Overview
v2.0.0 is a major feature release introducing multi-period traffic comparison, shareable comparison snapshots, multi-channel alerting, IP tagging, global real-time bandwidth tracking, widget v2, and a richer set of configuration controls. It also includes a full security patch of the Go standard library (12 CVEs fixed by upgrading to Go 1.25.11).
New Features
Period Comparison (/compare)
A new dashboard page and API endpoint let you compare traffic across 2 to 4 arbitrary time ranges side by side.
- Full analytics per period: summary stats, timeline, top paths/IPs/countries/backends, status code distribution, device types, and service breakdown
- Smart Change Analysis highlights drastic metric shifts between periods with traffic, bandwidth, response time, server error, and entity-change insights
- Smart Change badges are surfaced at the top of the page for immediate visibility, with the full analysis shown at the bottom of the page
- Page Focus can filter the full live comparison by page/path; snapshot mode keeps saved payloads read-only and immutable
- Comparison setup is collapsible and auto-collapses after running a comparison
- JSON and CSV export are available from the comparison results
New API endpoint:
POST /api/v1/stats/compare
Comparison Snapshots
Save a comparison result and share it via a short unique token URL (/compare/{token}). Snapshot payloads are stored as already-computed comparison results, so public links do not recalculate historical logs.
New API endpoints:
POST /api/v1/compare/snapshots
GET /api/v1/compare/snapshots
GET /api/v1/compare/snapshots/{token}
PATCH /api/v1/compare/snapshots/{token}
DELETE /api/v1/compare/snapshots/{token}
Snapshots are scoped to a session cookie so each browser manages its own list. Public snapshot links are read-only, while edit/delete actions are limited to the creator browser via the loglynx_compare_owner cookie. Expired snapshots are shown as expired rather than active.
Multi-Channel Alerting (/alerts)
The new Alerting page lets you create threshold-based traffic rules and send notifications through multiple channels.
- Supported channels: Discord, Email/SMTP, Telegram, and generic HTTPS webhooks
- Rule conditions support recent-window evaluation, thresholds, severity, cooldowns, and grouped alerts
- Channel assignments can be managed from a rule x channel matrix
- Channels can be marked as default for newly created rules
- Discord supports
@everyonemention policy:never,critical, oralways - Email and Telegram preserve existing secrets when editing a channel with the secret field left empty
- The UI warns when a cooldown is shorter than
ALERTS_EVAL_INTERVAL, because the server evaluates rules at that interval
New API endpoints:
GET /api/v1/alerts/status
GET /api/v1/alerts/presets
POST /api/v1/alerts/test-condition
GET /api/v1/alerts/rules
POST /api/v1/alerts/rules
GET /api/v1/alerts/rules/{id}
PUT /api/v1/alerts/rules/{id}
DELETE /api/v1/alerts/rules/{id}
POST /api/v1/alerts/rules/{id}/test
GET /api/v1/alerts/channels
POST /api/v1/alerts/channels
GET /api/v1/alerts/channels/{id}
PUT /api/v1/alerts/channels/{id}
DELETE /api/v1/alerts/channels/{id}
POST /api/v1/alerts/channels/{id}/test
GET /api/v1/alerts/assignments
PUT /api/v1/alerts/assignments
IP Tagging
Assign a friendly name and comma-separated tags to any IP address. Tags appear across the dashboard wherever that IP is shown, making it easy to identify internal services, CDN egress nodes, or monitoring bots.
New API endpoints:
POST /api/v1/ip/tags
GET /api/v1/ip/tags
GET /api/v1/ip/tags/{ip}
DELETE /api/v1/ip/tags/{ip}
Global Real-time Bandwidth Rate
The real-time metrics stream now includes a bandwidth_rate field (bytes/second) at both the global level and per-IP level, enabling live bandwidth consumption graphs.
{
"bandwidth_rate": 1048576.5,
"top_ips": [
{ "ip": "1.2.3.4", "bandwidth": 5242880, "bandwidth_rate": 349525.3 }
]
}IP Drilldown in Traffic Page
The Traffic page now supports richer drilldowns without navigating away from the page.
- Click an IP to open a panel with request counts, bandwidth, top paths, and recent requests
- Click device, country, ASN, and heatmap cells to drill into those dimensions
Specific ASNuses a populated selector backed by/api/v1/stats/top/asns- Overview
Bandwidth Usedlinks directly to the bandwidth drilldown
Widget v2
The embeddable widget was redesigned for compact iframe usage.
- Extracted CSS and JavaScript from
widget.htmlinto static assets - New tabs:
Live,1h,24h,7d, and30d - Compact layout for small iframes
- Timeline hover tooltip
- Bandwidth and average response metrics
Version Update Notifications
The sidebar now shows a notification badge when a new LogLynx version is available, with a direct link to the release.
Built-in Container Healthcheck
The Docker image now uses the LogLynx binary for healthchecks, which works with the distroless runtime image.
healthcheck:
test: ["CMD", "/usr/local/bin/loglynx", "healthcheck"]
interval: 30s
timeout: 5s
retries: 3
start_period: 20sThe image intentionally does not include /bin/sh, bash, curl, or wget.
Supported Log Source Documentation
New wiki pages document every built-in parser:
- Traefik
- Caddy
- Nginx
- Apache
- HAProxy
New Environment Variables
| Variable | Default | Description |
|---|---|---|
DASHBOARD_ENABLED |
true |
Serve the web dashboard; set false for API-only deployments |
SPLASH_SCREEN_ENABLED |
true |
Show loading splash on startup |
LOGLYNX_USAGE_TELEMETRY |
true |
Anonymous heartbeat telemetry (opt-out with false) |
LOGLYNX_USAGE_TELEMETRY_ENDPOINT |
"" |
Override the telemetry collector URL |
LOGLYNX_USAGE_TELEMETRY_INTERVAL |
1h |
Heartbeat interval |
ALERTS_ENABLED |
true |
Enable alert rule evaluation |
ALERTS_EVAL_INTERVAL |
30s |
Alert rule evaluation interval |
TIMEZONE |
UTC |
Dashboard timezone; falls back to Docker TZ if unset |
WIDGET_ENABLED |
true |
Enable widget page and endpoints |
New API Endpoints Summary
| Method | Path | Description |
|---|---|---|
POST |
/api/v1/stats/compare |
Multi-period comparison |
POST |
/api/v1/compare/snapshots |
Create shareable snapshot |
GET |
/api/v1/compare/snapshots |
List session snapshots |
GET |
/api/v1/compare/snapshots/{token} |
Retrieve snapshot by token |
PATCH |
/api/v1/compare/snapshots/{token} |
Update snapshot (active/expiry) |
DELETE |
/api/v1/compare/snapshots/{token} |
Delete snapshot |
POST |
/api/v1/ip/tags |
Create or update IP tag |
GET |
/api/v1/ip/tags |
List all IP tags |
GET |
/api/v1/ip/tags/{ip} |
Get tags for a specific IP |
DELETE |
/api/v1/ip/tags/{ip} |
Remove all tags for an IP |
GET |
/api/v1/alerts/status |
Alerting engine status |
GET |
/api/v1/alerts/presets |
Alert rule presets |
POST |
/api/v1/alerts/test-condition |
Test an alert condition |
GET |
/api/v1/alerts/rules |
List alert rules |
POST |
/api/v1/alerts/rules |
Create alert rule |
GET |
/api/v1/alerts/rules/{id} |
Get alert rule |
PUT |
/api/v1/alerts/rules/{id} |
Update alert rule |
DELETE |
/api/v1/alerts/rules/{id} |
Delete alert rule |
POST |
/api/v1/alerts/rules/{id}/test |
Send test notification for a rule |
GET |
/api/v1/alerts/channels |
List alert channels |
POST |
/api/v1/alerts/channels |
Create alert channel |
GET |
/api/v1/alerts/channels/{id} |
Get alert channel |
PUT |
/api/v1/alerts/channels/{id} |
Update alert channel |
DELETE |
/api/v1/alerts/channels/{id} |
Delete alert channel |
POST |
/api/v1/alerts/channels/{id}/test |
Test alert channel |
GET |
/api/v1/alerts/assignments |
List rule/channel assignments |
PUT |
/api/v1/alerts/assignments |
Update rule/channel assignments |
API Changes
POST /api/v1/stats/summary and all stats endpoints
A new excluded_ips[] query parameter lets you exclude a list of manually specified IP addresses from results (in addition to exclude_own_ip):
?exclude_own_ip=true&excluded_ips[]=10.0.0.5&excluded_ips[]=10.0.0.6
During ingestion
Heavy analytics endpoints and comparison pages return 503 while ingestion is active so imports can finish safely. /api/v1/version and /api/v1/stats/log-processing remain available.
Real-time metrics, new fields
GET /api/v1/realtime/metrics and the SSE stream now include:
| Field | Type | Description |
|---|---|---|
bandwidth_rate |
float64 | Global bandwidth in bytes/second |
top_ips[].bandwidth |
int64 | Total bytes in the current window for this IP |
top_ips[].bandwidth_rate |
float64 | Bandwidth rate for this IP in bytes/second |
Security, Go Standard Library CVEs Fixed
Go was upgraded from 1.25.8 → 1.25.11. This resolves 12 standard library CVEs, including vulnerabilities in net/http, crypto/tls, encoding/json, and path/filepath. No application code changes were required.
The upgrade is reflected in:
go.mod(go 1.25.11+toolchain go1.25.11)Dockerfile(FROM golang:1.25.11).github/workflows/ci.yml(go-version: '1.25.11')
Performance Improvements
- New database indexes on frequently queried columns improve analytics query response times significantly for large datasets
- All-time summary, response-time, top IP, and timeline queries were optimized without adding caching
- All-time timelines use monthly buckets for very large ranges
- Default
METRICS_INTERVALcorrected to1s(was5sin documentation; actual default was already1sin code)
Bug Fixes
- Fixed duplicate
/ip/tagspath definition inopenapi.yaml - Fixed TLS ClientHello fragmentation over Docker bridge networks by forcing TLS 1.2 with a minimal cipher suite set (~300 bytes vs ~1569 bytes for TLS 1.3 with full extensions), resolving telemetry handshake failures behind Cloudflare
- Removed stale
hostvariable reference in telemetry error handler - Fixed real-time bandwidth charts and KPIs after pause/resume
- Fixed filtered real-time streams and snapshot fallback
bandwidth_ratevalues - Fixed Compare Periods chart hover offsets by wrapping canvases consistently
- Fixed timezone handling so
TIMEZONEfalls back to Docker's standardTZvariable beforeUTC
Upgrade Guide
From v1.x
No breaking changes to existing API endpoints. All new endpoints are additive.
- Pull the new Docker image (
k0lin/loglynx:2.0.0) - Database migrations run automatically on startup (new IP tag, comparison snapshot, and alerting tables/fields)
- Review new environment variables, defaults are safe; no action required unless you want to opt out of telemetry, dashboard/splash behavior, widgets, or alert evaluation
- If you define a Compose healthcheck yourself, use
test: ["CMD", "/usr/local/bin/loglynx", "healthcheck"]instead ofcurlor/bin/sh
To opt out of telemetry:
LOGLYNX_USAGE_TELEMETRY=falseFull Changelog: v1.1.0...v2.0.0