From 91720349b78a77ffd1251d437a8cef9fdc5d32ba Mon Sep 17 00:00:00 2001
From: Joachim Metz <joachim.metz@gmail.com>
Date: Sun, 12 Jun 2022 06:43:20 -0700
Subject: [PATCH] Added documentation about PATH value type helpers #3703
 (#4141)

---
 docs/sources/user/Event-filters.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/sources/user/Event-filters.md b/docs/sources/user/Event-filters.md
index 65124b1ebd..8acbdfdb7c 100644
--- a/docs/sources/user/Event-filters.md
+++ b/docs/sources/user/Event-filters.md
@@ -111,6 +111,22 @@ DATETIME(0)
 DATETIME("2020-12-23T12:34:56.789")
 ```
 
+### Path value helper
+
+The path helper is:
+```
+PATH(str)
+```
+
+It allows to check a path on a per path segment basis.
+
+For example the path helper:
+```
+path contains PATH('bin')
+```
+
+Will match `/usr/bin` and `/usr/local/bin` but not `/usr/local/sbin`.
+
 ## References
 
 * [log2timeline filtering 101](http://blog.kiddaland.net/2012/12/log2timeline-filtering-101.html)