Falcon LogScale 1.212.0 GA (2025-10-28)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.212.0GA2025-10-28

Cloud

2026-12-31No1.150.01.177.0No

Available for download two days after release.

Hide file download links

Show file download links

Bug fixes and updates

Breaking Changes

The following items create a breaking change in the behavior, response or operation of this release.

  • GraphQL API

    • The dashboard field in the ScheduledReport GraphQL type is now optional. When users lack dashboard access permissions, the field will return a null result instead of causing a request failure.

      Note

      Users should update their queries and type definitions to account for the optional nature of this field and that a null value exists.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The EXTRA_KAFKA_CONFIGS_FILE configuration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.

  • rdns() has been deprecated and will be removed in version 1.249. Use reverseDns() as an alternative function.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

  • Functions

    • Changed liveness restrictions for selfJoin() and selfJoinFilter() functions to be enforced at compile time instead of runtime, enabling detection by the Language Service Protocol (LSP) and GraphQL validation endpoints.

    • Changed top-level restrictions for join-like query functions to be enforced at compile time instead of runtime, enabling detection by the Language Service Protocol (LSP) and GraphQL validation endpoints.

New features and improvements

  • GraphQL API

    • Enhanced the GraphQL entities search API to include scheduled reports as searchable assets. The entitiesSearch, entitiesPage, and entitiesLabels query endpoints now support scheduled reports with full metadata access and standard filtering capabilities.

      This change extends the entitiesSearch, entitiesPage, and entitiesLabels query endpoints to:

      • Return scheduled reports as part of search results when filtering by entity types

      • Provide full access to scheduled report metadata through the ScheduledReportResult datatype

      • Support the same filtering and pagination capabilities available for other asset types

      • Maintain proper view-level access controls for scheduled report visibility

  • Dashboards and Widgets

  • Metrics and Monitoring

    • Added the field window_count to Timer metrics. It tracks the number of measurements in the given window, usually 60 seconds.

Fixed in this release

  • Storage

    • Fixed an issue where multiple nodes would concurrently attempt to execute the same merges of mini-segments, creating waste. Future merges will now use one node consistently.

  • Queries

    • Fixed an issue where queries using the correlate() function within a federated search could experience a memory leak.

  • Metrics and Monitoring

    • Fixed an issue where the progress report for the metric ingest-queue-read-offset would erroneously log errors stating Ingest queue progress error approximately 90 minutes after cluster restart.

Known Issues

  • Storage

    • For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (i.e. the storage usage on the primary disk is halfway between PRIMARY_STORAGE_PERCENTAGE and PRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".

      This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.

Improvement

  • User Interface

    • Enhanced Lookup files and Interactions asset types in the Resources page, as follows.

      Lookup files table component improvements:

      • Added table sorting

      • Implemented proper pagination

      • Added package column filtering

      • Updated package column to show versionless package string instead of with version

      Interactions table component improvements:

      • Added sort functionality

      • Implemented proper pagination

      • Added column filters for package and interaction type

      • Fixed the Language Server Protocol (LSP) features in the Details panel so the query editor for editing Search link interactions has LSP features (syntax highlighting, docs, suggestions, etc.)

  • Queries

    • Improved live query handling during high ingest latency. LogScale now avoids halting live queries when latency is not caused by digest node overload.

      To control this behavior, users can apply the environment variable LIVEQUERY_CANCEL_TRIGGER_INGEST_OCCUPANCY_LIMIT. This variable provides the amount of time spent waiting for events to be stored in segments and written to live queries compared to obtaining data from Kafka with a percentage value.

      Note

      Setting the default value to -1 disables the logic.

      Warning

      The maximum environment variable value is 100. If set to this value, live queries will not be stopped due to ingest delay.

  • Functions

    • Improved error handling resiliency for multi-pass functions like correlate() by creating an automatic stop for queries that would previously stall indefinitely. Future queries that stall will be stopped automatically.