Falcon LogScale 1.196.0 GA (2025-07-08)

Version^?	Type^?	Release Date^?	Availability^?	End of Support	Security Updates	Upgrades From^?	Downgrades To^?	Config. Changes^?
1.196.0	GA	2025-07-08	Cloud	2026-09-30	No	1.150.0	1.177.0	No

Available for download two days after release.

Hide file download links

Show file download links

Download

Use docker pull humio/humio-core:1.196.0 to download the latest version
server-linux_x64-1.196.0.tar.gz
server-alpine_x64-1.196.0.tar.gz

Bug fixes and updates

Deprecation
Items that have been deprecated and may be removed in a future release.
The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.
The EXTRA_KAFKA_CONFIGS_FILE configuration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.
rdns() has been deprecated and will be removed in version 1.249. Use reverseDns() as an alternative function.

Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Ingestion
The fields @id and @ingesttimestamp can no longer be set by ingesting them. These fields are set internally by LogScale and LogScale depends upon them not being overwritten. If events are ingested with these fields, the field values are now ignored and a warning is added to the event.
Before this change, setting the @id field did not work: LogScale would just overwrite this field. Setting the @ingesttimestamp field worked partially; depending on your query, you could see the field value or the actual ingest time of the event.
The LogScale Repository action will no longer retain the value of the fields @id, @ingesttimestamp, @input_size, @event_parsed, @error, @error_msg and @error_msg[i] for any index i, as these are special fields in LogScale and will be set automatically on the newly ingested events. Instead, the value of these fields from the events sent to the action will be stored in fields named @id.original, @ingesttimestamp.original, @input_size.original, @event_parsed.original, @error.original, @error_msg.original and @error_msg.original[i].
If you need to restore the previous functionality, that is possible for most of the fields by updating the parser you use to revert these changes. Note, however, that you cannot do this for @id and @ingesttimestamp fields, as LogScale now ignores those fields on ingested events.

New features and improvements

User Interface
- Adding Spanish locale to the platform so a cluster can now be initialized with Spanish translations.
API
- Added a new field to the query API namedFilterQueries.
  This will contain queries which can be executed to see the events that each subquery in a correlate() function matches on. This field can be used to debug correlate queries.
Log Collector
- The Fleet overview page now displays the following new sections:
  - Summary dashboards
  - Widgets for status (Error/Okay)
  - Collector counts by OS and top versions - including whether any collectors should be updated.
  - Ingest volume for the last 24h

Fixed in this release

Automation and Triggers
- The Schedule configuration for scheduled searches no longer flips to Simple when a cron expression for specific months is specified.
Configuration
- The automatic tag grouping threshold now calculates correctly.
  Previously, LogScale incorrectly calculated MAX_DISTINCT_TAG_VALUES as the maximum of AUTOSHARDING_MAX and the configured MAX_DISTINCT_TAG_VALUES value. When AUTOSHARDING_MAX increased to 131,072 for backwards compatibility, automatic tag grouping stopped triggering at its intended threshold. To solve this, MAX_DISTINCT_TAG_VALUES now uses only its configured value (default: 1,000). This value operates independently from the deprecated AUTOSHARDING_MAX setting.
Dashboards and Widgets
- Fixed an issue with the Look Up Events interaction in the Table widget, which would in certain scenarios result in an invalid query.
Queries
- In rare cases the query state cache files on disk was not cleaned up properly. This change fixes those cases along with better error handling and logging.
Functions
- Fixed an issue where reuse of queries would not detect changes to saved queries used inside the defineTable() query function.

Improvement

Storage
- Optimized encryption during bucket uploads by reducing the amount of copying.
Queries
- LogScale request logs no longer contain internal query poll or delete requests on the queryjobs endpoint, unless those requests either fail or take more than 5 seconds.
  To increase visibility into query worker and coordinator communication, the new metrics internal-queryjobs-timing is being added, which tracks the response times for polls on the queryjobs endpoint.
Functions
- The Language Server Protocol (LSP) now provides enhanced code completion for the correlate() function. The LSP now includes contextual suggestions for subquery snippets as well as relevant attribute suggestions based on the query context.

Release Notes

Understanding Releases and Notes

LogScale Metrics

Limits & Standards

LogScale Notices

Falcon LogScale 1.196.0 GA (2025-07-08)

Enter search term