diff --git a/doc/frameworks/logging-input-sqlite.rst b/doc/frameworks/logging-input-sqlite.rst
index 7c8c848c5f..370c8d8573 100644
--- a/doc/frameworks/logging-input-sqlite.rst
+++ b/doc/frameworks/logging-input-sqlite.rst
@@ -235,3 +235,5 @@ returns with a result, we had a hit against our malware-database and output the
             Input::remove(name);
         }
 
+If you run this script against the trace in ``testing/btest/Traces/ftp/ipv4.trace``, you
+will get one hit.