Falcon LogScale 1.201.0 GA (2025-08-12)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.201.0 | GA | 2025-08-12 | Cloud | 2026-09-30 | No | 1.150.0 | 1.177.0 | No |
Available for download two days after release.
Hide file download links
Download
Use docker pull humio/humio-core:1.201.0 to download the latest version
Bug fixes and updates
Removed
Items that have been removed as of this release.
GraphQL API
Removed the deprecated field lastScheduledSearch on the GraphQL mutation ScheduledSearch.
Deprecation
Items that have been deprecated and may be removed in a future release.
AUTOSHARDING_MAXconfiguration variable is now being deprecated and will be removed in version 1.207.The
lastScheduledSearchfield from theScheduledSearchdatatype is now deprecated and planned for removal in LogScale version 1.202. The newlastExecutedandlastTriggeredfields have been added to theScheduledSearchdatatype to replacelastScheduledSearch.The
EXTRA_KAFKA_CONFIGS_FILEconfiguration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Configuration
The default value of
TAG_HASHING_BUCKETSis now dependent on the value ofMAX_DISTINCT_TAG_VALUES. This change ensures optimal search performance when automatic tag grouping is applied.For more information, see How-To: Using Tag Grouping.
New features and improvements
Automation and Triggers
It is now possible for LogScale to distribute the execution of scheduled searches running more frequently than every hour across different minutes using H/n notation in cron schedules. For example, use
H/5for a search that should run every 5 minutes.Supported intervals: every 2, 3, 4, 5, 6, 10, 12, 15, 20, or 30 minutes.
Note
Changing an existing scheduled search from
*/5toH/5, for example, may result in two runs that either overlap or have a gap between them.For example, if the updated schedule for the scheduled search runs at 3 minutes, 8 minutes, and so on, and you make the change after the run at 0:00 with the old schedule, but before 0:03, then you will get a new run at 0:03. The time from 0:03 to 0:05 is covered by both runs. If you instead make the change after 0:03, but before 0:05, the next run will be at 0:08, meaning that the time between 0:05 and 0:08 is not searched by any run.
For more information, see Cron Scheduling.
GraphQL API
Added new GraphQL mutations for manipulating labels on filter and aggregate alerts:
These mutations are similar to what is available for scheduled searches and legacy alerts.
Fixed in this release
Storage
Fixed an issue causing the creation of 140,000 datasources in global when repositories hit the max datasource limit. When the limit is hit, LogScale now directs events into an "overflow datasource" with a fixed set of tags. This overflow datasource will now shard itself as necessary to keep up with digest, consistent with the behavior of all other datasources.
For more information, see Ingestion: Ingest Phase.
Functions
Fixed the
defineTable()andjoin()functions as subqueries would use an incorrect search interval when using @ingesttimestamp.Fixed an issue where identifiers with array indices (for example,
foo[0]andabc.foo[0].bar[2]) were incorrectly rejected on the right side of the link operator (<=>) when using thecorrelate()function.
Improvement
Storage
Improved S3 download efficiency by optimizing data streaming and download management, delivering significant performance improvements across memory utilization, garbage collection, and network throughput.
Internal load tests show that memory usage no longer spikes and remains stable during heavy downloads, resulting in significantly less CPU load and approximately 20% faster download speeds.
For more information, see Ingestion: Storage Phase.
Queries
Improved performance by compiling queries once instead of twice when submitting a scheduled search job.
For more information, see Triggers.
Functions
Lifted the
maxrestriction on thelimitparameter forsort(),head(),tail(), andtable()functions in multi-cluster setups.For more information, see LogScale Multi-Cluster Search.