Falcon LogScale 1.172.0 GA (2025-01-21)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	Downgrades To^?	Config. Changes^?
1.172.0	GA	2025-01-21	Cloud	2026-03-31	No	1.150.0	1.157.0	No

Available for download two days after release.

Bug fixes and updates.

Deprecation
Items that have been deprecated and may be removed in a future release.
The color field on the Role type has been marked as deprecated (will be removed in version 1.195).
The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

Upgrades
Changes that may occur or be required during an upgrade.
Installation and Deployment
Once LogScale has been upgraded to 1.162.0 with the WriteNewSegmentFileFormat feature flag enabled, LogScale cannot be downgraded to a version lower than 1.157.0.

New features and improvements

User Interface
- It is now possible to opt for individual widget time selections when creating scheduled reports.
- It is now possible to import a Field Aliasing schema from a YAML template. The option is available from the + New schema button when creating field aliasing schemas.
  For more information, see Configuring Field Aliasing.
- It is now possible to filter by source field, alias field and description when creating field aliases.
  For more information, see Configuring Field Aliasing.
- The available actions for managing field aliasing schemas have been reorganized in a renewed layout.
  For more information, see Managing Field Aliasing.
GraphQL API
- The refreshClusterManagementStats() GraphQL mutation has been added. When developing scripts to automate the unregistration of multiple evicted nodes at a time, this mutation can be called to validate that the node being unregistered can be terminated without risking data loss. As the mutation is expensive, it should not be called frequently.
- The new totalSearchDomains field has been added to the user.userOrGroupSearchDomainRoles() GraphQL query. This field indicates the amount of unique search domains in the result.
- A new token() GraphQL query now allows fetching a token based on its ID. Previously, you could only list tokens and filter by name.
Dashboards and Widgets
- The Time Chart widget has new tooltip options:
  - The widget's tooltip now shows only the top 5 series and the hovered series.
  - The ⇧ key expands the tooltip and show all series.
  - The CTRL key activates both show full legend labels and show unformatted values features simultaneously.
  - Tooltip values are now aligned so that variables are left-aligned, and values are right-aligned.
- It is now possible to configure series colors and names across dashboard widgets. Series configured on the widget level will overwrite dashboard level series.
  For more information, see Edit Dashboards.
- The Table widget now supports multiple Markdown-formatted URLs within a single cell, so that it renders multiple clickable links separated by line breaks, improving upon the previous single-URL display.
- It is now possible to normalize data for a stacked Bar Chart. In the styling properties of the widget:
  1. Set Type to Stacked
  2. Under the Value axis section, set Type to Linear
  3. Select the Normalize checkbox that is being displayed.
Ingestion
- Clicking Run tests on the parser code page now produces events that are more similar to what an ingested event would look like in certain edge cases.
Functions
- Using the functions eventSize(), eventFieldCount(), and eventInternals() after an aggregator will now give a warning, indicating that no result will be returned.
- The var parameter of the array:filter() function is now optional and defaults to the name of the input array.

Fixed in this release

User Interface
- Scheduled reports could assume the wrong execution time when generated with a delay with respect to the scheduled time. The issue has now been fixed so that the scheduled time is used, regardless of when the report is actually generated.
Automation and Alerts
- When viewing an Email action in the UI, the subject and body field would be swapped. If the action was saved from the UI showing them swapped, the fields would also be swapped on storage. The same would happen if testing the action from the UI, showing the fields swapped. This issue has now been fixed.
Storage
- A slow background cleanup work could block digest from starting, which could in turn cause nodes to crash on digest reassignment in large clusters. This issue has now been fixed.
Configuration
- The bucket-storage-max-concurrent-delete-operations metric has been fixed with corrected values. Previously, this metric was decremented too often, resulting in negative values.
Log Collector
- When computing group memberships in fleet management, a query timeout could result in collectors loosing their group memberships. This issue has now been fixed.
Queries
- The parsing of field values with large numbers (for example 92233720368547758) could in rare cases cause an integer overflow and turn to small negative values. This issue has now been fixed.

Improvement

Functions
- The join()'s start and end parameters now have some updated error messaging to include absolute values.

Release Notes

Understanding Releases and Notes

LogScale Metrics

Limits & Standards

LogScale Notices

Falcon LogScale 1.172.0 GA (2025-01-21)

Enter search term