Latest GA Release

Falcon LogScale 1.189.0 GA (2025-05-20)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.189.0GA2025-05-20

Cloud

Next LTSNo1.150.01.177.0No

Available for download two days after release.

Hide file download links

Show file download links

Bug fixes and updates.

Advance Warning

The following items are due to change in a future release.

  • Functions

    • Starting from release 1.195, the query functions asn() and ipLocation() will display an error instead of a warning should an error occur with their external dependency. This change will align their behavior to functions using similar external resources, like match(), iocLookup(), and cidr().

Removed

Items that have been removed as of this release.

Administration and Management

  • Removed assigned metrics:

    • segments-assigned-to-host-as-owner

    • segment-bytes-assigned-to-host-as-owner

    These metrics provided incomplete data, tracking only post-merge segment assignments while excluding rebalancing-related segment movements.

GraphQL API

  • The following deprecated GraphQL fields have now been removed on the Parser output datatype:

    • assetType

    • sourceCode

    • tagFields

    • testData

  • The following deprecated GraphQL mutations have been removed:

  • The deprecated storage task of the GraphQL NodeTaskEnum has been removed (deprecated since v1.173.0). For more information, see ???.

    This removal affects hosts configured with node role all:

    • Dynamic configuration to disable segment storage and search is no longer supported

    • Use existing node eviction mechanism instead for this functionality

  • getFilterAlertConfig GraphQL field has been removed on HumioMetadata datatype.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The color field on the Role type has been marked as deprecated (will be removed in version 1.195).

  • The setConsideredAliveUntil and setConsideredAliveFor GraphQL mutations are deprecated and will be removed in 1.195.

  • The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

  • The EXTRA_KAFKA_CONFIGS_FILE configuration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.

New features and improvements

  • Storage

    • Implemented a change that reduces the number of segments LogScale fetches during digest reassignment, which should speed such reassignments up.

  • Ingestion

    • Added a new type of ingest feeds for consuming data from Azure Event Hubs:

      • Available for Self-Hosted installations only at this time.

      • Follows the same configuration pattern as AWS ingest feeds

      For more information, see ???.

  • Queries

    • Added LogScale Multi-Cluster Search query handover support:

      • Enables automatic reconnection and continued polling of downstream remote clusters

      • Current limitation: local connection handovers are not supported, meaning that:

        • Progress on local connections will be lost after handover

        • Queries to local connections will be resubmitted, resulting in a potential temporary loss of progress.

Fixed in this release

  • Falcon Data Replicator

    • Fixed an issue where the check for which nodes should run an FDR feed didn't take node capabilities into account, potentially causing less nodes to actually run the feed.

  • Storage

    • LogScale no longer attempts to download MaxMind files when there is insufficient disk space.

    • Fixed a feature flag roll out issue on clusters where individual users or organizations were previously opted into the feature.

      Important

      Required Action:

      • If you previously disabled rolled-out features via API, you must reapply these opt-outs

      • This is necessary due to changes in how opt-outs are represented in Global Database.

    • An issue has been fixed that could cause unnecessary delays in uploading files to Bucket Storage.

  • Dashboards and Widgets

    • The Time Chart tooltip legend could show unsorted values on query result update. This issue has now been fixed so that the list of top scores is now sorted.

  • Queries

    • Fixed race condition in LogScale Multi-Cluster Search. Previously, queries initiated simultaneously with a new connection addition to the multi-cluster view could exclude the new connection for the query. This synchronization issue has been resolved.