Falcon LogScale 1.108.0 Preview (2023-09-19)

Version?Type?Release Date?Availability?End of Support







Req. Data







Bug fixes and updates.

Advanced Warning

The following items are due to change in a future release.

  • Automation and Alerts

    • In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.

      Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.

      When this change happens, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.


Items that have been removed as of this release.

Installation and Deployment

  • All Zookeeper-related functionality for LogScale was deprecated in December 2022, and is now removed:

    • Removed the Zookeeper status page from the User Interface

    • Removed the Zookeeper related GraphQL mutations

    • Removed the migration support for node IDs created by Zookeeper, as we no longer support upgrading from version prior to 1.70.

    Depending on your chosen Kafka deployment, ZooKeeper may still be required to support Kafka.


  • The deprecated client mutation ID concept is now being removed from the GraphQL API:

    • Removed the clientMutationId argument for a lot of mutations.

    • Removed the clientMutationId field from the returned type for a lot of mutations.

    • Renamed the ClientMutationID datatype, that was returned from some mutations to BooleanResultType datatype. Removed the clientMutationId field on the returned type and replaced it by a boolean field named result.

  • Most deprecated queries, mutations and fields have now been removed from the GraphQL API.

Improvements, new features and functionality

  • Installation and Deployment

    • The following adjustments have been made to the launcher script:

      • Removed UnlockDiagnosticVMOptions

      • Raised default heap size to 75% of host memory, up from 50%

      • Move -XX:CompileCommand settings into the mandatory launch options, to prevent accidentally removing them when customizing HUMIO_JVM_PERFORMANCE_OPTS

      • Set -XX:MaxDirectMemorySize to 1/5GB per CPU core as a default.

      • Print a warning if the sum of the heap size and the direct memory setting exceeds the total available memory.

  • Configuration

    • Query queueing based on the available memory in query coordinator is enabled by default by treating dynamic configuration QueryCoordinatorMaxHeapFraction as 0.5, if it has not been set. To disable queing, set QueryCoordinatorMaxHeapFraction to 1000.

  • Dashboards and Widgets

    • Introduced a new style option Show 'Others' to the Time Chart Widget: it allows you to show/hide other series when there are more series than the maximum allowed in the chart.

Bug Fixes

  • Functions

    • Fixed a bug where join() queries could result in a memory leak from their sub queries not being properly cleaned up.