Falcon LogScale 1.232.0 GA (2026-03-17)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.232.0GA2026-03-17

Cloud

Next LTSNo1.177.01.177.0No

Available for download two days after release.

Hide file download links

Show file download links

Bug fixes and updates

Advance Warning

The following items are due to change in a future release.

  • Security

    • Starting from LogScale version 1.237, support for insecure ldap connections will be removed. Self-Hosted customers using LDAP will only be able to use ldaps secure connections.

  • Fleet Management

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The userId parameter for the updateDashboardToken GraphQL mutation has been deprecated and will be removed in version 1.273.

  • rdns() has been deprecated and will be removed in version 1.249. Use reverseDns() as an alternative function.

Fixed in this release

  • Installation and Deployment

    • Fixed an issue where nodes could occasionally lose connection to Kafka clusters if the node was started with the environment variable KAFKA_COMMON_METADATA_RECOVERY_STRATEGY set to none.

  • User Interface

    • The documentation link in the error message for aggregate alerts containing prohibited functions has been repaired.

  • Automation and Triggers

    • In rare cases, email actions would fail to send emails when the following conditions occurred:

      • The email action sent results as an attached CSV.

      • The name of the trigger activating the actions contained one of the {field:FIELD_NAME} or the {field_raw:FIELD_NAME} message templates.

      • The name of the trigger with an unexpanded message template was longer than 30 characters.

      • The part of the name of the trigger coming before the message template was at most 30 characters.

      This issue has now been fixed and Email actions are now sent correctly even when the above conditions are met.

  • Storage

    • Fixed an issue with segment file validation on startup, where the validation process could end up blocking segment operations for an extended period of time. On nodes with a slow disk and many segment files, all segments could become locked for validation immediately instead of validating groups of files in smaller batches.

  • Ingestion

    • Fixed an issue where live queries that referenced a parser were not restarted when parser updates occurred. Changes to a parser referenced by a live query now cause the live query to be restarted similar to saved queries.

Known Issues

  • Storage

    • For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (that is, the storage usage on the primary disk is halfway between PRIMARY_STORAGE_PERCENTAGE and PRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".

      This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.

Improvement

  • Automation and Triggers

    • Improved the delineation of the time zone for scheduled reports - reports now define the time zone as UTC in the Report generated at field.

      For more information, see Schedule PDF Reports.

  • Queries

  • Auditing and Monitoring

    • Added the field acceptedPotentialDataLoss to the remove-host audit log entry. This addition indicates whether the administrator chose to override safeguards against data loss when submitting the host removal via the API.

      For more information, see Audit Logging.