Falcon LogScale 1.80.0 GA (2023-03-07)
Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Config. Changes? |
---|---|---|---|---|---|---|---|
1.80.0 | GA | 2023-03-07 | Cloud | 2024-04-30 | No | 1.44.0 | No |
Bug fixes and updates.
Behavior Changes
Scripts or environment which make use of these tools should be checked and updated for the new configuration:
Ingestion
Ingested events would not be limited in size if the bulk of the data in the event was in fields other than @rawstring. This will now be enforced. Events that exceed the limit on event size at ingest are handled as follows:
@rawstring is truncated to the maximum allowed length, and all other fields are dropped from the event.
@timestamp becomes the ingest time.
@timezone becomes UTC.
(This is identical to the previous handling of oversized @rawstring).
Upgrades
Changes that may occur or be required during an upgrade.
Other
Kafka client has been upgraded to 3.4.0.
Kafka broker has been upgraded to 3.4.0 in the Kafka container.
The container upgrade is performed for security reasons to resolve CVE-2022-36944 issue, which Kafka should however not be affected by. If you wish to do a rolling upgrade of your Kafka containers, please always refer to Kafka upgrade guide.
New features and improvements
UI Changes
Whether one can create a new repository is now controlled by the
Create repository
permission in the UI.
Configuration
Removed
NEW_VHOST_SELECTION_ENABLED
as a configuration option. The option has beentrue
by default since 1.70; an opt-out is no longer needed.
Dashboards and Widgets
Changed the query editor when editing dashboard queries to be the same that is used on the Search page.
Log Collector
New Template feature added to the Fleet Management page, which allows you to:
upload a yaml file when creating a new configuration
export either the published or draft version of a configuration file.
For more information, see Fleet Management Overview.
Queries
Added backend support for organization level query monitor. The new
MonitorQueries
permission now allows viewing queries that are running within the organization.
Functions
Saved queries can now be used in subqueries, see Using Functions as Arguments to Other Functions.
Packages
Interactions installed from a package use the new repository where the package is installed.
Fixed in this release
UI Changes
A high CPU usage in the UI since LogScale 1.75 when the Time Zone Selector dropdown was displayed has now been fixed.
Configuration
Automatic generation and updating of the digest partitions table has been enabled, and manual editing is no longer supported. See Digest Rules for reference.
The table will be kept up to date based on the following node-level settings (see Starting a New LogScale Node):
ZONE defines a node's zone. The table we generate will attempt to distribute segments across as many zones as possible.
Nodes will appear in the table more often if they have many cores. Nodes with fewer cores will appear less often.
Nodes with a
NODE_ROLES
setting that excludes digest work will not appear in the table.
A cluster-level setting has also been introduced: setDigestReplicationFactor GraphQL mutation configures the replication factor to use for the table. This is also settable via the environment variable
DEFAULT_DIGEST_REPLICATION_FACTOR
.Automatic management of the digest partition table is now handled by the environment variable
DEFAULT_ALLOW_UPDATE_DESIRED_DIGESTERS
. We intend to remove the option to handle digest partitions manually in the future.
Dashboards and Widgets
Keyboard combinations cmd+Z/Ctrl+Z no longer deletes the query on dashboard widgets.
Functions
A performance issue in
collect()
when it collected many values has been fixed.Validation of
join()
and join-like functions in conditional expressions and subqueries not having positional information has been fixed.Fixed an issue where joins in
case
statements,match
statements, and subqueries would mark the entire query as erroneous.
Other
Some minisegments would be excluded from queries in cases where those minisegments had previously been merged, but the merge was reverted.
Minisegments would be removed too early from nodes which were querying them, causing queries to be missing some data.
Two hosts booted at around the same time would conflict on which vhost number to use, causing one of the hosts to crash.
Avoid caching warnings that some data segments could not be found on any servers. This prevents queries from displaying this warning spuriously.