Falcon LogScale 1.155.0 GA (2024-09-10)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

Config.

Changes?
1.155.0GA2024-09-10

Cloud

Next LTSNo1.112No

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

  • Automation and Alerts

  • Functions

    • Prior to LogScale v1.147, the array:length() function accepted a value in the array argument that did not contain brackets [ ] so that array:length("field") would always produce the result 0 (since there was no field named field). The function has now been updated to properly throw an exception if given a non-array field name in the array argument. Therefore, the function now requires the given array name to have [ ] brackets, since it only works on array fields.

New features and improvements

  • Security

    • View permissions to allow for creating different types of assets in a view have been added.

      For instance granting a user the CreateFiles permission in a view, will allow the user to create new files, but not edit existing files.

      These permissions can currently only be assigned using the LogScale GraphQL API.

      For more information, see Repository & View Permissions.

  • UI Changes

    • The maximum number of fields that can be added in a Field Aliasing schema has been increased from 50 to 1,000.

  • GraphQL API

    • Add a new GraphQL API for getting non-default buckets storage configurations for organizations onDefaultBucketConfigs. The intended use is to help managing a fleet of LogScale clusters.

  • Functions

Fixed in this release

  • UI Changes

  • Automation and Alerts

    • The severity of log message Alert found no results and will not trigger for Aggregate Alerts has been adjusted from Warning to Info.

Known Issues

  • Queries

    • A known issue in the implementation of the match() function when using cidr option in the mode parameter, could cause a reduction in performance for the query, and block other queries from executing.

Improvement

  • Queries

    • Some internal improvements have been made to query caching and cache distribution.