Skip to content

v2.0.0

Latest

Choose a tag to compare

@K0lin K0lin released this 22 Jun 16:44
Immutable release. Only release title and notes can be modified.
aa9f478

Overview

v2.0.0 is a major feature release introducing multi-period traffic comparison, shareable comparison snapshots, multi-channel alerting, IP tagging, global real-time bandwidth tracking, widget v2, and a richer set of configuration controls. It also includes a full security patch of the Go standard library (12 CVEs fixed by upgrading to Go 1.25.11).


New Features

Period Comparison (/compare)

A new dashboard page and API endpoint let you compare traffic across 2 to 4 arbitrary time ranges side by side.

  • Full analytics per period: summary stats, timeline, top paths/IPs/countries/backends, status code distribution, device types, and service breakdown
  • Smart Change Analysis highlights drastic metric shifts between periods with traffic, bandwidth, response time, server error, and entity-change insights
  • Smart Change badges are surfaced at the top of the page for immediate visibility, with the full analysis shown at the bottom of the page
  • Page Focus can filter the full live comparison by page/path; snapshot mode keeps saved payloads read-only and immutable
  • Comparison setup is collapsible and auto-collapses after running a comparison
  • JSON and CSV export are available from the comparison results

New API endpoint:

POST /api/v1/stats/compare

Comparison Snapshots

Save a comparison result and share it via a short unique token URL (/compare/{token}). Snapshot payloads are stored as already-computed comparison results, so public links do not recalculate historical logs.

New API endpoints:

POST   /api/v1/compare/snapshots
GET    /api/v1/compare/snapshots
GET    /api/v1/compare/snapshots/{token}
PATCH  /api/v1/compare/snapshots/{token}
DELETE /api/v1/compare/snapshots/{token}

Snapshots are scoped to a session cookie so each browser manages its own list. Public snapshot links are read-only, while edit/delete actions are limited to the creator browser via the loglynx_compare_owner cookie. Expired snapshots are shown as expired rather than active.

Multi-Channel Alerting (/alerts)

The new Alerting page lets you create threshold-based traffic rules and send notifications through multiple channels.

  • Supported channels: Discord, Email/SMTP, Telegram, and generic HTTPS webhooks
  • Rule conditions support recent-window evaluation, thresholds, severity, cooldowns, and grouped alerts
  • Channel assignments can be managed from a rule x channel matrix
  • Channels can be marked as default for newly created rules
  • Discord supports @everyone mention policy: never, critical, or always
  • Email and Telegram preserve existing secrets when editing a channel with the secret field left empty
  • The UI warns when a cooldown is shorter than ALERTS_EVAL_INTERVAL, because the server evaluates rules at that interval

New API endpoints:

GET    /api/v1/alerts/status
GET    /api/v1/alerts/presets
POST   /api/v1/alerts/test-condition
GET    /api/v1/alerts/rules
POST   /api/v1/alerts/rules
GET    /api/v1/alerts/rules/{id}
PUT    /api/v1/alerts/rules/{id}
DELETE /api/v1/alerts/rules/{id}
POST   /api/v1/alerts/rules/{id}/test
GET    /api/v1/alerts/channels
POST   /api/v1/alerts/channels
GET    /api/v1/alerts/channels/{id}
PUT    /api/v1/alerts/channels/{id}
DELETE /api/v1/alerts/channels/{id}
POST   /api/v1/alerts/channels/{id}/test
GET    /api/v1/alerts/assignments
PUT    /api/v1/alerts/assignments

IP Tagging

Assign a friendly name and comma-separated tags to any IP address. Tags appear across the dashboard wherever that IP is shown, making it easy to identify internal services, CDN egress nodes, or monitoring bots.

New API endpoints:

POST   /api/v1/ip/tags
GET    /api/v1/ip/tags
GET    /api/v1/ip/tags/{ip}
DELETE /api/v1/ip/tags/{ip}

Global Real-time Bandwidth Rate

The real-time metrics stream now includes a bandwidth_rate field (bytes/second) at both the global level and per-IP level, enabling live bandwidth consumption graphs.

{
  "bandwidth_rate": 1048576.5,
  "top_ips": [
    { "ip": "1.2.3.4", "bandwidth": 5242880, "bandwidth_rate": 349525.3 }
  ]
}

IP Drilldown in Traffic Page

The Traffic page now supports richer drilldowns without navigating away from the page.

  • Click an IP to open a panel with request counts, bandwidth, top paths, and recent requests
  • Click device, country, ASN, and heatmap cells to drill into those dimensions
  • Specific ASN uses a populated selector backed by /api/v1/stats/top/asns
  • Overview Bandwidth Used links directly to the bandwidth drilldown

Widget v2

The embeddable widget was redesigned for compact iframe usage.

  • Extracted CSS and JavaScript from widget.html into static assets
  • New tabs: Live, 1h, 24h, 7d, and 30d
  • Compact layout for small iframes
  • Timeline hover tooltip
  • Bandwidth and average response metrics

Version Update Notifications

The sidebar now shows a notification badge when a new LogLynx version is available, with a direct link to the release.

Built-in Container Healthcheck

The Docker image now uses the LogLynx binary for healthchecks, which works with the distroless runtime image.

healthcheck:
  test: ["CMD", "/usr/local/bin/loglynx", "healthcheck"]
  interval: 30s
  timeout: 5s
  retries: 3
  start_period: 20s

The image intentionally does not include /bin/sh, bash, curl, or wget.

Supported Log Source Documentation

New wiki pages document every built-in parser:

  • Traefik
  • Caddy
  • Nginx
  • Apache
  • HAProxy

New Environment Variables

Variable Default Description
DASHBOARD_ENABLED true Serve the web dashboard; set false for API-only deployments
SPLASH_SCREEN_ENABLED true Show loading splash on startup
LOGLYNX_USAGE_TELEMETRY true Anonymous heartbeat telemetry (opt-out with false)
LOGLYNX_USAGE_TELEMETRY_ENDPOINT "" Override the telemetry collector URL
LOGLYNX_USAGE_TELEMETRY_INTERVAL 1h Heartbeat interval
ALERTS_ENABLED true Enable alert rule evaluation
ALERTS_EVAL_INTERVAL 30s Alert rule evaluation interval
TIMEZONE UTC Dashboard timezone; falls back to Docker TZ if unset
WIDGET_ENABLED true Enable widget page and endpoints

New API Endpoints Summary

Method Path Description
POST /api/v1/stats/compare Multi-period comparison
POST /api/v1/compare/snapshots Create shareable snapshot
GET /api/v1/compare/snapshots List session snapshots
GET /api/v1/compare/snapshots/{token} Retrieve snapshot by token
PATCH /api/v1/compare/snapshots/{token} Update snapshot (active/expiry)
DELETE /api/v1/compare/snapshots/{token} Delete snapshot
POST /api/v1/ip/tags Create or update IP tag
GET /api/v1/ip/tags List all IP tags
GET /api/v1/ip/tags/{ip} Get tags for a specific IP
DELETE /api/v1/ip/tags/{ip} Remove all tags for an IP
GET /api/v1/alerts/status Alerting engine status
GET /api/v1/alerts/presets Alert rule presets
POST /api/v1/alerts/test-condition Test an alert condition
GET /api/v1/alerts/rules List alert rules
POST /api/v1/alerts/rules Create alert rule
GET /api/v1/alerts/rules/{id} Get alert rule
PUT /api/v1/alerts/rules/{id} Update alert rule
DELETE /api/v1/alerts/rules/{id} Delete alert rule
POST /api/v1/alerts/rules/{id}/test Send test notification for a rule
GET /api/v1/alerts/channels List alert channels
POST /api/v1/alerts/channels Create alert channel
GET /api/v1/alerts/channels/{id} Get alert channel
PUT /api/v1/alerts/channels/{id} Update alert channel
DELETE /api/v1/alerts/channels/{id} Delete alert channel
POST /api/v1/alerts/channels/{id}/test Test alert channel
GET /api/v1/alerts/assignments List rule/channel assignments
PUT /api/v1/alerts/assignments Update rule/channel assignments

API Changes

POST /api/v1/stats/summary and all stats endpoints

A new excluded_ips[] query parameter lets you exclude a list of manually specified IP addresses from results (in addition to exclude_own_ip):

?exclude_own_ip=true&excluded_ips[]=10.0.0.5&excluded_ips[]=10.0.0.6

During ingestion

Heavy analytics endpoints and comparison pages return 503 while ingestion is active so imports can finish safely. /api/v1/version and /api/v1/stats/log-processing remain available.

Real-time metrics, new fields

GET /api/v1/realtime/metrics and the SSE stream now include:

Field Type Description
bandwidth_rate float64 Global bandwidth in bytes/second
top_ips[].bandwidth int64 Total bytes in the current window for this IP
top_ips[].bandwidth_rate float64 Bandwidth rate for this IP in bytes/second

Security, Go Standard Library CVEs Fixed

Go was upgraded from 1.25.8 → 1.25.11. This resolves 12 standard library CVEs, including vulnerabilities in net/http, crypto/tls, encoding/json, and path/filepath. No application code changes were required.

The upgrade is reflected in:

  • go.mod (go 1.25.11 + toolchain go1.25.11)
  • Dockerfile (FROM golang:1.25.11)
  • .github/workflows/ci.yml (go-version: '1.25.11')

Performance Improvements

  • New database indexes on frequently queried columns improve analytics query response times significantly for large datasets
  • All-time summary, response-time, top IP, and timeline queries were optimized without adding caching
  • All-time timelines use monthly buckets for very large ranges
  • Default METRICS_INTERVAL corrected to 1s (was 5s in documentation; actual default was already 1s in code)

Bug Fixes

  • Fixed duplicate /ip/tags path definition in openapi.yaml
  • Fixed TLS ClientHello fragmentation over Docker bridge networks by forcing TLS 1.2 with a minimal cipher suite set (~300 bytes vs ~1569 bytes for TLS 1.3 with full extensions), resolving telemetry handshake failures behind Cloudflare
  • Removed stale host variable reference in telemetry error handler
  • Fixed real-time bandwidth charts and KPIs after pause/resume
  • Fixed filtered real-time streams and snapshot fallback bandwidth_rate values
  • Fixed Compare Periods chart hover offsets by wrapping canvases consistently
  • Fixed timezone handling so TIMEZONE falls back to Docker's standard TZ variable before UTC

Upgrade Guide

From v1.x

No breaking changes to existing API endpoints. All new endpoints are additive.

  1. Pull the new Docker image (k0lin/loglynx:2.0.0)
  2. Database migrations run automatically on startup (new IP tag, comparison snapshot, and alerting tables/fields)
  3. Review new environment variables, defaults are safe; no action required unless you want to opt out of telemetry, dashboard/splash behavior, widgets, or alert evaluation
  4. If you define a Compose healthcheck yourself, use test: ["CMD", "/usr/local/bin/loglynx", "healthcheck"] instead of curl or /bin/sh

To opt out of telemetry:

LOGLYNX_USAGE_TELEMETRY=false

Full Changelog: v1.1.0...v2.0.0