Skip to main content
Version: 5.2

What's New?

Version 5.2

📅 Search Anywhere Framework version 5.2.0 released on 11 November, 2025.

Critical changes

Please note the critical changes section.

Core

⚡️ Changes
  • ⚡️ OpenSearch updated to version 3.2.0
  • ⚡️ Improved the mechanism for drag&drop panels and filters on dashboards
  • ⚡️ It's now possible to add multiple visualizations to a single dashboard panel
Improvements
  • The Active Searches page now displays searches from notes, ASM 2.0 metrics, and scheduler tasks with saved results
  • Full access control to main menu sections is now available
  • Permission and tag settings are now accessible directly from the dashboard or search task page
  • Filters now include a Select First Element option, which automatically populates a value after the dashboard loads
  • Added the ability to clone dashboards
  • Added the ability to drag static options when configuring filters on dashboards
  • New functionality in the Single Value visualization:
    • Added the ability to configure a prefix and suffix for the metric
    • Tokens can now be used in the metric name
    • Added support for wildcard in value-based color palette settings
    • Support for displaying icons
  • Fields that support multiple values now allow copying and pasting the entire value array at once
Fixes
  • Added error notifications for data upload failures to an index via the interface
  • Fixed the com.google.gson.JsonSyntaxException: Expected a com.google.gson.JsonObject but was com.google.gson.JsonNull; at path $ error when testing the Search Anywhere configuration connection
  • Fixed issues in the Heatmap visualization
  • Fixed an issue causing unnecessary queries to be executed during visualization renaming on the dashboard
  • Fixed incorrect application of the Palette color scheme in the Table visualization
  • Fixed issues with link navigation in dashboards
  • Fixed incorrect display of long field names and values in the search interface

Core: Engine

⚡️ Changes
  • The inputlookup command now operates at the storage engine level, allowing subsequent use of search, peval, aggs, and timeaggs commands
  • In field names and command options of aggs and rename, you can now use wildcard matching
Improvements
  • Added configurable connection timeouts for Search Anywhere sources and SA Engine RE
  • The search command now includes an INSENS parameter enabling full-text search across fields of type keyword
  • Any commands can now be used after the format command
  • The tostring function in the eval command now supports converting fractional numbers with the duration option
Fixes
  • If the format command results in an empty string, a warning will be shown instead of an error
  • Fixed incorrect behavior of the mvzip function in the eval command
  • Fixed the operation of the lookup command with source type for wildcards fields when the search result field used for matching contains special characters '*', '(', ')', '$', '^', '\[', '\]'

Core: Job Scheduler

⚡️ Changes Improvements
  • Information about the execution of the Webhook active action can now be written to an index
Fixes
  • Added the ability to specify tokens for fields of type Date in additional fields of the Create Incident active action
  • Fixed an issue where changes were not applied after switching the schedule type in meta-jobs
  • In the Run Script alert action, the outdated label for the script command input field has been fixed

Incident Manager

⚡️ Changes
  • Active Action execution results are now recorded in the incident history
  • Added the ability to configure multiple filters for a single field
Improvements
  • Clicking a field name in the incident card now displays the key for that field in the incident and provides an Add to Search option
  • Global search can now find incidents by comment or active action
  • Global search now auto-detects fields of type keyword
  • Information about adding related incidents is now recorded in the incident history as system comments
  • In Service Provider mode, incident groups now have the Client field populated
  • The Incident Manager page now requires fewer system resources to load
  • Improved display of Multi-select fields in history: added line breaks for large numbers of values and the ability to copy all values at once
Fixes
  • Fixed pagination errors when changing system filters, time ranges, or applying custom filters
  • The page now refreshes when changing the Group Incidents flag
  • Restored the Comment field in the incident editing window

Move To ClickHouse

Improvements
  • Added SSL support for ClickHouse connections
  • Added the ability to configure Time-To-Live (TTL) for ClickHouse tables
  • Added the ability to migrate data from old indices
  • Enhanced data type handling:
    • Type change errors now only occur for incompatible type conversions
    • New fields can be added to the table
Fixes
  • Fixed an error when migrating indices with special characters in their names
  • It is now possible to specify a ClickHouse connection string without a database

SAF Beat Manager

⚡️Changes

SAF Beat

⚡️Changes
  • ⚡️ Logstash applications are now supported

ASM 2.0

⚡️Changes

Inventory

Improvements
  • Added the ability to import and export relationships

Lookup Manager

Fixes
  • Fixed a number format exception error during full-text search in lookups with numeric data types
  • Fixed lookup data search errors when queries contained special characters
  • Fixed errors when importing lookup data from CSV files

Knowledge Center

Fixes
  • Fixed issues with changing colors in Text blocks within notes
  • Fixed rendering errors for tables in Document view mode within notes

Content Management

⚡️Changes
  • Added new uploadable object types: Indices and ISM Policies
Fixes
  • Fixed a content module upload error: dashboards were not added to the main menu if the selected menu section was empty

Search Anywhere Framework Installer

Improvements
  • Added pre-installation checks for required software
  • Added variables for self-signed certificate generation

Critical changes

  • Search Anywhere Framework version 5.2 only supports connections to cluster nodes running Search Anywhere Framework 5.1.2+
  • Cross-cluster search connections are only available to OpenSearch versions 2.19+
  • Indexes created on an OpenSearch version lower than 2.0.0 or migrated from Elasticsearch are not supported. A migration is required before updating