A small tool to view json log files.
fblog -a message -a "status > a" sample_nested.json.log
If your query docker or kubectl for multiple pods it will prefix the log
lines: PODNAME | {"message": "test"}
. fblog
can parse this and add
it to the message. Just use -p
.
To filter log messages it is possible to use lua. If you are unsure
which variables are available you can use --print-lua
to see the code
generated by fblog.
fblog -f 'level ~= "info"' # will print all message where the level is not info
fblog -f 'process == "play"' # will print all message where the process is play
fblog -f 'string.find(fu, "bow.*") ~= nil' # will print all messages where fu starts with bow
fblog -f 'process == "play"' # will print all message where the process is play
fblog -f 'process == "rust" and fu == "bower"'
fblog --no-implicit-filter-return-statement -f 'if 3 > 2 then return true else return false end'
# not valid lua identifiers like log.level gets converted to log_level.
# Every character that is not _ or a letter will be converted to _
fblog -d -f 'log_level == "WARN"' sample_elastic.log
# nested fields are converted to lua records
fblog -d -f 'status.a == 100' sample_nested.json.log
# array fields are converted to lua tables (index starts with 1)
fblog -d -f 'status.d[2] == "a"' sample_nested.json.log
fblog
tries to detect the message, severity and timestamp of a log
entry. This behavior can be customized. See --help
for more
information.
You can customize fblog messages: Format output:
fblog -p --main-line-format "{{#if short_message}}{{ red short_message }}{{/if}}" sample.json.log
The following sanitized variables are provided by fblog:
- fblog_timestamp
- fblog_level
- fblog_message
- fblog_prefix
For the default formatting see --help
Nested values are registered as objects. So you can use nested.value
to access nested values.
handlebar helpers:
- bold
- yellow
- red
- blue
- purple
- cyan
- green
- color_rgb 0 0 0
- uppercase
- level_style
- fixed_size 10
fblog
disables color output if the NO_COLOR
environment variable is
present.
Placeholders in the message (fblog_message
) can be substituted with
their corresponding values in a context object or array. To enable
substitutions, pass the -s
flag or either set context key
(-c context
) or placeholder format (-F {key}
).
Note that the placeholder format should be written like
<PREFIX>key<SUFFIX>
, where it would match a placeholder with the key
key
.
Given the following log (referred to as example.log
):
{"message": "Found #{count} new items.", "extra_data": {"count": 556}, "level": "info"}
Running with the following arguments:
fblog -c extra_data -F '#{key}' example.log
Result:
cargo install fblog
Available in package managers: AUR, brew
fblog
does not support native log tailing but this is easily
achiveable.
tail -f file | fblog
Or with kubernetes tooling for example
kubectl logs -f ... | fblog
In general you can pipe any endless stream to fblog.
fblog --generate-completions <shell>
fblog
reads its configuration from a file called fblog.toml
, which is located
Linux: $XDG_CONFIG_HOME
or $HOME/.config
Windows: {FOLDERID_RoamingAppData}
macOS: $HOME/Library/Application Support
If the file does not exist or is empty this is the default config.