Falcon LogScale 1.155.0 GA (2024-09-10)
Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Config. Changes? |
---|---|---|---|---|---|---|---|
1.155.0 | GA | 2024-09-10 | Cloud | Next LTS | No | 1.112 | No |
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The lastScheduledSearch field from the
ScheduledSearch
datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to theScheduledSearch
datatype to replace lastScheduledSearch.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Automation and Alerts
Aggregate Alerts and Filter Alerts as well as Scheduled Searches will now stop the query, if it has become outdated before it finishes.
Functions
Prior to LogScale v1.147, the
array:length()
function accepted a value in thearray
argument that did not contain brackets[ ]
so thatarray:length("field")
would always produce the result0
(since there was no field named field). The function has now been updated to properly throw an exception if given a non-array field name in thearray
argument. Therefore, the function now requires the given array name to have[ ]
brackets, since it only works on array fields.
New features and improvements
Security
View permissions to allow for creating different types of assets in a view have been added.
For instance granting a user the
CreateFiles
permission in a view, will allow the user to create new files, but not edit existing files.CreateActions
- Allow creating actionsCreateDashboards
- Allow creating dashboardsCreateSavedQueries
- Allow creating saved queriesCreateScheduledReports
- Allow creating scheduled reportsCreateTriggers
- Allow creating alerts and scheduled searches
These permissions can currently only be assigned using the LogScale GraphQL API.
For more information, see Repository & View Permissions.
UI Changes
The maximum number of fields that can be added in a Field Aliasing schema has been increased from 50 to 1,000.
GraphQL API
Add a new GraphQL API for getting non-default buckets storage configurations for organizations onDefaultBucketConfigs. The intended use is to help managing a fleet of LogScale clusters.
Functions
The new
objectArray:eval()
query function is now available for processing structured/nested arrays.For more information, see
objectArray:eval()
.The
array:eval()
query function for processing flat arrays is no longer experimental.For more information, see
array:eval()
.
Fixed in this release
UI Changes
Clean up state for multi-cluster searches that could result in a build up of memory used.
Automation and Alerts
The severity of log message Alert found no results and will not trigger for Aggregate Alerts has been adjusted from
Warning
toInfo
.
Known Issues
Queries
Improvement
Queries
Some internal improvements have been made to query caching and cache distribution.