From 0510aad9aed67ac43e81ee87340055c30c167086 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Fri, 12 Sep 2025 16:55:35 +0000 Subject: [PATCH] docs: clarify that log filters remove lines if the filter matches Signed-off-by: Xe Iaso --- data/botPolicies.yaml | 5 +++++ docs/docs/admin/configuration/expressions.mdx | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/data/botPolicies.yaml b/data/botPolicies.yaml index 2380e21e..fcb26297 100644 --- a/data/botPolicies.yaml +++ b/data/botPolicies.yaml @@ -142,11 +142,16 @@ logging: filters: # Every filter must have a name and an expression. You can use the same expression # syntax as you can with bots or thresholds. + # + # If the expression returns `true`, then the log line is filtered _out_. - name: "http-stdlib" + # Log lines where the message starts with "http:" are filtered out. expression: msg.startsWith("http:") - name: "context-canceled" + # Log lines relating to context cancellation are filtered out. expression: msg.contains("context canceled") - name: "http-pipelining" + # Log lines relating to HTTP/1.1 pipelining being improperly handled are filtered out. expression: msg.contains("Unsolicited response received on idle HTTP channel") # Open Graph passthrough configuration, see here for more information: diff --git a/docs/docs/admin/configuration/expressions.mdx b/docs/docs/admin/configuration/expressions.mdx index b6f137ed..e8918ea0 100644 --- a/docs/docs/admin/configuration/expressions.mdx +++ b/docs/docs/admin/configuration/expressions.mdx @@ -197,6 +197,12 @@ Log filters are run on every time Anubis logs data. These are high throughput fi | `level` | `string` | The [log level](https://pkg.go.dev/log/slog#Level) for the log message. | `"INFO"` | | `attrs` | `map[string, string]` | The key -> value attributes for the given log line. Note that this is an expensive variable to access. | `{"err": "internal: the sun exploded"}` | +:::note + +When you define a log filter, anything matching that filter is _removed_. Any remaining logs are sent through to the system journal or standard error. + +::: + ## Functions exposed to Anubis expressions Anubis expressions can be augmented with the following functions: