Falcon LogScale 1.214.0 GA (2025-11-11)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.214.0 | GA | 2025-11-11 | Cloud | 2027-02-28 | No | 1.150.0 | 1.177.0 | No |
Hide file download links
Download
Use docker pull humio/humio-core:1.214.0 to download the latest version
Bug fixes and updates
Deprecation
Items that have been deprecated and may be removed in a future release.
The following GraphQL APIs are deprecated and will be removed in version 1.225 or later:
In the updateSettings mutation, these input arguments are deprecated:
isPackageDocsMessageDismissed
isDarkModeMessageDismissed
isResizableQueryFieldMessageDismissed
On the UserSettings type, these fields are deprecated:
isPackageDocsMessageDismissed
isDarkModeMessageDismissed
Note
The deprecated input arguments will have no effect, and the deprecated fields will always return true until their removal.
The
EXTRA_KAFKA_CONFIGS_FILEconfiguration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.
Upgrades
Changes that may occur or be required during an upgrade.
User Interface
Upgraded the API explorer to GraphiQL version 5.2.0.
Fixed in this release
User Interface
When creating a scheduled report, clicking before the data was loaded could result in no selectable dashboards in the dropdown menu. This issue has now been fixed by disabling the button until the data is loaded.
Storage
Fixed an issue affecting clusters with secondary storage where segment files could not be fetched from other nodes or downloaded from bucket storage directly to secondary storage. This issue only occurred when primary storage was approaching capacity and was introduced in version 1.200.
Known Issues
Storage
For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (that is, the storage usage on the primary disk is halfway between
PRIMARY_STORAGE_PERCENTAGEandPRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.
Improvement
Security
Added the
OrganizationOwnedQueriespermission to the default Admin role.Note
Existing user's Admin role selections will not be impacted. Only new instances of the Admin role, created when a new customer organization is created, will get this new permission.
User Interface
Dashboards with query parameters now load faster when displaying large suggestion lists. This improvement prevents dashboard to become unresponsive, which previously occurred when multiple query parameters contained thousands of suggestions.
Automation and Triggers
Fixed a rare issue where rapidly disabling and re-enabling a scheduled search could cause the next scheduled execution to fail.
The next planned execution time is now preserved when disabling or enabling a scheduled search. It will be updated during the next scheduled search job run after enabling.
Queries
Implemented query reuse capability for multi-cluster search worker queries, matching the existing functionality for standard cluster queries.
Recent Package Updates
The following LogScale packages have been updated within the last month.
Package Changes
cisco/firepower has been updated to v1.7.5.
Updated ECS version to 9.2.0
Updated parser version to 3.3.5
Added message field assignment from Vendor.message
For more information, see Package cisco/firepower Release Notes.
cloudflare/zerotrust has been updated to v1.6.0.
Updated ECS version to 9.2.0
Enhanced field mapping with improved global field normalizations
Added support for spectrum dataset
Improved DNS answer parsing with dynamic array handling
Enhanced client, destination, and source field processing with address/IP/domain logic
Added comprehensive threat indicator confidence mapping
Improved TLS version extraction with regex patterns
Enhanced event categorization for malware detection in gateway-http
Added new fields: file.extension, email.message_id, email.reply_to.address[], rule.description, network.iana_number, destination.as.number, source.as.number, source.nat.ip, cloud.account.id, server.as.number
Updated parser version to 3.0.0
For more information, see Package cloudflare/zerotrust Release Notes.
netgate/pfsense has been updated to v1.1.2.
Added support for RFC 5424 syslog format with ISO 8601 timestamps
Enhanced timestamp parsing to handle both BSD syslog and RFC 5424 formats
Updated parser version to 1.1.2
For more information, see Package netgate/pfsense Release Notes.
fortinet/fortigate has been updated to v1.4.1.
Updated parser version to 3.0.1
Removed timezone parameter from parseTimestamp function for date/time parsing
For more information, see Package fortinet/fortigate Release Notes.
zscaler/deception has been updated to v2.2.1.
Updated ECS version to 9.1.0
Updated CPS version to 1.1.0
Improved timestamp parsing by removing timezone parameter
For more information, see Package zscaler/deception Release Notes.
darktrace/detect has been updated to v2.0.1.
Updated ECS version to 9.1.0
Updated parser version to 3.0.1
Fixed timezone handling for RFC 3164 syslog timestamps by removing explicit UTC timezone setting
For more information, see Package darktrace/detect Release Notes.
palo-alto/prisma-sd-wan has been updated to v1.2.1.
Updated ECS version to 9.1.0
Improved timestamp parsing by removing timezone parameter for better compatibility
For more information, see Package palo-alto/prisma-sd-wan Release Notes.
f5networks/bigip has been updated to v2.5.2.
Removed timezone parameter from timestamp parsing functions to use system default timezone handling
For more information, see Package f5networks/bigip Release Notes.
claroty/ctd has been updated to v1.2.2.
Removed timezone parameter from parseTimestamp function to use automatic timezone detection
Updated parser version to 1.1.3
For more information, see Package claroty/ctd Release Notes.
forcepoint/dlp has been updated to v1.2.2.
Updated ECS version to 9.1.0
Updated CPS version to 1.1.0
Removed timezone specifications from timestamp parsing
Enhanced field mapping documentation
For more information, see Package forcepoint/dlp Release Notes.
checkpoint/ngfw has been updated to v2.3.3.
Removed timezone parameter from timestamp parsing functions to use system default timezone handling
For more information, see Package checkpoint/ngfw Release Notes.
trellix/fireeye-nx has been updated to v1.2.1.
Updated parser schema to v0.3.0
For more information, see Package trellix/fireeye-nx Release Notes.
juniper/srx has been updated to v1.5.0.
Added event severity mapping based on threat severity levels
Added support for rshd command line extraction
Fixed duplicate event.kind assignments in IDP processing
Updated parser to version 3.0.0
Enhanced field mapping with IP address validation before normalization
Improved timestamp parsing with support for both ISO 8601 and BSD syslog timestamp formats
For more information, see Package juniper/srx Release Notes.
dell/isilon has been updated to v1.2.2.
Updated ECS version to 9.1.0
Updated CPS version to 1.1.0
Updated parser version to 1.1.3
Removed timezone specification from parseTimestamp function
Updated test case data with new sample values
For more information, see Package dell/isilon Release Notes.
zscaler/internet-access has been updated to v1.5.4.
Enhanced JSON parsing to handle escaped quotes in nested JSON structures
Added support for complex audit log events with nested preaction and postaction objects
Improved string replacement logic to preserve escaped quotes for proper JSON parsing
Updated parser version to 2.5.4
For more information, see Package zscaler/internet-access Release Notes.
zscaler/private-access has been updated to v1.3.3.
Updated ECS version to 9.1.0
Removed timezone parameter from parseTimestamp function
For more information, see Package zscaler/private-access Release Notes.
infoblox/nios has been updated to v1.3.3.
Removed timezone parameter from parseTimestamp functions to use system default timezone
Updated parser version to 2.2.3
For more information, see Package infoblox/nios Release Notes.
microsoft/sysmon has been updated to v1.1.3.
Updated ECS version to 9.1.0
Removed timezone parameter from parseTimestamp functions for improved timestamp handling
For more information, see Package microsoft/sysmon Release Notes.
checkpoint/ngfw has been updated to v2.4.1.
Enhanced event categorization for "Redirect" action to include "denied" event type
Added event.outcome field for "Redirect" action with "success" value
Updated parser version to 3.4.1
For more information, see Package checkpoint/ngfw Release Notes.
fortinet/fortigate has been updated to v1.5.0.
Updated parser version to 4.0.0
Enhanced event categorization and type mapping with comprehensive coverage for all event types
Improved field mapping using coalesce function for better field consolidation
Added threat enrichment fields for UTM events including virus, IPS, and anomaly detection
Enhanced network protocol detection and application layer protocol mapping
Improved client/server field mapping based on connection direction
Added array deduplication for event.category and event.type fields
Enhanced MAC address formatting with colon-to-dash replacement
Improved IP address validation with CIDR filtering
Added comprehensive test cases for SSL, DNS, traffic, and system events
For more information, see Package fortinet/fortigate Release Notes.
juniper/srx has been updated to v1.5.1.
Updated minimum LogScale version requirement to 1.207.0
For more information, see Package juniper/srx Release Notes.
google/chrome-enterprise-security-events has been updated to v1.2.1.
Updated parser schema to v0.3.0
For more information, see Package google/chrome-enterprise-security-events Release Notes.
zscaler/private-access has been updated to v1.4.0.
Enhanced parser with comprehensive ECS field mappings for all ZPA log types
Added support for app connector metrics logs
Improved field normalization with proper source/destination/client/server mappings
Enhanced network traffic analysis with ingress/egress byte tracking
Added comprehensive event categorization and outcome determination
Improved timestamp handling across all log types
Enhanced user and authentication event processing
Added proper host infrastructure monitoring fields
Improved security inspection rule mapping
Enhanced geographic location tracking for all components
For more information, see Package zscaler/private-access Release Notes.
cisco/ios has been updated to v1.7.2.
Updated timestamp parsing to remove hardcoded timezone defaults for better flexibility
Enhanced parser to use system timezone when no timezone is specified
Improved timestamp handling for logs without explicit timezone information
For more information, see Package cisco/ios Release Notes.
nozomi/ids has been updated to v1.3.3.
Updated parser version to 3.0.3
Added new message pattern for cleartext password authentication requests
Enhanced event categorization for network and intrusion detection events
For more information, see Package nozomi/ids Release Notes.
microsoft/windows-dns-debug has been updated to v1.3.2.
Updated ECS version to 9.1.0
Removed timezone specification from timestamp parsing
Enhanced parser version to 2.2.2
For more information, see Package microsoft/windows-dns-debug Release Notes.
microsoft/dhcp-client has been updated to v1.1.2.
Updated parser schema to v0.3.0
For more information, see Package microsoft/dhcp-client Release Notes.
cisco/ios has been updated to v1.7.3.
Updated ECS version to 9.1.0
Updated CPS version to 1.1.0
Updated parser version to 2.6.3
Fixed typo in observer.ingress.interface.name field extraction for IGMP events
For more information, see Package cisco/ios Release Notes.
cisco/meraki has been updated to v1.5.3.
Removed timezone parameter from timestamp parsing functions to use system default timezone handling
For more information, see Package cisco/meraki Release Notes.
aws/s3-server-access has been updated to v1.2.2.
Added cloud provider identification with cloud.provider field set to "aws"
Enhanced cloud resource tracking with cloud.target.Resource.type[] and cloud.target.Resource.id[] arrays
Improved cloud resource categorization for S3 buckets
For more information, see Package aws/s3-server-access Release Notes.
aws/waf has been updated to v2.0.0.
Breaking Change: If X-Forwarded-For header is present, normalize the original client IP to source.ip and Vendor.httpRequest.clientIp is now normalied to source.nat.ip.
Improved HTTP header extraction for referrer, host, and user-agent fields
Added URL domain and port parsing from Host header
Updated ECS version to 9.1.0 and CPS version to 1.1.0
For more information, see Package aws/waf Release Notes.
cisco/ise has been updated to v2.0.2.
Enhanced CISE_Profiler event parsing with comprehensive event code support
Added support for profiler event codes 80001-80019 including endpoint collection, SNMP operations, DNS requests, and Edda connector management
Improved event categorization for profiler events with specific outcomes and actions
Updated ECS version to 9.1.0
Updated parser version to 3.0.2
For more information, see Package cisco/ise Release Notes.
zscaler/internet-access has been updated to v1.5.3.
Updated ECS version to 9.1.0
Removed timezone parameter from parseTimestamp function
For more information, see Package zscaler/internet-access Release Notes.
aws/vpcflow has been updated to v1.2.2.
Updated timestamp parsing to remove explicit timezone parameter
Updated parser version to 1.2.2
For more information, see Package aws/vpcflow Release Notes.
nozomi/ids has been updated to v1.3.2.
Updated ECS version to 9.1.0
Updated CPS version to 1.1.0
Updated parser version to 3.0.2
Removed timezone specification from timestamp parsing for MMM dd yyyy HH:mm:ss format
For more information, see Package nozomi/ids Release Notes.
checkpoint/ngfw has been updated to v2.4.0.
Added several new field normalizations
Enhanced field organization and grouping for better readability
Improved network protocol detection logic
Fixed event categorization for authentication events (Failed Log In now uses start type)
Added new event categorization patterns for system events
Updated parser version to 3.4.0
For more information, see Package checkpoint/ngfw Release Notes.
radware/alteon has been updated to v1.2.2.
Updated ECS version to 9.1.0
Updated parser version to 1.1.2
Removed timezone parameter from findTimestamp() function calls
For more information, see Package radware/alteon Release Notes.
cisco/ios has been updated to v1.7.4.
Added support for EEM (Embedded Event Manager) events with new parsing pattern
Enhanced parser to handle EEM event actions and messages
Updated parser version to 2.6.4
For more information, see Package cisco/ios Release Notes.
haproxy/haproxy has been updated to v1.2.2.
Updated ECS version to 9.1.0
Updated CPS version to 1.1.0
Updated parser version to 1.1.3
Removed timezone parameter from parseTimestamp function
For more information, see Package haproxy/haproxy Release Notes.
microsoft/windows-dns-debug has been updated to v1.4.0.
Added support for additional timestamp formats (dd.MM.yyyy HH:mm:ss and yyyy-MM-dd HH:mm:ss AM/PM)
Enhanced field mapping with separate address, IP, and domain fields for client, destination, server, and source
Updated ECS version to 9.2.0 and CPS version to 1.1.0
Improved DNS error message mapping with additional error codes
Enhanced network type detection for IPv6 addresses
Refactored parser logic for better field organization and performance
For more information, see Package microsoft/windows-dns-debug Release Notes.
cisco/firepower has been updated to v1.7.4.
Removed timezone parameter from timestamp parsing functions to use system default timezone handling
Updated parser version to 3.3.4
For more information, see Package cisco/firepower Release Notes.
netgate/pfsense has been updated to v1.1.3.
Updated minimum LogScale version requirement to 1.207.0
For more information, see Package netgate/pfsense Release Notes.
cisco/ise has been updated to v2.0.1.
Fixed timezone handling in timestamp parsing by removing hardcoded timezone parameter
Updated parser version to 3.0.1
For more information, see Package cisco/ise Release Notes.