Falcon LogScale 1.160.0 GA (2024-10-15)
Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Config. Changes? |
---|---|---|---|---|---|---|---|
1.160.0 | GA | 2024-10-15 | Cloud | 2025-12-31 | No | 1.112 | No |
Available for download two days after release.
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The lastScheduledSearch field from the
ScheduledSearch
datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to theScheduledSearch
datatype to replace lastScheduledSearch.
New features and improvements
UI Changes
PDF Render Service now supports proxy communication between service and LogScale. Adding the environment variable
http_proxy
orhttps_proxy
to the PDF render service environment will add a proxy agent to all requests from the service to LogScale.Documentation is now displayed on hover in the LogScale query editor within Falcon. The full syntax usage and a link to the documentation is now visible for any keyword in a query.
Automation and Alerts
Three alert messages were deprecated and replaced with new, more accurate alert messages.
For Legacy Alerts: The query result is currently incomplete. The alert will not be polled in this loop replaces Starting the query for the alert has not finished. The alert will not be polled in this loop.
For Filter Alerts and Aggregate Alerts: The query result is currently incomplete. The alert will not be polled in this run replaces Starting the alert query has not finished. The alert will not be polled in this run in some situations where it is more correct.
The alert message was updated for filter and aggregate alerts in some cases where the live query was stopped due to the alert being behind.
For more information, see Monitoring Alert Execution through the humio-activity Repository.
The queryStart and queryEnd fields has been added for two aggregate alerts log lines:
Alert found results, but no actions were invoked since the alert is throttled
Alert found no results and will not trigger
and removed for three others as they did not contain the correct value:
Alert is behind. Will stop live query and start running historic queries to catch up
Alert query took too long to start and the result are now too old. LogScale will stop the live query and start running historic queries to catch up
Running a historic query to catch up took too long and the result is now outside the retry limit. LogScale will skip this data and start a query for events within the retry limit
The
Alerts
page now shows the following UI changes:A new column Last modified is added in the
Alerts
overview to display when the alert was last updated and by whom.The same above column is added either in the alert properties side panel and in the
Search
page.The Package column is no longer displayed as default on the
Alerts
overview page.
For more information, see Creating an Alert from the Alerts Overview.
GraphQL API
GraphQL introspection queries now require authentication. Setting the configuration parameter
API_EXPLORER_ENABLED
tofalse
will still reject all introspection queries.
Dashboards and Widgets
Numbers in the
Table
widget can now be displayed with trailing zeros to maintain a consistent number of decimal places.
Log Collector
LogScale Collector can now enable internal loggin of instances through
Fleet Management
.For more information, see Fleet Management Internal Logging.
Queries
LogScale Regular Expression Engine V2 is now optimized to support character match within a single line, e.g.
/.*/s
.
Functions
Improvements in the
sort()
,head()
, andtail()
functions: the error message when entering an incorrect value in thelimit
parameter now mentions both the minimum and the maximum configured value for the limit.Introducing the new query function
array:rename()
. This function renames all consecutive entries of an array starting at index 0.For more information, see
array:rename()
.
Fixed in this release
UI Changes
Event List has been fixed as it would not take sorting from query API into consideration when sorting events based on UI configuration.
The red border appearing in the
Table
widget when invalid changes are made to a dashboard interaction is now fixed as it would not display correctly.Dragging would stop working on the
Dashboard
page in cases where invalid changes were made and saved to a widget and the user would then click . This issue has been fixed and the dragging now works correctly also in this case.
Storage
A regression introduced with the upgrade to Java 23 in version 1.158.0 has now been fixed. The issue broke SASL support for Kafka, see Kafka documentation for more information.
API
An issue has been fixed in the computation of the
digestFlow
property of the query response. The information contained there would be stale in cases where the query started from a cached state or there were digest leadership changes (for example, in case of node restarts).For more information, see Polling a Query Job.
Ingestion
Parser Assertions have been fixed as some would be marked as passing, even though they should be failing.
An erronous array gap detection has been fixed as it would detect gaps where there were none.
Queries
Fixed an issue where non-greedy repetition and repetition of fixed width patterns would not adhere to the backtracking limit in the LogScale Regular Expression Engine V2.
Improvement
UI Changes
Improving the warnings given when performing multi-cluster searches across clusters running on different LogScale versions.