Falcon LogScale 1.162.0 GA (2024-10-29)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

Config.

Changes?
1.162.0GA2024-10-29

Cloud

Next LTSNo1.112No

Available for download two days after release.

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

New features and improvements

  • Security

    • Users can now view actions in restricted read-only mode when they have the Data read access permission on the repository or view.

  • UI Changes

    • When configuring series for a widget, suggestions for series are now available in a dropdown list, rather than having to type the series out.

  • Storage

    • WriteNewSegmentFileFormat feature flag is now removed and the feature enabled by default to improve compression of segment files.

  • Configuration

    • The default value for MINISEGMENT_PREMERGE_MIN_FILES has been increased from 4 to 12. This results in less global traffic from merges, and reduces churn in bucket storage from minisegments being replaced.

  • Ingestion

    • The way query resources are handled with respect to ingest occupancy has changed. If the maximum occupancy over all the ingest readers is less than the limit set (90 % by default), LogScale will not reduce resources for queries. The new configuration variable INGEST_OCCUPANCY_QUERY_PERMIT_LIMIT now allows to change such default limit of 90 % to adjust how busy ingest readers should be in order to limit query resources.

Fixed in this release

  • Storage

    • NullPointerException error occuring since version 1.156.0 when closing segment readers during redactEvent processing has now been fixed.

    • Several issues have been fixed, which could cause LogScale to replay either too much, or too little data from Kafka if segments with topOffsets were deleted at inopportune times. LogScale will now delay deleting newly written segments, even if they violate retention, until the topOffsets field has been cleared, which indicates that the segments cannot be replayed from Kafka later. Segment bytes being held onto in this way are logged by the RetentionJob as part of the periodic logging.

    • An extremely rare data loss issue has been fixed: file corruption on a digester could cause the cluster to delete all copies of the affected segments, even if some copies were not corrupt. When a digester detects a corrupt recently-written segment file during bootup, it will no longer delete that segment from Global. It will instead only remove the local file copy. If the segment needs to be deleted in Global because it's being replayed from Kafka, the new digest leader will handle that as part of taking over the partition.

  • Ingestion

    • An issue has been fixed that could cause the starting position for digest to get stuck in rare cases.

  • Queries

    • Backtracking checks are now added to the optimized instructions for (?s).*? in the LogScale Regular Expression Engine V2. This prevents regexes of this type from getting stuck in infinite loops which are ultimately detrimental to a cluster's health.

    • Stopping alerts and scheduled searches could create a Could not cancel alert query entry in the activity logs. This issue has now been fixed. The queries were still correctly stopped previously, but this bug led to incorrect logging in the activity log.

  • Functions

    • Error messages produced by the match() function could reference the wrong file. This issue has now been fixed.

Improvement

  • API

  • Queries

    • Queries that refer to fields in the event are now more efficient due to an improvement made in the query engine.