Falcon LogScale 1.155.0 Preview (2024-09-10)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | JDK Compatibility? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.155.0 | Preview | 2024-09-10 | Cloud | Next Stable | No | 1.112 | 21-22 | No |
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The lastScheduledSearch field from the
ScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to theScheduledSearchdatatype to replace lastScheduledSearch.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Automation and Alerts
Aggregate Alerts and Filter Alerts as well as Scheduled Searches will now stop the query, if it has become outdated before it finishes.
Functions
Prior to LogScale v1.147, the
array:length()function accepted a value in thearrayargument that did not contain brackets[ ]so thatarray:length("field")would always produce the result0(since there was no field named field). The function has now been updated to properly throw an exception if given a non-array field name in thearrayargument. Therefore, the function now requires the given array name to have[ ]brackets, since it only works on array fields.
New features and improvements
Security
View permissions to allow for creating different types of assets in a view have been added.
For instance granting a user the
CreateFilespermission in a view, will allow the user to create new files, but not edit existing files.CreateActions- Allow creating actionsCreateDashboards- Allow creating dashboardsCreateSavedQueries- Allow creating saved queriesCreateScheduledReports- Allow creating scheduled reportsCreateTriggers- Allow creating alerts and scheduled searches
These permissions can currently only be assigned using the LogScale GraphQL API.
For more information, see Repository & View Permissions.
UI Changes
The maximum number of fields that can be added in a Field Aliasing schema has been increased from 50 to 1,000.
GraphQL API
Add a new GraphQL API for getting non-default buckets storage configurations for organizations onDefaultBucketConfigs. The intended use is to help managing a fleet of LogScale clusters.
Functions
The
array:eval()query function for processing flat arrays is no longer experimental.For more information, see
array:eval().The new
objectArray:eval()query function for processing structured/nested arrays is introduced.
Fixed in this release
UI Changes
Clean up state for multi-cluster searches that could result in a build up of memory used.
Automation and Alerts
The severity of log message Alert found no results and will not trigger for Aggregate Alerts has been adjusted from
WarningtoInfo.
Known Issues
Configuration
The LogScale Launcher script no longer sets
-XX:+UseTransparentHugePagesas part of the mandatory flags. The flag was added in LogScale 1.136. Setting the flag JVM-XX:+UseTransparentHugePageson very old Linux kernels (pre-4.10) can provoke a division by zero in the JVM code, causing the JVM to crash with an ArithmeticException. In order to stay compatible with older Linux installs, we are backing out this change until we can upgrade to a JVM that is not affected by this bug.
Improvement
Other
Some internal improvements have been made to query caching and cache distribution.