Falcon LogScale 1.111.0 GA (2023-10-10)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.111.0 | GA | 2023-10-10 | Cloud | 2024-11-30 | No | 1.70.0 | 1.26.0 | No |
Available for download two days after release.
Bug fixes and updates.
Advance Warning
The following items are due to change in a future release.
Automation and Triggers
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option
ALERT_DESPITE_WARNINGStotrue, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.
Removed
Items that have been removed as of this release.
Storage
The unused
humio-backupsymlink inside Docker containers has been removed.Configuration
Some deprecated configuration variables have now been removed:
GCP_STORAGE_UPLOAD_CONCURRENCY
GCP_STORAGE_DOWNLOAD_CONCURRENCYThey have been replaced by
S3_STORAGE_CONCURRENCYandGCP_STORAGE_CONCURRENCYsettings that internally handle rate-limiting responses from the bucket provider.
Deprecation
Items that have been deprecated and may be removed in a future release.
The following
RESTendpoints for deleting events have been deprecated:
/api/v1/dataspaces/(Id)/deleteevents
/api/v1/repositories/(id)/deleteeventsThe new GraphQL mutation redactEvents() should be used instead.
New features and improvements
Storage
JVM_TMP_DIRhas been added to the launcher script. This option is used for configuringjava.io.tmpdirandjna.tmpdirfor the JVM. The directory will default tojvm-tmpinside the directory specified by theDIRECTORYsetting. This default should alleviate issues starting LogScale on some systems due to the/tmpdirectory being marked asnoexec.For more information, see Troubleshooting: Error Starting LogScale due to Exec permissions on /tmp.
Bucket storage cleaning of
tmpfiles now only runs on a few nodes in the cluster rather than on all nodes.
Configuration
The new environment variable
DISABLE_BUCKET_CLEANING_TMP_FILEShas been introduced. It allows to reduce the amount of listing oftmpfiles in bucket.
Dashboards and Widgets
New formatting options have been introduced for the
Tablewidget, to get actionable insights from your data faster:Conditional formatting of table cells
Text wrapping and column resizing
Row numbering
Number formatting
Link formatting
Columns hiding
For more information, see Table Widget.
Ingestion
When writing parsers, the fields produced by a test case are now available for autocompletion in the editor.
For more information, see Using the Parser Code Editor.
Functions
Field names with special characters are now supported in Array Query Functions using backtick quoting.
For more information, see Using Array Query Functions.
Fixed in this release
User Interface
The following items about Save searches have been fixed:
The Search... field for saved queries did not return what would be expected.
Upon reopening the dropdown after having filled out the Search... field, the text would still be present in the Search... field but not filter on the queries.
Added focus on the Search... field when reopening the dropdown.
The following issue has been fixed on the
Searchpage: if regular expressions contained named groups with special characters (underscore_for example) a recent change with the introduction of Filter Match Highlighting would cause a server error and hang the UI.
Automation and Triggers
When used with Filter alerts, the {events_html} message template would not keep the order of the fields from the Alert query.
Dashboards and Widgets
Field values containing
%would not be resolved correctly in interactions. This issue has been fixed.
Functions
Results for empty buckets didn't include the steps after the first aggregator of the subquery. This issue has now been fixed.
Packages
Updating of a Package failed when using anything other than a personal user token. This issue has been fixed.
Aligned the requirements to allow all tokens (with the correct permissions) to install and update Packages.