Falcon LogScale 1.196.0 GA (2025-07-08)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.196.0 | GA | 2025-07-08 | Cloud | 2026-09-30 | No | 1.150.0 | 1.177.0 | No |
Available for download two days after release.
Hide file download links
Download
Use docker pull humio/humio-core:1.196.0 to download the latest version
Bug fixes and updates
Deprecation
Items that have been deprecated and may be removed in a future release.
AUTOSHARDING_MAXconfiguration variable is now being deprecated and will be removed in version 1.207.The
lastScheduledSearchfield from theScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The newlastExecutedandlastTriggeredfields have been added to theScheduledSearchdatatype to replacelastScheduledSearch.The
EXTRA_KAFKA_CONFIGS_FILEconfiguration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Ingestion
The fields @id and @ingesttimestamp can no longer be set by ingesting them. These fields are set internally by LogScale and LogScale depends upon them not being overwritten. If events are ingested with these fields, the field values are now ignored and a warning is added to the event.
Before this change, setting the @id field did not work: LogScale would just overwrite this field. Setting the @ingesttimestamp field worked partially; depending on your query, you could see the field value or the actual ingest time of the event.
The LogScale Repository action will no longer retain the value of the fields @id, @ingesttimestamp, @input_size, @event_parsed, @error, @error_msg and @error_msg[i] for any index
i, as these are special fields in LogScale and will be set automatically on the newly ingested events. Instead, the value of these fields from the events sent to the action will be stored in fields named @id.original, @ingesttimestamp.original, @input_size.original, @event_parsed.original, @error.original, @error_msg.original and @error_msg.original[i].If you need to restore the previous functionality, that is possible for most of the fields by updating the parser you use to revert these changes. Note, however, that you cannot do this for @id and @ingesttimestamp fields, as LogScale now ignores those fields on ingested events.
New features and improvements
User Interface
Adding Spanish locale to the platform so a cluster can now be initialized with Spanish translations.
API
Added a new field to the query API
namedFilterQueries.This will contain queries which can be executed to see the events that each subquery in a
correlate()function matches on. This field can be used to debug correlate queries.
Fixed in this release
Automation and Triggers
The Schedule configuration for scheduled searches no longer flips to when a cron expression for specific months is specified.
Configuration
The automatic tag grouping threshold now calculates correctly.
Previously, LogScale incorrectly calculated
MAX_DISTINCT_TAG_VALUESas the maximum ofAUTOSHARDING_MAXand the configuredMAX_DISTINCT_TAG_VALUESvalue. WhenAUTOSHARDING_MAXincreased to131,072for backwards compatibility, automatic tag grouping stopped triggering at its intended threshold. To solve this,MAX_DISTINCT_TAG_VALUESnow uses only its configured value (default:1,000). This value operates independently from the deprecatedAUTOSHARDING_MAXsetting.
Dashboards and Widgets
Fixed an issue with the Look Up Events interaction in the
Tablewidget, which would in certain scenarios result in an invalid query.
Queries
In rare cases the query state cache files on disk was not cleaned up properly. This change fixes those cases along with better error handling and logging.
Functions
Fixed an issue where reuse of queries would not detect changes to saved queries used inside the
defineTable()query function.
Improvement
Storage
Optimized encryption during bucket uploads by reducing the amount of copying.
Queries
LogScale request logs no longer contain internal query poll or delete requests on the
queryjobsendpoint, unless those requests either fail or take more than 5 seconds.To increase visibility into query worker and coordinator communication, the new metrics internal-queryjobs-timing is being added, which tracks the response times for polls on the
queryjobsendpoint.
Functions
The Language Server Protocol (LSP) now provides enhanced code completion for the
correlate()function. The LSP now includes contextual suggestions for subquery snippets as well as relevant attribute suggestions based on the query context.