Falcon LogScale 1.171.0 GA (2025-01-14)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.171.0GA2025-01-14

Cloud

2026-02-28No1.150.01.157.0No

Available for download two days after release.

Bug fixes and updates.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The color field on the Role type has been marked as deprecated (will be removed in version 1.195).

  • The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

Upgrades

Changes that may occur or be required during an upgrade.

  • Installation and Deployment

    • Once LogScale has been upgraded to 1.162.0 with the WriteNewSegmentFileFormat feature flag enabled, LogScale cannot be downgraded to a version lower than 1.157.0.

  • Other

    • Increased the minimum version requirement to 1.150.0. This version update is due to a new store in global for groups allowing for multiple roles mappings to a single view.

New features and improvements

  • Security

    • A new default role named Reader is now visible in the UI. The role only grants the ReadAccess permission. Unlike the existing default roles, the Reader role is not editable and cannot be deleted.

  • GraphQL API

    • Adding a new @stability directive to the GraphQL API:

      • The @stability directive has been added on all non-deprecated output fields.

      • The @stability directive has a level argument with three possible enum values: Preview, ShortTerm and LongTerm. A field can now either have the @deprecated or the @stability directive. The level Preview corresponds to the old @preview directive (which has been removed), the level ShortTerm corresponds to the previous stability promise of at least 12 weeks. The level LongTerm means that the field is kept stable for at least 1 year.

      • Input fields without the @stability directive "inherit" the stability level from the query or mutation that the input type is used for, enum values without the directive "inherit" the stability level from the field that returns the enum type.

      • Some fields that were previously written as being in preview, but without the @preview directive, are now marked properly as in preview (@stability directive with level Preview).

      • Usage of fields or enum values in Preview when calling the GraphQL endpoint is still shown in the extensions part of the response, but the format has changed.

      • For all existing deprecated fields that were deemed to have had LongTerm stability, the version to be removed in has been updated to reflect a 1-year deprecation period.

  • Functions

    • The new query function setTimeInterval() is now available. This function overwrites the time interval otherwise set in the UI/API. Example usage:

      logscale
      setTimeInterval(start=7d, end=12h, timezone="Europe/Copenhagen")

      For more information, see setTimeInterval().

  • Other

    • The new metric globalsnapshot-pct-of-max-heap has been added. It reports the size of the recent global-snapshot.json file written as percentage of maximum heap size.

Fixed in this release

  • Storage

    • Fixed a crash that could occur on boot if global contains dataspaces marked for deletion.

    • A fix has been made to prevent leaking empty datasource directories, by announcing in global that they are deleted some time before they are actually deleted from global.

    • Made adjustments to handling of in-memory local datasource state, which should help ensure the local state is in sync with global.

  • Configuration

    • The dynamic configuration lookup-table-sync-await-seconds has been fixed as it would require a restart to take effect.

  • Dashboards and Widgets

    • Value and label of the Gauge widget could overflow. This issue has been fixed.

  • Ingestion

    • The changes to parser's test that enabled the parser code page to produce events that are more similar to an ingested event, have been reverted due to unspecified errors for some users.

  • Queries

    • A misalignment issue between primary and subquery relative intervals has been fixed. Previously, a subquery's relative time interval did not align correctly with the primary query interval. This misalignment could cause slight differences in the relative now reference point between the primary query and subquery.

  • Functions

    • The array:dedup() function has been fixed as it would not write the output array if there were no duplicate elements in the input array, and the output array was different from the input array.

  • Other

    • The type for deprecated package schema fields has been renamed from valid to null.