Falcon LogScale 1.190.0 GA (2025-05-27)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.190.0 | GA | 2025-05-27 | Cloud | 2026-07-31 | No | 1.150.0 | 1.177.0 | No |
Available for download two days after release.
Hide file download links
Download
Use docker pull humio/humio-core:1.190.0 to download the latest version
Bug fixes and updates
Advance Warning
The following items are due to change in a future release.
Functions
Starting from release 1.195, the query functions
asn()andipLocation()will display an error instead of a warning should an error occur with their external dependency. This change will align their behavior to functions using similar external resources, likematch(),iocLookup(), andcidr().
Removed
Items that have been removed as of this release.
Functions
As previously announced in RN Issue, the following functions can no longer be used after the first aggregate function:
.
For example, this query is no longer valid:
Invalid Example for Demonstration - DO NOT USElogscalegroupBy(class) | eventSize()These functions can still be used before the first aggregate function:
logscaleeventSize() | tail(200)This change is necessary as these functions require access to original events, which are not available post-aggregation.
Free-text search is no longer supported after the first aggregate function (as previously announced in RN Issue). For example, this query is no longer supported:
logscale Syntaxtail(200) | "Lorem ipsum dolor"You can still search for strings in specific fields after aggregation:
logscale Syntaxtail(200) | msg="Lorem ipsum dolor"Free-text search before the first aggregate function remains supported:
logscale"Lorem ipsum dolor" | tail(200)
Deprecation
Items that have been deprecated and may be removed in a future release.
The
colorfield on theRoletype has been marked as deprecated (will be removed in version 1.195).The setConsideredAliveUntil and
setConsideredAliveForGraphQL mutations are deprecated and will be removed in 1.195.The
lastScheduledSearchfield from theScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The newlastExecutedandlastTriggeredfields have been added to theScheduledSearchdatatype to replacelastScheduledSearch.The
EXTRA_KAFKA_CONFIGS_FILEconfiguration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Configuration
Modified the behavior of
S3_STORAGE_PREFERRED_COPY_SOURCEand related bucket provider variables. When enabled, these settings now completely disable node-to-node transfers within the cluster. All fetching between nodes will occur via bucket storage.This change better aligns with customer requirements for minimizing costs from node-to-node transfers in environments where such transfers are more expensive than bucket downloads.
The previous behavior can be maintained by setting
S3_BUCKET_STORAGE_PREFERRED_MEANS_FORCED=false. Please inform Support should you need to use this option. This option will be removed in version 1.201.0 unless specific use cases require its retention.The previously undocumented
S3_STORAGE_FORCED_COPY_SOURCEis now deprecated and will be removed in version 1.201.0. Users should useS3_STORAGE_PREFERRED_COPY_SOURCEinstead.
New features and improvements
Administration and Management
Enabling AWS Netty client as the default HTTP client for S3 Bucket operations, replacing the existing PekkoHttpClient. The AWS Netty client (based on the Netty project) is the default HTTP client for asynchronous operations in AWS SDK v2. It's possible to fallback to PekkoHttpClient by setting the
S3_NETTY_CLIENTconfiguration variable tofalseand restarting the cluster.This implementation provides additional metrics which can be used to monitor the client connection pool.
s3-aws-bucket-available-concurrency
s3-aws-bucket-leased-concurrency
s3-aws-bucket-max-concurrency
s3-aws-bucket-pending-concurrency-acquires
s3-aws-bucket-concurrency-acquire-duration
More information about each metric is available in the HTTP Metrics section of the AWS documentation page.
On clusters where non-humio thread dumps are available, it's also possible to look into the state of the client thread pool by searching for the thread name prefix
bucketstorage-netty.By default the client is set with sensible default values coming from the AWS SDK Netty client, but it's possible to tune the client further by setting the following environment variables:
More information about each setting is available at AWS SDK for Java API Reference.
Fixed in this release
User Interface
Links to the package template schemas documentation in the LogScale UI have been fixed to point to the correct pages instead of the library homepage.
Storage
Added disk space verification before downloading IOC files to prevent downloads when disk is full.
Added disk space verification before segment merging to prevent merges when disk is full.
Queries
Queries with specific tag and field configurations has been fixed as they could erroneously filter out events. The filtering issue occurred when queries met these conditions:
The query used tag-grouping
The query used field aliasing
The field aliasing rules included a tag-grouped tag
The query filtered results based on a field-aliased field
Example:
A field aliasing rule maps vendor123.bar to baz when
#foo=123The tag #foo uses tag-grouping
The query filters results based on the baz field
LogScale could not identify joins inside saved queries when
defineTable()was also used. Becausejoin()anddefineTable()functions cannot be used together in the same query, this fix now ensures that joins are no longer hidden within saved queries.
Fleet Management
Fixed a visibility issue where enrolled Log Collector instances that hadn't ingested metrics for over 30 days were not appearing in the fleet overview.