Falcon LogScale 1.131.0 Preview (2024-03-26)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

JDK

Compatibility?

Req. Data

Migration

Config.

Changes?
1.131.0Preview2024-03-26

Cloud

Next StableYes1.10617-21NoNo

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The assetType GraphQL field on Alert, Dashboard, Parser, SavedQuery and ViewInteraction datatypes has been deprecated and will be removed in version 1.136 of LogScale.

  • The any argument to the type parameter of sort() and table() has been deprecated and will be removed in version 1.142.

    Warnings prompts will be shown in queries that fall into either of these two cases:

    • If you are explicitly supplying an any argument, please either simply remove both the parameter and the argument, for example change sort(..., type=any) to sort(...) or supply the argument for type that corresponds to your data.

    • If you are sorting hexadecimal values by their equivalent numerical values, please change the argument of type parameter to hex e.g. sort(..., type=hex).

    In all other cases, no action is needed.

    The new default value for sort() and table() will be number. Both functions will fall back to lexicographical ordering for values that cannot be understood as the provided argument for type.

  • In the GraphQL API, the ChangeTriggersAndAction enum value for both the Permission and ViewAction enum is now deprecated and will be removed in version 1.136 of LogScale.

  • We are deprecating the humio/kafka and humio/zookeeper Docker images due to low use. The planned final release for these images will be with LogScale 1.148.0.

    Better alternatives are available going forward. We recommend the following:

    If you still require humio/kafka or humio/zookeeper for needs that cannot be covered by these alternatives, please contact Support and share your concerns.

  • Several GraphQL queries and mutations for interacting with parsers are deprecated and scheduled for removal in version 1.142. These changes can be seen in the library at the following pages:

  • In the GraphQL API, the name argument to the parser field on the Repository datatype has been deprecated and will be removed in version 1.136 of LogScale.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

  • Storage

    • We've removed a throttling behavior that prevented background merges of minisegments from running when digest load is high. Such throttling can cause global in the LogScale cluster to grow over time if the digest load isn't transient, which is undesirable.

    • Registering local segment files is skipped on nodes that are configured to not have storage via their node role.

    • When booting a node, wait until we've caught up to the top of global before publishing the start message. This should help avoid global publish timeouts on boot when global has a lot of traffic.

    • Moving minisegments to the digest leader in cases where it is not necessary is now avoided. This new behavior reduces global traffic on digest reassignment.

Improvements, new features and functionality

  • UI Changes

    • The parser test window width can now be resized.

  • Other

    • The metrics endpoint for the scheduled report render node has been updated to output the Prometheus text based format.

Bug Fixes

  • UI Changes

    • Duplicate HTML escape has been removed to prevent recursive field references having double escaped formatting in emails.

  • Storage

    • We've fixed a rarely hit error in the query scheduler causing a ClassCastException for scala.runtime.Nothing..

  • Functions

    • join() function has been fixed as warnings of the sub-query would not propagate to the main-query result.

    • Serialization of very large query states would crash nodes by requesting an array larger than what the JVM can allocate. This issue has been fixed.

Public Preview

Improvement

  • Storage

    • Concurrency for segment merging is improved, thus avoiding some unnecessary and inefficient pauses in execution.

    • We've switched to running the RetentionJob in a separate thread from DataSyncJob. This should enable more consistent merging.

    • The RetentionJob work is now divided among nodes such that there's no overlap. This reduces traffic in global.

    • An internal limit on use of off-heap memory has been adjusted to allow more threads to perform segment merging in parallel.

  • Functions

    • Some performance improvements have been made to the join() function, allowing it to skip blocks that do not contain the specified fields of the main and sub-query.