Falcon LogScale 1.170.0 GA (2025-01-07)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.170.0GA2025-01-07

Cloud

2026-02-28No1.136.01.157.0No

Available for download two days after release.

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

  • Storage

    • Relocation of datasources after a partition count change will now be restarted if the Kafka partition count changes again while the cluster is executing relocations. This ensures datasource placement always reflects the latest partition count.

Upgrades

Changes that may occur or be required during an upgrade.

  • Installation and Deployment

    • Once LogScale has been upgraded to 1.162.0 with the WriteNewSegmentFileFormat feature flag enabled, LogScale cannot be downgraded to a version lower than 1.157.0.

New features and improvements

  • User Interface

    • You can now hide the event distribution histogram to get even more space for looking at your data. This new button is located in the toolbar above the Results tab in the Search interface.

      For more information, see Display Results.

  • GraphQL API

    • The analyzeQuery() GraphQL query now supports rejecting functions. This is done using the rejectFunctions input parameter, which takes a list of function names.

  • Queries

    • Added resultPipelineExecutionCount field to the following logs from the QuerySessions class, starting with:

      • live part of live query ended:

      • static part of live query ended:

      • static query ended:

      • poll of live query:

      This field captures how many times the result calculation pipeline has run for a given query, with the following remarks:

      • Join queries only count the main query, since execution counts for subqueries are logged separately.

      • Repeating queries sum up the execution counts for the individual queries to mimic the behavior of a single live query.

    • Make searching for @id=X efficient when there is exactly one such top level filter in the query and X is an actual event ID in the LogScale cluster, by automatically restricting the time span of the search to the 1 second interval designated by a substring of X. To further improve efficiency, include the proper tag filters in the search.

  • Other

    • If feature flag WriteNewSegmentFileFormat is enabled via built-in mechanisms, then raise the minimum version in global to 1.157.0 so that any potential roll back does not go to a version that cannot properly handle the feature being on-then-off; builds before 1.157.0 do not properly handle the feature being off if it has been on before.

Fixed in this release

  • User Interface

    • Large license limits would overflow in the UI, resulting in wrong limits being shown. This issue has been fixed.

  • GraphQL API

    • Instead of failing silently, GraphQL gives an error in the following two scenarios:

      • Disabling feature flags on an organization if the feature is enabled globally.

      • Disabling feature flags for a user if the feature is enabled globally or for the user's organization.

  • Storage

    • In rare cases, the internal accounting of segment files used by queries and related metrics could be incorrect, which could lead to starved searches. This issue has been fixed.

  • Queries

    • An issue has been fixed in the deserialization of queries, which prevented some queries from being handed over to another node in the cluster.

  • Other

    • Feature flags were marked experimental even if they were in rollout. This issue has been fixed so that the actual non-experimental features in the cluster are now correctly displayed in the side bar in the Organization overview page.

Known Issues

  • Ingestion

    • An issue has been identified where construction of parsers utilizing files may experience timeouts when the Ad-hoc tables feature is enabled. This issue potentially impacts clusters running versions 1.165 through 1.170.

      Mitigation: temporarily disable the ad-hoc tables feature on affected clusters.

      Solution: upgrade to version 1.171, where this issue has been resolved.