Falcon LogScale 1.193.0 GA (2025-06-17)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.193.0 | GA | 2025-06-17 | Cloud | Next LTS | No | 1.150.0 | 1.177.0 | No |
Available for download two days after release.
Hide file download links
Download
Use docker pull humio/humio-core:1.193.0 to download the latest version
Advance Warning
The following items are due to change in a future release.
Functions
Starting from release 1.195, the query functions
asn()andipLocation()will display an error instead of a warning should an error occur with their external dependency. This change will align their behavior to functions using similar external resources, likematch(),iocLookup(), andcidr().
Deprecation
Items that have been deprecated and may be removed in a future release.
The
colorfield on theRoletype has been marked as deprecated (will be removed in version 1.195).The setConsideredAliveUntil and
setConsideredAliveForGraphQL mutations are deprecated and will be removed in 1.195.The
lastScheduledSearchfield from theScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The newlastExecutedandlastTriggeredfields have been added to theScheduledSearchdatatype to replacelastScheduledSearch.The
EXTRA_KAFKA_CONFIGS_FILEconfiguration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Functions
When running on ingest time,
select()now retains @ingesttimestamp internally, even when this field is not selected in the function. This way, functions that require @ingesttimestamp continue to work even if this field is not selected.For example, this query works correctly even without selecting @ingesttimestamp:
logscaleselect([foo, bar]) | tail(100)Unless explicitly selected, @ingesttimestamp is not part of the query result. For instance:
logscaleselect([foo, bar, contextTimestamp]) | tail(200) | parseTimestamp(contextTimestamp, as=@ingesttimestamp)This query outputs foo and bar fields only, but not @ingesttimestamp because it is not explicitly included in
select().To include @ingesttimestamp in the results, you can either:
Add @ingesttimestamp to
select()explicitlyGive the parsed timestamp a different name.
This change makes the timestamp behaviour when using
select()consistent between queries running on @timestamp and @ingesttimestamp.
New features and improvements
Dashboards and Widgets
Fields that are used for constraints in a query using
correlate()now show as highlighted in theTablewidget when the Group fields by prefix option is enabled. Hovering a constraint field further highlights all connected fields.
Fixed in this release
Configuration
Fixed the feature flag implementation to prevent flags from entering temporary wrong states during boot.
Dashboards and Widgets
Fixed a display issue in widgets such as
Single Valuewhere Small multiples visualizations appeared empty.
Log Collector
Extracted fields, including fields from the Log Collector, could become removable if other fields could also be removed.
This issue resulted in inaccurate usage calculations, as extracted fields' sizes were subtracted from ingestion totals.
Queries
Fixed rare cases where stale query cache might have been reused for static queries with time-dependent functions.
Functions
Fixed an issue where the _count field from
fieldstats()could overflow to a negative value when the function was processing large event volumes.
Improvement
Functions
groupBy()has been improved with optimized results. In some special cases, the function have shown memory allocation reduced by up to 90% and CPU time reduced by over 60%.