Blocking Queries

When necessary, LogScale can be configured to prevent queries from executing. There are many scenarios in which one might consider blocking a query or a pattern that matches many queries. For instance, a query pattern may use a large portion of the system's resources. Or a particular query is known to be used for malicious purposes (e.g., searching for secure secrets). Or it may be that a log line contains information that should never want searched.

Blocks can be added by defining the following conditions:

  • Based on a regular expression using the standard LogScale regular expression mechanics

  • Based on an exact matching query, explicitly matching the defined string.

  • Either against a specific Repository or all repositories.

Screenshot of the Query Administration Blocklist interface showing a tabular view of currently blocked queries. The table displays columns for Pattern (query string or regex being blocked), Type (Exact Match or Regular Expression), Expiration time, and target View/Repository. This administrative interface allows LogScale administrators to view, manage, and configure query restrictions to prevent execution of problematic or resource-intensive queries across the system.

Figure 12. Query Administration Blocklist


The list of currently blocked queries is shown in the Blocklist page and includes the following information:

To use the GraphQL API to get a list of blocked queries, see the blockedQueries() documentation page.

  • Pattern

    The string or regular expression of the query that is blocked.

  • Type

    Whether the block is based on an Exact Match or Regular Expression.

  • Expires

    When the block expires.

  • View/Repo

    The view or repository to which the block applies.