Falcon LogScale 1.123.0 GA (2024-01-30)
Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Config. Changes? |
---|---|---|---|---|---|---|---|
1.123.0 | GA | 2024-01-30 | Cloud | 2025-03-01 | No | 1.70.0 | No |
Available for download two days after release.
Bug fixes and updates.
Advance Warning
The following items are due to change in a future release.
Installation and Deployment
We aim to stop publishing the
jar
distribution of LogScale (e.g.server-1.117.jar
) as of LogScale version 1.130.0.Users deploying via Docker images are not affected. Users deploying on bare metal should ensure they deploy the
tar
artifact, and not thejar
artifact.A migration guide for bare metal deployments is available at How-To: Migrating from server.jar to Launcher Startup.
We intend to drop support for Java 17, making Java 21 the minimum. We plan to make this change in March 2024.
Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on
Alert
,Dashboard
,Parser
,SavedQuery
andViewInteraction
datatypes has been deprecated and will be removed in version 1.136 of LogScale.The
humio
Docker image is deprecated in favor ofhumio-core
.humio
is no longer considered suitable for production use, as it runs Kafka and ZooKeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release ofhumio
Docker image will be in version 1.130.0.The new
humio-single-node-demo
image is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.For more information, see Installing Using Containers.
In the GraphQL API, the
ChangeTriggersAndAction
enum value for both thePermission
andViewAction
enum is now deprecated and will be removed in version 1.136 of LogScale.We are deprecating the
humio/kafka
andhumio/zookeeper
Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.Better alternatives are available going forward. We recommend the following:
If you still require
humio/kafka
orhumio/zookeeper
for needs that cannot be covered by these alternatives, please contact Support and share your concerns.In the GraphQL API, the name argument to the parser field on the
Repository
datatype has been deprecated and will be removed in version 1.136 of LogScale.
New features and improvements
UI Changes
When Manage Users, it is now possible to filter users based also on their assigned roles (for example, type
admin
in the Users search field).
Automation and Alerts
A slow-query logging has been added when an alert is slow to start due to the query not having finished the historical part.
Storage
We have changed how LogScale handles being temporarily bottlenecked by bucket storage. Uploads are now prioritized ahead of downloads, which reduces the impact on ingest work.
Configuration
The meaning of
S3_STORAGE_CONCURRENCY
andGCP_STORAGE_CONCURRENCY
configuration variables has slightly changed. The settings are used for throttling downloads and uploads for bucket storage. Previously, a setting ofS3_STORAGE_CONCURRENCY=10
for example, meant that LogScale would allow 10 concurrent uploads, and 10 concurrent downloads. Now, it means that LogScale will allow a total of 10 transfers at a time, disregarding the transfer direction.
Log Collector
Groups have been added to Fleet Management for the LogScale Collector. This feature makes it possible to define dynamic groups using a filter based upon a subset of the LogScale Query Language Syntax. New Collectors enrolled into the fleet will automatically be configured based upon the groups filters they match, eliminating the need for manually assigning a configuration to every new LogScale Collector. Groups also allow you to combine multiple reusable configuration snippets.
Additionally the management of instances has been simplified and merged into this new feature, and therefore the Assigned Instances page has been removed to favor use of the Group functions.
For more information, see Manage Groups.
Fixed in this release
Automation and Alerts
After updating Scheduled searches where the action was failing, they would constantly fail with a None.get error until they were disabled and enabled again, or the LogScale cluster was restarted. This issue is now fixed.
Queries
Queries in some cases would be killed as if they were blocked even though they did not match the criteria of the block. This issue is now fixed.
Other
It was not possible to create a new repository with a time retention greater than 365 days. Now, the UI limit is the one that is set on the customer organization.
Input validation on fields when creating new repositories is now also improved.
Improvement
Ingestion
The cancelling mechanism for specific costly queries has been improved to solve cases where those queries got restarted anyway: the query with the exact match on the query string is now blocked for 5 minutes. This will free enough CPU for ingest to catch up and avoid blocking queries for too long.