Falcon LogScale 1.79.0 Preview (2023-02-28)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

JDK

Compatibility?

Req. Data

Migration

Config.

Changes?
1.79.0Preview2023-02-28

Cloud

On-Prem

2024-04-30No1.44.011NoNo

Bug fixes and updates.

Behavior Changes

Scripts or environment which make use of these tools should be checked and updated for the new configuration:

  • Configuration

    • The behavior of nodes using the ingestonly role has changed. Such nodes used not to write to global, and not register themselves in the cluster. They now do both.

      The old behavior can be restored by setting NEW_INGEST_ONLY_NODE_SEMANTICS=false. If you do this, please reach out to Support and outline your need, as this option will be removed in the near future.

Improvements, new features and functionality

  • Automation and Alerts

    • When creating or editing Alerts and Scheduled Searches, it is now possible to specify another user the alert or scheduled search should run as, via the new organization permission ChangeTriggersToRunAsOtherUsers.

      It is now checked that the user selected to run the alert or scheduled search has permissions to run it. Previously, that was first checked when trying to run the alert or scheduled search.

      The new feature checks whether the user, trying to create or edit an alert or schedule search, has permissions to change and run as another user. If the feature is enabled, you can select the user to run an alert or schedule search as, from a list of users.

      See Creating Alerts and Scheduled Search Run on Behalf of for more information.

  • Functions

    • Memory consumption of the format() function has been decreased.

    • Introduced a memory limit in collect() mapper phase. The collect() function now collects up to the value of the limit argument or 10 MiB worth of distinct values, whichever comes first.

Bug Fixes

  • Falcon Data Replicator

  • UI Changes

    • The Event Distribution Histogram wouldn't show properly after manipulation of the @timestamp field.

  • Dashboards and Widgets

    • Fixed dashboard links to the same dashboard, as they would not correctly update the parameters.

    • In visualizations using the timeChart() or bucket() functions, when no results were returned you would just see an empty page. Consistently with other visualizations, you will now see a no-result message displayed, such as No results in active time window or Search Completed. No results found — depending on whether Live mode is selected or not.