Export to Bucket, findTimestamp(), selfJoin(), Emergency User Sub-System

The selfJoin() query function allows selecting log lines that share an identifier; for which there exists (separate) log lines that match a certain filtering criteria; such as "all log lines with a given userid for which there exists a successful and an unsuccessful login".

The findTimestamp() query function will try to find and parse timestamps in incoming data. The function should be used in parsers and support automatic detection of timestamps. It can be used instead of making regular expressions specifying where to find the timestamp and parsing it with parseTimestamp(). See the findTimestamp() reference page for details.

As an alternative to downloading streaming queries directly, Humio can now upload them to an S3 or GCS bucket from which the user can download the data. See Bucket Storage.

If there are issues with the identity provider that Humio is configured to use, it might not be possible to log in to Humio. To mitigate this, Humio now provides emergency users that can be created locally within the Humio cluster. See Enabling Emergency Access.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

• Other

  • Allow for emergency logins if the primary login provider is having problems. See Enabling Emergency Access.

Bug Fixes