Falcon LogScale 1.167.0 GA (2024-12-03)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Config. Changes? |
|---|---|---|---|---|---|---|---|
| 1.167.0 | GA | 2024-12-03 | Cloud | Next LTS | No | 1.136 | No |
Available for download two days after release.
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The lastScheduledSearch field from the
ScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to theScheduledSearchdatatype to replace lastScheduledSearch.
New features and improvements
Installation and Deployment
Added support for communicating between PDF Render Service and LogScale using a HTTP client rather than requiring HTTPS.
UI Changes
In the Inspection panel, case-insensitive search is now allowed when searching for field names. For example,
repoandRepowill now match repo if this field is present.
Storage
The frequency of Kafka deletions has been reduced from once per minute to once per 10 minutes with the aim of reducing the load on global. As a consequence of this change, Kafka will retain slightly more data.
API
filterQueryin API QuerymetaDatanow searches using the same timestamp field as the original query — the one set in the UI in the Time field selection. For example, it returnsuseIngestTime=trueif the original query used the @ingesttimestamp field.
Configuration
Clusters using an HTTP proxy can now choose to have calls to the token endpoint for Google, Bitbucket, Github and Auth0 providers go through this proxy. This is configured by using the following new configuration values:
The default value for all of these is
false, so there is no change to how existing clusters are configured to use Google, Bitbucket, Github or Auth0.Two new metrics,
global-reader-occupancyandchatter-reader-occupancy, have been added to measure occupancy of the global-events loop and transientChatter-events loop.Additionally, global now also starts logging errors if the roundtrips take more than 10 seconds while the occupancy of the consumer part is below 90%. This includes a small update to the metric
global-publish-wait-for-valueto measure time spent publishing the message to Kafka as well.
Ingestion
The error preview for test cases on the Parsers page now shows if there are additional errors.
Functions
The
wildcard()function has an additional parameter:includeEverythingOnAsterisk. When this parameter is set totrue, andpatternis set to*, the function will also match events that are missing the field specified in thefieldparameter.
Fixed in this release
UI Changes
The Events tab in
Searchresults would generate an error when using @ingesttimestamp in the Time field selection. This issue has now been fixed.
Storage
An issue has been fixed which could in rare cases cause data loss of recently digested events due to improper cache invalidation of the digester state.
API
filterQueryin API QuerymetaDatawas incorrect when using filters with implicitANDafter aggregators. For example,groupBy(x) | y=* z=*would incorrectly givey=* z=*for thefilterQuery, whereas*is the correctfilterQuery. This issue has existed since 1.160.0 and it has now been fixed. You can work around the issue by explicitly adding|between filters.
Dashboards and Widgets
Queries
An error in the query execution could lead to a query that would not progress and not stop, and would appear to hang indefinitely. This could happen when hosts were removed from the cluster. This issue has now been fixed.
Improvement
UI Changes
The form used when creating or updating Event List Interactions is now usable while repositories / views / dashboards are loading, and is even usable (without suggestions) if data fails to load.