percona · patrickbirch · Dec 16, 2025 · Dec 5, 2025
diff --git a/docs/audit-log-filter-restrictions.md b/docs/audit-log-filter-restrictions.md
@@ -24,3 +24,5 @@ The Audit Log Filter has the following general restrictions:
   As by default the content of the `mysql.audit_log_filter` and `mysql.audit_log_user` tables may be replicated from source to replica and may affect audit log rules created on the replica, it is recommended to configure replication in such a way that the changes in these tables are simply ignored.
 
   Please notice that just changing the content of these tables (via replication channel) is not enough to automatically make changes to in-memory data structures in the `audit_log_filter` component that store information about active audit log filtering rules. However, this may happen after component reloading / server restart or manually calling `audit_log_filter_flush()`.
+
+* Filter only on string values. The audit log filter does not filter on integer values. All filter criteria must be specified as strings, even when the underlying value is numeric. For example, `connection_id` values must be specified as strings (for example, `"123"` rather than `123`), and status values must be specified as `"0"` or `"1"` rather than `0` or `1`. If you use integer values in your filter definition, you will see the error: `ERROR: Incorrect rule definition.`
diff --git a/docs/filter-audit-log-filter-files.md b/docs/filter-audit-log-filter-files.md
@@ -69,6 +69,9 @@ You can assign filters to a specific user account or disassociate a user account
 | status Filter    | `0`: Successful operations                                                      |
 |                  | `1`: Failed operations                                                          |
 
+!!! note "Filter definition"
+    Status values must be specified as strings (for example, `"0"`, `"1"`). The audit log filter does not filter on integer values, only on string values. If you use integer values, you will see the error: `ERROR: Incorrect rule definition.`
+
 ### Examples
 
 Create simple filters
@@ -176,3 +179,6 @@ mysql> SELECT audit_log_filter_set_filter('log_disconnect', '{
 | thread_id   | Filters by specific MySQL thread identifiers | ["12345", "67890"]             | Actions within a particular database thread |
 | query_time  | Filters based on query execution duration   | N/A                            | Long-running or quick queries             |
 
+!!! note "Filter definition"
+    Status, thread ID, and connection ID values must be specified as strings (for example, `"0"`, `"1"`, `"12345"`). The audit log filter does not filter on integer values, only on string values. If you use integer values, you will see the error: `ERROR: Incorrect rule definition.`
+
diff --git a/docs/write-filter-definitions.md b/docs/write-filter-definitions.md
@@ -335,6 +335,9 @@ This example defines a filter that `excludes` (negate: true) all table access ev
 }
 ```
 
+!!! note "Filter definition"
+    In the filter definitions shown in this example, status values are displayed as integers for readability, but they must be specified as strings in your actual filter definitions (for example, `"status": ["0"]` or `"status": ["1"]`). The audit log filter does not filter on integer values, only on string values. This applies to all numeric filter criteria, including `connection_id`, `thread_id`, and `status`. If you use integer values, you will see the error: `ERROR: Incorrect rule definition.`
+
 This filter captures failed update/delete modifications by admin and developer users in the financial database and successful connections for the `external_service` user
 
 ## Best practices
@@ -401,7 +404,12 @@ SELECT audit_log_filter_set_filter('financial_tracking', '{
     ]
   }
 }');
+```
 
+!!! note "Filter definition"
+    In the filter definition shown in this example, status values are displayed as integers (`[0, 1]`) for readability, but they must be specified as strings in your actual filter definitions (for example, `"status": ["0", "1"]`). The audit log filter does not filter on integer values, only on string values. This applies to all numeric filter criteria, including `connection_id`, `thread_id`, and `status`. If you use integer values, you will see the error: `ERROR: Incorrect rule definition.`
+
+```sql
 -- Assign the filter to all users
 SELECT audit_log_filter_set_user('%', '%', 'financial_tracking');
 ```
Original file line number	Diff line number	Diff line change
Expand Up		@@ -24,3 +24,5 @@ The Audit Log Filter has the following general restrictions:
		As by default the content of the `mysql.audit_log_filter` and `mysql.audit_log_user` tables may be replicated from source to replica and may affect audit log rules created on the replica, it is recommended to configure replication in such a way that the changes in these tables are simply ignored.

		Please notice that just changing the content of these tables (via replication channel) is not enough to automatically make changes to in-memory data structures in the `audit_log_filter` component that store information about active audit log filtering rules. However, this may happen after component reloading / server restart or manually calling `audit_log_filter_flush()`.

		* Filter only on string values. The audit log filter does not filter on integer values. All filter criteria must be specified as strings, even when the underlying value is numeric. For example, `connection_id` values must be specified as strings (for example, `"123"` rather than `123`), and status values must be specified as `"0"` or `"1"` rather than `0` or `1`. If you use integer values in your filter definition, you will see the error: `ERROR: Incorrect rule definition.`