Falcon LogScale 1.150.0 GA (2024-08-06)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Config. Changes? |
|---|---|---|---|---|---|---|---|
| 1.150.0 | GA | 2024-08-06 | Cloud | 2025-09-30 | No | 1.112 | No |
Available for download two days after release.
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The
server.tar.gzrelease artifact has been deprecated. Users should switch to theOS/architecture-specific server-linux_x64.tar.gzorserver-alpine_x64.tar.gz, which include bundled JDKs. Users installing a Docker image do not need to make any changes. With this change, LogScale will no longer support bringing your own JDK, we will bundle one with releases instead.We are making this change for the following reasons:
By bundling a JDK specifically for LogScale, we can customize the JDK to contain only the functionality needed by LogScale. This is a benefit from a security perspective, and also reduces the size of release artifacts.
Bundling the JDK ensures that the JDK version in use is one we've tested with, which makes it more likely a customer install will perform similar to our own internal setups.
By bundling the JDK, we will only need to support one JDK version. This means we can take advantage of enhanced JDK features sooner, such as specific performance improvements, which benefits everyone.
The last release where
server.tar.gz artifactis included will be 1.154.0.The
HUMIO_JVM_ARGSenvironment variable in the LogScale Launcher Script script will be removed in 1.154.0.The variable existed for migration from older deployments where the launcher script was not available. The launcher script replaces the need for manually setting parameters in this variable, so the use of this variable is no longer required. Using the launcher script is now the recommended method of launching LogScale. For more details on the launcher script, see LogScale Launcher Script. Clusters that still set this configuration should migrate to the other variables described at Configuration.
The lastScheduledSearch field from the
ScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to theScheduledSearchdatatype to replace lastScheduledSearch.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Functions
Prior to LogScale v1.147, the
array:length()function accepted a value in thearrayargument that did not contain brackets[ ]so thatarray:length("field")would always produce the result0(since there was no field named field). The function has now been updated to properly throw an exception if given a non-array field name in thearrayargument. Therefore, the function now requires the given array name to have[ ]brackets, since it only works on array fields.
New features and improvements
Installation and Deployment
The Docker containers have been configured to use the following environment variable values internally:
DIRECTORY=/data/humio-dataHUMIO_AUDITLOG_DIR=/data/logsHUMIO_DEBUGLOG_DIR=/data/logsJVM_LOG_DIR=/data/logsJVM_TMP_DIR=/data/humio-data/jvm-tmpThis configuration replaces the following chains of internal symlinks, which have been removed:/app/humio/humio/humio-data -> /app/humio/humio-data/app/humio/humio-data -> /data/humio-data/app/humio/humio/logs -> /app/humio/logs/app/humio/logs -> /data/logsThis change is intended for allowing the tool scripts in/app/humio/humio/binto work correctly, as they were previously failing due to the presence of dangling symlinks when invoked via docker run if nothing was mounted at/data.
UI Changes
Sections can now be created inside dashboards, allowing for grouping relevant content together to maintain a clean and organized layout, making it easier for users to find and analyze related information. Sections can contain data visualizations as well as Parameter Panels. Additionally, they offer more flexibility when using the Time Selector, enabling users to apply a time setting across multiple widgets.
For more information, see Sections.
An organization administrator can now update a user's role on a repository or view from the
Userspage.For more information, see Manage User Roles.
Automation and Alerts
The
{action_invocation_id}message template has been added: it contains a unique id for the invocation of the action that can be correlated with the activity logs.For more information, see Message Templates and Variables, Monitoring Alert Execution through the humio-activity Repository.
Users can now see warnings and errors associated to alerts in the
Alertspage opened in read-only mode.
Storage
Support is implemented for returning a result over 1GB in size on the
queryjobsendpoint. There is now a limit on the size of 8GB of the returned result. The limits on state sizes for queries remain unaltered, so the effect of this change is that some queries that previously failed returning their results due to reaching 1GB, even though the query completed, now work.
Functions
Fixed in this release
Falcon Data Replicator
Testing new FDR feeds using s3 aliasing would fail for valid credentials. This issue has now been fixed.
UI Changes
The
Organizationsoverview page has been fixed as the Volume column width within a specific organization could not be adjusted.The display of Lookup Files metadata in the file editor for very long user names has now been fixed.
Storage
Throttling for bucket uploads/downloads could cause unintentionally harsh throttling of downloads in favor of running more uploads concurrently. This issue has now been fixed.
The throttling for segment rebalancing has been reworked, which should help rebalancing keep up without overwhelming the cluster.
Known Issues