Falcon LogScale 1.215.0 GA (2025-11-18)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.215.0 | GA | 2025-11-18 | Cloud | Next LTS | No | No |
Available for download two days after release.
Hide file download links
Download
Use docker pull humio/humio-core:1.215.0 to download the latest version
Bug fixes and updates
Advance Warning
The following items are due to change in a future release.
User Interface
From version 1.225.0, LogScale will enforce a new limit of 10 labels that can be added or removed in bulk for assets such as dashboards, actions, alerts and scheduled searches.
Labels will also have a character limit of 60.
Existing assets that violate these newly imposed limits will continue to work until they are updated - users will then be forced to remove or reduce their labels to meet the requirement.
Deprecation
Items that have been deprecated and may be removed in a future release.
The following GraphQL mutations have been deprecated:
AddAlertLabel
RemoveAlertLabel
AddScheduledSearchLabel
RemoveScheduledSearchLabel
AddDashboardLabel
RemoveDashboardLabel
The deprecated GraphQL mutations will be replaced by the following mutations:
AddAggregateAlertLabels
RemoveAggregateAlertLabels
AddFilterAlertLabels
RemoveFilterAlertLabels
AddLegacyAlertLabels
RemoveLegacyAlertLabels
AddScheduledSearchLabels
RemoveScheduledSearchLabels
AddDashboardLabels
RemoveDashboardLabels
The following GraphQL mutations are being added:
AddFileLabels
RemoveFileLabels
AddActionLabels
RemoveActionLabels
The
EXTRA_KAFKA_CONFIGS_FILEconfiguration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Storage
LogScale now prevents start-up if a user's Azure endpoint base has not been configured for Azure bucket storage.
If
AZURE_STORAGE_BUCKET,AZURE_STORAGE_ACCOUNTNAME, andAZURE_STORAGE_ACCOUNTKEYvariables are specified andAZURE_STORAGE_ENDPOINT_BASEis not specified, LogScale will fail to start rather than delaying failure until an attempt to connect to the bucket is made.
Upgrades
Changes that may occur or be required during an upgrade.
Configuration
LogScale has upgraded its Netty version to 4.2.7.
New features and improvements
User Interface
The following bulk actions can now be performed on multiple assets:
as .zip file
Assets that support this feature include:
Actions
Dashboards
Interactions
Lookup files
Parsers
Triggers
LogScale now also supports enabling and disabling triggers in bulk.
Corresponding GraphQL Batch operations are also available.
For more information, see Table Components.
Configuration
The time period allotted for topology changes like adding and removing a node is now configurabe via the environment variable
SEGMENT_TO_HOST_MAPPING_TOPOLOGY_CHANGE_SETTLING_TIME_SECONDS. Cluster topology changes will wait for the number of seconds stated in the environment variable before moving segments to accommodate the new topology.
Dashboards and Widgets
A new styling option in the
Tablewidget now enables to configure custom column labels:Users can now rename column headers directly in the table widget's style configuration panel.
Custom column labels are preserved when switching between columns and refreshing the view.
For more information, see Table Property Reference.
A new styling option in the
Tablewidget now allows users to reorder columns. A reset button is also available for restoring the original columns order of the query result.For more information, see Table Property Reference.
Auditing and Monitoring
The following audit log types have been removed:
aggregateAlert.add-label
aggregateAlert.remove-label
filterAlert.add-label
filterAlert.remove-label
The following Audit Log types have been added:
saved-query.add-labels
saved-query.remove-labels
aggregateAlert.add-labels
aggregateAlert.remove-labels
filterAlert.add-labels
filterAlert.remove-labels
alert.add-labels
alert.remove-labels
scheduled-search.add-labels
scheduled-search.remove-labels
uploaded-file.add-labels
uploaded-file.remove-labels
action.add-labels
action.remove-labels
dashboard.add-labels
dashboard.remove-labels
Added audit logging to the Export to File functionality for query results.
This adds two new audit log entries:
dataspace.query.export-file: when a query is exported to a file.
dataspace.query.export-bucket: when a query is streamed to an external file bucket (if the
Export to bucketfeature flag is enabled).
All entries include the following data points:
actor - Export requester data
timestamp- Time of the loggingexportedFileName - Exported file name with the file extension chosen
queryId- The ID of the related query audit log found through dataspace.querycsvFieldsExported (optional) - When exporting a query to CSV, you must select specific fields to include.
If the query is streamed due to size, the selected fields are added directly to the query as a filter using
select().When streaming to a bucket, additional fields are added:
bucketProvider - The bucket provider used to stream the file to (for example, S3)
bucket - The bucket ID used to stream the file to
To fetch information regarding audits for exported query requests, you can run a join query like
defineTable()orcorrelate()on the queryId. For example:logscalecorrelate( exports: { type = /dataspace.query.export/ } include: *, queries: { type = "dataspace.query" | queryId <=> exports.queryId } include: [query.queryString, query.ingestStart, query.ingestEnd] )
Fixed in this release
Ingestion
Event forwarding rules that reference a saved query will now use the latest version of the saved query if it has been updated.
Log Collector
Fixed several
/api/v1/log-collectorendpoints to return proper status codes for invalid credentials.
Known Issues
Storage
For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (i.e. the storage usage on the primary disk is halfway between
PRIMARY_STORAGE_PERCENTAGEandPRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.