VictoriaLogs changelog

The following tip changes can be tested by building VictoriaLogs from the latest commit of VictoriaMetrics repository according to these docs

tip #

v0.28.0 #

Released at 2024-07-10

FEATURE: web UI: show a spinner on top of bar chart until user’s request is finished. See this issue.
FEATURE: web UI: use compact representation of JSON lines at JSON tab if only a single log field is queried. See this feature request.
FEATURE: web UI: properly show the number of matching logs on the selected time range at bar chart for queries with arbitrary pipes, including stats pipe and top pipe.

v0.27.1 #

Released at 2024-07-05

BUGFIX: properly JSON-encode strings with special chars in HTTP querying API responses. This fixes the error decode response: invalid character 'x' in string escape code error in VictoriaLogs datasource for Grafana. See this issue. The issue has been introduced in the release v0.9.0.

v0.27.0 #

Released at 2024-07-02

FEATURE: add -syslog.useLocalTimestamp.tcp and -syslog.useLocalTimestamp.udp command-line flags, which could be used for using the local timestamp as _time field for the logs ingested via the corresponding -syslog.listenAddr.tcp / -syslog.listenAddr.udp. By default the timestap from the syslog message is used as _time field. See these docs.
BUGFIX: make slowly ingested logs visible for search as soon as they are ingested into VictoriaLogs. Previously slowly ingested logs could remain invisible for search for long time.

v0.26.1 #

Released at 2024-07-01

BUGFIX: return the proper surrounding logs for stream_context pipe when additional pipes are put after the stream_context pipe. This has been broken in v0.26.0.

v0.26.0 #

Released at 2024-07-01

FEATURE: add ability to return log position (aka rank) after sorting logs with sort pipe. This can be done by adding rank as <fieldName> to the end of | sort ... pipe. For example, _time:5m | sort by (_time) rank as position instructs storing position of every sorted log line into position field name.
FEATURE: add delimiter log with --- message between log chunks returned by stream_context pipe. This should simplify investigation of the returned logs.
FEATURE: reduce memory usage when big number of context logs are requested from stream_context pipe.

v0.25.0 #

Released at 2024-06-28

FEATURE: add ability to select surrounding logs in front and after the selected logs via stream_context pipe. This functionality may be useful for investigating stacktraces, panics or some correlated log messages. This functionality is similar to grep -A and grep -B.
FEATURE: add ability to return top N "fields" groups from /select/logsql/hits HTTP endpoint, by specifying fields_limit=N query arg. This query arg is going to be used in this feature request.
BUGFIX: fix runtime error: index out of range [0] with length 0 panic when empty lines are ingested via Syslog format by Cisco controllers. See this issue.

v0.24.0 #

Released at 2024-06-27

FEATURE: add /select/logsql/tail HTTP endpoint, which can be used for live tailing of LogsQL query results. See these docs for details.
FEATURE: add /select/logsql/stream_ids HTTP endpoint, which can be used for returning _stream_id values with the number of hits for the given LogsQL query. See these docs for details.
FEATURE: add -retention.maxDiskSpaceUsageBytes command-line flag, which allows limiting disk space usage for VictoriaLogs data by automatic dropping the oldest per-day partitions if the storage disk space usage becomes bigger than the -retention.maxDiskSpaceUsageBytes. See these docs.
BUGFIX: properly take into account query timeout specified via -search.maxQueryDuration command-line flag and/or via timeout query arg. Previously these timeouts could be ignored during query execution.
BUGFIX: web UI: fix the update of the relative time range when Execute Query is clicked. See this issue.

v0.23.0 #

Released at 2024-06-25

FEATURE: syslog data ingestion: parse STRUCTURED-DATA into SD-ID.field1=value1, SD-ID.field2=value2, …, SD-ID.fieldN=valueN log fields. Previously the STRUCTURED-DATA was parsed into a single log field with the SD-ID name and field1=value1 field2=value2 ... fieldN=valueN value. This could complicate querying of such data.
BUGFIX: properly parse timestamps with timezones during data ingestion and querying. This has been broken in v0.20.0. See this issue.

v0.22.0 #

Released at 2024-06-24

FEATURE: allow specifying multiple _stream_id values in _stream_id filter via _stream_id:in(id1, ..., idN) syntax.
FEATURE: allow specifying subquery for searching for _stream_id values inside _stream_id filter. For example, _stream_id:in(_time:5m error | fields _stream_id) returns logs for logs streams with the error word across logs for the last 5 minutes.

v0.21.0 #

Released at 2024-06-20

FEATURE: web UI: add a bar chart displaying the number of log entries over a time range. See this issue.
FEATURE: expose _stream_id field, which uniquely identifies log streams. This field can be used for quick obtaining of all the logs belonging to a particular stream via _stream_id filter.

v0.20.2 #

Released at 2024-06-18

BUGFIX: properly parse timestamps with nanosecond precision for logs ingested via jsonline format. The bug has been introduced in v0.20.0 release.

v0.20.1 #

Released at 2024-06-18

FEATURE: allow configuring multiple receivers with distinct configs for syslog messages. See these docs.
BUGFIX: properly read syslog messages over TCP and TLS connections according to RFC5425 when data ingestion for syslog protocol is enabled.

v0.20.0 #

Released at 2024-06-17

FEATURE: add ability to accept logs in Syslog format. See these docs.
FEATURE: add ability to specify timezone offset when parsing rfc3164 syslog messages with unpack_syslog pipe.
FEATURE: add top pipe for returning top N sets of the given fields with the maximum number of matching log entries.

v0.19.0 #

Released at 2024-06-11

FEATURE: do not allow starting the filter with pipe names and stats function names. This prevents from unexpected results returned by incorrect queries, which miss mandatory filter.
FEATURE: treat unexpected syslog message as RFC3164 containing only the message field when using unpack_syslog pipe.
FEATURE: allow using where prefix instead of filter prefix in filter pipe.
FEATURE: disallow unescaped ! char in LogsQL queries, since it permits writing incorrect query, which may look like correct one. For example, foo!:bar instead of foo:!bar.
FEATURE: web UI: add markdown support to the Group view. See this pull request.
BUGFIX: return back the improved performance for queries with * filters (aka SELECT *). This has been broken in v0.16.0.

v0.18.0 #

Released at 2024-06-06

FEATURE: web UI: improve displaying of logs. See this pull request and the following issues: 6408, 6405, 6406 and 6407.
FEATURE: add support for day range filter and week range filter. These filters allow selecting logs on a particular time range per every day or on a particular day of the week.
FEATURE: allow using eval instead of math keyword in math pipe.

v0.17.0 #

Released at 2024-06-05

FEATURE: add pack_logfmt pipe for formatting log fields into logfmt messages.
FEATURE: allow using IPv4 addresses in range comparison filters. For example, ip:>'12.34.56.78' is valid filter now.
FEATURE: add ceil() and floor() functions to math pipe.
FEATURE: add support for bitwise and, or and xor operations at math pipe.
FEATURE: add support for automatic conversion of RFC3339 time and IPv4 addresses into numeric representation at math pipe.
FEATURE: add ability to format numeric fields into string representation of time, duration and IPv4 with format pipe.
FEATURE: set format field to rfc3164 or rfc5424 depending on the Syslog format parsed via unpack_syslog pipe.
BUGFIX: always respect the limit set in limit pipe. Previously the limit could be exceeded in some cases.

v0.16.0 #

Released at 2024-06-04

FEATURE: add unpack_syslog pipe for unpacking syslog messages from log fields.
FEATURE: parse timestamps in _time filter with nanosecond precision.
FEATURE: return the last N matching logs from /select/logsql/query HTTP API with the maximum timestamps if limit=N query arg is passed to it. Previously a random subset of matching logs could be returned, which could complicate investigation of the returned logs.
FEATURE: add drop_empty_fields pipe for dropping log fields with empty values.

v0.15.0 #

Released at 2024-05-30

FEATURE: add row_any function for stats pipe. This function returns a sample log entry per every calculated group of results.
FEATURE: add default operator to math pipe. It allows overriding NaN results with the given default value.
FEATURE: add exp() and ln() functions to math pipe.
FEATURE: allow omitting result name in math pipe expresions. In this case the result name is automatically set to string representation of the corresponding math expression. For example, _time:5m | math duration / 1000 is equivalent to _time:5m | math (duration / 1000) as "duration / 1000".
FEATURE: allow omitting result name in stats pipe. In this case the result name is automatically set to string representation of the corresponding stats function expression. For example, _time:5m | count(*) is valid LogsQL query now. It is equivalent to _time:5m | stats count(*) as "count(*)".
BUGFIX: properly calculate the number of matching rows in * | field_values x | stats count() rows and in * | unroll (x) | stats count() rows queries.

v0.14.0 #

Released at 2024-05-29

FEATURE: allow specifying fields, which must be packed into JSON in pack_json pipe via pack_json fields (field1, ..., fieldN) syntax.
BUGFIX: properly apply if (...) filters to calculated results in stats pipe when grouping by fields is enabled. For example, _time:5m | stats by (host) count() logs, count() if (error) errors now properly calculates per-host errors.

v0.13.0 #

Released at 2024-05-28

FEATURE: add extract_regexp pipe for extracting arbitrary substrings from log fields with RE2 regular expressions.
FEATURE: add math pipe for mathematical calculations over log fields.
FEATURE: add field_values pipe, which returns unique values for the given log field.
FEATURE: allow omitting stats prefix in stats pipe. For example, _time:5m | count() rows is a valid query now. It is equivalent to _time:5m | stats count() as rows.
FEATURE: allow omitting filter prefix in filter pipe if the filter doesn’t clash with pipe names. For example, _time:5m | stats by (host) count() rows | rows:>1000 is a valid query now. It is equivalent to _time:5m | stats by (host) count() rows | filter rows:>1000.
FEATURE: allow head pipe without number. For example, error | head. In this case 10 first values are returned as head Unix command does by default.
FEATURE: allow using comparison filters with strings. For example, some_text_field:>="foo" matches log entries with some_text_field field values bigger or equal to foo.

v0.12.1 #

Released at 2024-05-26

FEATURE: add support for comments in multi-line LogsQL queries. See these docs.
BUGFIX: properly apply in(...) filter inside if (...) conditions at various pipes. This bug has been introduced in v0.12.0.

v0.12.0 #

Released at 2024-05-26

FEATURE: add pack_json pipe, which packs all the log fields into a JSON object and stores it into the given field.
FEATURE: add unroll pipe, which can be used for unrolling JSON arrays stored in log fields.
FEATURE: add replace_regexp pipe, which allows updating log fields with regular expressions.
FEATURE: improve performance for format and extract pipes.
FEATURE: improve performance for /select/logsql/field_names HTTP API.
BUGFIX: prevent from panic in sort pipe when VictoriaLogs runs on a system with one CPU core.
BUGFIX: do not return referenced fields if they weren’t present in the original logs. For example, _time:5m | format if (non_existing_field:"") "abc" could return empty non_exiting_field, while it shouldn’t be returned because it is missing in the original logs.
BUGFIX: properly initialize values for in(...) filter inside filter pipe if the in(...) contains other filters. For example, _time:5m | filter ip:in(user_type:admin | fields ip) now works correctly.

v0.11.0 #

Released at 2024-05-25

FEATURE: add replace pipe, which allows replacing substrings in log fields.
FEATURE: support comparing log field values with special numeric values. For example, duration:>1.5s and response_size:<15KiB are valid filters now.
FEATURE: properly sort durations and short numeric values in sort pipe. For example, 10s goes in front of 1h, while 10KB goes in front of 1GB.
FEATURE: add an ability to preserve the original non-empty field values when executing extract, unpack_json, unpack_logfmt and format pipes.
FEATURE: add an ability to preserve the original field values if the corresponding unpacked values are empty when executing extract, unpack_json, unpack_logfmt and format pipes.

v0.10.0 #

Released at 2024-05-24

FEATURE: return the number of matching log entries per returned value in HTTP API results. This simplifies detecting field / stream values with the biggest number of logs for the given LogsQL query.
FEATURE: improve performance for regexp filter in the following cases:
- If the regexp contains just a phrase without special regular expression chars. For example, ~"foo".
- If the regexp starts with .* or ends with .*. For example, ~".*foo.*".
- If the regexp contains multiple strings delimited by |. For example, ~"foo|bar|baz".
- If the regexp contains multiple words. For example, ~"foo bar baz".
FEATURE: allow disabling automatic unquoting of the matched placeholders in extract pipe. See these docs.
BUGFIX: properly parse ! in front of exact filter, exact-prefix filter and regexp filter. For example, !~"some regexp" is properly parsed as not ="some regexp". Previously it was incorrectly parsed as '~="some regexp"' phrase filter.
BUGFIX: properly sort results by _time field when limit pipe is applied. For example, _time:5m | sort by (_time) desc | limit 10 properly works now.

v0.9.1 #

Released at 2024-05-22

BUGFIX: web UI: fix loading web UI, which has been broken in v0.9.0.

v0.9.0 #

Released at 2024-05-22

FEATURE: allow using ~"some_regexp" regexp filter instead of re("some_regexp").
FEATURE: allow using ="some phrase" exact filter instead of exact("some phrase").
FEATURE: allow using ="some prefix"* exact prefix filter instead of exact("some prefix"*).
FEATURE: add ability to generate output fields according to the provided format string. See these docs.
FEATURE: add ability to extract fields with extract pipe only if the given condition is met. See these docs.
FEATURE: add ability to unpack JSON fields with unpack_json pipe only if the given condition is met. See these docs.
FEATURE: add ability to unpack logfmt fields with unpack_logfmt pipe only if the given condition is met. See these docs.
FEATURE: add row_min and row_max functions for stats pipe, which allow returning all the log fields for the log entry with the minimum / maximum value at the given field.
FEATURE: add /select/logsql/streams HTTP endpoint for returning streams from results of the given query. See these docs for details.
FEATURE: add /select/logsql/stream_field_names HTTP endpoint for returning stream field names from results of the given query. See these docs for details.
FEATURE: add /select/logsql/stream_field_values HTTP endpoint for returning stream field values for the given label from results of the given query. See these docs for details.
FEATURE: web UI: change time range limitation from _time in the expression to start and end query args.
BUGFIX: fix invalid memory address or nil pointer dereference panic when using extract, unpack_json or unpack_logfmt pipes. See this issue.
BUGFIX: web UI: fix an issue where logs with long _msg values might not display. See this issue.
BUGFIX: properly handle time range boundaries with millisecond precision. See this issue.

v0.8.0 #

Released at 2024-05-20

FEATURE: add ability to extract JSON fields from log fields. See these docs.
FEATURE: add ability to extract logfmt fields from log fields. See these docs.
FEATURE: add ability to extract arbitrary text from log fields into the output fields. See these docs.
FEATURE: add ability to put arbitrary queries inside in() filter.
FEATURE: add support for post-filtering of query results with filter pipe.
FEATURE: allow applying individual filters per each stats function. See these docs.
FEATURE: allow passing string values to min and max functions. Previously only numeric values could be passed to them.
FEATURE: speed up sort ... limit N pipe for typical cases.
FEATURE: allow using more convenient syntax for range filters if upper or lower bound isn’t needed. For example, it is possible to write response_size:>=10KiB instead of response_size:range[10KiB, inf), or temperature:<42 instead of temperature:range(-inf, 42).
FEATURE: add /select/logsql/hits HTTP endpoint for returning the number of matching logs per the given time bucket over the selected time range. See these docs for details.
FEATURE: add /select/logsql/field_names HTTP endpoint for returning field names from results of the given query. See these docs for details.
FEATURE: add /select/logsql/field_values HTTP endpoint for returning unique values for the given field obtained from results of the given query. See these docs for details.
BUGFIX: properly take into account offset at sort pipe when it already has limit. For example, _time:5m | sort by (foo) offset 20 limit 10.

v0.7.0 #

Released at 2024-05-15

FEATURE: add support for optional start and end query args to HTTP querying API, which can be used for limiting the time range for LogsQL query.
FEATURE: add ability to return the first N results from sort pipe. This is useful when N biggest or N smallest values must be returned from large amounts of logs.
FEATURE: add quantile and median stats functions.

v0.6.1 #

Released at 2024-05-14

FEATURE: use natural sort order when sorting logs via sort pipe.
BUGFIX: properly return matching logs in streams with small number of entries. Previously they could be skipped. The issue has been introduced in the release v0.6.0.
BUGFIX: fix runtime error: index out of range panic when using sort pipe like _time:1h | sort by (_time). See this issue.

v0.6.0 #

Released at 2024-05-12

FEATURE: return all the log fields by default in query results. Previously only _stream, _time and _msg fields were returned by default.
FEATURE: add support for returning only the requested log fields. See these docs.
FEATURE: add support for calculating various stats over log fields. Grouping by arbitrary set of log fields is supported. See these docs for details.
FEATURE: add support for sorting the returned results. See these docs.
FEATURE: add support for returning unique results. See these docs.
FEATURE: add support for limiting the number of returned results. See these docs.
FEATURE: add support for copying and renaming the selected log fields. See these and these docs.
FEATURE: allow using _ inside numbers. For example, score:range[1_000, 5_000_000] for range filter.
FEATURE: allow numbers in hexadecimal and binary form. For example, response_size:range[0xff, 0b10001101101] for range filter.
FEATURE: allow using duration and byte size suffixes in numeric values inside LogsQL queries. See these docs.
FEATURE: improve data ingestion performance by up to 50%.
FEATURE: optimize performance for LogsQL query, which contains multiple filters for words or phrases delimited with AND operator. For example, foo AND bar query must find log messages with foo and bar words at faster speed.
BUGFIX: prevent from possible corruption of short log fields during data ingestion.
BUGFIX: prevent from additional CPU usage for up to a few seconds after canceling the query.
BUGFIX: prevent from returning log entries with emtpy _stream field in the form "_stream":"" in search query results. See this issue.

v0.5.2 #

Released at 2024-04-11

BUGFIX: properly register new log streams under high data ingestion rate. The issue has been introduced in v0.5.0.

v0.5.1 #

Released at 2024-04-04

BUGFIX: properly apply time range filter for queries containing OR operators. See this issue.
BUGFIX: do not log debug lines DEBUG: start trimLines and DEBUG: end trimLines. This bug has been introduced in v0.5.0 in this commit.

v0.5.0 #

Released at 2024-03-01

FEATURE: support the ability to limit the number of returned log entries from HTTP querying API by passing limit query arg. Previously all the matching log entries were returned until closing the response stream. See this feature request. Thanks to @dmitryk-dk for the pull request.
BUGFIX: do not panic on incorrect regular expression in stream filter. Thanks to @XLONG96 for the bugfix.
BUGFIX: properly determine when the assisted merge is needed. Previously the logs for determining whether the assisted merge is needed was broken. This could lead to too big number of parts under high data ingestion rate. Thanks to @lujiajing1126 for the fix.
BUGFIX: properly stop execution of aborted query when the query doesn’t contain _stream filter. Previously such a query could continue consuming resources after being aborted by the client. Thanks to @z-anshun for the fix.

v0.4.2 #

Released at 2023-11-15

BUGFIX: properly locate logs for the requested streams. Previously logs for some streams may be missing in query results. See this issue. Thanks to @XLONG96 for the fix!
BUGFIX: web UI: properly sort found logs by time. See this issue.

v0.4.1 #

Released at 2023-10-04

BUGFIX: fix the free space verification process in VictoriaLogs that was erroneously shifting to read-only mode, despite there being sufficient free space available. See this issue.

v0.4.0 #

Released at 2023-10-03

FEATURE: add -elasticsearch.version command-line flag, which can be used for specifying Elasticsearch version returned by VictoriaLogs to Filebeat at elasticsearch bulk API. This helps resolving this issue.
FEATURE: expose the following metrics at /metrics page:
- vl_data_size_bytes{type="storage"} - on-disk size for data excluding log stream indexes.
- vl_data_size_bytes{type="indexdb"} - on-disk size for log stream indexes.
FEATURE: add -insert.maxFieldsPerLine command-line flag, which can be used for limiting the number of fields per line in logs sent to VictoriaLogs via ingestion protocols. This helps to avoid issues like this.
FEATURE: expose vl_http_request_duration_seconds histogram at the /metrics page. Thanks to @crossoverJie for this pull request.
FEATURE: add support of -storage.minFreeDiskSpaceBytes command-line flag to allow switching to read-only mode when running out of disk space at -storageDataPath. See this issue.
BUGFIX: fix possible panic when no data is written to VictoriaLogs for a long time. See this issue. Thanks to @crossoverJie for filing and fixing the issue.
BUGFIX: add /insert/loki/ready endpoint, which is used by Promtail for healthchecks. This should remove unsupported path requested: /insert/loki/ready warning logs. See this comment.
BUGFIX: prevent from panic during background merge when the number of columns in the resulting block exceeds the maximum allowed number of columns per block. See this issue.

v0.3.0 #

Released at 2023-07-20

FEATURE: add support for data ingestion via Promtail (aka default log shipper for Grafana Loki). See these and these docs.

v0.2.0 #

Released at 2023-07-17

FEATURE: support short form of _time filters over the last X minutes/hours/days/etc. For example, _time:5m is a short form for _time:(now-5m, now], which matches logs with timestamps for the last 5 minutes. See these docs for details.
FEATURE: add ability to specify offset for the selected time range. For example, _time:5m offset 1h is equivalent to _time:(now-5m-1h, now-1h]. See these docs for details.
FEATURE: LogsQL: replace exact_prefix("...") with exact("..."*). This makes it consistent with i() filter, which can accept phrases and prefixes, e.g. i("phrase") and i("phrase"*). See these docs.

v0.1.0 #

Released at 2023-06-21

Initial release