β
Kelora in a Nutshell
Kelora is a fast, scriptable, CLI-native log processor. It turns messy, real-world logs into structured events, lets users filter, enrich, and analyze them using Rhai, and works great in pipelines, CI, and batch modes β all without depending on servers or dashboards.
βΈ»
π§ Settled Design Principles
Area Decision / Philosophy
Core Identity CLI tool for processing structured logs (not a viewer, shipper, or platform)
Event Model Each log line becomes an Event with typed IndexMap<String, FieldValue>
Special Fields ts, level, msg are promoted/normalized during parsing, not afterwards
Field Typing Default to String; Rhaiβs .to_*() + optional try_*() wrappers for safe coercion
Input Formats JSON, logfmt, and flexible user-defined formats via -f line + Rhai
Multiline Support β
Needed; planned via pluggable chunkers (inspired by Stelp strategies)
Emit/Fan-out β
Supported via emit_each() (suppresses original event by default)
Flattening get_path() + optional flattening with dot+bracket syntax (user.roles[0])
Error Handling Resilient by default with context-specific recovery; strict mode for fail-fast
Script Scope Inject valid keys as variables, fallback to event["non_ident"], allow --script
Parallelism Controlled via --serial, --unordered, --realtime, --batch-size, etc.
Output Formats Minimal and clean: default, JSON, logfmt (only default formatter does styling)
Type Coercion Explicit only; no auto-coercion of fields
Fan-outg emit_each() accepted as best name (alternatives evaluated)
Field Access Style e["key"], get_path(e, "a.b[0].c") for deep/nested values with safety functions
Strict Vars Mode Plan to use Engine::set_strict_variables(true) for robustness
βΈ»
π§ Implemented or Planned Features
β’ β
try_*() Rhai helpers for ergonomic field coercion
β’ β
Multiline chunkers based on indentation, regex, or date prefixes
β’ β
emit_each() with clear suppress + side-effect semantics
β’ β
Formatter cleanup (formatter_utils.rs)
β’ β
run_parallel() / run_sequential() refactor in main.rs
β’ β
Input format sniffing (--format auto)
β’ β
Metrics tables (--metrics/-m)
β’ β
Native track_*() functions (count, avg, unique, etc.)
β’ β
Benchmarking with Criterion.rs
β’ β
Fuzzing with cargo fuzz
β’ β
Resiliency model with --strict flag for fail-fast behavior
β’ β
Clean stream modes UX table (default, serial, realtime, unordered)
βΈ»
π οΈ In Development / For Immediate Focus
- Nom-based logfmt parser with robust edge case support
- Finalize field extraction and flattening strategy
- Define and inject standard kelora_std Rhai helpers with safety functions
- Build standard tests for fan-out, coercion, emit logic
- Add --config / .kelorarc for persistent options
βΈ»
𧱠Distinctive Traits vs. Other Tools
Tool Kelora Isβ¦
jq More structured, stateful, supports multiline, real scripting
awk Safer, saner, and field-aware β built for logs, not CSVs
lnav Not interactive β scriptable, batch-oriented, composable in pipelines
angle-grinder More flexible due to Rhai, chunking, tracked state, and event fan-out
Loki / Vector Not a log shipper β Kelora is a processing tool, not a system
βΈ»
β Things Youβve Decided Not to Do
- No auto-coercion of types: Leads to silent failures; better to be explicit
- No implicit fan-out from arrays: Too magical and error-prone
- No implicit flattening: Controlled flattening via helper functions only
- No plugin system or extensions: Overkill; instead expose composable functions via Rhai
βΈ»
π Your Preferences as a Developer
β’ β
Value clarity, minimalism, and control
β’ β
Tolerate complexity internally to provide clean, predictable behavior externally
β’ β
Prioritize CLI ergonomics and scriptable UX
β’ β
Prefer building blocks over opinionated automation
β’ β
Design for untrusted, inconsistent input (e.g. malformed fields, bad types)
β’ β
Have learned from previous project (klp) and want to avoid its feature creep
βΈ»
β¨ Summary Tagline
Kelora is a scriptable log processor for real-world logs.
Designed for pipelines, CI, and fast triage. One-liners in Rhai. Structured in, structured out. Nothing more β and nothing less.