What's New?
Version 5.2
📅 Search Anywhere Framework version 5.2.0 released on 11 November, 2025.
Critical changes
Please note the critical changes section.
🔥 New in Search Anywhere Framework
The Zabbix Umbrella Monitoring Module is now available in the Search Anywhere Framework platform.
It unifies multiple Zabbix servers into a single observability system, providing centralized control over your monitoring infrastructure and components.
- Added dashboards for the health status of Zabbix data collection and analysis infrastructure
- Implemented dashboards for monitoring connected agent metrics
- Created dashboards for trigger status and alert analytics
- Introduced a status model for connected servers
- Completed inventory of connected Zabbix infrastructure components
- Added the ability to process Zabbix alerts as full-fledged incidents
Core
⚡️ Changes- ⚡️ OpenSearch updated to version 3.2.0
- ⚡️ Improved the mechanism for drag&drop panels and filters on dashboards
- ⚡️ It's now possible to add multiple visualizations to a single dashboard panel
- The
Active Searchespage now displays searches from notes, ASM 2.0 metrics, and scheduler tasks with saved results - Full access control to main menu sections is now available
- Permission and tag settings are now accessible directly from the dashboard or search task page
- Filters now include a
Select First Elementoption, which automatically populates a value after the dashboard loads - Added the ability to clone dashboards
- Added the ability to drag static options when configuring filters on dashboards
- New functionality in the
Single Valuevisualization:- Added the ability to configure a prefix and suffix for the metric
- Tokens can now be used in the metric name
- Added support for
wildcardin value-based color palette settings - Support for displaying icons
- Fields that support multiple values now allow copying and pasting the entire value array at once
- Added error notifications for data upload failures to an index via the interface
- Fixed the
com.google.gson.JsonSyntaxException: Expected a com.google.gson.JsonObject but was com.google.gson.JsonNull; at path $error when testing theSearch Anywhereconfiguration connection - Fixed issues in the
Heatmapvisualization - Fixed an issue causing unnecessary queries to be executed during visualization renaming on the dashboard
- Fixed incorrect application of the
Palettecolor scheme in theTablevisualization - Fixed issues with link navigation in dashboards
- Fixed incorrect display of long field names and values in the search interface
Core: Engine
⚡️ Changes- The
inputlookupcommand now operates at the storage engine level, allowing subsequent use ofsearch,peval,aggs, andtimeaggscommands - In field names and command options of
aggsandrename, you can now usewildcardmatching
- Added configurable connection timeouts for
Search Anywheresources andSA Engine RE - The
searchcommand now includes anINSENSparameter enabling full-text search across fields of typekeyword - Any commands can now be used after the
formatcommand - The
tostringfunction in theevalcommand now supports converting fractional numbers with thedurationoption
- If the
formatcommand results in an empty string, a warning will be shown instead of an error - Fixed incorrect behavior of the
mvzipfunction in theevalcommand - Fixed the operation of the
lookupcommand withsourcetype forwildcardsfields when the search result field used for matching contains special characters'*', '(', ')', '$', '^', '\[', '\]'
Core: Job Scheduler
⚡️ Changes- Added the ability to save the last search result in scheduled tasks. It can be used in a search by invoking the
load_job job_<task_id>command - Added the ability to reset suppression in a search task
- Information about the execution of the
Webhookactive action can now be written to an index
- Added the ability to specify tokens for fields of type
Datein additional fields of theCreate Incidentactive action - Fixed an issue where changes were not applied after switching the schedule type in meta-jobs
- In the
Run Scriptalert action, the outdated label for the script command input field has been fixed
Incident Manager
⚡️ ChangesActive Actionexecution results are now recorded in the incident history- Added the ability to configure multiple filters for a single field
- Clicking a field name in the incident card now displays the key for that field in the incident and provides an
Add to Searchoption - Global search can now find incidents by comment or active action
- Global search now auto-detects fields of type
keyword - Information about adding related incidents is now recorded in the incident history as system comments
- In
Service Providermode, incident groups now have theClientfield populated - The
Incident Managerpage now requires fewer system resources to load - Improved display of
Multi-selectfields in history: added line breaks for large numbers of values and the ability to copy all values at once
- Fixed pagination errors when changing system filters, time ranges, or applying custom filters
- The page now refreshes when changing the
Group Incidentsflag - Restored the
Commentfield in the incident editing window
Move To ClickHouse
Improvements- Added
SSLsupport forClickHouseconnections - Added the ability to configure Time-To-Live (TTL) for
ClickHousetables - Added the ability to migrate data from old indices
- Enhanced data type handling:
- Type change errors now only occur for incompatible type conversions
- New fields can be added to the table
- Fixed an error when migrating indices with special characters in their names
- It is now possible to specify a
ClickHouseconnection string without a database
SAF Beat Manager
⚡️Changes- ⚡️SAF Beat Manager applications now support
Logstash, enabling full configuration and pipeline setup for data collection
SAF Beat
⚡️Changes- ⚡️
Logstashapplications are now supported
ASM 2.0
⚡️ChangesInventory
Improvements- Added the ability to import and export relationships
Lookup Manager
Fixes- Fixed a
number format exceptionerror during full-text search in lookups with numeric data types - Fixed lookup data search errors when queries contained special characters
- Fixed errors when importing lookup data from
CSVfiles
Knowledge Center
Fixes- Fixed issues with changing colors in
Textblocks within notes - Fixed rendering errors for tables in
Documentview mode within notes
Content Management
⚡️Changes- Added new uploadable object types:
IndicesandISM Policies
- Fixed a content module upload error: dashboards were not added to the main menu if the selected menu section was empty
Search Anywhere Framework Installer
Improvements- Added pre-installation checks for required software
- Added variables for self-signed certificate generation
Critical changes
- Search Anywhere Framework version
5.2only supports connections to cluster nodes running Search Anywhere Framework5.1.2+ Cross-cluster searchconnections are only available to OpenSearch versions2.19+- Indexes created on an OpenSearch version lower than 2.0.0 or migrated from Elasticsearch are not supported. A migration is required before updating
Version 5.2.1
📅 Search Anywhere Framework version 5.2.1 was released on December 8, 2025.
Core
Fixes- Fixed an error causing query highlighting to hang on the
Searchpage - Fixed the appearance of a blue outline in the search query editor
- Navigating back from dashboard pages now works correctly
- Fixed an error causing duplicate slashes in a search query after adding it to a dashboard visualization
- Fixed the
AbortSignal.anyerror occurring on theSearchpage in some browser versions
Core: Engine
Improvements- Added more detailed error messages for JDBC driver connection check failures
- Added support for the
mvdedupfunction in thepevalcommand when searching data fromClickHouse
- Fixed an error in queries with the
renamecommand when a field name containing special characters is passed as a parameter (e.g.,| rename 'max(metrics.*)' as "*") - Fixed errors in the
earliest,latestfunctions of theaggsommand when searching data fromClickHouse - Fixed incorrect behavior of the
substr,mvcount,cidrmatchfunctions for thepevalcommand when searching data fromClickHouse - Fixed slow loading of the JDBC driver list on the
Search Anywhereconnection page
Core: Job Scheduler
Fixes- If a scheduled job fails to complete within the time specified in the
Lock Durationparameter, its launched search is now automatically canceled - System tasks can now be disabled
Incident Manager
Fixes- Fixed the
Error: Minified React error #31...error when expanding an incident if there are JSON objects in theAdditional Fieldssection - Navigating to the last pages in the incident list now works without errors when a large number of incidents are present
- User filters on the
Incident Managerpage no longer reset other settings when changed - Fixed the overwriting of values after the
:character inSelectandMulti-Selecttype filters - Fixed the inability to paste values into
SelectandMulti-Selecttype filters
Inventory
Improvements- Added the ability to configure the PostgreSQL connection timeout
- Asset fields
CreatedandUpdatedare now preserved during migration to PostgreSQL - Asset statistics are now calculated in real time, showing current values at the moment
- Custom values can now be specified in filters
- Filter settings are now preserved when navigating from an asset back to the asset list
- Added the ability to open an asset from the list in a new tab
- Fixed an error that prevented initializing or configuring the module
ASM 2.0
Fixes- Fixed an error where applied layer permission values were not displayed
SAF Beat Manager
Improvements- File attribute changes within an application are now considered when checking for application updates
- When uploading an application archive via the interface, file attributes remain as in the original
- Fixed an error where not all connected clients were returned
SAF Beat
Improvements- Applications now start with their original file attributes preserved
Move To Clickhouse
Improvements- Errors no longer occur when changing a field type to an array and vice versa