Falcon LogScale 1.108.0 GA (2023-09-19)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.108.0 | GA | 2023-09-19 | Cloud | 2024-11-30 | No | 1.70.0 | 1.26.0 | No |
Bug fixes and updates.
Advance Warning
The following items are due to change in a future release.
Automation and Triggers
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option
ALERT_DESPITE_WARNINGStotrue, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.
Removed
Items that have been removed as of this release.
Installation and Deployment
All ZooKeeper-related functionality for LogScale was deprecated in December 2022, and is now removed:
Removed the ZooKeeper status page from the User Interface
Removed the ZooKeeper related GraphQL mutations
Removed the migration support for node IDs created by ZooKeeper, as we no longer support upgrading from version prior to 1.70.
Depending on your chosen Kafka deployment, ZooKeeper may still be required to support Kafka.
GraphQL API
The deprecated client mutation ID concept is now being removed from the GraphQL API:
Removed the
clientMutationIdargument for a lot of mutations.Removed the
clientMutationIdfield from the returned type for a lot of mutations.Renamed the
ClientMutationIDdatatype, that was returned from some mutations to BooleanResultType datatype. Removed theclientMutationIdfield on the returned type and replaced it by a boolean field namedresult.Most deprecated queries, mutations and fields have now been removed from the GraphQL API.
New features and improvements
Installation and Deployment
The following adjustments have been made to the launcher script:
Removed UnlockDiagnosticVMOptions
Raised default heap size to 75% of host memory, up from 50%
Move
-XX:CompileCommandsettings into the mandatory launch options, to prevent accidentally removing them when customizingHUMIO_JVM_PERFORMANCE_OPTS.Set
-XX:MaxDirectMemorySizeto 1/5GB per CPU core as a default.Print a warning if the sum of the heap size and the direct memory setting exceeds the total available memory.
Configuration
Query queueing based on the available memory in query coordinator is enabled by default by treating dynamic configuration
QueryCoordinatorMaxHeapFractionas 0.5, if it has not been set. To disable queing, setQueryCoordinatorMaxHeapFractionto 1000.
Dashboards and Widgets
Introduced a new style option Show 'Others' to the Time Chart Widget: it allows you to show/hide other series when there are more series than the maximum allowed in the chart.
Fixed in this release
Functions
Fixed a bug where
join()queries could result in a memory leak from their sub queries not being properly cleaned up.
Recent Package Updates
The following LogScale packages have been updated within the last month.
Package Changes
broadcom/proxysg has been updated to v0.1.0.
Initial version
For more information, see Package broadcom/proxysg Release Notes.
broadcom/proxysg has been updated to v0.2.0.
Added web as an event category in the event.category[] array.
For more information, see Package broadcom/proxysg Release Notes.
zscaler/internet-access has been updated to v0.2.0.
Changes the firewall, dns, tunnel, and web parsers to normalise event data to common schema.
Adds new dashboards and queries for working with web-logs.
Removes CASB parser, and old queries and dashboards from the package. To keep those, stay on the old version of the package.
Bumps minimum supported version of LogScale for the package to 1.102.
For more information, see Package zscaler/internet-access Release Notes.
humio/activity has been updated to v1.2.0.
Minimum supported LogScale version bumped to 1.102.0.
Added new dashboards Standard Alert Details, Filter Alert Details, and Scheduled Search Details. These new dashboards can be opened from all tables in the existing dashboards using the three dots menu next to a row.
Added view interactions, see below.
Increased limits on all tables to 1000 rows.
Improved sorting on all dashboards.
For more information, see Package humio/activity Release Notes.
okta/sso has been updated to v0.1.1.
Bumps the minimum supported version of LogScale from 1.15 to 1.82
Handles more elements in the target object
Fixes broken URL in the readme
For more information, see Package okta/sso Release Notes.
google/chrome-enterprise-security-events has been updated to v0.1.5.
Introduces 2 new dashboards: Extension Monitoring and ChromeOS Overview.
Includes additional widgets for new Google Chrome Enterprise Events, such as Chrome Remote Desktop (CRD) and Password Reuse Events.
Reorganized widgets within the Security Overview for better visibility of notable events.
Added parameters to dashboards to aid pivoting on key values.
Bumps the minimum supported version of LogScale to 1.82
For more information, see Package google/chrome-enterprise-security-events Release Notes.