Falcon LogScale 1.79.0 Preview (2023-02-28)
|End of Support
|Req. Data Migration
Bug fixes and updates.
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
The behavior of nodes using the
ingestonlyrole has changed. Such nodes used not to write to global, and not register themselves in the cluster. They now do both.
The old behavior can be restored by setting
NEW_INGEST_ONLY_NODE_SEMANTICS=false. If you do this, please reach out to Support and outline your need, as this option will be removed in the near future.
Improvements, new features and functionality
Automation and Alerts
When creating or editing Alerts and Scheduled Searches, it is now possible to specify another user the alert or scheduled search should run as, via the new organization permission
It is now checked that the user selected to run the alert or scheduled search has permissions to run it. Previously, that was first checked when trying to run the alert or scheduled search.
The new feature checks whether the user, trying to create or edit an alert or schedule search, has permissions to change and run as another user. If the feature is enabled, you can select the user to run an alert or schedule search as, from a list of users.
Falcon Data Replicator
The Event Distribution Histogram wouldn't show properly after manipulation of the @timestamp field.
Dashboards and Widgets
In visualizations using the
bucket()functions, when no results were returned you would just see an empty page. Consistently with other visualizations, you will now see a no-result message displayed, such as No results in active time window or Search Completed. No results found — depending on whether Live mode is selected or not.
Fixed dashboard links to the same dashboard, as they would not correctly update the parameters.