Falcon LogScale 1.123.0 Preview (2024-01-30)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | JDK Compatibility? | Req. Data Migration | Config. Changes? |
|---|---|---|---|---|---|---|---|---|---|
| 1.123.0 | Preview | 2024-01-30 | Cloud On-Prem | 2025-03-01 | No | 1.70.0 | 17-21 | No | No |
Bug fixes and updates.
Advanced Warning
The following items are due to change in a future release.
Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on
Alert,Dashboard,Parser,SavedQueryandViewInteractiondatatypes has been deprecated and will be removed in version 1.136 of LogScale.In the GraphQL API, the
ChangeTriggersAndActionenum value for both thePermissionandViewActionenum is now deprecated and will be removed in version 1.136 of LogScale.The
humioDocker image is deprecated in favor ofhumio-core.humiois no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release ofhumioDocker image will be in version 1.130.0.The new
humio-single-node-demoimage is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.For more information, see LogScale Docker Core Container.
We are deprecating the
humio/kafkaandhumio/zookeeperDocker images due to low use. The planned final release for these images will be with LogScale 1.148.0.Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require
humio/kafkaorhumio/zookeeperfor needs that cannot be covered by these alternatives, please contact Support and share your concerns.In the GraphQL API, the name argument to the parser field on the
Repositorydatatype has been deprecated and will be removed in version 1.136 of LogScale.
Improvements, new features and functionality
UI Changes
When Managing Users, it is now possible to filter users based also on their assigned roles (for example, type
adminin the Users search field).
Automation and Alerts
A slow-query logging has been added when an alert is slow to start due to the query not having finished the historical part.
Storage
We have changed how LogScale handles being temporarily bottlenecked by bucket storage. Uploads are now prioritized ahead of downloads, which reduces the impact on ingest work.
Configuration
The meaning of
S3_STORAGE_CONCURRENCYandGCP_STORAGE_CONCURRENCYconfiguration variables has slightly changed. The settings are used for throttling downloads and uploads for bucket storage. Previously, a setting ofS3_STORAGE_CONCURRENCY=10for example, meant that LogScale would allow 10 concurrent uploads, and 10 concurrent downloads. Now, it means that LogScale will allow a total of 10 transfers at a time, disregarding the transfer direction.
Log Collector
Groups have been added to Fleet Management for the LogScale Collector. This feature makes it possible to define dynamic groups using a filter based upon a subset of the LogScale Query Language Syntax. New Collectors enrolled into the fleet will automatically be configured based upon the groups filters they match, eliminating the need for manually assigning a configuration to every new LogScale Collector. Groups also allow you to combine multiple reusable configuration snippets.
Additionally the management of instances has been simplified and merged into this new feature, and therefore the Assigned Instances page has been removed to favor use of the Group functions.
For more information, see Managing Groups.
Bug Fixes
Automation and Alerts
After updating Scheduled searches where the action was failing, they would constantly fail with a None.get error until they were disabled and enabled again, or the LogScale cluster was restarted. This issue is now fixed.
Other
Queries in some cases would be killed as if they were blocked even though they did not match the criteria of the block. This issue is now fixed.
It was not possible to create a new repository with a time retention greater than 365 days. Now, the UI limit is the one that is set on the customer's organization.
Input validation on fields when creating new repositories is now also improved.
Improvement
Ingestion
The cancelling mechanism for specific costly queries has been improved to solve cases where those queries got restarted anyway: the query with the exact match on the query string is now blocked for 5 minutes. This will free enough CPU for ingest to catch up and avoid blocking queries for too long.