Humio Server 1.23.0 Preview (2021-03-18)
| Version | Type | Release Date | Availability | End of Support | Security Updates | Upgrades From | JDK Compatibility | Req. Data Migration | Config. Changes |
|---|---|---|---|---|---|---|---|---|---|
| 1.23.0 | Preview | 2021-03-18 | Cloud, On-Prem | 2021-03-24 | No | 1.16.0 | 11 | No | No |
| JAR Checksum | Value |
|---|---|
| MD5 | 882c77cb19e867084fbb26dc80c079d8 |
| SHA1 | 053d49648f03fd49f0766aa9df64f66921c72638 |
| SHA256 | 898f1670010d25866f9fb27e054509a2ade615dbae612cdc70ce34371e03ac59 |
| SHA512 | eba333bfec11983f6140ca4e64ec725c91c0d724f245c0250f2264a9221036a7d9e89aace2bf096ce7b5ecca72b4c24659348feba7098d89a5a4035359d8b8d3 |
Important Information about Upgrading
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.23.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.23.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
Humio will make some internal logs available in a new repository called humio-activity. This is meant for logs that are relevant to users of Humio, as compared to logs that are only relevant for operators. The latter logs are still put into the humio repository. For this release, only new log events will be put into humio-activity, but in later releases, some existing log events that are relevant for users, will be put into the humio-activity repository instead of the humio repository.
For cloud users, the logs for your organization can be accessed
through the
humio-organization-activity
view.
For on-prem users, the logs can be accessed directly through the
humio-activity repository. They are also output
into a new log file named
humio-activity.log which can be ingested
into the humio repository, if you want it available
there as well. If you do and you are using the
Insights Package, you should upgrade that to
version 0.0.4. For more information, see
LogScale Internal Logging.
Humio has decided to adopt an evolutionary approach to its GraphQL API, meaning that we will strive to do only backwards compatible changes. Instead of making non-backwards compatible changes to existing fields, we will instead add new fields alongside the existing fields. The existing fields will be deprecated and might be removed in some later release. We reserve the right to still do non-backwards compatible changes, for instance to fix security issues.
For new experimental features, we will mark the corresponding GraphQL fields as PREVIEW. There will be no guarantees on backwards compatibility on fields marked as PREVIEW.
Deprecated and preview fields and enum values will be marked as
such in the GraphQL schema and will be shown as deprecated or
preview in the API Explorer. Apart from that, the result of
running a GraphQL query using a deprecated or preview field will
contain a new field
extensions, which contains
a field deprecated with a
list of all deprecated fields used in the query and a field
preview with a list of all
preview fields used in the query.
Example:
{
"data": "...",
"extensions": {
"deprecated": [
{
"name": "alert",
"reason": "[DEPRECATED: Since 2020-11-26. Deprecated since 1.19.0. Will be removed March 2021. Use 'searchDomain.alert' instead]"
}
]
}
}
Deprecated fields and enum values will also be noted in the
release note, when they are first deprecated. All use of
deprecated fields and enum values will also be logged in the
Humio repository humio-activity. They will have
#category=GraphQL,
subCategory=Deprecation
and #severity=Warning. If
you are using the API, consider creating an alert for such logs.
Removed Support for CIDR Shorthand
Previous version of Humio supported a shorthand for IPv4 CIDR
expressions. For example
127.1/16 would be
equivalent to
127.1.0.0/16. This was
contrary to other implementations like the Linux function
inet_aton, where
127.1 expands to
127.0.0.1. Support for
this shorthand has been removed and the complete address must
now be written instead.
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutations addAlertLabel, removeAlertLabel, addStarToAlert and removeStarFromAlert as they did not follow the standard for mutation input.
Improvements, new features and functionality
Summary
Added GraphQL queries and mutations for alerts and actions, which correspond to the deprecated REST endpoints for those entities.
GraphQL API
Added GraphQL mutations addAlertLabelV2, removeAlertLabelV2, addStarToAlertV2 and removeStarFromAlertV2.
Bug Fixes
Automation and Alerts
Restyled the alert dialogue.
Deprecated the REST endpoints for alerts and actions.
Functions
Fixed a bug in event forwarding that made
start(),end()andnow()return the time at which the event forwarding rule was cached. Instead,now()will return the time at which the event forwarding rule was run.start()andend()were never meant to be used in an event forwarding rule and will return 0, which means Unix Epoch.Deprecated
fileandcolumnparameter oncidr(). Usematch()withmode=cidrinstead.Improved performance when using
match()withmode=cidrcompared to usingcidr()withfile().Added support for CIDR matching on
match()usingmode=cidr.Fixed a bug which caused tag-filters in anonymous functions to not work in certain cases (causing to many events to be let through).
Deprecated
globparameter onmatch(), usemode=globinstead.Fixed a bug which caused glob-patterns in
match()to not match newline characters.Fixed a bug which caused
in()with values=[] to give incorrect results.Removed support for shorthand IPv4 CIDR notation in
cidr(). See section "Removed support for CIDR shorthand".Added
modeparameter tomatch(), allowing different ways to match the key.Negated, non-strict
match()orlookup()is no longer allowed.
Other
Made the S3 archiving save button work again.
Enforce permissions to enter creating new repository page.
UI enhancements for the new repository Access Permissions page.
Added IP Filter for readonly dashboard links, and started to audit log readonly dashboard access. In this initial version. The readonly ip filter can be configured with the graphql mutation:
graphqlmutation { updateReadonlyDashboardIPFilter(ipFilter: "FILTER") }The FILTER is expected in this format: IP Filter. From Humio 1.25 this can be configured in the configuration UI.
Deprecated the
ReadEventsenum variant from theViewActionenum in GraphQL. Use theReadContentsvariant instead, which has the same semantics, but a more accurate name.ReadEventswill be removed in a future release.Added a new introduction message to empty repositories.
Mark required fields on the Accept Terms and Conditions page.
Removed the deprecated
Repository.isFreemiumGraphQL field.Enforce permissions to enter Organization Settings page.
Fixed a bug which caused
match()to give incorrect results in certain cases due to incorrect cachingAllow turning encryption of files stored in bucket storage off by explicitly setting
S3_STORAGE_ENCRYPTION_KEY=off(similar forGCP_)Refactor Organization Overview page.
Refactor how the width of the repository name in the main navigation bar is calculated.
Fixes a bug where events deleted with the delete-event API would appear deleted at first, but then resurface again after 24h. If user applying delete did not have permission to search the events being deleted.
Fixed a bug where the same regex pattern occurring multiple times in a query could cause incorrect results
The
SearchDomain.queriesGraphQL field has been deprecated, and will be removed in a future release. UseSearchDomain.savedQueriesinstead.Fixed an issue with the Missing Segments API that caused missing segments to not appear in the missing segments list if they had a replacement segment.
Fixed an issue where regular expressions too large to handle would sometimes cause the query to hang. Now we report an error.
Fixed an issue where Prometheus metrics always reported 0.0 for humio_primary_disk_usage
Improved performance of free-text search using regular expressions.
Added an option to make it easier to diagnose problems by detecting inconsistencies between globals in different Humio instances. Each Humio instance has its own copy of the global state which must all be identical. It has happened that they were not, so now we check and if there is a difference we report an error and dump the global state into a file.
Fixed an issue which caused Ingesting Data to Multiple Repositories to break, when the parser used copyEvent to duplicate the input events into multiple repositories
Fixed an issue where changes to files would not propagate to parsers or event forwarders.
It is again possible to sort the events on the test parser page.
Refactor client side action cache of allowed permissions.
The GraphQL API Explorer is now available from inside Humio. You can access it using the Help->API Explorer menu.
Improved memory use for certain numerical aggregrating functions
The GraphQL API Explorer has been upgraded to a newer version. The new version includes a history of the queries that have been run.
Enforce accepting terms and conditions.
Fixed the requirement condition for the time retention on a repository.
The
SearchDomain.viewerCanChangeConnectionsGraphQL field has been deprecated, and will be removed in a future release. UseSearchDomain.isActionAllowedinstead.Fixed an issue causing undersized segment merging to repeatedly fetch the same segments, in cases where the merger job took too long to finish.
Implemented toggle button for dark mode.
Refactor All Organizations page.
Changed the URL of the Kafka cluster page in the settings.