Falcon LogScale 1.227.0 GA (2026-02-10)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.227.0 | GA | 2026-02-10 | Cloud | 2027-03-31 | No | 1.150.0 | 1.177.0 | No |
Available for download two days after release.
Hide file download links
Download
Use docker pull humio/humio-core:1.227.0 to download the latest version
Bug fixes and updates
Breaking Changes
The following items create a breaking change in the behavior, response or operation of this release.
Storage
Removed the feature flag
WriteNewSegmentFileFormat, making the new segment file format mandatory. This feature was introduced in version 1.138 to improve segment file compression and became enabled by default in version 1.162.Important
After deploying this version, clusters cannot be downgraded to versions older than 1.177.
GraphQL API
Improved resource management controls to ensure system stability and performance for GraphQL query processing. These changes will not impact normal usage of LogScale's UI and API.
Configuration
The
MAX_GRAPHQL_QUERY_DEPTHenvironment variable has been removed. Use theGraphQLQueryDepthLimitdynamic configuration variable instead.For information about setting dynamic configurations, see Setting a Dynamic Configuration Value. A list of available GraphQL dynamic configurations can be found at Dynamic Configuration Parameters when filtering by "GraphQL".
Advance Warning
The following items are due to change in a future release.
Security
Starting from LogScale version 1.237, support for insecure
ldapconnections will be removed. Self-Hosted customers using LDAP will only be able to useldapssecure connections.
Removed
Items that have been removed as of this release.
Configuration
The environment variable
TEMP_SHORTCUT_EXTERNAL_FUNCTION_CALLSis no longer used by LogScale and can be safely removed.
Deprecation
Items that have been deprecated and may be removed in a future release.
The userId parameter for the updateDashboardToken GraphQL mutation has been deprecated and will be removed in version 1.273.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.The Secondary Storage feature is now deprecated and will be removed in LogScale 1.231.0.
The Bucket Storage feature provides superior functionality for storing rarely queried data in cheaper storage while keeping frequently queried data in hot storage (fast and expensive). For more information, see Bucket Storage.
Please contact LogScale support for any concerns about this deprecation.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Queries
The
QuerySessionsclass now propagates user permission changes to running static queries, allowing them to end or restart as necessary. Previously, this behavior was only applied to live queries.
New features and improvements
Automation and Triggers
It is now possible to configure filter and aggregate alerts to throttle on multiple fields.
To support this change, the following GraphQL changes have been made:
The GraphQL argument throttleField has been deprecated and replaced with with throttleFields for types FilterAlert, AggregateAlert, UnsavedFilterAlert, and UnsavedAggregateAlert.
The GraphQL argument throttleField has been deprecated and replaced it with throttleFields in mutations createFilterAlert() and createAggregateAlert().
Mutations updateFilterAlert() and updateAggregateAlert() have been deprecated and replaced with updateFilterAlertV2() and updateAggregateAlertV2().
The main difference is that the throttleField field is being removed and a throttleFields field is being added.
GraphQL API
Extended the analyzeQuery() GraphQL endpoint to support alerts. The
queryKindparameter now supports the following values:For filter alerts: { filterAlert: {} }
For aggregate alerts: { aggregateAlert: {} }
For legacy alerts: { legacyAlert: {} }
Note
Alerts have restrictions beyond the query string, in particular regarding the time interval of a query. Those restrictions are outside the scope of the validation done by analyzeQuery().
Queries
Added support for unicode categories in LogScale Regular Expression Engine V2 using
\p{L}syntax. Supported categories include:Letters (
L)Symbols (
S)Punctuation (
P)Control characters (
Cc)
These categories can also be used in character classes like
[\p{S}A-Z])and negated using\P{L}.For more information, see Regular Expression Engine V2 Syntax Patterns.
Functions
Released the new query function
explain:asTable(), which provides detailed insights into query performance by showing a step-by-step breakdown of time consumption and event filtering throughout the query.
Fixed in this release
User Interface
Fixed an issue with correlate query graph visualization, where nodes and edges would not render correctly in certain circumstances.
These two wrong behaviors have been fixed in the web interface:
The Events tab would not show when the main correlate query did not return results.
A wrong default widget was selected by the Widget selector.
Automation and Triggers
Fixed an issue where the creation of a scheduled report without parameter values would result in an invalid and failing result.
Storage
Fixed an issue where global snapshot failure would prevent further attempts until system restart.
Fixed an issue occurring during offset calculation for digest that could cause minisegments that go missing before being fully replicated to be incorrectly deleted and replayed from Kafka.
This occurred only in datasources that were recently created or whose status had recently changed from idle to non-idle. In the future, these minisegments will appear in the cluster admin panel designated as "absent".
Fixed an issue where a failing assertion in
DataSyncJobcould cause a system crash in very rare cases.
Functions
Fixed an issue where using the function
wildcard()as part of an expression (for exampletest(wildcard(...))) would result in an internal server error. The proper query validation error now correctly displays in theQuery editor.
Known Issues
Storage
For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (that is, the storage usage on the primary disk is halfway between
PRIMARY_STORAGE_PERCENTAGEandPRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.
Improvement
Automation and Triggers
The
Triggersoverview page has been updated with the following improvements:Sorting is now available for all columns.
The Search... field now supports filtering across all columns.
The and filtering options are now available for quickly selecting all items and then excluding single items, and for quickly identifying triggers with no label, action, or package attached.
Both options are available for the Labels, Actions and Packages columns.
For more information, see Manage Triggers.
Storage
Added a delay between retry attempts when global snapshot uploads fail.
Queries
The election process regarding slow queries has been updated to the following parameters:
Changed the threshold from 100 times slower to 500 times slower for vote casting.
Increased vote timeout from 5 minutes to 15 minutes.
When a node is elected as problematic by the entire cluster within the timeout period, it is logged with the message These nodes were deemed bad by the rest of the cluster.
Improved query throttling for segment merges. Queries are not throttled if segment merging falls behind due to slow segment fetches.