Below is a list of all of the Preview releases of Humio, in reverse order of their release — the latest at the top and the oldest at the bottom. If you want to see all of the Stable releases go to the Stable Releases page for a list of them. For a list of all releases, Preview and Stable, go to the All Releases page.
Remember, the way to distinguish between Preview and Stable releases is based on the secondary number for the release. If it’s an even number, it indicates it’s a stable release; if the secondary number is an odd number, it indicates it’s a preview of the stable release that will follow it. See the main Humio Releases page for a more detailed explanation of this numbering system.
Release Date: 2021-01-19
Minimum previous Humio version: 1.16.0
Requires data migrations: false
Has changes to configuration: false
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.19.1 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded to minimum 1.16.0 before trying to upgrade to 1.19.1. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer, rolling directly back to an earlier release can result in data loss.
Release Date: 2021-01-14
Minimum previous Humio version: 1.16.0
Requires data migrations: false
Has changes to configuration: true
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.19.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded at least to 1.16.0 before trying to upgrade to 1.19.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer. Rolling directly back to an earlier release can result in data loss.
This version introduces Humio packages - a way of bundling and sharing assets such as dashboards and parsers. You can create your own packages to keep your Humio assets in Git or create utility packages that can be installed in multiple repositories. All assets can be serialized to YAML files (like what has been possible for dashboards for a while). With tight integration with Humio’s CLI humioctl you can install packages from local disk, URL, or directly from a Github repository. Packages are still in beta, but we encourage you do start creating packages yourself, and sharing them with the community. At Humio we are also very interested in talking with package authors about getting your packages on our upcoming marketplace. Read more about packages on our package documentation.
With the introduction of Humio packages we have created the application Humio Insights. The application is a collection of dashboards and saved searches making it possible to monitor and observe a Humio cluster.
The new query editor has a much better integration with Humio’s query language. It will give you suggestions as you type, and gives you inline errors if you make a mistake. We will continue to improve the capabilities of the query editor to be aware of fields, saved queries, and other contextual information.
A new function called test()
has been added for convenience. What used to be done like:
tmp := <expression> | tmp=true
can now be done using:
test( <expression> )
.
Inside <expression>
field names appearing on the right hand side of an equality test, such as
field1==field2
compares the values of the two fields. When comparing using =
at top-level
field1=field2
compares the value of field1
against the string "field2"
. This distinction is
a cause of confusion for some users, and using test()
simplifies that.
We have made small changes to how Humio logs internally. We did this to better support the new Humio Insights Application. We have tried to keep the changes as small and compatible as possible, but we have made some changes that can break existing searches in the humio repository (or other repositories receiving Humio logs). We made these changes as we think they are important in order to improve things moving forward. One of the benefits is the new Humio Insights App Read more about the details here
QUERY_QUOTA_EXCEEDED_PENALTY
with value 50 by default. When set >= 1.0 then this throttles queries from users that are over their quota by this factor rather than stopping their queries. Set to 0 to disable and revert to stopping queries.Alert
type, the notifiers
field has been deprecated and will be removed in a later release. It has been replaced by the actions
field.ChangeAlertsAndNotifiers
on the Permission
enum has been deprecated and will be removed in a later release. It has been replaced by the ChangeTriggersAndActions
value.
The same is true for the ViewAction
enum.
On the ViewPermissionsType
type, the administerAlerts
field has been deprecated and will be removed in a later release. It has been replaced by the administerTriggersAndActions
field.json-for-notifier
parser used by the Humio Repository action (formerly notifier) is deprecated and will be removed in a later release. It has been replaced by an identical parser with the name json-for-action
, see docs.bro-json
parser is deprecated and will be removed in a later release. It has been replaced by an identical parser with the name zeek-json
, see docs.IP_FILTER_NOTIFIERS
has been renamed to IP_FILTER_ACTIONS
. The old name will continue to work.HTTP_PROXY_ALLOW_NOTIFIERS_NOT_USE
has been renamed to HTTP_PROXY_ALLOW_ACTIONS_NOT_USE
. The old name will continue to work.@tag.
so that #source
becomes @tag.source
. This is done to make them searchable in Humio. You can change the name by creating a custom parser. See docs for more details.test( <boolean expression> )
makes it convenient to test complex expressions./api/v1/ingest/raw
for ingesting singular webcalls as events. See docs.getFileContent
has been moved to a field on the SearchDomain type.id
field in place of a name
field, when fetching and updating parsers.NODE_ROLES=ingestonly
.unit
on timechart (and bucket) now works also when the function within uses nesting and anonymous pipielines.parseCEF()
now deals with extension fields with labels, i.e. cs1=Value cs1Label=Key
becomes cef.label.Key=Value
.asn
function for retrieving the ASN number for a given IP address, see docs.AUTO_UPDATE_MAXMIND
for enabling/disabling updating of all maxmind databases. Deprecates AUTO_UPDATE_IP_LOCATION_DB
, but old config will continue to work.MAXMIND_IP_LOCATION_EDITION_ID
for selecting the maxmind edition of the IP location database. Deprecates MAXMIND_EDITION_ID
, but old config will continue to work.hash
for computing hashes of fields. See docs.LOG4J_CONFIGURATION
environment variable to HUMIO_LOG4J_CONFIGURATION
. See Docs. The old variable will no longer work.WINDOW_ENABLED
and SERIES_ENABLED
to false
, respectively.IDLE_POLL_TIME_BEFORE_DASHBOARD_QUERY_IS_CANCELLED_MINUTES
. Queries on dashboards now have the same life cycle as other queries.TCP_INGEST_MAX_TIMEOUT_SECONDS
. See docs.
Release Date: 2020-11-18
Minimum previous Humio version: 1.16.0
Requires data migrations: false
Has changes to configuration: true
Beginning with version 1.17.0, if your current version of Humio is not directly able to upgrade to the new version, you will get an error if you attempt to start up the incompatible version. The 1.17.0 release is only compatible with Humio release 1.16.0 and newer. This means that you will have to ensure that you have upgraded to minimum 1.16.0 before trying to upgrade to 1.17.0. In case you need to do a rollback, this can also ONLY happen back to 1.16.0 or newer, rolling directly back to earlier release can result in data loss.
Humio can now run repeating queries using the beta:repeating()
function. These are live queries that are implemented by repeatedly making a query. This allows using functions in alerts and dashboards that typically do not work in live queries, such as selfJoin()
or selfJoinFilter()
. See the function docs for more information.
In order to prevent alert notifiers being used to probe services on the internal network (eg. Zookeeper or the AWS metadata service), Humio now has an IP filter on alert notifiers. The default is to block access to all link-local addresses and any addresses on the internal network; however, you can opt-in to the old behavior by setting the configuration option IP_FILTER_NOTIFIERS to allow all
. See IP Filter documentation.
A new experimental query function called series()
has been added. It needs to be explicitly enabled on the cluster
using the config option SERIES_ENABLED=true
.
series()
improves upon session()
and collect()
for grouping events into transactions.
What used to be done with:
groupby(id, function=session(function=collect([fields, ...])))
can now be done using:
groupby(id, function=series([fields, ..]))
.
See docs for more details.
This new feature stores a copy of live search results to the local disk in the server nodes, and reuses the relevant parts of that cached result when an identical live search is later started. Caching is controlled with the config option QUERY_CACHE_MIN_COST
, which has a default value of 1000. To disable caching, set the config option to a very high number, such as 9223372036854775807 (max long value).
IP_FILTER_NOTIFIERS
, to set up IP filters for Alert Notifications, see docs.ENABLE_ALERTS
makes it possible to disable alerts from running (enabled by default), see docs.ALERT_DESPITE_WARNINGS
makes it possible to trigger alerts even when warnings occur, see docs.DEFAULT_MAX_NUMBER_OF_GLOBALDATA_DUMPS_TO_KEEP
, see docs.parseJson
, removePrefixes
, see docs.concatArray
, see docs.parseCEF
used to parse events which are formatted according to the Common Event Format(CEF), see docs.beta:repeating()
, see docs.series()
, enabled by config option SERIES_ENABLED=true
, see docs.window()
, enabled by config option WINDOW_ENABLED=true
, see docs.{events_html}
notifier template will now respect the field order from the query, see docs.join
expressions.join
function in some circumstances would fetch subquery results from other cluster nodes more than once.KAFKA_MANAGED_BY_HUMIO
was true.unit:convert
couldn’t handle numbers in scientific notation.
Release Date: 2020-09-29
Minimum previous Humio version: 1.12.0
Requires data migrations: false
Has changes to configuration: false
join()
.
Release Date: 2020-09-22
Minimum previous Humio version: 1.12.0
Requires data migrations: false
Has changes to configuration: false
@ingesttimestamp
.
Release Date: 2020-09-15
Minimum previous Humio version: 1.12.0
Requires data migrations: true
Has changes to configuration: true
Humio will set ingest timestamps on all events. This is set in the field named @ingesttimestamp
. In later versions, Humio will also support specifying the search time interval using @ingesttimestamp
when searching. This will support use cases where data is backfilled etc.
It is now possible to make an alert throttle based on a field, so that new values for the field trigger the alert, but already seen values do not until the throttle period has elapsed. See docs.
It is now possible to configure an alert notifier that will log all events to a Humio repository. See docs.
It is now possible to use the Slack notifier to notify multiple slack channels at once. See docs.
In an email notifier, it is now possible to format the events as an HTML table using the new message template {events_html}
. See docs.
It is now possible to configure an alert notifier to not use the HTTP proxy configured in Humio. See docs.
We introduce new signup/login pages for social login and have split the behavior so users have to explicitly either login or signup.
When adding a user to Humio they will now by default get an email telling them that they have been invited to use Humio. See docs.
The AWS SDK Humio uses has been upgraded to v2. When configuring Humio bucket storage with Java system properties, the access key must now be in the aws.secretAccessKey
property instead of the aws.secretKey
property.
It is now possible to configure Humio to not use the globally configured HTTP proxy for communcation with S3. See docs.
When changing digest and storage partitions it is now possible to get auto-balanced suggestions based on node zone and replication factor settings (via ZONE
, DIGEST_REPLICATION_FACTOR
, STORAGE_REPLICATION_FACTOR
configurations). See docs.
@ingesttimestamp
on all events.aws.secretAccessKey
instead of aws.secretKey
.{events_html}
formatting events as an HTML table. See docs.ZONE
, DIGEST_REPLICATION_FACTOR
, STORAGE_REPLICATION_FACTOR
in configuration. See docs.
Release Date: 2020-08-12
Minimum previous Humio version: 1.12.0
Requires data migrations: false
Has changes to configuration: true
Release Date: 2020-08-05
Minimum previous Humio version: 1.12.0
Requires data migrations: false
Has changes to configuration: true
Release Date: 2020-08-04
Minimum previous Humio version: 1.12.0
Requires data migrations: false
Has changes to configuration: true
Release Date: 2020-08-03
Minimum previous Humio version: 1.12.0
Requires data migrations: false
Has changes to configuration: true
Release Date: 2020-07-03
Minimum previous Humio version: 1.12.0
Requires data migrations: false
Has changes to configuration: false
Release Date: 2020-06-24
Minimum previous Humio version: 1.12.0
Requires data migrations: true
Has changes to configuration: true
Free text search now searches all fields rather than only @rawstring.
Humio can now balance and reuse existing queries internally in the cluster. Load balancer configuration to achieve this is no longer needed. See Humio Configuration and Reverse proxy configuration.
TLS Encrypt communication using TLS to/from Zookeeper, Kafka, and other Humio nodes.
The database used as data source for the ipLocation() query function must be updated within 30 days when a new version of the database is made public by MaxMind. To comply with this, the databased is no longer shipped as part of the humio artifacts but will either:
If the database cannot be automatically updated and no database is provided manually, the ipLocation() query function will no longer work.
Due to the load balancing in Humio, customers that previously relied on load balancing to control which nodes are query coordinators now need to set QUERY_COORDINATOR to false on nodes they do not want to become query coordinators. See Humio Configuration and Reverse proxy configuration.
ChangeViewOrRepositoryDescription
permission for editing the description of a view or repository. This was previously tied to ConnectView
and any user with that permission will now have the new permission as well.
Release Date: 2020-05-28
Minimum previous Humio version: 1.10.0
Requires data migrations: false
Has changes to configuration: false
This can however cause problems when using Fluent Bit to ingest data into Humio.
Fluent Bit in default configuration uses a small buffer (4KB) for responses from the Elastic Bulk API, which causes problems when enough operations are bulked together. The response will then be larger than the response buffer as it contains the status for each individual operation. Make sure the response buffer is large enough, otherwise Fluent Bit will stop shipping data. See: https://github.com/fluent/fluent-bit/issues/2156 and https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch
Release Date: 2020-05-19
Minimum previous Humio version: 1.10.0
Requires data migrations: true
Has changes to configuration: true
selfJoin query function allows selecting log lines that share an identifier; for which there exists (separate) log lines that match a certain filtering criteria; such as “all log lines with a given userid for which there exists a successful and an unsuccessful login”.
findTimestamp query function will try to find and parse timestamps in incoming data. The function should be used in parsers and support automatic detection of timestamps. It can be used instead of making regular expressions specifying where to find the timestamp and parsing it with parseTimestamp. Checkout the documentation for details.
As an alternative to downloading streaming queries directly, Humio can now upload them to an S3 or GCS bucket from which the user can download the data. See docs
If there are issues with the identity provider that Humio is configured to use, it might not be possible to log in to Humio. To mitigate this, Humio now provides emergency users that can be created locally within the Humio cluster. See docs
Release Date: 2020-04-22
Minimum previous Humio version: 1.8.5
Requires data migrations: false
Has changes to configuration: false
A few security vulnerabilities have been discovered as part of a proactive penetration test. None are known to have been exploited. More information will be forthcoming.
This release improves the handling of missing data points in time charts. Previously you could either interpolate missing data points based on the surrounding data, or leave gaps in the charts. With the introduction of the new charts in 1.9.0 the gaps became more apparent than previously, and we have added new options to deal with missing data points. These replace the previous option “Allow Gaps”, with four new options:
The release also introduces new options for line interpolation.
The latter three are impacted by the ‘tension’ setting in the timechart Style editor.
global-snapshot.json
file is missing, then try loading the “.1” backup copy.query
metric only measured time for streaming queries, now it includes non-streaming as well.
Release Date: 2020-03-25
Minimum previous Humio version: 1.8.5
Requires data migrations: false
Has changes to configuration: false
Release Date: 2020-03-23
Minimum previous Humio version: 1.8.5
Requires data migrations: false
Has changes to configuration: false
Release Date: 2020-03-12
Minimum previous Humio version: 1.8.5
Requires data migrations: true
Has changes to configuration: true
Role Based Access Control (RBAC) through the UI is now the only permission model in Humio. Please see the Authorization documentation for more information.
# Do not start the new admin server. Default port 8080 conflicts with Humio port.admin.enableServer=false
# purge old snapshot files autopurge.purgeInterval=1
# Allow 4 letter commands. Used by Humio to get info about the Zookeeper cluster 4lw.commands.whitelist=*
caseSensitive
option added to the parseTimestamp
query function.join
can now be with ‘used export to file’ and the /query
HTTP endpoint.selectLast
function, which is like select
but aggregate.groupby
, and for groupby’s involving many distinct keys.The overall health of a Humio system is determined by a set of individual health checks. For more information about individual checks see the Health Check page and the Health Check API page.
Humio’s NetFlow support has been extended to also support IPFIX. See Humio’s docs for IPFIX.
This version replaces our chart library with Vega. The goal is to create a better, customizable, and more interactive charting experience in Humio. This first iteration is largely just a feature replacement for the existing functionality, with a few exceptions
Each chart type now supports assigning colors to specific series. This will allow you to, for instance, assign red to errors and green to non-errors.
You can find the series configuration controls in the Style tab of the Search page.
Now, you can click Edit Styling in the widget’s menu and modify styling directly from the dashboard view.
To prevent the charts from getting cluttered, you can adjust the maximum number of series that should be shown in the chart. Any series that are not part of the top-most series will be summed together and added to a new series called Other.
Linear interpolation is now the default, and we have added a new type of interpolation: Basis.
You can now style your bar charts to control things like label position and colors.
You can now style your pie charts, and they will default to having a center radius (actually making them donuts!).
Since charts are such a central feature, we allow disabling the new implementation of widgets if you are experiencing issues with them. You can disable Vega charts globally using the ENABLE_VEGA_CHARTS=false
flag.
Release Date: 2020-01-27
Minimum previous Humio version: 1.6.10
Requires data migrations: false
Has changes to configuration: false
join
now accepts absolute timestamps in millis in start and end parameters.
Release Date: 2020-01-17
Minimum previous Humio version: 1.6.10
Requires data migrations: false
Has changes to configuration: false
LOG4J_CONFIGURATION
configuration now allows the built-in: log4j2-stdout-json.xml
to get the log in NDJSON format, one line for each event on stdout.top()
function allows limit up to 20,000 by default now. Used to be 1,000.
Release Date: 2020-01-16
Minimum previous Humio version: 1.6.10
Requires data migrations: false
Has changes to configuration: false
LIVEQUERY_STALE_CANCEL_TRIGGER_DELAY_MS
and LIVEQUERY_STALE_CANCEL_COST_PERCENTAGE
controls discard of live queries that have not been polled by a client for a while when the system experiences digest latency of more than the delay.LIVEQUERY_CANCEL_TRIGGER_DELAY_MS
and LIVEQUERY_CANCEL_COST_PERCENTAGE
controls cancelling of live queries that have been consuming the most cost for the previous 30s when the system experiences digest latency of more than the delay. New metrics: livequeries-canceled-due-to-digest-delay
, livequeries-rate-canceled-due-to-digest-delay
and livequeries-rate
USING_EPHEMERAL_DISKS
allows running a cluster on disks that may be lost when the system restarts by assuming that only copies in Bucket Storage and the events in Kafka are preserved across restarts. If the filesystem remains during restart this is also okay in this mode and more efficient then fetching the files from the bucket.LOG4J_CONFIGURATION
allows a custom log4j file. Or set to one of the built-in: log4j2-stdout.xml
to get the log in plain text dumped on stdout, or log4j2-stdout-json.xml
to get the log in NDJSON format, one line for each event on stdout.java -cp humio.jar com.humio.main.DecryptAESBucketStorageFile <secret string> <encrypted file> <decrypted file>
. Allows decrypting a file that was uploaded using bucket storage outside the system.Top(x, sum=y)
now also support non-integer values of y (even though the internal state is still an integer value)#repo=*
never matched but should always match.lookup
and match
functions in the bucket and restore from there when needed.
Release Date: 2020-01-06
Minimum previous Humio version: 1.6.10
Requires data migrations: false
Has changes to configuration: true
auto
as argument to the span
parameter in bucket
and timechart
. This makes it easier to set span from a macro argument.POSTMARK_FROM
configuration parameter.
Release Date: 2019-12-17
Minimum previous Humio version: 1.6.10
Requires data migrations: false
Has changes to configuration: true
Humio now supports joins in the query language; the functionality is largely similar to what could previously be done by running a query, exporting it as a .csv
, uploading said .csv
file, and then using the match()
function to filter/amend a query result. See docs.
Humio now supports storing segment files on Amazon S3 (and Google cloud storage) and compatible services to allow keeping more segment files than the local disks have room for and managing the local disk as a cache of these files. See docs.
Stable release will have an even Minor
version. If Minor
is an odd number (like in this release), it is a preview release. Critical fixes will be back ported to the most recent stable release. More details can be found here.
To make it easier to integrate with external systems Humio dashboards, can now be passed URL parameters to set the dashboard’s global time interval. By passing query parameters ?time=<unix ms timestamp>&window=5m
the dashboard will be opened with a 10m time window (5m before and after the the origin specified by time
). The feature is not available for shared dashboards - since they do not support changing time intervals.
You can now also disable shared dashboards completely using the SHARED_DASHBOARDS_ENABLED=false configuration setting.
See the changelog for a more complete list of changes.
time=
and window=
in the URL.json:prettyPrint()
xml:prettyPrint()
callFunction
, allows you to call a humio function by name. This is useful if you for instance want a dashboard where you can control what statistics your widgets show based on a parameter, e.g. timechart(function=callFunction(?statistic, field=response_time))
top
has a new max=field
argument, that can be used to make it work as a more efficient alias a groupby/sort combination, like top(field, max=value, limit=5)
is equivalent (and much faster than) groupby(field, function=max(value)) | sort(limit=5)
.percentile
function has been updated to be more precise (and faster).SHARED_DASHBOARDS_ENABLED
configuration setting which allows disabling access to the shared dashboards feature - if e.g. your organization has strict security policies.