 1.100.3 Stable (2024-01-22)

Falcon LogScale 1.100.2 Stable (2023-11-15)

Falcon LogScale 1.100.1 Stable (2023-10-28)

Falcon LogScale 1.100.0 Stable (2023-08-16)

Falcon LogScale 1.99.0 Preview (2023-07-18)

Falcon LogScale 1.98.0 Preview (2023-07-11)

Falcon LogScale 1.97.0 Preview (2023-07-04)

Falcon LogScale 1.96.0 Preview (2023-06-27)

Falcon LogScale 1.95.0 Preview (2023-06-20)

Falcon LogScale 1.94.2 Stable (2023-11-15)

Falcon LogScale 1.94.1 Stable (2023-10-28)

Falcon LogScale 1.94.0 Stable (2023-07-05)

Falcon LogScale 1.93.0 Preview (2023-06-06)

Falcon LogScale 1.92.0 Preview (2023-05-30)

Falcon LogScale 1.91.0 Not Released (2023-05-23)