Falcon LogScale 1.77.0 Preview (2023-02-14)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | JDK Compatibility? | Req. Data Migration | Config. Changes? |
|---|---|---|---|---|---|---|---|---|---|
| 1.77.0 | Preview | 2023-02-14 | Cloud On-Prem | 2024-04-30 | No | 1.44.0 | 11 | No | No |
Bug fixes and updates.
Advanced Warning
The following items are due to change in a future release.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Ingestion
It is no longer possible to list ingest tokens for system repositories.
Improvements, new features and functionality
UI Changes
Filtering and group-by icons have been added to the Fields Panel and Inspection Panel detail views.
Documentation
The new Template Language reference information section has been added.
Dashboards and Widgets
Hold ⇧ (Shift) to show unformatted values. Hold ⌥ (Alt on Windows or Option on Mac) to show full legend labels.
startTime,endTime, and parameter variables are now also available when working with Template Language expressions on the Search page.
Functions
Introduced the
array:reduceAll()function.As other released Array Query Functions, it requires square braces.
Other
Ephemeral nodes are automatically removed from the cluster if they are offline for too long (2 hours by default).
Adding more Repositories & Views to a group is now done inside a dialog.
Packages
Repository interactions are now supported in Packages. When exporting a package with dashboard link interactions referencing a dashboard also included in the package, then that reference will be updated to reflect this in the resulting zip file.
Bug Fixes
Dashboards and Widgets
When importing a dashboard from a template, some widget options (including LegendPosition) were being ignored and reverted to their default value.
The
Tablewidget is able to display any search result, yet in the widget dropdown, it would often say "Incompatible". It now indicates compatibility. For event type results, the Event List visualisation will still be preferred and auto selected.When using the Export as template functionality, the label field was missing in the exported YAML.
For more information, see Dashboards & Widgets.
If you clone a widget and click Edit in Search View, you would be asked to discard your changes before editing, causing confusion. Now, Edit in Search View is not available until you save or discard using the buttons in the top bar.
For more information, see Managing Widgets, Managing Widgets.
The
Scatter Chartwidget visualization would under some conditions claim to be compatible with any result that has 3 or more fields. Yet it would not display anything unless the actual data was numeric. TheScatter Chartvisualization now properly detects compatibility and ignores any non-numeric fields in the query result.
Functions
Other
Nodes are now considered ephemeral only if they set
USING_EPHEMERAL_DISKStotrue. Previously, they were ephemeral if they either set that configuration, or if they were using the httponly node role.Job-to-node assignment in Logscale has been reworked. Jobs that only needed to run on a subset of nodes in the cluster — such as the job for firing alert notifications or the job enforcing retention settings — would previously select which hosts were responsible for executing the job based on the segment storage table.
The selection is now based on consistent hashing, which means the job assignments should automatically follow the set of live nodes.
It is possible to observe where a given job is running based on logs found with the query
class=*JobAssignments*.Fixing minisegment downloads during queries, as they could cause download retries to fail spuriously, even if the download actually succeeded.
Linked to the correct SaaS eula for SaaS customers.
Timeout from publish to global topic in Kafka has been fixed, as it resulted in marking input segments for merge as broken temporarily.
Fixing minisegment fetches as they failed to complete properly during queries, if the number of minisegments involved was too large.