Humio Server 1.24.0 LTS (2021-04-06)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

Config.

Changes?
1.24.0LTS2021-04-06

Cloud

2022-04-30No1.16.0No
JAR ChecksumValue
MD5cbee15b1c1af8d13984fbd938e9f9488
SHA18562af8753aca033d6b4966311787c2a681116dc
SHA2567cda1dd2188ec2ed5899c5a4c26cf45c2f2d4199439342da64819194475b5cf2
SHA512ad9e05ed84cd08f8774b5bbec44b8075ebb9e2cd7898f7d6f88fc445a5e1476284b86b1d3d5536ecdf1609b7c8b4e05d3ad27302dd79e41f95094140c12ce002

Important Information about Upgrading

This release promotes the latest 1.23 release from preview to stable.

Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.24.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.24.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.

Humio will make some internal logs available in a new repository called humio-activity. This is meant for logs that are relevant to users of Humio, as compared to logs that are only relevant for operators. The latter logs are still put into the humio repository. For this release, only new log events will be put into humio-activity, but in later releases, some existing log events that are relevant for users, will be put into the humio-activity repository instead of the humio repository.

For cloud users, the logs for your organization can be accessed through the humio-organization-activity view.

For on-prem users, the logs can be accessed directly through the humio-activity repository. They are also output into a new log file named humio-activity.log which can be ingested into the humio repository, if you want it available there as well. If you do and you are using the Insights Package, you should upgrade that to version 0.0.4. For more information, see the LogScale Internal Logging.

Humio has decided to adopt an evolutionary approach to its GraphQL API, meaning that we will strive to do only backwards compatible changes. Instead of making non-backwards compatible changes to existing fields, we will instead add new fields alongside the existing fields. The existing fields will be deprecated and might be removed in some later release. We reserve the right to still do non-backwards compatible changes, for instance to fix security issues.

For new experimental features, we will mark the corresponding GraphQL fields as PREVIEW. There will be no guarantees on backwards compatibility on fields marked as PREVIEW.

Deprecated and preview fields and enum values will be marked as such in the GraphQL schema and will be shown as deprecated or preview in the API Explorer. Apart from that, the result of running a GraphQL query using a deprecated or preview field will contain a new field extensions, which contains a field deprecated with a list of all deprecated fields used in the query and a field preview with a list of all preview fields used in the query.

Example:

json
{
  "data": "...",
  "extensions": {
    "deprecated": [
      {
        "name": "alert",
        "reason": "[DEPRECATED: Since 2020-11-26. Deprecated since 1.19.0. Will be removed March 2021. Use 'searchDomain.alert' instead]"
      }
    ]
  }
}

Deprecated fields and enum values will also be noted in the release note, when they are first deprecated. All use of deprecated fields and enum values will also be logged in the Humio repository humio-activity. They will have #category=GraphQL, subCategory=Deprecation and #severity=Warning. If you are using the API, consider creating an alert for such logs.

Removed Support for CIDR Shorthand

Previous version of Humio supported a shorthand for IPv4 CIDR expressions. For example 127.1/16 would be equivalent to 127.1.0.0/16. This was contrary to other implementations like the Linux function inet_aton, where 127.1 expands to 127.0.0.1. Support for this shorthand has been removed and the complete address must now be written instead.

Fixed in this release

  • Other

    • Removed the QUERY_QUOTA_EXCEEDED_PENALTY config (introduced in 1.19.0).

    • Fixed an issue on the search page that prevented the event list from scrolling correctly.

    • Fixed an issue which prevented Safari users from seeing alert actions

    • Fixed an issue which caused problems with forward/backward compatibility of LanguageVersion in GraphQL

    • Major changes: 1.23.0 and 1.23.1.

    • The query scheduler now prioritizes new queries started by a user based on the cumulative cost of recent queries started by that user. Added new config QUERY_SPENT_FACTOR with the default value 0.5, which defines the weight of recent query costs when scheduling. Higher values mean that users with high recent query costs will see their queries penalized harder in the scheduling.

    • Fixed a scrolling issues on the Kafka cluster admin page