Falcon LogScale 1.111.0 Preview (2023-10-10)

Version?Type?Release Date?Availability?End of Support







Req. Data







Bug fixes and updates.

Advanced Warning

The following items are due to change in a future release.

  • Automation and Alerts

    • In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.

      Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.

      When this change happens, we no longer recommend to set the configuration option ALERT_DESPITE_WARNINGS to true, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.


Items that have been removed as of this release.


  • The unused humio-backup symlink inside Docker containers has been removed.



Items that have been deprecated and may be removed in a future release.

  • The following REST endpoints for deleting events have been deprecated:

    • /api/v1/dataspaces/(Id)/deleteevents

    • /api/v1/repositories/(id)/deleteevents

    The new GraphQL mutation redactEvents should be used instead.

Improvements, new features and functionality

  • Storage

    • JVM_TMP_DIR has been added to the launcher script. This option is used for configuring java.io.tmpdir and jna.tmpdir for the JVM. The directory will default to jvm-tmp inside the directory specified by the DIRECTORY setting. This default should alleviate issues starting LogScale on some systems due to the /tmp directory being marked as noexec.

      For more information, see Troubleshooting: Error Starting LogScale due to Exec permissions on /tmp .

    • Bucket storage cleaning of tmp files now only runs on a few nodes in the cluster rather than on all nodes.

  • Configuration

  • Dashboards and Widgets

    • New formatting options have been introduced for the Table widget, to get actionable insights from your data faster:

      • Conditional formatting of table cells

      • Text wrapping and column resizing

      • Row numbering

      • Number formatting

      • Link formatting

      • Columns hiding

      For more information, see Table Widget.

  • Ingestion

    • When writing parsers, the fields produced by a test case are now available for autocompletion in the editor.

      For more information, see Using the Parser Code Editor.

  • Functions

Bug Fixes

  • UI Changes

    • The following issue has been fixed on the Search page: if regular expressions contained named groups with special characters (underscore _ for example) a recent change with the introduction of Filter Match Highlighting would cause a server error and hang the UI.

    • The following items about Saving Queries have been fixed:

      • The Search... field for saved queries did not return what would be expected.

      • Upon reopening the Queries dropdown after having filled out the Search... field, the text would still be present in the Search... field but not filter on the queries.

      • Added focus on the Search... field when reopening the Queries dropdown.

  • Automation and Alerts

  • Dashboards and Widgets

    • Field values containing % would not be resolved correctly in interactions. This issue has been fixed.

  • Functions

    • Results for empty buckets didn't include the steps after the first aggregator of the subquery. This issue has now been fixed.

  • Packages

    • Updating of a Package failed when using anything other than a personal user token. This issue has been fixed.

    • Aligned the requirements to allow all tokens (with the correct permissions) to install and update Packages.