Falcon LogScale 1.78.0 Preview (2023-02-21)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

JDK

Compatibility?

Req. Data

Migration

Config.

Changes?
1.78.0Preview2023-02-21

Cloud

On-Prem

2024-04-30No1.44.011NoNo

Bug fixes and updates.

Advanced Warning

The following items are due to change in a future release.

Improvements, new features and functionality

  • UI Changes

    • An explicit logout message now indicates that the user's session has been terminated.

    • The Time Zone Selector now shows the timezone as +00:00 instead of -00:00 when the offset is zero.

    • Clone items have all been replaced with Duplicate in the UI to be consistent with what they actually do.

  • Automation and Alerts

    • When updating or creating new Actions, any server errors will be displayed in a summary under the form. The server errors in the summary will now specify the form field title where the error occurred, to easily identify where the error is.

    • Removed the sidepanel when creating/editing an Alerts or Scheduled Searches.

  • Configuration

    • The default value of MAX_INGEST_REQUEST_SIZE has been reduced from 1024 MB to 32 MB. This limits the size of ingest requests and rejects oversized requests. If the request is compressed within HTTP, then this restricts the size after decompressing.

  • Functions

    • The array:filter() function is now generally available.

    • Introduced the new query function bitfield:extractFlags().

    • More time format modifiers are now supported in the format() function:

      • Full and abbreviated month, day-of-week names, and the century

      • Date/time composition format Day Mon DD HH:MM:SS Zone YYYY, e.g., Tue Jun 22 16:45:05 GMT+1 1993.

  • Other

    • "Sticky" autoshards no longer mean that the system cannot tune their value, but only that it cannot decrease the number of shards; the cluster is allowed to raise the number of shards on datasources when it needs to, also for those that were set as sticky using the REST API.

    • An enhancement has been made so that when the number of ingest partitions is increased, fresh partitions are assigned to all non-idle datasources based on the new set of partitions. Before this change only new datasources (new tag combinations) would be using the new partitions. The auto-balancing does not start if there are nodes in the cluster running versions prior to 1.78.0.

Bug Fixes

  • UI Changes

    • When exporting a dashboard, alert or scheduled search as a template, the labels' field was missing in the exported YAML.

      For more information, see Managing Alerts, Scheduled Searches, Dashboards & Widgets.

    • Double-clicking in the Event List would open the Inspection Panel instead of making a text selection. It now correctly selects the word being double-clicked.

  • Automation and Alerts

    • A typo has been fixed in message ActionWithIdNotFound.

  • GraphQL API

    • Pending deletes that would cause nodes to fail to start, reporting a NullPointerException, have been fixed.

  • Dashboards and Widgets

    • A newly added, unconfigured dashboard parameter could not be deleted again. This issue has been fixed.

  • Other

    • Ensure we keep hosts listed in the query partition table up to date as those hosts restart. This should prevent an issue where removing too many nodes from a cluster could prevent queries from running.

    • Prevent nodes configured not to run queries from starting queries locally in the case where the query request can't be proxied.

    • When making updates to the query partition table, only change partitions with dead nodes. This should allow queries to continue without requiring resubmit when a previously unknown node joins the cluster.

    • Fixed ingest-only nodes that would fail all requests to /dataspaces and /repositories.