Falcon LogScale 1.128.0 Preview (2024-03-05)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | JDK Compatibility? | Req. Data Migration | Config. Changes? |
|---|---|---|---|---|---|---|---|---|---|
| 1.128.0 | Preview | 2024-03-05 | Cloud On-Prem | 2025-04-30 | Yes | 1.70.0 | 17-21 | No | No |
Bug fixes and updates.
Advanced Warning
The following items are due to change in a future release.
Deprecation
Items that have been deprecated and may be removed in a future release.
The assetType GraphQL field on
Alert,Dashboard,Parser,SavedQueryandViewInteractiondatatypes has been deprecated and will be removed in version 1.136 of LogScale.The
anyargument to thetypeparameter ofsort()andtable()has been deprecated and will be removed in version 1.142.Warnings prompts will be shown in queries that fall into either of these two cases:
If you are explicitly supplying an
anyargument, please either simply remove both the parameter and the argument, for example changesort(..., type=any)tosort(...)or supply the argument fortypethat corresponds to your data.If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of
typeparameter tohexe.g.sort(..., type=hex).In all other cases, no action is needed.
The new default value for
sort()andtable()will benumber. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument fortype.In the GraphQL API, the
ChangeTriggersAndActionenum value for both thePermissionandViewActionenum is now deprecated and will be removed in version 1.136 of LogScale.The
humioDocker image is deprecated in favor ofhumio-core.humiois no longer considered suitable for production use, as it runs Kafka and Zookeeper on the same host as LogScale, which our deployment guidelines no longer recommend. The final release ofhumioDocker image will be in version 1.130.0.The new
humio-single-node-demoimage is an all-in-one container suitable for quick and easy demonstration setups, but which is entirely unsupported for production use.For more information, see LogScale Docker Core Container.
We are deprecating the
humio/kafkaandhumio/zookeeperDocker images due to low use. The planned final release for these images will be with LogScale 1.148.0.Better alternatives are available going forward. We recommend the following:
If your cluster is deployed on Kubernetes: STRIMZI
If your cluster is deployed to AWS: MSK
In other cases: Confluent for Kafka and Confluent for ZooKeeper
If you still require
humio/kafkaorhumio/zookeeperfor needs that cannot be covered by these alternatives, please contact Support and share your concerns.In the GraphQL API, the name argument to the parser field on the
Repositorydatatype has been deprecated and will be removed in version 1.136 of LogScale.
Improvements, new features and functionality
Configuration
The new dynamic configuration
MaxOpenSegmentsOnWorkeris implemented to control hard cap on open segment files for the scheduler. The scheduler should in most cases not reach this limit and it only acts as a backstop. Therefore, we recommend that administrators do not modify this setting unless advised to do so by CrowdStrike Support.
Bug Fixes
UI Changes
CSV files produced by LogScale for sending as attachments from email actions or uploaded through a LogScale Repository action could contain values where part of the text was duplicated. This would only happen for values that needed to be quoted. This issue is now fixed.
Packages
When attempting to upload a package disguised as a folder, some browsers would get a generic error messages. To fix this issue, only zip files are accepted now.
Improvement
Configuration
The default value for
AUTOSHARDING_MAXhas changed from 128 to 1,024.The default value for
AUTOSHARDING_TRIGGER_DELAY_MShas changed from 1 hour to 4 hours.