AbuseFilter has various tools (such as "Examine past edits" and "Batch testing") that are supposed to help with the writing and testing of filters. These tools do not work at all with uploads, though. A simple filter consisting of action=="upload" does not trigger on anything in these test modes, whether you try to find uploads by username, file name or recent changes time interval. (In actual operation, such a filter triggers on uploads just fine.) AbuseFilter in testing mode only seems to be aware of the associated edit event that creates the file page, not the upload event itself.
Steps to reproduce: visit https://commons.wikimedia.org/wiki/Special:AbuseFilter/test (you probably need admin-ish rights), put `action=="upload" in the big textarea, check "Show changes that do not match the filter", click "Test".
Expected result: lots of hits (green checkmarks) - the test page shows the last 100 changes and this is Commons so there should be lots of uploads amongst them.
Actual result: all changes are misses. You see RC items that start with "(Upload log)" but when you click "examine" these turn out to be edit actions.
A workaround is to create a filter with just action=="upload" and no actions. That will record every upload into the abuse log, you can use the "examine" option to test them with an arbitrary filter.