Falcon LogScale 1.158.0 GA (2024-10-01)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

Config.

Changes?
1.158.0GA2024-10-01

Cloud

Next LTSNo1.112No

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The following GraphQL mutations and field have been deprecated, since the starring functionality is no longer in use for alerts and scheduled searches:

    • addStarToAlertV2

    • removeStarFromAlertV2

    • addStarToScheduledSearch

    • removeStarFromScheduledSearch

    • isStarred field on the Alert and ScheduledSearch types.

  • The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

  • Queries

    • When a digest node is unavailable, a warning is not attached to queries, but the queries are allowed to proceed.

      This way, the behaviour of a query is similar to the case where a segment cannot be searched, due to all the owning nodes being unavailable at the time of the query.

Upgrades

Changes that may occur or be required during an upgrade.

  • Upgrades

    • Bundled JDK is now upgraded to Java 23.

New features and improvements

  • Security

  • UI Changes

    • The logging for LogScale Multi-Cluster Search network requests have been improved by adding new endpoints that have the externalQueryId in the path and the federationId in a query parameter.

    • The proxy endpoints for LogScale Multi-Cluster Search have changed. Specific internal marked endpoints that match the external endpoints for proxying are added. This will improve the ability to track multi-cluster searches in the LogScale requests log.

  • Documentation

    • The naming structure and identification of release types has been updated. LogScale is available in two release types:

      • Generally Available (GA) releases — includes new functionality. Using a GA release gets you access to the latest features and functionality.

        GA releases are deployed in LogScale SaaS environments.

      • Long Term Support (LTS) releases — contains the latest features and functionality.

        LogScale on-premise customers are advised to install the LTS releases. LTS releases are provided approximately every six weeks.

        Security fixes are applied to the last three LTS releases.

  • Configuration

    • The new dynamic configuration parameter ParserBacktrackingLimit has been added to govern how many new events can be created from a single input event in parsers.

      This was previously controlled by the QueryBacktrackingLimit configuration parameter, which now applies only to queries, thus allowing for finer control.

  • Queries

    • LogScale Regular Expression Engine v2 now improves optimizer's ability to make alternations into decision trees.

      For more information, see LogScale Regular Expression Engine V2.

    • Added optimizations for start-of-text regex expressions with LogScale Regular Expression Engine v2. In particular:

      /^X/

      and:

      /\AX/

      no longer try to match all positions in the string.

      When doing tests on large body of text, these optimizations have proven to be faster and shown improvements of ~202%, for example when tested against a collection of works by Mark Twain.

      For more information, see LogScale Regular Expression Engine V2.

Fixed in this release

  • UI Changes

    • A minor UI issue in dropdown windows has been fixed e.g., the Time interval window popping up from the Time Selector would close if any text inside the window fields was selected and the mouse click was released outside the window.

  • Dashboards and Widgets

    • The tooltip description of a widget would be cut off if the widget took up the whole row. This issue has now been fixed.

  • Ingestion

    • When creating a new event forwarding rule, the editor could not be editable in some cases. This issue has now been fixed.

  • Functions

    • A regression issue has been fixed in the match() function in cidr mode, which was significantly slower when doing submission of the query.

Early Access

Improvement

  • Automation and Alerts

    • The error message The alert query did not start within {timeout}. LogScale will retry starting the query. has been fixed to show the actual timeout instead of just {timeout}.

    • In the emails sent by email actions, the text Open in Humio has been replaced by Open in LogScale.

  • Dashboards and Widgets

    • Dashboard parameter suggestions of the FixedList Parameter type now follow the order in which they were configured.

      Dashboard parameter suggestions of the Query Parameter type now follow the order of the query result.