Falcon LogScale 1.200.0 GA (2025-08-05)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.200.0 | GA | 2025-08-05 | Cloud | 2026-09-30 | No | 1.150.0 | 1.177.0 | No |
Available for download two days after release.
Hide file download links
Download
Use docker pull humio/humio-core:1.200.0 to download the latest version
Removed
Items that have been removed as of this release.
Storage
Removed the ingest request backpressure mechanism introduced in 1.115. This mechanism throttled ingest requests on nodes running digest work while experiencing event latency. The implementation prevented clusters from properly using Kafka as a buffer for event backlogs. Additionaly, it hid the existence of backlogs from administrators by delaying events on shippers rather than in Kafka where they are visible to LogScale.
Administrators are advised to either:
Size nodes to handle temporary ingest rate spikes without falling behind on digest.
Run separate ingest and digest nodes to prevent ingest spikes from consuming capacity needed for digest work.
This change also removes the following dynamic configurations:
Deprecation
Items that have been deprecated and may be removed in a future release.
AUTOSHARDING_MAXconfiguration variable is now being deprecated and will be removed in version 1.207.The
lastScheduledSearchfield from theScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The newlastExecutedandlastTriggeredfields have been added to theScheduledSearchdatatype to replacelastScheduledSearch.The
EXTRA_KAFKA_CONFIGS_FILEconfiguration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Configuration
The
MAX_DATASOURCESenvironment variable no longer controls the maximum datasources of system repositories. System repositories now have a default maximum of 50,000 datasources.
New features and improvements
Installation and Deployment
Added the environmental variable
HUMIO_OPTS_FS, which can be set to override the field separator used when word-splitting usingHUMIO_OPTSin the launcher script. This is useful when the options contain characters in$IFS(such as spaces), which would otherwise be split incorrectly.For more information, see LogScale Launcher Script.
Functions
The new
percentage()query function is now available. It allows you to calculate the percentage of events that match a subquery.For more information, see
percentage().
Fixed in this release
Storage
Indicators of Compromise (IoC) with more than 127 labels were unable to be stored. This issue has now been fixed.
Startup failed if a host contained a deprecated storage task in the global database. This issue has now been fixed.
Functions
The
correlate()function has been fixed due tocasestatements within the query causing incorrect filter query generation for event tabs. Previously, filter queries extracted all conditions from different case branches, causing event tabs to appear empty even whencorrelate()found valid constellations. This fix now ensures that filter query generation correctly preserves the case statement structure in event tab filters.
Improvement
GraphQL API
Added support for partial time intervals for GraphQL endpoint analyzeQuery(). Default time interval values are now aligned with the query jobs API.