Falcon LogScale 1.167.0 GA (2024-12-03)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	Config. Changes^?
1.167.0	GA	2024-12-03	Cloud	Next LTS	No	1.136	No

Available for download two days after release.

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

New features and improvements

Installation and Deployment
- Added support for communicating between PDF Render Service and LogScale using a HTTP client rather than requiring HTTPS.
UI Changes
- In the Inspection panel, case-insensitive search is now allowed when searching for field names. For example, repo and Repo will now match repo if this field is present.
Storage
- The frequency of Kafka deletions has been reduced from once per minute to once per 10 minutes with the aim of reducing the load on global. As a consequence of this change, Kafka will retain slightly more data.
API
- filterQuery in API Query metaData now searches using the same timestamp field as the original query — the one set in the UI in the Time field selection. For example, it returns useIngestTime=true if the original query used the @ingesttimestamp field.
Configuration
- Two new metrics, global-reader-occupancy and chatter-reader-occupancy, have been added to measure occupancy of the global-events loop and transientChatter-events loop.
  Additionally, global now also starts logging errors if the roundtrips take more than 10 seconds while the occupancy of the consumer part is below 90%. This includes a small update to the metric global-publish-wait-for-value to measure time spent publishing the message to Kafka as well.
Ingestion
- The error preview for test cases on the Parsers page now shows if there are additional errors.
Functions
- The wildcard() function has an additional parameter: includeEverythingOnAsterisk. When this parameter is set to true, and pattern is set to *, the function will also match events that are missing the field specified in the field parameter.
  For more information, see wildcard().

Fixed in this release

UI Changes
- The Events tab in Search results would generate an error when using @ingesttimestamp in the Time field selection. This issue has now been fixed.
Storage
- An issue has been fixed which could in rare cases cause data loss of recently digested events due to improper cache invalidation of the digester state.
Dashboards and Widgets
- The usage of filter for dashboards has been fixed:
  - An active dashboard filter was not being applied to the query before opening a dashboard widget query in the Search view.
  - Dashboard filters are no longer applied when editing a dashboard widget in the Search view.
Queries
- An error in the query execution could lead to a query that would not progress and not stop, and would appear to hang indefinitely. This could happen when hosts were removed from the cluster. This issue has now been fixed.

Known Issues

Functions
- A known issue in the implementation of the defineTable() function means it is not possible to transfer generated tables larger than 128MB. The user receives an error if the generated table exceeds that size.

Release Notes

Understanding Releases and Notes

LogScale Metrics

Limits & Standards

LogScale Notices

Falcon LogScale 1.167.0 GA (2024-12-03)

Enter search term