Falcon LogScale 1.183.0 GA (2025-04-08)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.183.0 | GA | 2025-04-08 | Cloud | Next LTS | No | 1.150.0 | 1.177.0 | No |
Available for download two days after release.
Hide file download linksShow file download linksBug fixes and updates.
Deprecation
Items that have been deprecated and may be removed in a future release.
The
colorfield on theRoletype has been marked as deprecated (will be removed in version 1.195).The
storagetask of the GraphQLNodeTaskEnumis deprecated and scheduled to be removed in version 1.185. This affects the following items:
The
supportedTasksfield of theClusterNodetype.The
assignedTasksfield of theClusterNodetype.The
unassignedTasksfield of theClusterNodetype.The assignTasks() mutation.
The unassignTasks() mutation
The
INITIAL_DISABLED_NODE_TASKSconfiguration variable.LogScale is deprecating free-text searches that occur after the first aggregate function in a query. These searches likely did not and will not work as expected. Starting with version 1.189.0, this functionality will no longer be available. A free-text search after the first aggregate function refers to any text filter that is not specific to a field and appears after the query's first aggregate function. For example, this syntax is deprecated:
logscale Syntax"Lorem ipsum dolor" | tail(200) | "sit amet, consectetur"Some uses of the
wildcard()function, particularly those that do not specify afieldargument are also free-text-searches and therefore are deprecated as well. Regex literals that are not particular to a field, for example/(abra|kadabra)/are also free-text-searches and are thus also deprecated after the first aggregate function.To work around this issue, you can:
Move the free-text search in front of the first aggregate function.
Search specifically in the @rawstring field.
If you know the field that contains the value you're searching for, it's best to search that particular field. The field may have been added by either the log shipper or the parser, and the information might not appear in the @rawstring field.
Free-text searches before the first aggregate function continue to work as expected since they are not deprecated. Field-specific text searches work as expected as well: for example,
myField=/(abra|kadabra)/continue to work also after the first aggregate function.The use of the event functions
eventInternals(),eventFieldCount(), andeventSize()after the first aggregate function is deprecated. For example:Invalid Example for Demonstration - DO NOT USElogscaleeventSize() | tail(200) | eventInternals()Usage of these functions after the first aggregate function is deprecated because they work on the original events, which are not available after the first aggregate function.
Using these functions after the first aggregate function will be made unavailable in version 1.189.0 and onwards.
These functions will continue to work before the first aggregate function, for example:
logscaleeventSize() | tail(200)The setConsideredAliveUntil and
setConsideredAliveForGraphQL mutations are deprecated and will be removed in 1.195.The
lastScheduledSearchfield from theScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The newlastExecutedandlastTriggeredfields have been added to theScheduledSearchdatatype to replacelastScheduledSearch.The
EXTRA_KAFKA_CONFIGS_FILEconfiguration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Ingestion
For Self-Hosted customers only. Event Forwarding no longer forwards events with tag grouping and auto sharding applied. This means that tag grouped fields are now forwarded with their actual value instead of hashed value. The
#humioAutoShardtag is not forwarded either.For more information, see Event Forwarding Rules.
Upgrades
Changes that may occur or be required during an upgrade.
Administration and Management
The minimum version to which LogScale can be downgraded to is now 1.177.0 (it was 1.157.0).
New features and improvements
Installation and Deployment
A revised query coordination assignment is now enabled by default, which improves resiliency in cases of Cluster topology changes.
Administration and Management
LogScale has a new internal metric external-ingest-delay to help identifying upstream issues. The metric tracks the delay between an event being recorded and it being processed by LogScale, keyed by repository.
User Interface
A UI warning now informs whenever a query is being stopped due to internal issues.
Bucket size information is now displayed for
Single Valuein the widget header on the dashboard. For example, when atimeChart()query function is used.
Storage
For all bucket uploads to S3 using the AWS SDK, LogScale now uses an If-None-Match header. This technique will prevent overwrites on files that already exist in the bucket. If necessary, you can turn off this overwrite protection feature by setting the
S3_STORAGE_DISABLE_UPLOAD_DUPLICATE_CHECKconfiguration variable totrue. Additionally, LogScale will now properly terminate multipart uploads that fail when using the AWS SDK.For more information, see Amazon Bucket Storage Parameters,
S3_STORAGE_DISABLE_UPLOAD_DUPLICATE_CHECK.
Fixed in this release
Administration and Management
Inaccuracy issues have been fixed for the ingest-offset-lowest metric.
Storage
Fixed an issue where operations during repository deletion could trigger incorrect
New dataspace is not emptylog messages.
Queries
Queries with subqueries have been fixed in cases where they would not correctly report their max and latest state size.
Other
Some occurrences of duplicate stop words have been removed from the backend. For example,
on oncorrected toonin some error message.