Falcon LogScale 1.120.0 Preview (2024-01-09)

Version?Type?Release Date?Availability?End of Support







Req. Data







Bug fixes and updates.

Breaking Changes

The following items create a breaking change in the behavior, response or operation of this release.

  • Functions

    • The default accuracy of the percentile() function has been adjusted. This means that any query that does not explicitly set the accuracy may see a change in reported percentile. Specifically, the percentile() function may now deviate by up to one 100th of the true percentile, meaning that if a given percentile has a true value of 1000, percentile() may report a percentile in the range of [990; 1010].

      On the flip side, percentile() now uses less memory by default, which should allow for additional series or groups when this function is used with either timeChart() or groupBy() and the default accuracy is used.

Advanced Warning

The following items are due to change in a future release.

  • Installation and Deployment

    • We aim to stop publishing the jar distribution of LogScale (e.g. server-1.117.jar) as of LogScale version 1.130.0.

      Users deploying via Docker images are not affected. Users deploying on bare metal should ensure they deploy the tar artifact, and not the jar artifact.

      A migration guide for bare metal deployments is available at How-To: Migrating from server.jar to Launcher Startup.

    • We intend to drop support for Java 17, making Java 21 the minimum. We plan to make this change in March 2024.


Items that have been deprecated and may be removed in a future release.

  • The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.

  • In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.

  • In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.


Changes that may occur or be required during an upgrade.

  • Other

    • Kafka client library has been upgraded to 3.6.1. Some minor changes have been made to serializers used by LogScale to reduce memory copying.

Improvements, new features and functionality

  • Automation and Alerts

    • The ChangeTriggersAndActions permission is now replaced by two new permissions:

      • ChangeTriggers permission is needed to edit alerts or scheduled searches.

      • ChangeActions permission is needed to edit actions as well as viewing them. Viewing the name and type of actions when editing triggers is still possible without this permission.

      Any user with the legacy ChangeTriggersAndActions permissions will by default have both. It is possible to remove one of them for more granular access controls.

  • Storage

  • Ingestion

    • Introducing Ingest Feeds, a new pull-based ingest source that ingests logs stored in AWS S3. The files within the AWS S3 bucket can be Gzip compressed and we currently support newline delimited files and the JSON object format in which CloudTrail logs are stored in. Ingest Feeds require some configuration setup on the AWS side to get started.

      This feature is part of a gradual rollout process and may not be available on your cloud instance, but will be available to all customers in the following weeks.

      For more information, see Ingesting Data from AWS S3.

Bug Fixes

  • Dashboards and Widgets

    • Users were prevented from exporting results of queries containing multi value parameters. This issue is now fixed.

  • Functions

    • selectLast() has been fixed for an issue that could cause this query function to miss events in certain cases.