kelora 0.10.0

A command-line log analysis tool with embedded Rhai scripting
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

# Kelora

**Scriptable log processor for the command line.**

Parse messy logs into structured events, then filter, transform, and analyze them with embedded [Rhai](https://rhai.rs) scripting (a Rust-based scripting language with JavaScript-like syntax).

!!! note "Development Status"
    Pre-1.0 tool generated entirely by AI agents. Validated by a large test suite and Rust security tools; see [Development Approach](#development-approach) and the [Security Policy](https://github.com/dloss/kelora/blob/main/SECURITY.md) before relying on it in production. APIs might change without notice before v1.0.

## Quick Examples

**Detect problems** - Filter server errors and slow requests. Each log line becomes an event (`e`) you can query with expressions like `e.status >= 500`:

=== "Command/Output"

    ```bash exec="on" source="above" result="ansi"
    kelora -f logfmt examples/traffic_logfmt.log \
      --filter 'e.status.to_int() >= 500 || e.latency_ms.to_int() > 1200'
    ```

=== "Log Data"

    ```bash exec="on" result="ansi"
    cat examples/traffic_logfmt.log
    ```

**Parse custom formats and extract structured data** - Name columns by position, with `*message` capturing everything remaining, then extract nested key-value pairs:

=== "Command/Output"

    ```bash exec="on" source="above" result="ansi"
    kelora -f 'cols:ts level service request_id *message' examples/release_pipe.log \
      --cols-sep '|' \
      --levels warn,error \
      --exec 'e.absorb_kv("message")' \
      -F json
    ```

=== "Log Data"

    ```bash exec="on" result="ansi"
    cat examples/release_pipe.log
    ```

**Enrich events with recent context** - Keep recent events in a sliding window to analyze patterns and add context:

=== "Command/Output"

    ```bash exec="on" source="above" result="ansi"
    kelora -j examples/api_errors.jsonl \
      --window 5 \
      --exec 'let err = window.filter(|x| x.level == "ERROR");
              if err.len() > 0 { e.ctx = err[0].error; }' \
      --keys timestamp,endpoint,ctx \
      -F logfmt
    ```

=== "Log Data"

    ```bash exec="on" result="ansi"
    cat examples/api_errors.jsonl
    ```

## Why Kelora

Choose Kelora when you need **programmable log processing** in one streaming pipeline—filtering, transforming, and analyzing structured events with embedded scripts.

**Reach for Kelora when:**

- You're processing small to medium logs (a few hundred thousand lines; Kelora is slow)
- You need multi-stage transformations (parse → filter → enrich → filter)
- Your logs mix formats or use custom delimiters
- You want windowed analysis (error bursts, sliding metrics)
- You're chaining grep + awk + jq + custom scripts

**Use specialized tools for:**

- Simple text search: `grep`/`rg` (50-100× faster)
- Basic field extraction: `awk` (faster for simple splits)
- Pure JSON queries: `jq` (ubiquitous, similar speed)
- Interactive exploration: `lnav` (TUI with SQL)
- CSV analytics: `qsv`/`miller` (faster for stats)
- Large logs (millions of events): `loki`/`victoria-logs`/`openobserve` (production log systems)

Kelora trades raw speed for expressiveness. See [Performance Comparisons](concepts/performance-comparisons.md) for benchmarks and the full decision matrix.

## Integrate With

Pipe Kelora's output to: **jq** (JSON transforms) · **lnav** (interactive TUI) · **SQLite/DuckDB** (SQL queries) · **qsv/miller** (CSV analytics) · **rare** (visualizations)

See [Integrate Kelora with External Tools](how-to/integrate-external-tools.md) for 18 tools and usage patterns.

## Get Started

**[→ Quickstart (5 minutes)](quickstart.md)** - Install and run your first commands

**[→ Tutorial: Basics (30 minutes)](tutorials/basics.md)** - Learn input formats, filtering, and output

**[→ Troubleshooting](troubleshooting.md)** - Fix common issues and debug effectively

**[→ How-To Guides](how-to/index.md)** - Solve specific problems

For deeper understanding, see [Concepts](concepts/index.md). For complete reference, see [Glossary](glossary.md), [Functions](reference/functions.md), [Formats](reference/formats.md), and [CLI options](reference/cli-reference.md).

## License

Kelora is open source software licensed under the [MIT License](https://github.com/dloss/kelora/blob/main/LICENSE).

## Development Approach

Kelora is an experiment in agentic AI development. Claude Code (Sonnet 4.5) and Codex CLI (gpt-5-codex) generate all implementation and tests; I steer requirements but do not write or review code. Validation relies on the automated test suite plus `cargo audit` and `cargo deny`, so please inspect the code yourself before relying on it in production and expect the API to evolve until 1.0. This is a spare-time, single-developer project, so support and updates are best-effort.