Falcon LogScale 1.167.0 GA (2024-12-03)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.167.0GA2024-12-03

Cloud

Next LTSNo1.136.01.157.0No

Available for download two days after release.

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

Upgrades

Changes that may occur or be required during an upgrade.

  • Installation and Deployment

    • Once LogScale has been upgraded to 1.162.0 with the WriteNewSegmentFileFormat feature flag enabled, LogScale cannot be downgraded to a version lower than 1.157.0.

New features and improvements

  • Installation and Deployment

    • Added support for communicating between PDF Render Service and LogScale using a HTTP client rather than requiring HTTPS.

  • UI Changes

    • In the Inspection panel, case-insensitive search is now allowed when searching for field names. For example, repo and Repo will now match repo if this field is present.

  • Storage

    • The frequency of Kafka deletions has been reduced from once per minute to once per 10 minutes with the aim of reducing the load on global. As a consequence of this change, Kafka will retain slightly more data.

  • API

    • filterQuery in API Query metaData now searches using the same timestamp field as the original query — the one set in the UI in the Time field selection. For example, it returns useIngestTime=true if the original query used the @ingesttimestamp field.

  • Configuration

  • Ingestion

    • The error preview for test cases on the Parsers page now shows if there are additional errors.

  • Functions

    • The wildcard() function has an additional parameter: includeEverythingOnAsterisk. When this parameter is set to true, and pattern is set to *, the function will also match events that are missing the field specified in the field parameter.

      For more information, see wildcard().

Fixed in this release

  • UI Changes

  • Storage

    • An issue has been fixed which could in rare cases cause data loss of recently digested events due to improper cache invalidation of the digester state.

  • Dashboards and Widgets

    • The usage of filter for dashboards has been fixed:

      • An active dashboard filter was not being applied to the query before opening a dashboard widget query in the Search view.

      • Dashboard filters are no longer applied when editing a dashboard widget in the Search view.

  • Queries

    • An error in the query execution could lead to a query that would not progress and not stop, and would appear to hang indefinitely. This could happen when hosts were removed from the cluster. This issue has now been fixed.

Known Issues

  • Ingestion

    • An issue has been identified where construction of parsers utilizing files may experience timeouts when the Ad-hoc tables feature is enabled. This issue potentially impacts clusters running versions 1.165 through 1.170.

      Mitigation: temporarily disable the ad-hoc tables feature on affected clusters.

      Solution: upgrade to version 1.171, where this issue has been resolved.

  • Functions

    • A known issue in the implementation of the defineTable() function means it is not possible to transfer generated tables larger than 128MB. The user receives an error if the generated table exceeds that size.