A command-line log analysis tool with embedded Rhai scripting
MODES:
(default) Sequential processing - best for streaming/interactive use
--parallel Parallel processing - best for high-throughput batch analysis
Usage: kelora [OPTIONS] [FILES]...
Arguments:
[FILES]...
Input files (stdin if not specified, or use "-" to explicitly specify stdin)
Options:
-h, --help
Print help (see a summary with '-h')
-V, --version
Print version
Input Options:
-f, --format <FORMAT>
Input format. Supports standard formats (json, line, csv, etc.) and cols:<spec> for column parsing. Example: -f json, -f 'cols:ts(2) level - *msg'
[default: line]
-j
Shortcut for -f json
--file-order <FILE_ORDER>
File processing order
[default: cli]
[possible values: cli, name, mtime]
--skip-lines <SKIP_LINES>
Skip the first N input lines
--keep-lines <KEEP_LINES>
Keep only input lines matching this regex pattern (applied before ignore-lines)
--ignore-lines <IGNORE_LINES>
Ignore input lines matching this regex pattern
--ts-field <TS_FIELD>
Custom timestamp field name for parsing
--ts-format <TS_FORMAT>
Custom timestamp format for parsing (uses chrono format strings)
--input-tz <INPUT_TZ>
Assume timezone for input timestamps without timezone info (default: UTC). Use 'local' for system local time. Examples: 'UTC', 'local', 'Europe/Berlin'
-M, --multiline <MULTILINE>
Multi-line event detection strategy
--extract-prefix <EXTRACT_PREFIX>
Extract text before separator to specified field (runs before parsing)
--prefix-sep <PREFIX_SEP>
Separator string for prefix extraction (default: pipe '|')
[default: |]
--cols-sep <COLS_SEP>
Column separator for cols:<spec> format (default: whitespace)
Processing Options:
--begin <BEGIN>
Pre-run a Rhai script. Use it to populate the global `conf` map with shared, read-only data.
Functions (usable only here): read_lines(path) → Array<String> # UTF-8, one element per line read_file(path) → String # UTF-8, full file
Data written to `conf` becomes read-only for the rest of the run.
--filter <FILTERS>
Boolean filter expressions
-e, --exec <EXECS>
Transform/process exec scripts
-E, --exec-file <EXEC_FILES>
Execute script from file
--end <END>
Run once after processing
--allow-fs-writes
Allow Rhai scripts to create directories and write files on disk (disabled by default for safety)
--window <WINDOW_SIZE>
Enable access to a sliding window of N+1 recent events
Error Handling:
--strict
Exit on first error (fail-fast behavior)
--no-strict
Disable strict error handling (resilient mode)
-v, --verbose...
Show detailed error information (use multiple times for more verbosity: -v, -vv, -vvv)
-q, --quiet...
Quiet mode with multiple levels: -q: suppress kelora diagnostics (errors, stats) -qq: additionally suppress event output (-F none) -qqq: additionally suppress script side effects (print/eprint)
Filtering Options:
-l, --levels <LEVELS>
Include only events with these log levels
-L, --exclude-levels <EXCLUDE_LEVELS>
Exclude events with these log levels
-k, --keys <KEYS>
Output only specific fields
-K, --exclude-keys <EXCLUDE_KEYS>
Exclude specific fields from output
--since <SINCE>
Start showing entries on or newer than the specified date
--until <UNTIL>
Stop showing entries on or older than the specified date
--take <TAKE>
Limit output to the first N events
-B, --before-context <BEFORE_CONTEXT>
Show N lines before each match (requires filtering)
-A, --after-context <AFTER_CONTEXT>
Show N lines after each match (requires filtering)
-C, --context <CONTEXT>
Show N lines before and after each match (requires filtering)
Output Options:
-F, --output-format <OUTPUT_FORMAT>
Output format
[default: default]
[possible values: json, default, logfmt, inspect, levelmap, csv, tsv, csvnh, tsvnh, none]
-J
Shortcut for -F json
-c, --core
Output only core fields
-o, --output-file <OUTPUT_FILE>
Output file for formatted events
Default Format Options:
-b, --brief
Output only field values
-P, --pretty
Pretty-print nested values
--wrap
Enable word-wrapping (default: enabled)
--no-wrap
Disable word-wrapping
--pretty-ts <PRETTY_TS>
Comma-separated list of fields to format as RFC3339 timestamps
-z
Auto-format all known timestamp fields as local RFC3339
-Z
Auto-format all known timestamp fields as UTC RFC3339
Display Options:
--force-color
Force colored output
--no-color
Disable colored output
--mark-gaps <DURATION>
Insert a centered marker when the time delta between events exceeds the given duration
--no-emoji
Disable emoji prefixes
Performance Options:
--parallel
Enable parallel processing
--no-parallel
Disable parallel processing
--threads <THREADS>
Number of worker threads
[default: 0]
--batch-size <BATCH_SIZE>
Batch size for parallel processing
--batch-timeout <BATCH_TIMEOUT>
Batch timeout in milliseconds
[default: 200]
--unordered
Disable ordered output
Metrics and Stats:
-s, --stats
Show processing statistics
--no-stats
Disable processing statistics
-S, --stats-only
Show processing statistics with no output
-m, --metrics
Show tracked metrics
--no-metrics
Disable tracked metrics
--metrics-file <METRICS_FILE>
Write metrics to file (JSON format)
Configuration Options:
-a, --alias <ALIAS>
Use alias from configuration file
--config-file <CONFIG_FILE>
Specify custom configuration file path
--show-config
Show configuration file and exit
--ignore-config
Ignore configuration file
Help Options:
--help-rhai
Show Rhai scripting guide and exit
--help-functions
Show available Rhai functions and exit
--help-time
Show time format help and exit
--help-multiline
Show multiline strategy help and exit