Falcon LogScale 1.158.0 GA (2024-10-01)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Config. Changes? |
|---|---|---|---|---|---|---|---|
| 1.158.0 | GA | 2024-10-01 | Cloud | Next LTS | No | 1.112 | No |
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The following GraphQL mutations and field have been deprecated, since the starring functionality is no longer in use for alerts and scheduled searches:
addStarToAlertV2
removeStarFromAlertV2
addStarToScheduledSearch
removeStarFromScheduledSearch
isStarred field on the
AlertandScheduledSearchtypes.The lastScheduledSearch field from the
ScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to theScheduledSearchdatatype to replace lastScheduledSearch.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Queries
When a digest node is unavailable, a warning is not attached to queries, but the queries are allowed to proceed.
This way, the behaviour of a query is similar to the case where a segment cannot be searched, due to all the owning nodes being unavailable at the time of the query.
Upgrades
Changes that may occur or be required during an upgrade.
Upgrades
Bundled JDK is now upgraded to Java 23.
New features and improvements
Security
New view permissions have been added to allow for updating and deleting different types of assets in a view. For instance, granting a user the
UpdateFilespermission in a view will allow the user to update files, but not delete or create files.View permissions added:
UpdateActions– Allow updating actionsUpdateDashboards– Allow updating dashboardsUpdateFiles– Allow updating CSV filesUpdateSavedQueries– Allow updating saved queriesUpdateScheduledReports– Allow updating scheduled reportsUpdateTriggers– Allow updating alerts and scheduled searchesDeleteActions– Allow deleting actionsDeleteDashboards– Allow deleting dashboardsDeleteFiles– Allow deleting CSV filesDeleteSavedQueries– Allow deleting scheduled reportsDeleteScheduledReports– Allow deleting saved queriesDeleteTriggers– Allow deleting alerts and scheduled searches
These permissions can currently only be assigned using the LogScale GraphQL API and are not supported in the LogScale UI.
For more information, see Repository & View Permissions.
UI Changes
The logging for LogScale Multi-Cluster Search network requests have been improved by adding new endpoints that have the
externalQueryIdin the path and thefederationIdin a query parameter.The proxy endpoints for LogScale Multi-Cluster Search have changed. Specific internal marked endpoints that match the external endpoints for proxying are added. This will improve the ability to track multi-cluster searches in the LogScale requests log.
Documentation
The naming structure and identification of release types has been updated. LogScale is available in two release types:
Generally Available (GA) releases — includes new functionality. Using a GA release gets you access to the latest features and functionality.
GA releases are deployed in LogScale SaaS environments.
Long Term Support (LTS) releases — contains the latest features and functionality.
LogScale on-premise customers are advised to install the LTS releases. LTS releases are provided approximately every six weeks.
Security fixes are applied to the last three LTS releases.
Configuration
The new dynamic configuration parameter
ParserBacktrackingLimithas been added to govern how many new events can be created from a single input event in parsers.This was previously controlled by the
QueryBacktrackingLimitconfiguration parameter, which now applies only to queries, thus allowing for finer control.
Queries
LogScale Regular Expression Engine v2 now improves optimizer's ability to make alternations into decision trees.
For more information, see LogScale Regular Expression Engine V2.
Added optimizations for start-of-text regex expressions with LogScale Regular Expression Engine v2. In particular:
/^X/and:
/\AX/no longer try to match all positions in the string.
When doing tests on large body of text, these optimizations have proven to be faster and shown improvements of ~202%, for example when tested against a collection of works by Mark Twain.
For more information, see LogScale Regular Expression Engine V2.
Fixed in this release
UI Changes
A minor UI issue in dropdown windows has been fixed e.g., the Time interval window popping up from the Time Selector would close if any text inside the window fields was selected and the mouse click was released outside the window.
Ingestion
When creating a new event forwarding rule, the editor could not be editable in some cases. This issue has now been fixed.
Dashboards and Widgets
The tooltip description of a widget would be cut off if the widget took up the whole row. This issue has now been fixed.
Functions
Early Access
Configuration
A new dynamic configuration
AggregatorOutputRowLimithas been added, along with the new organisation-levelCancelQueriesExceedingAggregateOutputRowLimitconfiguration, which is currently under feature flag.Aggregate Query Functions in queries that output more rows than the limit specified by the
AggregatorOutputRowLimitconfiguration will get cancelled if theCancelQueriesExceedingAggregateOutputRowLimitconfiguration is enabled.These configuration items are being added to allow LogScale administrators to protect the health of the cluster in cases where queries use runaway amounts of resources in the result phase of query execution, impacting cluster health and availability.
For more information, see Dynamic Configuration Parameter.
Improvement
Automation and Alerts
The error message The alert query did not start within {timeout}. LogScale will retry starting the query. has been fixed to show the actual timeout instead of just {timeout}.
In the emails sent by email actions, the text
Open in Humiohas been replaced byOpen in LogScale.
Dashboards and Widgets
Dashboard parameter suggestions of the FixedList Parameter type now follow the order in which they were configured.
Dashboard parameter suggestions of the Query Parameter type now follow the order of the query result.