Falcon LogScale 1.238.0 GA (2026-04-28)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.238.0 | GA | 2026-04-28 | Cloud | Next LTS | No | 1.177.0 | 1.177.0 | No |
Hide file download links
Download
Use docker pull humio/humio-core:1.238.0 to download the latest version
Bug fixes and updates
Deprecation
Items that have been deprecated and may be removed in a future release.
The following manuals have been moved to the archives:
The userId parameter for the updateDashboardToken GraphQL mutation has been deprecated and will be removed in version 1.273.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.
Upgrades
Changes that may occur or be required during an upgrade.
Installation and Deployment
Upgraded LogScale's bundled Java Development Kit (JDK) from version 25.0.2 to 25.0.3.
Fixed in this release
User Interface
Fixed an issue where x-axis ordering for the
Bar Chartwidget could become unstable when theOthersseries in the Max series (bars) property contained varying subsets of x-axis categories with data updates.
Automation and Triggers
Fixed an issue in the handling of time zones where if an anchored time interval like
LastWeekwas used in scheduled reports, UTC timezone was implemented to calculate the start and end date of the report, leading to a drift in the time window (if the report was configured with a different time zone).
Configuration
Fixed an issue where, if not specified, the default Lightweight Directory Access Protocol (LDAP) port would be assumed to be
389instead of636, which is the default for Lightweight Directory Access Protocol over SSL/TLS (LDAPS). As a workaround, the port can be explicitly specified in the LDAP setup.
Queries
Fixed an issue where static queries transferred across different version of LogScale would become unreadable due to formatting changes and cause the query to fail. Now if this issue occurs, the query will restart.
Fixed an issue where a live query would occasionally fail, either internally or during client polling. This was due to a race condition created by a lack of bucket alignment.
Fixed an issue where temporary, self-correcting failures to publish in global snapshot could lead to query failures.
Fixed an issue where query handover in LogScale such as those occurring during node restart would in some cases lead to empty query results.
Functions
Fixed a rare issue where the
correlate()function could miss events at time bucket boundaries. This fix only takes effect when all nodes in the cluster are running at least version 1.238.0 - multi-cluster search is not yet supported.
Known Issues
Storage
For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (that is, the storage usage on the primary disk is halfway between
PRIMARY_STORAGE_PERCENTAGEandPRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.
Improvement
User Interface
A loading indicator has been added to the autocompletion menu in the new
Query Editorfor user-triggered prompts like the following:Ctrl+Space
+Space
This improves user experience during slow load times by ensuring users are aware that completions are being fetched from the server.
Configuration
The upper limit on the system setting
MAPPER_JOB_QUEUE_LENGTHhas been removed. This setting controls the maximum size of the mapper pool in each worker node.The mapper pool size defaults to 50% of the cores on the node, and the queue is configured by default to provide one queue slot per pool thread. This configuration ensures that mapper pool threads do not run out of work before the scheduler main loop can enqueue more.
Note
The mapper pool size default can be overridden by
QUERY_EXECUTOR_CORES.The previous upper limit of 128 was harmful on nodes with more than 256 cores. Since there is no reason to impose an upper boundary on this configuration, the limit has been removed.
The default value is recommended. The following considerations apply when adjusting this setting:
Decreasing the queue size risks leaving the mapper pool intermittently idle while the scheduler prepares more work to execute.
Increasing the queue size increases the latency on query prioritization decisions, since it takes longer between the scheduler deciding to execute a piece of work and that work making it through the queue.
Other
JSON encoding performance for message template output for actions and logs has been improved for the humio-activity repository. As a result, fewer characters are encoded, but all characters required to be encoded for JSON are encoded correctly.