Falcon LogScale 1.168.0 GA (2024-12-10)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

Config.

Changes?
1.168.0GA2024-12-10

Cloud

Next LTSNo1.136No

Available for download two days after release.

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

New features and improvements

  • Storage

    • Cluster statistics such as compressed byte size and compressed file of merged subset only count aux files at most once. Previously, the statistic counted every local aux file in the cluster, which would increase with the replication factor, but that sum of aux file sizes was added to a sum of segment file sizes which did not consider the replication factor.

      From the user point of view, this change does not affect the ingest accounting and measurements, but it does affect the following other items:

      • The semantics of the compressedByteSize, compressedByteSizeOfMerged and dataVolumeCompressed fields in the ClusterStatsType, RepositoryType and OrganizationStats graphql types are changed: now file sizes of both segments and aux files are only counted once.

      • These values are shown for example on the front-page, and will be smaller than the old values.

      • Retention by compressed file size will keep more segments, since we delete segments to keep under the actual limit, which is calculated as the configured limit minus the aux file sizes.

      For more information, see Cluster statistics.

  • Configuration

    • Clusters using an HTTP proxy can now choose to have calls to the token endpoint for Google, Bitbucket, Github and Auth0 providers go through this proxy. This is configured by using the following new configuration values:

      The default value for all of these is false, so there is no change to how existing clusters are configured to use Google, Bitbucket, Github or Auth0.

  • Dashboards and Widgets

    • The Table widget cells will now show a warning along with the original value if decimal places are configured to be below 0 or above 20.

Fixed in this release

  • UI Changes

    • The dialog for creating a new group did not close automatically after successfully creating a group. This issue has been fixed.

    • The Saved query dialog has been fixed so that the saved queries are now sorted.

    • The Filter Match Highlighting feature could be deactivated for some regular expression results due to a stack overflow issue in the JavaScript Regular Expression engine. This issue has been fixed and the highlighting now works as expected.

  • API

    • filterQuery in API Query metaData was incorrect when using filters with implicit AND after aggregators. For example, groupBy(x) | y=* z=* would incorrectly give y=* z=* for the filterQuery, whereas * is the correct filterQuery. This issue has existed since 1.160.0 and it has now been fixed. You can work around the issue by explicitly adding | between filters.

  • Dashboards and Widgets

    • In the Time Chart widget, the Step after interpolation method would not display the line or area correctly when used with the Show gaps method for handling missing values.

    • In the Time Chart widget, an issue has been fixed where values below the minimum value of a Logarithmic axis would not be displayed, but values below 0 would.

  • Queries

    • Some queries (especially live queries) would continuously send a warning about missing data. This could happen if the query was planned at a time when there were cluster topology changes. This issue has been fixed and, instead of sending the warning, the query will now automatically restart since there might be more data to search.

    • Queries could sometimes fail and return an IndexOutOfBoundsException error. This issue has been fixed.

  • Functions

    • Fixed an issue where parseCEF() would stop a parser or query upon encountering invalid key-value pairs in the CEF extensions field.

Known Issues

  • Functions

    • A known issue in the implementation of the defineTable() function means it is not possible to transfer generated tables larger than 128MB. The user receives an error if the generated table exceeds that size.

Improvement

  • Storage

    • Improved performance of replicating IOC files to allow faster replication.