Falcon LogScale 1.120.0 GA (2024-01-09)
Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Config. Changes? |
---|---|---|---|---|---|---|---|
1.120.0 | GA | 2024-01-09 | Cloud | 2025-03-01 | No | 1.70.0 | No |
Available for download two days after release.
Bug fixes and updates.
Breaking Changes
The following items create a breaking change in the behavior, response or operation of this release.
Functions
The default accuracy of the
percentile()
function has been adjusted. This means that any query that does not explicitly set the accuracy may see a change in reported percentile. Specifically, thepercentile()
function may now deviate by up to one 100th of the true percentile, meaning that if a given percentile has a true value of 1000,percentile()
may report a percentile in the range of[990; 1010]
.On the flip side,
percentile()
now uses less memory by default, which should allow for additional series or groups when this function is used with eithertimeChart()
orgroupBy()
and the default accuracy is used.
Advance Warning
The following items are due to change in a future release.
Installation and Deployment
We aim to stop publishing the
jar
distribution of LogScale (e.g.server-1.117.jar
) as of LogScale version 1.130.0.Users deploying via Docker images are not affected. Users deploying on bare metal should ensure they deploy the
tar
artifact, and not thejar
artifact.A migration guide for bare metal deployments is available at How-To: Migrating from server.jar to Launcher Startup.
We intend to drop support for Java 17, making Java 21 the minimum. We plan to make this change in March 2024.
Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on
Alert
,Dashboard
,Parser
,SavedQuery
andViewInteraction
datatypes has been deprecated and will be removed in version 1.136 of LogScale.In the GraphQL API, the
ChangeTriggersAndAction
enum value for both thePermission
andViewAction
enum is now deprecated and will be removed in version 1.136 of LogScale.In the GraphQL API, the name argument to the parser field on the
Repository
datatype has been deprecated and will be removed in version 1.136 of LogScale.
Upgrades
Changes that may occur or be required during an upgrade.
Installation and Deployment
Kafka client library has been upgraded to 3.6.1. Some minor changes have been made to serializers used by LogScale to reduce memory copying.
New features and improvements
Automation and Alerts
The
ChangeTriggersAndActions
permission is now replaced by two new permissions:ChangeTriggers
permission is needed to edit alerts or scheduled searches.ChangeActions
permission is needed to edit actions as well as viewing them. Viewing the name and type of actions when editing triggers is still possible without this permission.
Any user with the legacy
ChangeTriggersAndActions
permissions will by default have both. It is possible to remove one of them for more granular access controls.
Storage
The following validation constraints are added on boot:
LOCAL_STORAGE_PERCENTAGE
is less thanSECONDARY_STORAGE_MAX_FILL_PERCENTAGE
on nodes with secondary storage configured.LOCAL_STORAGE_PERCENTAGE
is less thanPRIMARY_STORAGE_MAX_FILL_PERCENTAGE
on nodes without secondary storage configured.
Nodes will crash on boot if these constraints are violated.
Ingestion
Introducing Ingest Feeds, a new pull-based ingest source that ingests logs stored in AWS S3. The files within the AWS S3 bucket can be Gzip compressed and we currently support newline delimited files and the JSON object format in which CloudTrail logs are stored in. Ingest Feeds require some configuration setup on the AWS side to get started.
This feature is part of a gradual rollout process and may not be available on your cloud instance, but will be available to all customers in the following weeks.
For more information, see Ingest Data from AWS S3.
Fixed in this release
Dashboards and Widgets
Users were prevented from exporting results of queries containing multi value parameters. This issue is now fixed.
Functions
selectLast()
has been fixed for an issue that could cause this query function to miss events in certain cases.