Falcon LogScale 1.160.0 GA (2024-10-15)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	Config. Changes^?
1.160.0	GA	2024-10-15	Cloud	Next LTS	No	1.112	No

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

New features and improvements

UI Changes
- PDF Render Service now supports proxy communication between service and LogScale. Adding the environment variable http_proxy or https_proxy to the PDF render service environment will add a proxy agent to all requests from the service to LogScale.
- Documentation is now displayed on hover in the LogScale query editor within Falcon. The full syntax usage and a link to the documentation is now visible for any keyword in a query.
Automation and Alerts
- The queryStart and queryEnd fields were added for two aggregate alerts log lines:
  - Alert found results, but no actions were invoked since the alert is throttled
  - Alert found no results and will not trigger
  and removed for three others as they did not contain the correct value:
  - Alert is behind. Will stop live query and start running historic queries to catch up
  - Alert query took too long to start and the result are now too old. LogScale will stop the live query and start running historic queries to catch up
  - Running a historic query to catch up took too long and the result is now outside the retry limit. LogScale will skip this data and start a query for events within the retry limit
- Three alert messages were deprecated and replaced with new, more accurate alert messages.
  - For Legacy Alerts: The query result is currently incomplete. The alert will not be polled in this loop replaces Starting the query for the alert has not finished. The alert will not be polled in this loop.
  - For Filter Alerts and Aggregate Alerts: The query result is currently incomplete. The alert will not be polled in this run replaces Starting the alert query has not finished. The alert will not be polled in this run in some situations where it is more correct.
  - The alert message was updated for filter and aggregate alerts in some cases where the live query was stopped due to the alert being behind.
  For more information, see Monitoring Alert Execution through the humio-activity Repository.
- The Alerts page now shows the following UI changes:
  - A new column Last modified is added in the Alerts overview to display when the alert was last updated and by whom.
  - The same above column is added either in the alert properties side panel and in the Search page.
  - The Package column is no longer displayed as default on the Alerts overview page.
  For more information, see Creating an Alert from the Alerts Overview.
Dashboards and Widgets
- Numbers in the Table widget can now be displayed with trailing zeros to maintain a consistent number of decimal places.
Log Collector
- LogScale Collector can now enable internal loggin of instances through Fleet Management.
  For more information, see Fleet Management Internal Logging.
Queries
- LogScale Regular Expression Engine V2 is now optimized to support character match within a single line, e.g. /.*/s.
Functions
- Improvements in the sort(), head(), and tail() functions: the error message when entering an incorrect value in the limit parameter now mentions both the minimum and the maximum configured value for the limit.
- Introducing the new query function array:rename(). This function renames all consecutive entries of an array starting at index 0.
  For more information, see array:rename().

Fixed in this release

Upgrades
- A regression introduced with the upgrade to Java 23 in version 1.158.0 has now been fixed. The issue broke SASL support for Kafka, see Kafka documentation for more information.
UI Changes
- Event List has been fixed as it would not take sorting from query API into consideration when sorting events based on UI configuration.
- A red border in the Table widget with invalid changes is now displayed correctly on the Dashboard page.
- Dragging would stop working on the Dashboard page in cases where invalid changes were made and saved to a widget and the user would then click Continue editing. This issue has been fixed and the dragging now works correctly also in this case.
API
- An issue has been fixed in the computation of the digestFlow property of the query response. The information contained there would be stale in cases where the query started from a cached state or there were digest leadership changes (for example, in case of node restarts).
  For more information, see Polling a Query Job.
Ingestion
- Parser Assertions have been fixed as some would be marked as passing, even though they should be failing.
- An erronous array gap detection has been fixed as it would detect gaps where there were none.
Queries
- Fixed an issue where non-greedy repetition and repetition of fixed width patterns would not adhere to the backtracking limit in the LogScale Regular Expression Engine V2.

Improvement

UI Changes
- Improving the warnings given when performing multi-cluster searches across clusters running on different LogScale versions.

Release Notes

Release Notes

Understanding Releases and Notes

LogScale Metrics

Limits & Standards

LogScale Notices

Falcon LogScale 1.160.0 GA (2024-10-15)

Enter search term