From 9316584b1ceab96164a9ed8ad5becee1a2c83e2c Mon Sep 17 00:00:00 2001
From: z63d <kaita.nakamura0830@gmail.com>
Date: Wed, 5 Feb 2025 09:34:38 +0900
Subject: [PATCH] docs: fix the Example jq filter in Observability Policies

Signed-off-by: Kaita Nakamura <kaita.nakamura0830@gmail.com>
---
 docs/content/en/docs/policy-library/observability/_index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/content/en/docs/policy-library/observability/_index.md b/docs/content/en/docs/policy-library/observability/_index.md
index b86c06e2020..eb91573779a 100644
--- a/docs/content/en/docs/policy-library/observability/_index.md
+++ b/docs/content/en/docs/policy-library/observability/_index.md
@@ -158,7 +158,7 @@ No policy needs to be loaded, standard process execution observability is suffic
 ### Example jq Filter
 
 ```shell
-jq 'select(.process_exec != null) | select(.process_exec.process.binary_properties != null) | select(.process_exec.process.binary_properties.privileges_changed != null) | "\(.time) \(.process_exec.process.pod.namespace) \(.process_exec.process.pod.name) \(.process_exec.process.binary) \(.process_exec.process.arguments) uid=\(.process_exec.process.process_credentials.uid) euid=\(.process_exec.process.process_credentials.euid)  gid=\(.process_exec.process.process_credentials.gid) egid=\(.process_exec.process.process_credentials.egid) caps=\(.process_exec.process.cap) binary_properties=\(.process_exec.process.binary_properties)"''
+jq 'select(.process_exec != null) | select(.process_exec.process.binary_properties != null) | select(.process_exec.process.binary_properties.privileges_changed != null) | "\(.time) \(.process_exec.process.pod.namespace) \(.process_exec.process.pod.name) \(.process_exec.process.binary) \(.process_exec.process.arguments) uid=\(.process_exec.process.process_credentials.uid) euid=\(.process_exec.process.process_credentials.euid)  gid=\(.process_exec.process.process_credentials.gid) egid=\(.process_exec.process.process_credentials.egid) caps=\(.process_exec.process.cap) binary_properties=\(.process_exec.process.binary_properties)"'
 ```
 
 ### Example Output