diff --git a/data/botPolicies.yaml b/data/botPolicies.yaml
index 2380e21e..fcb26297 100644
--- a/data/botPolicies.yaml
+++ b/data/botPolicies.yaml
@@ -142,11 +142,16 @@ logging:
   filters:
     # Every filter must have a name and an expression. You can use the same expression
     # syntax as you can with bots or thresholds.
+    #
+    # If the expression returns `true`, then the log line is filtered _out_.
     - name: "http-stdlib"
+      # Log lines where the message starts with "http:" are filtered out.
       expression: msg.startsWith("http:")
     - name: "context-canceled"
+      # Log lines relating to context cancellation are filtered out.
       expression: msg.contains("context canceled")
     - name: "http-pipelining"
+      # Log lines relating to HTTP/1.1 pipelining being improperly handled are filtered out.
       expression: msg.contains("Unsolicited response received on idle HTTP channel")
 
 # Open Graph passthrough configuration, see here for more information:
diff --git a/docs/docs/admin/configuration/expressions.mdx b/docs/docs/admin/configuration/expressions.mdx
index b6f137ed..e8918ea0 100644
--- a/docs/docs/admin/configuration/expressions.mdx
+++ b/docs/docs/admin/configuration/expressions.mdx
@@ -197,6 +197,12 @@ Log filters are run on every time Anubis logs data. These are high throughput fi
 | `level` | `string`              | The [log level](https://pkg.go.dev/log/slog#Level) for the log message.                                | `"INFO"`                                |
 | `attrs` | `map[string, string]` | The key -> value attributes for the given log line. Note that this is an expensive variable to access. | `{"err": "internal: the sun exploded"}` |
 
+:::note
+
+When you define a log filter, anything matching that filter is _removed_. Any remaining logs are sent through to the system journal or standard error.
+
+:::
+
 ## Functions exposed to Anubis expressions
 
 Anubis expressions can be augmented with the following functions: