Humio Server 1.29.0 GA (2021-07-09)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.29.0 | GA | 2021-07-09 | Cloud | 2022-09-30 | No | 1.16.0 | 1.0.0 | Yes |
Available for download two days after release.
Warning
This release has been revoked as it contained a known bug fixed in 1.29.1.
As a new feature Humio now includes an IOC (indicator of
compromise) database from CrowdStrike to enable lookup of IP
addresses, URLs and domains for malicious activity. This
database is updated hourly. This is described in more detail at
ioc:lookup()
Removed
Items that have been removed as of this release.
GraphQL API
Deprecated argument
namewas removed fromMutation.updateParserfield.Deprecated argument
repositoryNamewas removed fromMutation.updateParserfield.
Deprecation
Items that have been deprecated and may be removed in a future release.
Deprecated GraphQL mutation setRecentQueries(), use addRecentQuery() in future. The mutation will be removed after 2021-10-01. While setRecentQueries will remain in the API to not break existing clients, it will not modify the set of recent queries.
Field
addIngestTokenwas deprecated inMutationtype, useaddIngestTokenV2instead.Field
assignIngestTokenwas deprecated inMutationtype, useassignParserToIngestTokeninstead.
New features and improvements
Automation and Alerts
Integrates the editing of alert searches and scheduled searches better with the search page.
Packages now support Webhook actions and references between these and alerts in the Alert schema.
GraphQL API
Field
createIngestListenerwas deprecated inMutationtype, usecreateIngestListenerV2insteadRemoved the Usage feature flag which is now always enabled. This breaks backwards compatibility for internal graphql feature flag mutations and queries.
Field
updateIngestListenerwas deprecated inMutationtype, useupdateIngestListenerV2insteadRemoved the argument
includeUsageViewfrom the GraphQL mutation createOrganizationsViews() which breaks backwards compatibility for this internal utility method.Field
copyParserwas deprecated inMutationtype, usecloneParserinstead
Configuration
Humio nodes will now pick a UUID for themselves using the
ZOOKEEPER_PREFIX_FOR_NODE_UUIDprefix, even if ZooKeeper is not used. This should make it easier to enable ZooKeeper id management in existing clusters going forward.Allow the internal profiler to be configured via an environment variable. See Environment Variables
Add a soft limit on the primary disk based on
PRIMARY_STORAGE_PERCENTAGEandPRIMARY_STORAGE_MAX_FILL_PERCENTAGE(roughly the average of the two values). When the soft limit is hit and secondary storage is configured, the segment mover will prefer moving segments to secondary storage right away, instead of fetching them to primary and waiting for the secondary storage transfer job to move them.
Other
Internal change to parsers adding an id, where previously they only had a name as key.
Enabled dark mode for cluster administration pages.
The "Save Search as Dashboard" Widget dialog now gives user feedback about missing input in a manner consistent with other forms.
Make GlobalConsistencyCheckerJob shut down more cleanly, it could previously log some ugly exceptions during shutdown.
When editing a query, Enter no longer accepts a suggestion. Use Tab instead. The Enter key conflicted with the "Run" button for running the query.
Organization pages refactoring.
Previously, the server could report that a user was allowed to update parsers for a view, even though parsers cannot be used on views, only repositories. Now the server will always say the user cannot change parsers on views.
Improved global snapshot selection in cases where a Kafka reset has been performed
In thread dumps include the job and query names in separate fields rather than as part of the thread name.
Return the responder's vhost in the metadata json.
Added dark mode support to Identity provider pages.
Created a new Dropdown component, and replaced some uses of the old component with the new.
Speed up the SecondaryStorageTransferJob. The job will now delete primary copies much earlier after moving them to the secondary volume.
Scheduled searches are now allowed to run once every minute instead of only once every hour.
Fixed in this release
Functions
Fixed a bug causing
match()to let an empty key field match a table with no rows.
Other
Fixed an issue with "show in context" feature of the event list did not quote the field names in the produced query string.
Fixed a bug in the Search View. After editing and saving a saved query in the Search View, the notification message would disappear in an instant, making it impossible to read and to click the link therein.
Avoiding a costly corner case in some uses of glob-patterns.
Fixed a bug in the blocklist which caused "exact pattern" query patterns to be interpreted as glob patterns.
Fixed an issue related to validation of integer arguments. Large integer arguments would be silently truncated and lower limits weren't checked, which led to unspecified behavior. Range errors are now reported in the following functions:
concatArray()
formatDuration()
Fixed an issue where the axis titles on the timechart were not showing up in dark mode
Fixed an issue where exporting a saved query did not include the options for the visualization.
Fixed race condition that could cause parsers to not update correctly in rare cases
Fixed race condition that could cause event forwarding rules to not update correctly in rare cases
Fixed a bug where word wrapping in the event list was not always working for log messages with syntax highlighting (JSON or XML messages)
When testing a Parser and more events are returned in a test an info message is now displayed conveying that only the first event is shown.
Fixed bugs in the test parser UI, so that it should now always produce a result and be able to handle parsers that either drop events or produce multiple events per input event.
Address edge cases where QueryScheduler could throw exceptions with messages similar to "Requirement failed on activeMapperCount=-36"