Falcon LogScale 1.106.0 Preview (2023-09-05)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | JDK Compatibility? | Req. Data Migration | Config. Changes? |
|---|---|---|---|---|---|---|---|---|---|
| 1.106.0 | Preview | 2023-09-05 | Cloud On-Prem | 2024-09-30 | No | 1.70.0 | 11 | No | No |
Bug fixes and updates.
Advanced Warning
The following items are due to change in a future release.
Installation and Deployment
Support for running on Java 11, 12, 13, 14, 15 and 16 will be removed by the end of September 2023.
Automation and Alerts
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option
ALERT_DESPITE_WARNINGStotrue, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.
Improvements, new features and functionality
Automation and Alerts
When installing or updating a package with an Alert or Scheduled search referencing an action that is not part of the package, the error is now shown in the UI. Previously, a generic error was shown.
Dashboards and Widgets
The text color styling option of the Note Widget is now included when importing a dashboard template or exporting it to a yaml file.
Increased to 10,000 the maximum amount of entries suggested in the dropdown of a parameter field of type File Parameter.
Log Collector
You can now toggle columns on the instance table, hereby specifying which information should be shown.
Functions
The
rename()function has been enhanced: it is now possible to rename multiple fields using an array in itsfieldargument. This is backwards compatible with giving separatefieldandasarguments.
Bug Fixes
Dashboards and Widgets
Queries on a dashboard have been fixed as they would be invalid if the dashboard filter contained a single-line comment.
Widgets description tips on dashboards have been fixed as they would not show or have the same text for multiple widgets.