Falcon LogScale 1.155.0 GA (2024-09-10)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	Config. Changes^?
1.155.0	GA	2024-09-10	Cloud	2025-10-31	No	1.112	No

Available for download two days after release.

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Automation and Alerts
Aggregate Alerts and Filter Alerts as well as Scheduled Searches will now stop the query, if it has become outdated before it finishes.
Functions
Prior to LogScale v1.147, the array:length() function accepted a value in the array argument that did not contain brackets [ ] so that array:length("field") would always produce the result 0 (since there was no field named field). The function has now been updated to properly throw an exception if given a non-array field name in the array argument. Therefore, the function now requires the given array name to have [ ] brackets, since it only works on array fields.

New features and improvements

Security
- View permissions to allow for creating different types of assets in a view have been added.
  For instance granting a user the CreateFiles permission in a view, will allow the user to create new files, but not edit existing files.
  CreateActions - Allow creating actions
  CreateDashboards - Allow creating dashboards
  CreateSavedQueries - Allow creating saved queries
  CreateScheduledReports - Allow creating scheduled reports
  CreateTriggers - Allow creating alerts and scheduled searches
  These permissions can currently only be assigned using the LogScale GraphQL API.
  For more information, see Repository & View Permissions.
UI Changes
- The maximum number of fields that can be added in a Field Aliasing schema has been increased from 50 to 1,000.
GraphQL API
- Add a new GraphQL API for getting non-default buckets storage configurations for organizations onDefaultBucketConfigs. The intended use is to help managing a fleet of LogScale clusters.
Functions
- The new objectArray:eval() query function is now available for processing structured/nested arrays.
  For more information, see objectArray:eval().
- The array:eval() query function for processing flat arrays is no longer experimental.
  For more information, see array:eval().

Fixed in this release

UI Changes
- Clean up state for multi-cluster searches that could result in a build up of memory used.
Automation and Alerts
- The severity of log message Alert found no results and will not trigger for Aggregate Alerts has been adjusted from Warning to Info.

Known Issues

Queries
- A known issue in the implementation of the match() function when using cidr option in the mode parameter, could cause a reduction in performance for the query, and block other queries from executing.

Improvement

Queries
- Some internal improvements have been made to query caching and cache distribution.

Release Notes

Understanding Releases and Notes

LogScale Metrics

Limits & Standards

LogScale Notices

Falcon LogScale 1.155.0 GA (2024-09-10)

Enter search term