Falcon LogScale 1.77.0 GA (2023-02-14)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

Config.

Changes?
1.77.0GA2023-02-14

Cloud

2024-04-30No1.44.0No

Bug fixes and updates.

Advance Warning

The following items are due to change in a future release.

  • Configuration

    • Starting from 1.78 release, the default value for the MAX_INGEST_REQUEST_SIZE configuration will be reduced from 1 GB to 32 MB.

      This value limits the size of ingest request and rejects oversized requests.

      If the request is compressed within HTTP, then this restricts the size after decompressing.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

  • Ingestion

    • It is no longer possible to list ingest tokens for system repositories.

New features and improvements

  • UI Changes

    • Filtering and group-by icons have been added to the Fields Panel and Inspection Panel detail views.

  • Documentation

  • Dashboards and Widgets

    • Hold ⇧ (Shift) to show unformatted values. Hold ⌥ (Alt on Windows or Option on Mac) to show full legend labels.

    • startTime, endTime, and parameter variables are now also available when working with Template Language expressions on the Search page.

  • Functions

  • Other

    • Ephemeral nodes are automatically removed from the cluster if they are offline for too long (2 hours by default).

    • Adding more Repositories & Views to a group is now done inside a dialog.

  • Packages

    • Repository interactions are now supported in Packages. When exporting a package with dashboard link interactions referencing a dashboard also included in the package, then that reference will be updated to reflect this in the resulting zip file.

Fixed in this release

  • Storage

    • Job-to-node assignment in Logscale has been reworked. Jobs that only needed to run on a subset of nodes in the cluster — such as the job for firing alert notifications or the job enforcing retention settings — would previously select which hosts were responsible for executing the job based on the segment storage table.

      The selection is now based on consistent hashing, which means the job assignments should automatically follow the set of live nodes.

      It is possible to observe where a given job is running based on logs found with the query class=*JobAssignments*.

    • Fixing minisegment fetches as they failed to complete properly during queries, if the number of minisegments involved was too large.

  • Configuration

    • Nodes are now considered ephemeral only if they set USING_EPHEMERAL_DISKS to true. Previously, they were ephemeral if they either set that configuration, or if they were using the httponly node role.

  • Dashboards and Widgets

    • When importing a dashboard from a template, some widget options (including LegendPosition) were being ignored and reverted to their default value.

    • The Table widget is able to display any search result, yet in the widget dropdown, it would often say "Incompatible". It now indicates compatibility. For event type results, the Event List visualisation will still be preferred and auto selected.

    • When using the Export as template functionality, the label field was missing in the exported YAML.

      For more information, see Dashboards & Widgets.

    • If you clone a widget and click Edit in Search View, you would be asked to discard your changes before editing, causing confusion. Now, Edit in Search View is not available until you save or discard using the buttons in the top bar.

      For more information, see Manage Widgets, Manage Widgets.

    • The Scatter Chart widget visualization would under some conditions claim to be compatible with any result that has 3 or more fields. Yet it would not display anything unless the actual data was numeric. The Scatter Chart visualization now properly detects compatibility and ignores any non-numeric fields in the query result.

  • Functions

    • The collect() function has been fixed in that its limit parameter was not being obeyed. This would lead to inconsistent results when there were more values to collect than what specified in the limit.

  • Other

    • Fixing minisegment downloads during queries, as they could cause download retries to fail spuriously, even if the download actually succeeded.

    • Linked to the correct SaaS eula for SaaS customers.

    • Timeout from publish to global topic in Kafka has been fixed, as it resulted in marking input segments for merge as broken temporarily.