Humio Server 1.56.2 Stable (2022-09-26)

Version?Type?Release Date?Availability?End of Support







Req. Data






JAR ChecksumValue
Docker ImageSHA256 Checksum


Bug fixes and updates.

Improvements, new features and functionality

  • Falcon Data Replicator

    • The feature flag for FDR feeds has been removed. FDR feeds are now generally available.

  • UI Changes

    • The event lists column header menus have been redesigned to be simpler:

      • You can now click the border between columns header in the event to fit the column to the content.

      • The Event List column Format Panel has been updated to make it easier to manage columns.

      See Formatting Columns.

    • It is now possible to interact directly with the JSON properties and values in the EventList.

    • It is now possible to scroll to the selected event on the Search page.

    • Add UI for enabling and disabling social logins on the identity providers page.

    • The Log line format type in the Event List will now render fully expanded JSON when a JSON structure starts with a square bracket or curly bracket followed by a newline.

    • Humio is now a Falcon product. The Humio owl logo and icons are therefore replaced by beautiful falcons.

    • In the Event List you can assign data types to a column field. You can now make the setting the default for a fields and the setting is remembered when even the field is added to the Event List, e.g. from the fields panel on the Search page. The button for assigning default data type to a field can be found in the Data type dropdown menu in the column headers of the event list widget. See Field Data Types.

  • Documentation

  • Automation and Alerts

    • When creating new Actions, the new name will now stay when you change the Action Type without getting cleared. This also works when you want to change the New Action name while creating a New Action.

    • When you create or edit an action it will now show a warning dialog if you have unsaved changes.

    • A major change has been made to how alert queries are run in order to better reuse live queries when nodes are restarted in a Humio cluster. Find more details at Alerts.

    • With the new implementation for running alerts, alerts will now start faster after a node has been restarted, making it easier for alerts with a small search interval to be able to alert on events during the downtime.

  • GraphQL API

    • Deprecates the defaultSharedTimeIsLive input field on the updateDashboard GraphQL mutation, in favor of updateFrequency.

  • Configuration

    • New dynamic configuration MinimumHumioVersion, default value is 0.0.0, that allows setting a minimum Humio version that this cluster will accept starting on. This allows protecting against inadvertently later rolling back too far for some other feature to be turned on, that has an implied minimum version for support of that feature.

    • On cloud: added a configuration on dynamic identity providers to configure if users are allowed to be lazily created.

    • Added environment variable ENABLE_SANDBOXES to make it possible to enable and disable sandbox repositories.

  • Dashboards and Widgets

    • Implemented support for widgets with a fixed time interval on dashboards.

  • Functions

    • Improved warning message when using groupBy() with limit=max and the limit is exceeded.

    • Query functions selectFromMin() and selectFromMax() are now generally available for use.

    • BREAKING CHANGE: Changes to the serialization format of the Intermediate Language representation of queries.

      Description: The serialization format used to serialize the intermediate language representation of queries has changed to a JSON format. This has multiple consequences for on-prem customers. During upgrades to this version and rollbacks from this version you can expect the following:

      • Queries can be slower than usual initially as the query cache clears itself.

      • Queries may cause deserialization errors if they are run during upgrade and two or more nodes have different versions. It is recommended to block all queries upon upgrade and downgrade to and from this version and have all nodes upgrade at the same time.

  • Other

    • In case view is not found we will try to fixup the cache on all cluster nodes.

    • It is now possible to select an entire permissions group when configuring permissions for a role.

      • Added the possibility of creating a role that grants permissions on the system and organization levels from the UI.

      • Updated the flow of creating and editing roles in the Understanding Your Organization pages.

    • In the dialog for entering a name, when creating a new entity (Alerts, Actions, Scheduled Searches, Parsing Data), hitting Enter without filling out the name field will now show an error and will not let you go on to the next page.

    • Permit the first character in the field name of a field being turned into a tag to be anything. If the first character does not match [a-zA-Z] then strip that from the resulting tag name. This does not alter the set of allowed names for tags, but allows the field names being turned into tags to have any character as the leading one, e.g. permitting examples such as &path and *path as field names to turn into the tag #path.

    • Allow any root user and any user with the PatchGlobal permission to use the global patch API. Previously required using the server-local special bootstraps root token, that would be valid only on the local node, thus hard to use via a load balancer.

    • Added support for writing H in place of minutes in the cron schedule of scheduled searches — see Cron Schedule Templates for details.

    • Added new system permission, PatchGlobal, enabling access to the global patch API.

    • Reduced memory usage for queries that include noResultUntilDone: true in their inputs. This reduces memory usage in queries that do "export" of an aggregate result via the Query API, as well as the "inner" queries in joins, and queries from scheduled searches.

    • When saving a parser, validate that the fields designated as tag fields have names that are valid as tag field names. Since packages with invalid parsers cannot be installed, if you have an invalid parser in a package, you will need to edit it to keep being able to install it.

    • When searching for queries using the Query Monitor in Cluster Administration you can now filter queries based on internal and external query IDs.

    • Added an option to make token hashing output in json format. See tokenhashing usage described at Hashed Root Access Token.

    • When configuring SAML and OIDC for an organization, for users with the ManageOrganizations permission to enable/disable whether the IDP is Default and Humio managed.

Bug Fixes

  • Falcon Data Replicator

    • Fixed a bug where a dropdown for choosing a parser was not visible in a dialog when creating a new FDR feed.

    • Removed the deprecated feature flag FdrFeeds

  • UI Changes

    • Fixed a bug in the computation of query metadata that is used by the UI, which, for example, caused problems showing pie charts with queries containing both groupBy() and top().

  • GraphQL API

    • Fixed an error when querying for actions in GraphQL on a deleted view.

    • Marked all feature flags as preview in GraphQL, which means that once they are no longer needed, they will be removed without being deprecated first.

  • Dashboards and Widgets

    • Fixed an issue where wordwrap did not work in the Inspect Panel.

    • Fixed a bug where certain queries would make it seem that all widgets were incompatible, even though the table view still works.

      Importing a dashboard with Shared time enabled and Live disabled would import the dashboard with Live enabled. Likewise, when creating a new dashboard from a template, Live would be on.

    • The Apply Filter button on the dashboard correctly applies the typed filter again.

    • The Single Value color threshold list could get into a state where you could not type threshold values into the four text fields.

  • Functions

    • Fixed a recent bug which caused the category links from groupBy()-groups to be lost when a subsequent sort() was used, and also made grouping-based charts (bar, pie, heat map) unusable in such cases.

  • Other

    • Fixed an issue where delete events from a minisegment could result in the merge of those minisegments into the resulting target segment never got executed.

    • Fixing an issue, where the sessions of a user wasn't revoked when the user was deleted.

    • Fixes a bug where a placeholder would appear for the region selector on the login pages, even though it itself wouldn't be shown since it has no configured regions.

    • It is no longer possible to have an upload file action with a path in the file name. This would result in an unusable file being created.

    • Fixed an issue where some segments could stall the background process implementing event redaction. This could then result in segments not being merged. The visible symptom would be segments with topOffset attribute being -1, and MiniSegmentMergeLatencyLoggerJob logging that some segments are not being merged.

    • We have removed the @host field from the humio-activity logs and the #host tag from the humio-audit log, as we can no longer provide meaningful values for these. The @host field in the humio-metrics logs will remain, but its value will be changed to the vhost id (an integer number).

    • Fixed an issue where queries could fail when the requests within the cluster were more than 8 MB each.

    • Fixed an issue where the HTTP threads (Akka pool) could get blocked while sending ingest requests to Kafka, which could result in Humio HTTP endpoints not responding.

    • Fixed an issue with tags in Event Forwarding, so that it is now possible to filter on tags using event forwarding rules, and the tags are present in the forwarded events.

    • Fix a regression introduced in 1.46.0 that can cause Humio to fail to properly replay data from Kafka when a node is restarted.

  • Packages

    • Previously parsing packages was very strict, falling when detecting unsupported files. This is no longer the case, unsupported files will now be ignored and won't stop the package from installing.