Falcon LogScale 1.170.0 GA (2025-01-07)
| Version? | Type? | Release Date? | Availability? | End of Support | SecurityUpdates | UpgradesFrom? | Config.Changes? |
|---|---|---|---|---|---|---|---|
| 1.170.0 | GA | 2025-01-07 | Cloud | Next LTS | No | 1.136 | No |
Available for download two days after release.
Bug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The lastScheduledSearch field from the
ScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to theScheduledSearchdatatype to replace lastScheduledSearch.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Storage
Relocation of datasources after a partition count change will now be restarted if the Kafka partition count changes again while the cluster is executing relocations. This ensures datasource placement always reflects the latest partition count.
New features and improvements
UI Changes
You can now hide the event distribution histogram to get even more space for looking at your data. This new button is located in the toolbar above the Results tab in the
Searchinterface.For more information, see Event Display Methods.
GraphQL API
The analyzeQuery() GraphQL query now supports rejecting functions. This is done using the
rejectFunctionsinput parameter, which takes a list of function names.
Queries
Added resultPipelineExecutionCount field to the following logs from the QuerySessions class, starting with:
live part of live query ended:static part of live query ended:static query ended:poll of live query:
This field captures how many times the result calculation pipeline has run for a given query, with the following remarks:
Join queries only count the main query, since execution counts for subqueries are logged separately.
Repeating queries sum up the execution counts for the individual queries to mimic the behavior of a single live query.
Make searching for
@id=Xefficient when there is exactly one such top level filter in the query andXis an actual event ID in the LogScale cluster, by automatically restricting the time span of the search to the 1 second interval designated by a substring ofX. To further improve efficiency, include the proper tag filters in the search.
Other
If feature flag
WriteNewSegmentFileFormatis enabled via built-in mechanisms, then raise the minimum version in global to 1.157.0 so that any potential roll back does not go to a version that cannot properly handle the feature being on-then-off; builds before 1.157.0 do not properly handle the feature being off if it has been on before.
Fixed in this release
UI Changes
Large license limits would overflow in the UI, resulting in wrong limits being shown. This issue has been fixed.
GraphQL API
Instead of failing silently, GraphQL gives an error in the following two scenarios:
Disabling feature flags on an organization if the feature is enabled globally.
Disabling feature flags for a user if the feature is enabled globally or for the user's organization.
Storage
In rare cases, the internal accounting of segment files used by queries and related metrics could be incorrect, which could lead to starved searches. This issue has been fixed.
Queries
An issue has been fixed in the deserialization of queries, which prevented some queries from being handed over to another node in the cluster.
Other
Feature flags were marked experimental even if they were in rollout. This issue has been fixed so that the actual non-experimental features in the cluster are now correctly displayed in the side bar in the Organization overview page.