Falcon LogScale 1.112.0 GA (2023-10-24)
Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Config. Changes? |
---|---|---|---|---|---|---|---|
1.112.0 | GA | 2023-10-24 | Cloud | 2024-11-30 | No | 1.70.0 | No |
Available for download two days after release.
Bug fixes and updates.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Automation and Alerts
We have changed how Standard Alerts handle query warnings. Previously, LogScale only triggered alerts if there were no query warnings. Now, alerts will trigger despite most query warnings, and the alert status will show a warning instead of an error. Up until now, all query warnings were treated as errors. This meant that the alert did not trigger even though it produced results, and the alert was shown with an error in LogScale. Most query warnings mean that not all data was queried. The previous behaviour prevented the alert from triggering in cases where it would not have, if all data had been available. For instance, an alert that would trigger if a count of events dropped below a threshold. On the other hand, it made some alerts not trigger, even though they would still have if all data was available. That meant that previously you would almost never get an alert that you should not have gotten, but you would sometime not get an alert that you should have gotten. We have reverted this. With this change, we no longer recommend to set the configuration option
ALERT_DESPITE_WARNINGS
totrue
, since it treats all query warnings as non-errors, and there are a few query warnings that should make the alert fail.For more information, see Diagnosing Alerts.
Upgrades
Changes that may occur or be required during an upgrade.
Upgrades
This release introduces a change to the internal storage format use for sharing globsl data. Once upgraded to v1.112 or higher it will not be possible to downgrade to a version lower than 1.112.
New features and improvements
Installation and Deployment
Configure LogScale to write fatal JVM error logs in the JVM logging directory, which is specified using
JVM_LOG_DIR
variable. The default directory is/logs/humio
.
UI Changes
The behavior of the ComboBox has changed: the drop-down is not filtered until the text in the filter field has been edited, allowing you to easily copy, alter or clear the text.
The list of permissions now has a specific custom order in the UI, as follows.
Organization:
Organization settings
Repository and view management
Permissions and user management
Fleet management
Query monitoring
Other
Cluster management:
Cluster management
Organization management
Subdomains
Others
A combined view of permissions is now available to show all roles listed together when there is more than one role under each repository, organization, or system.
For more information, see Aggregate Permissions.
Automation and Alerts
The Alert forms will not show any errors when the alert is disabled.
Dashboards and Widgets
You can enable the export of Dashboards to a PDF file, with many options available to control the output layout and formatting.
The feature is available to all users who already have access to dashboard data. This is the first of two feature releases, aiming to provide full schedulable PDF reporting capabilities to LogScale.
For more information, see Export Dashboards as PDF.
The new
Gauge
widget is introduced: it allows you to represent values on a fixed scale, offering a visual and intuitive way to monitor key performance metrics.For more information, see Gauge Widget.
Fixed in this release
UI Changes
Time Selector and date picker in the Time Interval panel have been fixed for issues related to daylight savings time.
Queries could "flicker" for a short period causing "negative alerts" to trigger for no reason (negative alerts are alerts that check for the absence of events). This issue has been fixed.
Automation and Alerts
Notifications on problems with Filter Alerts where not automatically removed when the problem was solved. This issue is now fixed.
GraphQL API
When trying to delete an Alert, Scheduled Search or Dashboard using a mutation for one of the other types, it would end up in a state where it was not deleted, but could not run either. This issue is now fixed.
Other
A minor logging issue has been fixed:
ClusterHostAliveStats
would log that hosts were "changed from being considered dead to alive" on hosts that had just rebooted, when such hosts actually consider all other nodes alive for a little while, to allow the booting node some time to hear heartbeats from others.
Packages
The alert types in Package Marketplace were showing twice — this is now fixed so it properly shows one type as expected.