Humio Server 1.37.0 Preview (2022-02-14)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

JDK

Compatibility?

Req. Data

Migration

Config.

Changes?
1.37.0Preview2022-02-14

Cloud

On-Prem

2023-03-31No1.26.011NoYes
JAR ChecksumValue
MD5f5c25eee6d9efb0ddf9d86ca74c84a3c
SHA16026cc511279e9089bc49d8e5a0dd320e5397712
SHA256097886ea8a6d2eece7980c46ba0b1002b7f7edf6d68109f91374b002a61e4975
SHA5127c8fb7d2c53c5aab60ddf54250e47d41289cd9635005d3a765742298a20eb7f35426955a7388caf48fbc044747e917cfdd93003ce252c42358d947a504f73c29
Docker ImageSHA256 Checksum
humioc27d93d4fd87d253117b1442a7391ea3cd28366a960727482b27b58706211435
humio-coref43d4a206d9386d601798029df5c02d9b1e1b35bb6ae0f666aa6d8d36bcc60e3
kafka291d25337324ab70a3490f9b06ed2860215f37b84ced203b26cfa5d10877ce42
zookeeper606ebc2ffcd28bc36d7d091ad649743f22de21b891f7a75c9048343e019372ef

Humio can now poll and ingest data from the Falcon platform's Falcon Data Replicator (FDR) service. This feature can be used as an alternative to the standalone fdr2humio project. See the Ingesting FDR Data for more information.

Improvements, new features and functionality

  • UI Changes

    • Reworked the hover message layout and changed the hover information on text (in the search field).

    • Hover over parameter names and arguments in the search field now includes the default value.

    • On the time, bar and pie charts you can hold the ALT/OPTION key to display long legend titles.

    • Added a quick-fix for unknown escape sequences in the search field.

    • The bar and pie charts now support holding the SHIFT key to display unformatted numeric values.

    • First row entry in the statistics table on the repo page is now a table header and added hidden content to the empty table header in the new view page.

    • The Cluster Nodes table has been redesigned to allow for easier overview and copying the version-number.

    • The search page now has focus states on the Language Syntax, Event List Widget and Save As buttons.

    • When using the table visualisation in dark mode, empty table cells are now clearly discernible.

    • Better accessibility for queries panel. You can now tab to focus individual queries, and open a details panel. From here you can also access all actions in the details panel by tabbing.

    • Visually hidden clipboard field is now hidden for assistive technologies/keyboard users.

    • Added a warning for unknown escape sequences in the search field.

    • Minor UX improvements (ie. accessibility) on the queries panel.

    • Added a quick-fix to convert non-ASCII quotes to ASCII quotes in the search field.

    • Hover information in the search field is shown despite an overlapping warning.

    • Pop-ups and drop-downs will now close automatically when focus leaves them.

    • When changing focus inside a dialog with the keyboard, the focus will no longer move outside the dialog while it is open.

  • GraphQL API

    • Deprecates the ReadContents view action, in favor of ReadEvents. This also means ReadEvents has been undeprecated, as we have slightly changed how we consider read rights, and want the action names to match this.

    • Fixed a bug in the response from calling the installPackageFromZip GraphQL mutation. Previously, the response type exposed a deprecated clientmutationid that could not be selected. Also now if form fields are missing they are properly reported in the response.

  • Configuration

    • Fixed a bug where TLS_KEYSTORE_TYPE and TLS_TRUSTSTORE_TYPE would only recognize lower-case values.

    • Added config RDNS_DEFAULT_SERVER for specifying what DNS server is the default for the rdns() query function.

    • Added config IP_FILTER_RDNS for specifying what IP addresses can be queried using the rdns() query function.

    • Added new settings for how uploads to bucket storage are validated. In the case that validation with etags are not available, content length can be used instead.

    • Added config IP_FILTER_RDNS_SERVER for specifying what DNS servers can be allowed in the rdns() query function.

    • Reduce default value of INGESTQUEUE_COMPRESSION_LEVEL, the ingest queue compression level from 1 to 0. This reduces time spent compressing before inserting into the ingest queue by roughly 4x at the expense of a 10-20% increase in size required in Kafka for the ingest queue topic.

    • The PERMISSION_MODEL_MODE configuration option has been removed. All graphql related schema has also been removed.

    • The Property inter.broker.protocol.version in kafka.properties now defaults to 2.4 if not specified. Users upgrading Kafka can either set inter.broker.protocol.version manually in kafka.properties, or pass DEFAULT_INTER_BROKER_PROTOCOL_VERSION as an environment variable to Docker when launching the container. Please follow Kafka's upgrade guidelines when upgrading a Kafka cluster to avoid data loss https://kafka.apache.org/documentation/#upgrade_3_1_0.

    • When Kafka topic configuration is managed by Humio (default true) set max.message.bytes on the topics to the value of Config TOPIC_MAX_MESSAGE_BYTES, default is 8388608 (8 MB). Minimum value is 2 MB.

    • Added the config CORS_ALLOWED_ORIGINS a comma separated list for CORS allowed origins, default allows all origins.

  • Other

    • Improve the performance of deletes from global.

    • Published new versions of the Humio Kafka Docker containers for Kafka 3.1.0.

    • Ensure only a cluster leader that still holds cluster leadership can force digesters to release partition leadership. This could cause spurious reboots in clusters where leadership was under contention.

    • Allow cluster managers access to settings for personal sandboxes and to block and kill queries in them.

    • Added tombstoning to uploaded files, which helps with avoiding data loss.

    • Do not run the Global snapshot consistency check on stateless ingest nodes.

    • The Kafka client has been upgraded to 3.1.0 from 2.8.1. 3.1.0 enables the idempotent producer by default, which implies acks=all. Clusters that set acks to a different number via EXTRA_KAFKA_CONFIGS_FILE should update their config to also specify enable.idempotence=false

    • During Digest startup, abort fetching segments from other nodes if the assigned partition set changes while fetching.

    • Ensure a digester can only acquire or release partition leadership if no other digester has leadership of that partition. This could cause spurious reboots if digester leadership became contended.

    • During identity provider configuration, it's possible to fetch SAML configuration from an endpoint.

Bug Fixes

  • UI Changes

    • Fixed an issue where live queries would sometimes double-count parts of the historic data.

    • Fixed a bug where the Add Column button on the Fields panel would do nothing

    • Fixed a bug where the Package Marketplace would redirect to unsupported package versions on older Humio instances.

    • Previously a package could be updated with another package with the same name and version, but with different content. This is no longer allowed, and any attempt do so will be rejected and fail.

    • Fixed a compatibility issue with FileBeat 8.0.0.

    • Fixed several issues where users could add invalid query filters via the Add filter context button after selecting text in the Event List.

    • For HTTP Event Collector (HEC) the input field sourcetype is now also stored in @sourcetype.

    • Fixed an issue where tail() could produce results inconsistent with other query functions, when used in a live query.

    • Fixes an issue with epoch and offsets not always being stripped from segments.

    • LSP warnings don't crash queries any more.

    • Fixed an issue where queries of the form #someTagField != someValue ... would sometimes produce incorrect results.

    • Fixed an issue where negated functions could lose their negation.

    • Fixed an issue where top(max) could throw an exception when given values large enough to be represented as positive infinity.

    • Fixed an issue where queries with tail() would behave in an unexpected manner when an event is focused.

    • Fixed a bug where providing a bad view/repository name when blocking queries would block the query in all views and repositories.

    • Fixed a bug in the Sankey chart such that it now updates on updated query results.

    • Fixed a compatibility issue with LogStash 7.16+ and 8.0.0 when using the Elasticsearch output plugin.

    • Fixed an issue where percentile() would crash on inputs larger than ~1.76e308.

    • Warn at startup if CORES > AvailableProcessorCount as seen by the JVM.