Falcon LogScale 1.231.0 GA (2026-03-10)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.231.0GA2026-03-10

Cloud

Next LTSNo1.177.01.177.0No

Available for download two days after release.

Hide file download links

Show file download links

Bug fixes and updates

Advance Warning

The following items are due to change in a future release.

  • Security

    • Starting from LogScale version 1.237, support for insecure ldap connections will be removed. Self-Hosted customers using LDAP will only be able to use ldaps secure connections.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The userId parameter for the updateDashboardToken GraphQL mutation has been deprecated and will be removed in version 1.273.

  • rdns() has been deprecated and will be removed in version 1.249. Use reverseDns() as an alternative function.

  • The Secondary Storage feature is now deprecated and will be removed in LogScale 1.231.0.

    The Bucket Storage feature provides superior functionality for storing rarely queried data in cheaper storage while keeping frequently queried data in hot storage (fast and expensive). For more information, see Bucket Storage.

    Please contact LogScale support for any concerns about this deprecation.

Fixed in this release

  • Storage

    • Fixed a rarely triggered issue where a datasource state changing to idle could cause data loss from recently written events. The feature flag HandleDatasourceIdlenessInConsumerThread allows users to disable this fix.

    • Fixed an issue in LogScale's AWS S3 SDK code that could cause spurious warning logs and retries for segment downloads that were canceled by the system.

      An example of these spurious logs is c.h.b.s.S3BucketStorageImplNative 350 - download failed, retrying just once now ... Caused by: software.amazon.awssdk.core.exception.SdkInterruptedException"

  • Queries

    • Fixed an issue where longer-running static and/or multi-pass queries like those using the correlate() function would fail with the error message File does not exist if the file was updated during the query.

    • Fixed a regression in the CrowdStrike Query Language (CQL) introduced in version 1.224.0, where a query such as the following example would be incorrectly interpreted as foo AND count AND field:

      logscale
      foo  count(field)

      The example is missing a pipe operator (|) between foo and the count() function.

      The query is now rejected automatically. Prior to version 1.224.0, the query would have also been rejected.

  • Packages

    • Fixed an issue where updating an application package where an asset had been deleted would not be detected as a conflict, preventing the asset from being recreated.

      Conflicts occur when an asset from a package has been modified, leaving users with the option of keeping the modified version or overwriting it with what is in the new package version. In cases where an asset was deleted instead of modified, the previous protocol would not have flagged the missing asset as a conflict.

      After this change, a deleted asset will result in a conflict and require a conflict resolution to indicate whether to keep it deleted or recreate it from the new package version.

Known Issues

  • Storage

    • For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (that is, the storage usage on the primary disk is halfway between PRIMARY_STORAGE_PERCENTAGE and PRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".

      This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.

Improvement

  • Installation and Deployment

    • LogScale now adjusts the version fields provided in the global snapshot as part of the initial bootup process instead of completing the task later.

      Appropriate version fields allow LogScale to verify that upgrades and downgrades happen across compatible versions. Allowing nodes to run without updating the fields immediately created the potential for users to terminate LogScale before it had completed these updates, then perform an unsafe upgrade or downgrade later due to the fields being out of date.

  • Storage

    • The new bucket transfer queuing code that was introduced in version 1.219.0 is now enabled by default. To account for possible unexpected bucket storage behavior, this feature can be disabled using the feature flag NewFileTransferQueuing. This flag and the previous implementation will be removed in a future release given no significant issues.

      Note

      This improvement is comprised of mostly internal adjustments, and is not expected to cause any system behavior changes for users.