Log-Rift parses logs from multiple formats, filters by level, source, message pattern, or time range, and outputs results as a table, JSON, or CSV.
- Multi-format parsing: JSON, logfmt/key-value, and common text log formats (ISO timestamps, bracketed, syslog, plain prefix)
- Filter by minimum log level, source substring, message pattern, or time range
- Parallel file loading via Rayon
- Output as pretty table, JSON, or CSV
- Zero runtime dependencies in the output binary
Prerequisites: Rust 1.70 or later. Install from rustup.rs.
git clone https://github.com/sha-wrks/Log-Rift.git
cd Log-Rift
cargo build --releaseThe compiled binary will be at target/release/logagg.exe (Windows) or target/release/logagg (Linux/macOS).
Optionally, install to your PATH:
cargo install --path .logagg [OPTIONS] [FILES...]
If no files are provided, logagg reads from stdin.
| Flag | Description |
|---|---|
-l, --level <LEVEL> |
Minimum log level: trace, debug, info, warn, error, fatal |
-s, --source <SOURCE> |
Filter by source name (substring match, case-insensitive) |
-m, --message <PATTERN> |
Filter messages containing pattern (case-insensitive) |
--from <DATETIME> |
Include entries on or after this datetime (RFC3339) |
--to <DATETIME> |
Include entries on or before this datetime (RFC3339) |
-o, --output <FORMAT> |
Output format: table (default), json, csv |
--stats |
Print summary statistics instead of log entries |
-h, --help |
Print help |
-V, --version |
Print version |
Analyze a log file and show only errors:
logagg app.log --level errorFilter by source and output as JSON:
logagg app.log --source database --output jsonShow summary statistics for a time range:
logagg app.log --from 2024-01-15T09:00:00Z --to 2024-01-15T17:00:00Z --statsPipe from another command:
kubectl logs my-pod | logagg --level warn --output csvAnalyze multiple files:
logagg logs/*.log --level error --source apiJSON
{"timestamp":"2024-01-15T12:00:00Z","level":"error","source":"app","message":"Connection failed"}
logfmt / key-value
ts=2024-01-15T12:00:00Z level=error source=app msg="Connection failed" latency=500ms
ISO timestamp text
2024-01-15T12:00:00Z ERROR [app] Connection failed
Bracketed
[2024-01-15 12:00:00] [ERROR] Connection failed
Simple prefix
ERROR: Connection failed
Log format is auto-detected per line, so mixed-format files are supported.
src/
main.rs CLI entry point (clap)
lib.rs Core types: LogEntry, LogLevel
parser/
mod.rs LogParser trait and auto-detection
json.rs JSON log parser
regex.rs Regex-based text log parser
structured.rs logfmt / key-value parser
filter/
engine.rs Filter struct and match logic
analyzer/
mod.rs LogAnalyzer builder (load, filter, analyze)
aggregator.rs Aggregation and statistics
output/
table.rs Pretty table output (prettytable-rs)
json.rs JSON output (serde_json)
csv.rs CSV output
tests/
integration_tests.rs End-to-end tests
fixtures/ Sample log files for testing
benches/
parser_bench.rs Criterion benchmarks
# Run tests
cargo test
# Run benchmarks
cargo bench
# Lint
cargo clippy
# Format
cargo fmtContributions are welcome. Please read CONTRIBUTING.md before submitting a pull request.
This project is licensed under the MIT License. See the LICENSE file for details.