Falcon LogScale 1.228.0 GA (2026-02-17)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.228.0 | GA | 2026-02-17 | Cloud | Next LTS | No | 1.150.0 | 1.177.0 | No |
Available for download two days after release.
Hide file download links
Download
Use docker pull humio/humio-core:1.228.0 to download the latest version
Bug fixes and updates
Advance Warning
The following items are due to change in a future release.
Security
Starting from LogScale version 1.237, support for insecure
ldapconnections will be removed. Self-Hosted customers using LDAP will only be able to useldapssecure connections.
Removed
Items that have been removed as of this release.
GraphQL API
The following fields for the GraphQL mutation ViewInteractionEntry have been removed:
id
interaction
packageId
package
view
As an alternative, users can utilize the GraphQL datatype viewInteraction instead, as this provides access to view interaction data via a stable API surface.
Deprecation
Items that have been deprecated and may be removed in a future release.
The userId parameter for the updateDashboardToken GraphQL mutation has been deprecated and will be removed in version 1.273.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.The Secondary Storage feature is now deprecated and will be removed in LogScale 1.231.0.
The Bucket Storage feature provides superior functionality for storing rarely queried data in cheaper storage while keeping frequently queried data in hot storage (fast and expensive). For more information, see Bucket Storage.
Please contact LogScale support for any concerns about this deprecation.
New features and improvements
User Interface
The
Searchweb interface has a new layout design. The update includes:Visualization selection of widget types now presented as a display tab.
Smart tab grouping with dropdown selectors for multiple Source Events and Table tabs.
Events display options toolbar repositioned at the top of the Results panel.
Enhanced field statistics with improved performance.
Overall improved layout and user experience.
No action is required — users will automatically see the new design when searching.
Configuration
Introduced new environment variables to configure the Netty HTTP client, specifically for bucket operations.
When the value of
S3_NETTY_CLIENTistrue, the following environment variables are available:S3_NETTY_READ_TIMEOUT_SECONDS— Determines the amount of time to wait for a read on a socket before an exception is thrown. The default value is 120 seconds.S3_NETTY_WRITE_TIMEOUT_SECONDS— Determines the amount of time to wait for a write on a socket before an exception is thrown. Default value is 30 seconds.
Dashboards and Widgets
Enhanced Schedule PDF Reports behavior:
If a report times out more than the value set in
SCHEDULED_REPORT_MAX_RETRY_ATTEMPTS(default is 5), the report is automatically disabled.When a report is disabled for any reason (timeouts or specific errors), an email notification is sent to the intended report recipient.
Fixed in this release
Security
Fixed an issue with JSON Web Token (JWT) authentication, where simultaneous user creation requests across different nodes would fail with the error message User already exists. Now when authenticating with LogScale using a JWT, if the username specified in the token for the user claim does not exist, the user will be created automatically — the process is also self-correcting to avoid similar errors in the future.
System and organization API tokens could not be used for certain view-related routes, even when the tokens contained the necessary permissions. This issue has now been fixed.
User Interface
Automation and Triggers
Fixed an issue where parameters set by the user during the creation of Schedule PDF Reports were sometimes not saved. To minimize disruption to the user, reports that used default dashboard values for parameters will not require any change — reports will generate using default values.
Storage
An error log stating Unexpected normal segment in segments missed by coordinator was displayed when a view was being restored from deletion. This issue has now been fixed.
Events containing the ASCII character
\NULin field values could be stored in a corrupted format, and blocks containing such events may have been corrupt as well: as a consequence, such fields may have contained incorrect values when displayed or filtered. This issue has now been fixed.
API
An issue has been fixed in how nextRunInterval is applied to subqueries: when
cacheHintis supplied for a query, it is now correctly propagated to subqueries (for example, in queries using thedefineTable()function).
Ingestion
Fixed an issue where Amazon Simple Queue Service (SQS) permissions problems were not appearing in the activity log for ingest feeds.
Queries
Fixed an issue where using the
likeoperator in a query would sometimes cause the query to malfunction and return no results in the Event list.
Known Issues
Storage
For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (that is, the storage usage on the primary disk is halfway between
PRIMARY_STORAGE_PERCENTAGEandPRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.
Improvement
Installation and Deployment
Improved Indicator of Compromise (IoC) service efficiency by preventing unnecessary full downloads from the remote IoC server or CrowdStrike API when data is already present in the cluster.
Auditing and Monitoring
Added logging for topic-level configurations to
KafkaStatusLoggerJob.