You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
v2.0.0 is a major feature release introducing multi-period traffic comparison, shareable comparison snapshots, multi-channel alerting, IP tagging, global real-time bandwidth tracking, widget v2, and a richer set of configuration controls. It also includes a full security patch of the Go standard library (12 CVEs fixed by upgrading to Go 1.25.11).
New Features
Period Comparison (/compare)
A new dashboard page and API endpoint let you compare traffic across 2 to 4 arbitrary time ranges side by side.
Full analytics per period: summary stats, timeline, top paths/IPs/countries/backends, status code distribution, device types, and service breakdown
Smart Change Analysis highlights drastic metric shifts between periods with traffic, bandwidth, response time, server error, and entity-change insights
Smart Change badges are surfaced at the top of the page for immediate visibility, with the full analysis shown at the bottom of the page
Page Focus can filter the full live comparison by page/path; snapshot mode keeps saved payloads read-only and immutable
Comparison setup is collapsible and auto-collapses after running a comparison
JSON and CSV export are available from the comparison results
New API endpoint:
POST /api/v1/stats/compare
Comparison Snapshots
Save a comparison result and share it via a short unique token URL (/compare/{token}). Snapshot payloads are stored as already-computed comparison results, so public links do not recalculate historical logs.
New API endpoints:
POST /api/v1/compare/snapshots
GET /api/v1/compare/snapshots
GET /api/v1/compare/snapshots/{token}
PATCH /api/v1/compare/snapshots/{token}
DELETE /api/v1/compare/snapshots/{token}
Snapshots are scoped to a session cookie so each browser manages its own list. Public snapshot links are read-only, while edit/delete actions are limited to the creator browser via the loglynx_compare_owner cookie. Expired snapshots are shown as expired rather than active.
Multi-Channel Alerting (/alerts)
The new Alerting page lets you create threshold-based traffic rules and send notifications through multiple channels.
Supported channels: Discord, Email/SMTP, Telegram, and generic HTTPS webhooks
Rule conditions support recent-window evaluation, thresholds, severity, cooldowns, and grouped alerts
Channel assignments can be managed from a rule x channel matrix
Channels can be marked as default for newly created rules
Discord supports @everyone mention policy: never, critical, or always
Email and Telegram preserve existing secrets when editing a channel with the secret field left empty
The UI warns when a cooldown is shorter than ALERTS_EVAL_INTERVAL, because the server evaluates rules at that interval
New API endpoints:
GET /api/v1/alerts/status
GET /api/v1/alerts/presets
POST /api/v1/alerts/test-condition
GET /api/v1/alerts/rules
POST /api/v1/alerts/rules
GET /api/v1/alerts/rules/{id}
PUT /api/v1/alerts/rules/{id}
DELETE /api/v1/alerts/rules/{id}
POST /api/v1/alerts/rules/{id}/test
GET /api/v1/alerts/channels
POST /api/v1/alerts/channels
GET /api/v1/alerts/channels/{id}
PUT /api/v1/alerts/channels/{id}
DELETE /api/v1/alerts/channels/{id}
POST /api/v1/alerts/channels/{id}/test
GET /api/v1/alerts/assignments
PUT /api/v1/alerts/assignments
IP Tagging
Assign a friendly name and comma-separated tags to any IP address. Tags appear across the dashboard wherever that IP is shown, making it easy to identify internal services, CDN egress nodes, or monitoring bots.
New API endpoints:
POST /api/v1/ip/tags
GET /api/v1/ip/tags
GET /api/v1/ip/tags/{ip}
DELETE /api/v1/ip/tags/{ip}
Global Real-time Bandwidth Rate
The real-time metrics stream now includes a bandwidth_rate field (bytes/second) at both the global level and per-IP level, enabling live bandwidth consumption graphs.
Heavy analytics endpoints and comparison pages return 503 while ingestion is active so imports can finish safely. /api/v1/version and /api/v1/stats/log-processing remain available.
Real-time metrics, new fields
GET /api/v1/realtime/metrics and the SSE stream now include:
Field
Type
Description
bandwidth_rate
float64
Global bandwidth in bytes/second
top_ips[].bandwidth
int64
Total bytes in the current window for this IP
top_ips[].bandwidth_rate
float64
Bandwidth rate for this IP in bytes/second
Security, Go Standard Library CVEs Fixed
Go was upgraded from 1.25.8 → 1.25.11. This resolves 12 standard library CVEs, including vulnerabilities in net/http, crypto/tls, encoding/json, and path/filepath. No application code changes were required.
The upgrade is reflected in:
go.mod (go 1.25.11 + toolchain go1.25.11)
Dockerfile (FROM golang:1.25.11)
.github/workflows/ci.yml (go-version: '1.25.11')
Performance Improvements
New database indexes on frequently queried columns improve analytics query response times significantly for large datasets
All-time summary, response-time, top IP, and timeline queries were optimized without adding caching
All-time timelines use monthly buckets for very large ranges
Default METRICS_INTERVAL corrected to 1s (was 5s in documentation; actual default was already 1s in code)
Bug Fixes
Fixed duplicate /ip/tags path definition in openapi.yaml
Fixed TLS ClientHello fragmentation over Docker bridge networks by forcing TLS 1.2 with a minimal cipher suite set (~300 bytes vs ~1569 bytes for TLS 1.3 with full extensions), resolving telemetry handshake failures behind Cloudflare
Removed stale host variable reference in telemetry error handler
Fixed real-time bandwidth charts and KPIs after pause/resume
Fixed filtered real-time streams and snapshot fallback bandwidth_rate values
Fixed Compare Periods chart hover offsets by wrapping canvases consistently
Fixed timezone handling so TIMEZONE falls back to Docker's standard TZ variable before UTC
Upgrade Guide
From v1.x
No breaking changes to existing API endpoints. All new endpoints are additive.
Pull the new Docker image (k0lin/loglynx:2.0.0)
Database migrations run automatically on startup (new IP tag, comparison snapshot, and alerting tables/fields)
Review new environment variables, defaults are safe; no action required unless you want to opt out of telemetry, dashboard/splash behavior, widgets, or alert evaluation
If you define a Compose healthcheck yourself, use test: ["CMD", "/usr/local/bin/loglynx", "healthcheck"] instead of curl or /bin/sh
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Overview
v2.0.0 is a major feature release introducing multi-period traffic comparison, shareable comparison snapshots, multi-channel alerting, IP tagging, global real-time bandwidth tracking, widget v2, and a richer set of configuration controls. It also includes a full security patch of the Go standard library (12 CVEs fixed by upgrading to Go 1.25.11).
New Features
Period Comparison (
/compare)A new dashboard page and API endpoint let you compare traffic across 2 to 4 arbitrary time ranges side by side.
New API endpoint:
Comparison Snapshots
Save a comparison result and share it via a short unique token URL (
/compare/{token}). Snapshot payloads are stored as already-computed comparison results, so public links do not recalculate historical logs.New API endpoints:
Snapshots are scoped to a session cookie so each browser manages its own list. Public snapshot links are read-only, while edit/delete actions are limited to the creator browser via the
loglynx_compare_ownercookie. Expired snapshots are shown as expired rather than active.Multi-Channel Alerting (
/alerts)The new Alerting page lets you create threshold-based traffic rules and send notifications through multiple channels.
@everyonemention policy:never,critical, oralwaysALERTS_EVAL_INTERVAL, because the server evaluates rules at that intervalNew API endpoints:
IP Tagging
Assign a friendly name and comma-separated tags to any IP address. Tags appear across the dashboard wherever that IP is shown, making it easy to identify internal services, CDN egress nodes, or monitoring bots.
New API endpoints:
Global Real-time Bandwidth Rate
The real-time metrics stream now includes a
bandwidth_ratefield (bytes/second) at both the global level and per-IP level, enabling live bandwidth consumption graphs.{ "bandwidth_rate": 1048576.5, "top_ips": [ { "ip": "1.2.3.4", "bandwidth": 5242880, "bandwidth_rate": 349525.3 } ] }IP Drilldown in Traffic Page
The Traffic page now supports richer drilldowns without navigating away from the page.
Specific ASNuses a populated selector backed by/api/v1/stats/top/asnsBandwidth Usedlinks directly to the bandwidth drilldownWidget v2
The embeddable widget was redesigned for compact iframe usage.
widget.htmlinto static assetsLive,1h,24h,7d, and30dVersion Update Notifications
The sidebar now shows a notification badge when a new LogLynx version is available, with a direct link to the release.
Built-in Container Healthcheck
The Docker image now uses the LogLynx binary for healthchecks, which works with the distroless runtime image.
The image intentionally does not include
/bin/sh,bash,curl, orwget.Supported Log Source Documentation
New wiki pages document every built-in parser:
New Environment Variables
DASHBOARD_ENABLEDtruefalsefor API-only deploymentsSPLASH_SCREEN_ENABLEDtrueLOGLYNX_USAGE_TELEMETRYtruefalse)LOGLYNX_USAGE_TELEMETRY_ENDPOINT""LOGLYNX_USAGE_TELEMETRY_INTERVAL1hALERTS_ENABLEDtrueALERTS_EVAL_INTERVAL30sTIMEZONEUTCTZif unsetWIDGET_ENABLEDtrueNew API Endpoints Summary
POST/api/v1/stats/comparePOST/api/v1/compare/snapshotsGET/api/v1/compare/snapshotsGET/api/v1/compare/snapshots/{token}PATCH/api/v1/compare/snapshots/{token}DELETE/api/v1/compare/snapshots/{token}POST/api/v1/ip/tagsGET/api/v1/ip/tagsGET/api/v1/ip/tags/{ip}DELETE/api/v1/ip/tags/{ip}GET/api/v1/alerts/statusGET/api/v1/alerts/presetsPOST/api/v1/alerts/test-conditionGET/api/v1/alerts/rulesPOST/api/v1/alerts/rulesGET/api/v1/alerts/rules/{id}PUT/api/v1/alerts/rules/{id}DELETE/api/v1/alerts/rules/{id}POST/api/v1/alerts/rules/{id}/testGET/api/v1/alerts/channelsPOST/api/v1/alerts/channelsGET/api/v1/alerts/channels/{id}PUT/api/v1/alerts/channels/{id}DELETE/api/v1/alerts/channels/{id}POST/api/v1/alerts/channels/{id}/testGET/api/v1/alerts/assignmentsPUT/api/v1/alerts/assignmentsAPI Changes
POST /api/v1/stats/summaryand all stats endpointsA new
excluded_ips[]query parameter lets you exclude a list of manually specified IP addresses from results (in addition toexclude_own_ip):During ingestion
Heavy analytics endpoints and comparison pages return
503while ingestion is active so imports can finish safely./api/v1/versionand/api/v1/stats/log-processingremain available.Real-time metrics, new fields
GET /api/v1/realtime/metricsand the SSE stream now include:bandwidth_ratetop_ips[].bandwidthtop_ips[].bandwidth_rateSecurity, Go Standard Library CVEs Fixed
Go was upgraded from 1.25.8 → 1.25.11. This resolves 12 standard library CVEs, including vulnerabilities in
net/http,crypto/tls,encoding/json, andpath/filepath. No application code changes were required.The upgrade is reflected in:
go.mod(go 1.25.11+toolchain go1.25.11)Dockerfile(FROM golang:1.25.11).github/workflows/ci.yml(go-version: '1.25.11')Performance Improvements
METRICS_INTERVALcorrected to1s(was5sin documentation; actual default was already1sin code)Bug Fixes
/ip/tagspath definition inopenapi.yamlhostvariable reference in telemetry error handlerbandwidth_ratevaluesTIMEZONEfalls back to Docker's standardTZvariable beforeUTCUpgrade Guide
From v1.x
No breaking changes to existing API endpoints. All new endpoints are additive.
k0lin/loglynx:2.0.0)test: ["CMD", "/usr/local/bin/loglynx", "healthcheck"]instead ofcurlor/bin/shTo opt out of telemetry:
Full Changelog: v1.1.0...v2.0.0
This discussion was created from the release v2.0.0.
Beta Was this translation helpful? Give feedback.
All reactions