Falcon LogScale 1.218.0 GA (2025-12-09)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.218.0GA2025-12-09

Cloud

Next LTSNo1.150.01.177.0No

Available for download two days after release.

Hide file download links

Show file download links

Bug fixes and updates

Advance Warning

The following items are due to change in a future release.

  • Security

    • Starting from LogScale version 1.237, support for insecure ldap connections will be removed. Self-Hosted customers using LDAP will only be able to use ldaps secure connections.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The EXTRA_KAFKA_CONFIGS_FILE configuration variable has been deprecated and planned to be removed no earlier than version 1.225.0. For more information, see RN Issue.

  • rdns() has been deprecated and will be removed in version 1.249. Use reverseDns() as an alternative function.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

  • Installation and Deployment

    • LogScale has temporarily downgraded its version of Java to v24 due to a potential regression in Java v25, which could affect digest when using zstd compression in Kafka. The downgrade will remain in effect until the issue is resolved, or Java v25 is confirmed benign.

  • Storage

    • Segment and lookup file bucket storage upload protocols have been improved in preparation for incoming changes. As a result, the metric bucket-storage-request-upload-queue-overflow has been removed, as the underlying logic this metric was measuring no longer exists.

  • Ingestion

    • The environment variable KAFKA_INGEST_QUEUE_SKIP_ON_ERROR must now be explicitly set to skip messages from the ingest queue. Previously, specific corrupt Kafka records would be automatically skipped, even if the variable was set to false.

New features and improvements

  • API

    • Added a new parameter nextRunInterval to the POST api/v1/queryjobs endpoint for query submission. This parameter provides a hint to the query engine about the next run's interval, improving performance through partial result reuse.

      Example usage:

      json
      {
  [...]

  "nextRunInterval": {
    "start": 1764765006226
    "end": 1764851406227,
  }
}

  • Fleet Management

    • Added support for optional expiration dates on Log Collector enrollment tokens. Users can now specify when tokens should expire during creation.

      Note

      The default behavior remains unchanged - tokens have no expiration unless explicitly configured.

Fixed in this release

  • Security

    • The SP-initiated SAML login protocol has been corrected to route to the default provider instead of the first provider listed.

  • Configuration

    • Error messages that point to instructions to MaxMind configuration contained a wrong documentation URL. The URL has now been updated to the correct location.

  • Queries

    • Fixed an issue where the highlighting for query results where regexes with d or F flags displayed incorrect matches. For example, the regex /.*$/d would incorrectly highlight the last line of multi-line text instead of the entire text.

      Note

      This issue impacted the display only. It did not affect actual query results.

  • Functions

    • Fixed an issue with the match() function lookup structure that occurred when nrows > 1 and keys are prefixes of each other, leading to missing results.

Known Issues

  • Storage

    • For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (i.e. the storage usage on the primary disk is halfway between PRIMARY_STORAGE_PERCENTAGE and PRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".

      This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.

Improvement

  • Storage

    • The global snapshot process has been improved to handle uploads one at a time using a dedicated thread. This ensures global snapshot uploads execute as planned and without delay from other uploads in the queue.

    • Bucket storage prefetch jobs will now download segments from bucket storage to attempt to hit the configured replication factor, even if another node in the cluster already possesses a copy.

  • Ingestion

    • Improved the handling of digest partitions assignment changes. The digest readers now attempt to update the consumed partitions when possible, instead of restarting on changed assignments.

  • Queries

    • Improved performance for the LogScale Regular Expression Engine V2 by optimizing concatenated repetitions of similar scope and body, i.e. greedy vs nongreedy repetitions. For example, the regex pattern .*.*Foo will now be optimized to .*Foo, resulting in significantly improved performance.

  • Metrics and Monitoring

    • Added two new metrics:

      • cluster-static-query-total-search-cost

      • cluster-static-query-reused-search-cost

      These metrics record the total cost of search and cost of reused parts for queries coordinated on a node.