Falcon LogScale 1.111.0 GA (2023-10-10)
Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Config. Changes? |
---|---|---|---|---|---|---|---|
1.111.0 | GA | 2023-10-10 | Cloud | 2024-11-30 | No | 1.70.0 | No |
Available for download two days after release.
Bug fixes and updates.
Advance Warning
The following items are due to change in a future release.
Automation and Alerts
In LogScale version 1.112 we will change how standard alerts handle query warnings. Currently, LogScale will only trigger alerts if there are no query warnings. Starting with upcoming 1.112, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error.
Up until now, all query warnings have been treated as errors. This means that the alert does not trigger even though it produces results, and the alert is shown with an error in LogScale. Most query warnings mean that not all data was queried. The current behaviour prevents the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it makes some alerts not trigger, even though they would still have if all data was available. That means that currently you will almost never get an alert that you should not have gotten, but you will sometime not get an alert that you should have gotten. We plan to revert this.
When this change happens, we no longer recommend to set the configuration option
ALERT_DESPITE_WARNINGS
totrue
, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.
Removed
Items that have been removed as of this release.
Storage
The unused
humio-backup
symlink inside Docker containers has been removed.Configuration
Some deprecated configuration variables have now been removed:
GCP_STORAGE_UPLOAD_CONCURRENCY
GCP_STORAGE_DOWNLOAD_CONCURRENCY
They have been replaced by
S3_STORAGE_CONCURRENCY
andGCP_STORAGE_CONCURRENCY
settings that internally handle rate-limiting responses from the bucket provider.
Deprecation
Items that have been deprecated and may be removed in a future release.
The following
REST
endpoints for deleting events have been deprecated:
/api/v1/dataspaces/
(Id)
/deleteevents
/api/v1/repositories/
(id)
/deleteeventsThe new GraphQL mutation redactEvents should be used instead.
New features and improvements
Storage
JVM_TMP_DIR
has been added to the launcher script. This option is used for configuringjava.io.tmpdir
andjna.tmpdir
for the JVM. The directory will default tojvm-tmp
inside the directory specified by theDIRECTORY
setting. This default should alleviate issues starting LogScale on some systems due to the/tmp
directory being marked asnoexec
.For more information, see Troubleshooting: Error Starting LogScale due to Exec permissions on /tmp.
Bucket storage cleaning of
tmp
files now only runs on a few nodes in the cluster rather than on all nodes.
Configuration
The new environment variable
DISABLE_BUCKET_CLEANING_TMP_FILES
has been introduced. It allows to reduce the amount of listing oftmp
files in bucket.
Dashboards and Widgets
New formatting options have been introduced for the
Table
widget, to get actionable insights from your data faster:Conditional formatting of table cells
Text wrapping and column resizing
Row numbering
Number formatting
Link formatting
Columns hiding
For more information, see Table Widget.
Ingestion
When writing parsers, the fields produced by a test case are now available for autocompletion in the editor.
For more information, see Using the Parser Code Editor.
Functions
Field names with special characters are now supported in Array Query Functions using backtick quoting.
For more information, see Using Array Query Functions.
Fixed in this release
UI Changes
The following issue has been fixed on the
Search
page: if regular expressions contained named groups with special characters (underscore_
for example) a recent change with the introduction of Filter Match Highlighting would cause a server error and hang the UI.The following items about Saving Queries have been fixed:
The Search... field for saved queries did not return what would be expected.
Upon reopening the Search... field, the text would still be present in the Search... field but not filter on the queries.
dropdown after having filled out theAdded focus on the Search... field when reopening the dropdown.
Automation and Alerts
When used with Filter Alerts, the {events_html} message template would not keep the order of the fields from the Alert query.
Dashboards and Widgets
Field values containing
%
would not be resolved correctly in interactions. This issue has been fixed.
Functions
Results for empty buckets didn't include the steps after the first aggregator of the subquery. This issue has now been fixed.
Packages
Updating of a Package failed when using anything other than a personal user token. This issue has been fixed.
Aligned the requirements to allow all tokens (with the correct permissions) to install and update Packages.