Falcon LogScale 1.212.0 GA (2025-10-28)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.212.0GA2025-10-28

Cloud

Next LTSNo1.150.01.177.0No

Available for download two days after release.

Hide file download links

Show file download links

Bug fixes and updates

Breaking Changes

The following items create a breaking change in the behavior, response or operation of this release.

  • API

    • The <gqlfield>dashboard</gqlfield> field in the <gqltype>ScheduledReport</gqltype> GraphQL type is now optional. When users lack dashboard access permissions, the field will return a null result instead of causing a request failure.

      Note

      Users should update their queries and type definitions to account for the optional nature of this field and that a null value exists.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The EXTRA_KAFKA_CONFIGS_FILE configuration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.

  • rdns() has been deprecated and will be removed in version 1.249. Use reverseDns() as an alternative function.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

  • Functions

    • Changed liveness restrictions for selfJoin() and selfJoinFilter() functions to be enforced at compile time instead of runtime, enabling detection by the Language Service Protocol (LSP) and GraphQL validation endpoints.

    • Changed top-level restrictions for join-like query functions to be enforced at compile time instead of runtime, enabling detection by the language service protocol and GraphQL validation endpoints.

New features and improvements

  • User Interface

    • Added a new styling option for the heat map widget and bar chart widget respectively:

      • Heat map widget: Option for users to sort the x and y axes

      • Bar chart widget: Option for users to sort the x axis by label

  • API

    • Enhanced the GraphQL entities search API to include scheduled reports as searchable assets. The entitiesSearch, entitiesPage, and entitiesLabels query endpoints now support scheduled reports with full metadata access and standard filtering capabilities.

      This change extends the entitiesSearch, entitiesPage, and entitiesLabels query endpoints to:

      • Return scheduled reports as part of search results when filtering by entity types

      • Provide full access to scheduled report metadata through the ScheduledReportResult datatype

      • Support the same filtering and pagination capabilities available for other asset types

      • Maintain proper view-level access controls for scheduled report visibility

Fixed in this release

  • Storage

    • Fixed an issue where multiple nodes would concurrently attempt to execute the same merges of mini-segments, creating waste. Future merges will now use one node consistently.

  • Queries

    • Fixed an issue where queries using the correlate() function within a federated search could experience a memory leak.

Improvement

  • User Interface

    • Enhanced Files and Interactions pages:

      Files page improvements:

      • Added table sorting

      • Implemented proper pagination

      • Added package column filtering

      • Updated package column to show versionless package string instead of with version

      Interactions page improvements:

      • Added sort functionality for tables

      • Implemented proper pagination for tables

      • Added column filters for package and interaction type

      • Fixed the Language Server Protocol (LSP) features in the Details panel so the query editor for editing Search link interactions has LSP features (syntax highlighting, docs, suggestions, etc.)

  • Queries

    • Improved live query handling during high ingest latency. LogScale now avoids halting live queries when latency is not caused by digest node overload.

      To control this behavior, users can apply the environment variable LIVEQUERY_CANCEL_TRIGGER_INGEST_OCCUPANCY_LIMIT. This variable provides the amount of time spent waiting for events to be stored in segments and written to live queries compared to obtaining data from Kafka with a percentage value.

      Note

      Setting the default value to -1 disables the logic.

      Warning

      The maximum environment variable value is 100. If set to this value, live queries will not be stopped due to ingest delay.

  • Functions

    • Improved error handling resiliency for multi-pass functions like correlate() by creating an automatic stop for queries that would previously stall indefinitely. Future queries that stall will be stopped automatically.