Falcon LogScale 1.202.0 GA (2025-08-19)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.202.0GA2025-08-19

Cloud

2026-10-31No1.150.01.177.0No

Available for download two days after release.

Hide file download links

Show file download links

Bug fixes and updates

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The lastScheduledSearch field from the ScheduledSearch datatype is now deprecated and planned for removal in LogScale version 1.202. The new lastExecuted and lastTriggered fields have been added to the ScheduledSearch datatype to replace lastScheduledSearch.

  • The EXTRA_KAFKA_CONFIGS_FILE configuration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.

  • rdns() has been deprecated and will be removed in version 1.249. Use reverseDns() as an alternative function.

New features and improvements

Fixed in this release

  • Automation and Triggers

    • Fixed two issues with scheduled searches:

      • A failure to update a scheduled search could cause it to get stuck and not run until cluster restart.

      • A deleted scheduled search could cause the scheduled search job to continuously log that it was waiting for the scheduled search to finish.

      For more information, see Scheduled searches.

  • Storage

    • Fixed an issue where the logs indicating which query took the longest to process a segment would appear long after query completion. Logging will now be delayed by no more than 10 seconds.

      For more information, see LogScale Internal Logging.

  • Queries

    • Fixed an issue where a race condition was created between live query submission and digest start, in which the static part assigned to a worker cluster would be omitted if a live query coordinator submitted work to a worker cluster, starting a new digest session.

      For more information, see Digest Rules.

    • Fixed an issue where certain regex patterns that could not be compiled by the JitRex engine would lead to very slow query submission and excessive resource usage.

      For more information, see Regular Expression Syntax.

    • Fixed an issue where events would incorrectly remain unredacted when query strings used for redaction contained derived tags, such as #repo.

Known Issues

  • Storage

    • For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (i.e. the storage usage on the primary disk is halfway between PRIMARY_STORAGE_PERCENTAGE and PRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".

      This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.

Improvement

  • Queries

    • Improved performance by compiling queries once instead of twice when starting alert jobs.

    • Multi-cluster search worker clusters no longer execute the result calculation pipeline for multi-cluster queries. This eliminates external-function calls and reverse DNS calls on remote clusters in multi-cluster search queries, reducing resource consumption.

      For more information, see Searches in a Multi-Cluster Setup.

    • Queries will now preferentially read segments from non-evicted hosts, avoiding reading data from hosts that are being decommissioned.

      For more information, see Ingestion: Digest Phase.

  • Metrics and Monitoring

    • Added new metrics to help monitor/diagnose segment fetching queue issues: