Available for download two days after release.

Hide file download links

Show file download links

Bug fixes and updates

Breaking Changes

The following items create a breaking change in the behavior, response or operation of this release.

• Functions

  • Renamed parameter caseInsensitive in text:editDistance() and text:editDistanceAsArray() to ignoreCase for consistency with other functions.

Removed

Items that have been removed as of this release.

GraphQL API

• Removed deprecated GraphQL elements:

  Mutations:

  • addStarToAlertV2

  • removeStarFromAlertV2

  • addStarToScheduledSearch

  • removeStarFromScheduledSearch

  Fields:

  • Alert.isStarred

  • ScheduledSearch.isStarred

  • UserSettings.starredAlerts

  The GraphQL enum value GraphQlDirectivesAmountLimit from enum DynamicConfig has also been removed.

Metrics and Monitoring

• Removed the deprecated metric datasource-count, which was responsible for continuously reporting the number of datasources per repository.

  Repository datasource information is still available in the following ways:

  • When new datasources are created and deleted, that information is available to users via datasource logs.

  • Users can also obtain the datasource count using the query GET api/v1/repositories/$DATASPACE to view a current list of datasources for a given repository.

  For more information, see Repository and View Settings, Datasources, Ingestion: Ingest Phase.

Deprecation

Items that have been deprecated and may be removed in a future release.

• The EXTRA_KAFKA_CONFIGS_FILE configuration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.

• rdns() has been deprecated and will be removed in version 1.249. Use reverseDns() as an alternative function.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

• Dashboards and Widgets

  • Removed the support email link (logscalesupport@crowdstrike.com) from scheduled report email footers.

• Metrics and Monitoring

  • The internal monitoring jobs that used to query the internal humio repository for metrics now query the humio-metrics repository instead.

    To support this, the default value of SEARCH_PIPELINE_MONITOR_QUERY has been changed to #kind=logs | count() for clusters without metrics in the LogScale repository.

Upgrades

Changes that may occur or be required during an upgrade.

• Installation and Deployment

  • Upgraded the bundled Java Development Kit (JDK) to Java 25.0.1.

    For this upgrade, users should be aware that systems configured with Transparent Huge Pages (THP) mode as madvise, the option -XX:+UseTransparentHugePages does not enable huge pages when running with the default garbage collecter G1. To address this, the following workaround is available:

    java

    # echo always > /sys/kernel/mm/transparent_hugepage/enabled

New features and improvements

Fixed in this release