Falcon LogScale 1.229.0 GA (2026-02-24)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.229.0GA2026-02-24

Cloud

Next LTSNo1.177.01.177.0No

Available for download two days after release.

Hide file download links

Show file download links

Bug fixes and updates

Breaking Changes

The following items create a breaking change in the behavior, response or operation of this release.

  • Configuration

    • Removed the environment variable ENABLE_QUERY_LOAD_BALANCING to remove the option for disabling internal query routing, which led to inconsistent and incorrect behavior when submitting and polling queries.

Advance Warning

The following items are due to change in a future release.

  • Security

    • Starting from LogScale version 1.237, support for insecure ldap connections will be removed. Self-Hosted customers using LDAP will only be able to use ldaps secure connections.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The package schemas LogScale Aggregate Alert Template v0.2.0 and LogScale Filter Alert Template v0.4.0 now have the field throttleField deprecated (it was replaced by throttleFields before). Instead of being just silently ignored, the deprecated throttleField field now generates an error if set in those two schema versions.

  • The userId parameter for the updateDashboardToken GraphQL mutation has been deprecated and will be removed in version 1.273.

  • rdns() has been deprecated and will be removed in version 1.249. Use reverseDns() as an alternative function.

  • The Secondary Storage feature is now deprecated and will be removed in LogScale 1.231.0.

    The Bucket Storage feature provides superior functionality for storing rarely queried data in cheaper storage while keeping frequently queried data in hot storage (fast and expensive). For more information, see Bucket Storage.

    Please contact LogScale support for any concerns about this deprecation.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

  • Queries

    • Extended the characters represented by the \s regex character class to include all characters that Unicode considers as "whitespace". This change reduces the size of the \s non-whitespace character class.

      For reference, see the following: Unicode Character Database.

New features and improvements

  • Metrics and Monitoring

    • Added the metric failedPdfGenerationAttempts for measuring the number of failed attempts to generate a scheduled PDF report.

  • Functions

    • Added the query function text:trim(). This function removes leading and/or trailing whitespace from strings by targeting all Unicode whitespace characters, and operates in a single pass over the underlying representation of character sequences.

Fixed in this release

  • Storage

    • Fixed an issue where clusters with a replication factor of 1 and mini segments that were the result of merging other mini segments would experience ownership transfer issues.

      If the owner host of the mini segment differed from the host completing the merge, the owner host would lapse into a bad state and ownership transferral would fail, even though the host would already have the segment on disk.

  • Queries

    • Fixed an issue causing digester nodes with 0 node partitions assigned to restart digest sessions too quickly. In these cases, the issue could cause potentially unnecessary restarts of live queries, or prevent live queries with large static parts from finishing.

  • Fleet Management

    • Fixed an issue where the Fleet Management groups dialog would show incomplete pagination results while the system was still loading data. The dialog now properly displays a loading state during backend polling, ensuring all log collectors are loaded before showing pagination controls.

Known Issues

  • Storage

    • For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (that is, the storage usage on the primary disk is halfway between PRIMARY_STORAGE_PERCENTAGE and PRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".

      This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.

Improvement

  • API

    • A deprecation notice in the showQueryEventDistribution field in queryJobs has been removed, as it was generated by mistake.

  • Ingestion

    • Fixed an issue where failed parsers would result in a null failure message. Future messages will now default to the name of the exception class in cases where a description is missing.

  • Metrics and Monitoring

    • Added the metric query-cancelled-starved, which tracks the number of queries that have been canceled due to starvation.

    • The bucket storage metric currently-submitted-segment-bucket-uploads has been renamed to align with the naming conventions of other metrics related to bucket storage.

      The metric is now named bucket-storage-currently-submitted-segment-uploads.

      The behavior of bucket storage metrics compressed-bytes-underreplicated-ignoring-bucket-storage and compressed-bytes-only-present-in-bucket-storage have also been adjusted. These metrics are now only updated by one node in the cluster at a time. Rather than having other nodes set the metric value to -1 when they aren't updating the metric, these nodes will now stop reporting the metric entirely.