Falcon LogScale 1.235.1 GA (2026-04-10)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.235.1 | GA | 2026-04-10 | Cloud | Next LTS | No | 1.177.0 | 1.177.0 | No |
Hide file download links
Download
Use docker pull humio/humio-core:1.235.1 to download the latest version
Bug fixes and updates
Advance Warning
The following items are due to change in a future release.
Security
Starting from LogScale version 1.237, support for insecure
ldapconnections will be removed. Self-Hosted customers using LDAP will only be able to useldapssecure connections.
Removed
Items that have been removed as of this release.
GraphQL API
Removed the deprecated GraphQL query
savedQuery(id). Use the savedQuery(id) field on searchDomain() query instead:searchDomain(name: "...") { savedQuery(id: "...") { ... } }This query was deprecated in version 1.181 due to poor performance.
Deprecation
Items that have been deprecated and may be removed in a future release.
The following manuals have been moved to the archives:
The userId parameter for the updateDashboardToken GraphQL mutation has been deprecated and will be removed in version 1.273.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Fleet Management
Log Collector enrollment no longer uses the supplied machine ID to look up an existing collector ID. Each enrollment now generates a new collector ID, regardless of whether the same machine ID is provided. Machine IDs are no longer treated as unique identifiers; all queries now use collector ID instead.
For more information, see Fleet and Group Management.
New features and improvements
Documentation
The documentation site has been updated to improve usability by adding the following features:
Dark mode
Store preferences for displaying (or hiding) the sidebars
Both are available from a new menu available at the top right of every Documentation Page (the hamburger).
For the sidebars:
You can override the default display for each page to either hide the left, right, or both, sidebars on each page.
Resetting to the default will use the controls set for each page by the docs team.
You can still hide and show on each page (using the » icons)
We also have keyboard controls (Option-, and Option-. toggle left and right respectively, Option-M toggles both). See Keyboard Shortcuts
For dark mode, you can:
Force light mode (black on white)
Force dark mode (white on black)
Follow your device preferences
Reset to default (light mode)
It is possible there are some pages where dark mode does not display clearly and we will continue to update these.
Fixed in this release
Installation and Deployment
Fixed an issue where an Indicator of Compromise (IoC) with a label containing non-ASCII characters would corrupt the IoC data stored on cluster nodes backing the
ioc:lookup()function. Non-ASCII IoC labels are now written correctly.
Storage
Fixed an issue that could cause spurious error logging stating Offset to delete moving backwards on partition when deleting segments using administrative endpoints for manual segment deletion.
Ingestion
Fixed an issue where CSV files containing a UTF-8 byte order mark were correctly parsed, but JSON files with a byte order mark failed to parse.
Queries
Fixed an issue where invalid queries (for example, IOC not available) could lead to 500 internal server error responses on query submission rather than surfacing the error to the user. LogScale now correctly renders non-standard status codes.
Functions
Fixed an issue in the serialization of
correlate()states where the new version serialized states in a format not recognized by previous versions. This prevented running queries using thecorrelate()function in clusters with mixed versions (pre-1.233 and 1.233 or newer).
Known Issues
Storage
For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (that is, the storage usage on the primary disk is halfway between
PRIMARY_STORAGE_PERCENTAGEandPRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.
Improvement
User Interface
Improved the Look Up Events default
Tablewidget interaction to handle aggregated @ids separated by\nor,.