Falcon LogScale 1.189.0 GA (2025-05-20)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.189.0 | GA | 2025-05-20 | Cloud | 2026-06-30 | No | 1.150.0 | 1.177.0 | No |
Available for download two days after release.
Hide file download links
Download
Use docker pull humio/humio-core:1.189.0 to download the latest version
Bug fixes and updates.
Advance Warning
The following items are due to change in a future release.
Functions
Starting from release 1.195, the query functions
asn()andipLocation()will display an error instead of a warning should an error occur with their external dependency. This change will align their behavior to functions using similar external resources, likematch(),iocLookup(), andcidr().
Removed
Items that have been removed as of this release.
Administration and Management
Removed assigned metrics:
segments-assigned-to-host-as-owner
segment-bytes-assigned-to-host-as-owner
These metrics provided incomplete data, tracking only post-merge segment assignments while excluding rebalancing-related segment movements.
GraphQL API
The following deprecated GraphQL fields have now been removed on the
Parseroutput datatype:
assetType
sourceCode
tagFields
testData
The following deprecated GraphQL mutations have been removed:
removeParser
The deprecated
storagetask of the GraphQLNodeTaskEnumhas been removed (deprecated since v1.173.0). For more information, see ???.This removal affects hosts configured with node role
all:
Dynamic configuration to disable segment storage and search is no longer supported
Use existing node eviction mechanism instead for this functionality
getFilterAlertConfig GraphQL field has been removed on
HumioMetadatadatatype.
Deprecation
Items that have been deprecated and may be removed in a future release.
The
colorfield on theRoletype has been marked as deprecated (will be removed in version 1.195).LogScale is deprecating free-text searches that occur after the first aggregate function in a query. These searches likely did not and will not work as expected. Starting with version 1.190.0, this functionality will no longer be available. A free-text search after the first aggregate function refers to any text filter that is not specific to a field and appears after the query's first aggregate function. For example, this syntax is deprecated:
logscale Syntax"Lorem ipsum dolor" | tail(200) | "sit amet, consectetur"Some uses of the
wildcard()function, particularly those that do not specify afieldargument are also free-text-searches and therefore are deprecated as well. Regex literals that are not particular to a field, for example/(abra|kadabra)/are also free-text-searches and are thus also deprecated after the first aggregate function.To work around this issue, you can:
Move the free-text search in front of the first aggregate function.
Search specifically in the @rawstring field.
If you know the field that contains the value you're searching for, it's best to search that particular field. The field may have been added by either the log shipper or the parser, and the information might not appear in the @rawstring field.
Free-text searches before the first aggregate function continue to work as expected since they are not deprecated. Field-specific text searches work as expected as well: for example,
myField=/(abra|kadabra)/continue to work also after the first aggregate function.The use of the event functions
eventInternals(),eventFieldCount(), andeventSize()after the first aggregate function is deprecated. For example:Invalid Example for Demonstration - DO NOT USElogscaleeventSize() | tail(200) | eventInternals()Usage of these functions after the first aggregate function is deprecated because they work on the original events, which are not available after the first aggregate function.
Using these functions after the first aggregate function will be made unavailable in version 1.190.0 and onwards.
These functions will continue to work before the first aggregate function, for example:
logscaleeventSize() | tail(200)The setConsideredAliveUntil and
setConsideredAliveForGraphQL mutations are deprecated and will be removed in 1.195.The
lastScheduledSearchfield from theScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The newlastExecutedandlastTriggeredfields have been added to theScheduledSearchdatatype to replacelastScheduledSearch.The
EXTRA_KAFKA_CONFIGS_FILEconfiguration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.
New features and improvements
Ingestion
Added a new type of ingest feeds for consuming data from Azure Event Hubs:
Available for Self-Hosted installations only at this time.
Follows the same configuration pattern as AWS ingest feeds
For more information, see Ingest Data from Azure Event Hubs.
Queries
Added LogScale Multi-Cluster Search query handover support:
Enables automatic reconnection and continued polling of downstream remote clusters
Current limitation: local connection handovers are not supported, meaning that:
Progress on local connections will be lost after handover
Queries to local connections will be resubmitted, resulting in a potential temporary loss of progress.
Fixed in this release
Falcon Data Replicator
Fixed an issue where the check for which nodes should run an FDR feed didn't take node capabilities into account, potentially causing less nodes to actually run the feed.
Storage
LogScale no longer attempts to download MaxMind files when there is insufficient disk space.
Fixed a feature flag roll out issue on clusters where individual users or organizations were previously opted into the feature.
Important
Required Action:
If you previously disabled rolled-out features via API, you must reapply these opt-outs
This is necessary due to changes in how opt-outs are represented in Global Database.
An issue has been fixed that could cause unnecessary delays in uploading files to Bucket Storage.
Dashboards and Widgets
The
Time Charttooltip legend could show unsorted values on query result update. This issue has now been fixed so that the list of top scores is now sorted.
Queries
Fixed race condition in LogScale Multi-Cluster Search. Previously, queries initiated simultaneously with a new connection addition to the multi-cluster view could exclude the new connection for the query. This synchronization issue has been resolved.