Falcon LogScale 1.106.0 Preview (2023-09-05)

VersionTypeRelease DateAvailabilityEnd of SupportSecurity UpdatesUpgrades FromJDK CompatibilityReq. Data MigrationConfig. Changes
1.106.0Preview2023-09-05Cloud, On-Prem2024-09-27No1.70.011NoNo

Bug fixes and updates.

Advanced Warning

The following items are due to change in a future release.

  • Installation and Deployment

    • Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.

  • Automation and Alerts

    • In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.

      Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.

      When this change happens, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.

Improvements, new features and functionality

  • Automation and Alerts

    • When installing or updating a package with an Alert or Scheduled search referencing an action that is not part of the package, the error is now shown in the UI. Previously, a generic error was shown.

  • Dashboards and Widgets

    • Increased to 10,000 the maximum amount of entries suggested in the dropdown of a parameter field of type File Parameter.

    • The text color styling option of the Note Widget is now included when importing a dashboard template or exporting it to a yaml file.

  • Log Collector

    • You can now toggle columns on the instance table, hereby specifying which information should be shown.

  • Functions

    • The rename() function has been enhanced: it is now possible to rename multiple fields using an array in its field argument. This is backwards compatible with giving separate field and as arguments.

Bug Fixes

  • Dashboards and Widgets

    • Queries on a dashboard have been fixed as they would be invalid if the dashboard filter contained a single-line comment.

    • Widgets description tips on dashboards have been fixed as they would not show or have the same text for multiple widgets.