From d6a275c4ef5a5a75a6d7d5d999e3eca617a288f5 Mon Sep 17 00:00:00 2001 From: Gabe Torres Date: Tue, 6 May 2025 12:48:04 -0700 Subject: [PATCH] add note about siem integration --- docs/admin/observability/logs.mdx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/admin/observability/logs.mdx b/docs/admin/observability/logs.mdx index c8f8cdc07..e2b031c5c 100644 --- a/docs/admin/observability/logs.mdx +++ b/docs/admin/observability/logs.mdx @@ -18,7 +18,8 @@ Learn more about how to apply these environment variables in [docker-compose](/a ## Log format -A Sourcegraph service's log output format is configured via the environment variable `SRC_LOG_FORMAT`. The valid values are: +A Sourcegraph service's log output format is configured via the environment variable `SRC_LOG_FORMAT`. This design facilitates integration with external log aggregation systems and SIEM tools for centralized analysis, monitoring, and alerting. +The valid values are: * `condensed`: Optimized for human readability. * `json`: Machine-readable JSON format. @@ -71,7 +72,7 @@ Note that this will also affect child scopes. So in the example you will also re ## Log sampling -Sourcegraph services that have migrated to the [new internal logging standard](/dev/how-to/add_logging) have log sampling enabled by default. +Sourcegraph services have log sampling enabled by default. The first 100 identical log entries per second will always be output, but thereafter only every 100th identical message will be output. This behaviour can be configured for each service using the following environment variables: