Falcon LogScale 1.80.0 Preview (2023-03-07)
|Version||Type||Release Date||Availability||End of Support||Security Updates||Upgrades From||JDK Compatibility||Req. Data Migration||Config. Changes|
Bug fixes and updates.
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Ingested events would not be limited in size if the bulk of the data in the event was in fields other than @rawstring. This will now be enforced. Events that exceed the limit on event size at ingest are handled as follows:
(This is identical to the previous handling of oversized @rawstring).
Changes that may occur or be required during an upgrade.
Upgrade Kafka client to 3.4.0.
Upgrade Kafka broker to 3.4.0 in the Kafka container.
The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.
Improvements, new features and functionality
Whether one can create a new repository is now controlled by the
Create repositorypermission in the UI.
NEW_VHOST_SELECTION_ENABLEDas a configuration option. The option has been
trueby default since 1.70; an opt-out is no longer needed.
Dashboards and Widgets
Changed the query editor when editing dashboard queries to be the same that is used on the Search page.
New Template feature added to the Fleet Management page, which allows you to:
upload a yaml file when creating a new configuration
export either the published or draft version of a configuration file.
For more information, see LogScale Collector Fleet Management Overview.
Saved queries can now be used in subqueries, see Using Functions as Arguments to Other Functions.
Added backend support for organization level query monitor. The new
MonitorQueriespermission now allows viewing queries that are running within the organization.
Interactions installed from a package use the new repository where the package is installed.
A high CPU usage in the UI since LogScale 1.75 when the Time Zone Selector dropdown was displayed has now been fixed.
Automatic generation and updating of the digest partitions table has been enabled, and manual editing is no longer supported. See Digest Rules for reference.
The table will be kept up to date based on the following node-level settings (see Assigning Digest Work to Node):
ZONE defines a node's zone. The table we generate will attempt to distribute segments across as many zones as possible.
Nodes will appear in the table more often if they have many cores. Nodes with fewer cores will appear less often.
Nodes with a
NODE_ROLESsetting that excludes digest work will not appear in the table.
A cluster-level setting has also been introduced: setDigestReplicationFactor GraphQL mutation configures the replication factor to use for the table. This is also settable via the environment variable
Automatic management of the digest partition table is now handled by the environment variable
DEFAULT_ALLOW_UPDATE_DESIRED_DIGESTERS. We intend to remove the option to handle digest partitions manually in the future.
Dashboards and Widgets
Keyboard combinations cmd+Z/Ctrl+Z no longer deletes the query on dashboard widgets.
A performance issue in
collect()when it collected many values has been fixed.
join()and join-like functions in conditional expressions and subqueries not having positional information has been fixed.
Fixed an issue where joins in
matchstatements, and subqueries would mark the entire query as erroneous.
Avoid caching warnings that some data segments could not be found on any servers. This prevents queries from displaying this warning spuriously.
Minisegments would be removed too early from nodes which were querying them, causing queries to be missing some data.
Some minisegments would be excluded from queries in cases where those minisegments had previously been merged, but the merge was reverted.
Two hosts booted at around the same time would conflict on which vhost number to use, causing one of the hosts to crash.