Falcon LogScale 1.162.0 GA (2024-10-29)
Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Config. Changes? |
---|---|---|---|---|---|---|---|
1.162.0 | GA | 2024-10-29 | Cloud | 2025-12-31 | No | 1.112 | No |
Available for download two days after release.
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The lastScheduledSearch field from the
ScheduledSearch
datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to theScheduledSearch
datatype to replace lastScheduledSearch.
New features and improvements
Security
Users can now view actions in restricted read-only mode when they have the
Data read access
permission on the repository or view.
Storage
WriteNewSegmentFileFormat
feature flag is now removed and the feature enabled by default to improve compression of segment files.
Configuration
The default value for
MINISEGMENT_PREMERGE_MIN_FILES
has been increased from4
to12
. This results in less global traffic from merges, and reduces churn in bucket storage from mini-segments being replaced.
Ingestion
The way query resources are handled with respect to ingest occupancy has changed. If the maximum occupancy over all the ingest readers is less than the limit set (90 % by default), LogScale will not reduce resources for queries. The new configuration variable
INGEST_OCCUPANCY_QUERY_PERMIT_LIMIT
now allows to change such default limit of 90 % to adjust how busy ingest readers should be in order to limit query resources.
Dashboards and Widgets
When configuring series for a widget, suggestions for series are now available in a dropdown list, rather than having to type the series out.
Fixed in this release
Storage
NullPointerException error occurring since version 1.156.0 when closing segment readers during
redactEvent
processing has now been fixed.Several issues have been fixed, which could cause LogScale to replay either too much, or too little data from Kafka if segments with
topOffsets
were deleted at inopportune times. LogScale will now delay deleting newly written segments, even if they violate retention, until thetopOffsets
field has been cleared, which indicates that the segments cannot be replayed from Kafka later. Segment bytes being held onto in this way are logged by theRetentionJob
as part of the periodic logging.An extremely rare data loss issue has been fixed: file corruption on a digester could cause the cluster to delete all copies of the affected segments, even if some copies were not corrupt. When a digester detects a corrupt recently-written segment file during bootup, it will no longer delete that segment from Global. It will instead only remove the local file copy. If the segment needs to be deleted in Global because it's being replayed from Kafka, the new digest leader will handle that as part of taking over the partition.
Ingestion
An issue has been fixed that could cause the starting position for digest to get stuck in rare cases.
Queries
Backtracking checks are now added to the optimized instructions for
(?s).*?
in the LogScale Regular Expression Engine V2. This prevents regexes of this type from getting stuck in infinite loops which are ultimately detrimental to a cluster's health.Stopping alerts and scheduled searches could create a Could not cancel alert query entry in the activity logs. This issue has now been fixed. The queries were still correctly stopped previously, but this bug led to incorrect logging in the activity log.
Functions
Error messages produced by the
match()
function could reference the wrong file. This issue has now been fixed.
Improvement
API
Improved the efficiency of the autosharding rules store.
Queries
Queries that refer to fields in the event are now more efficient due to an improvement made in the query engine.