kelora 1.5.0

A command-line log analysis tool with embedded Rhai scripting
Documentation

Kelora logo

Kelora

CI Crates.io Documentation

Turn messy logs into structured data.

Kelora is a scriptable log processor for the command line. Parse structured and semi-structured logs, filter with embedded Rhai, and analyze streams with built-in metrics. Handles JSON, logfmt, syslog, CSV/TSV, gzip, and more.

Watch Hack the Clown's 5-minute introduction video to see Kelora in action.

Quick Example

kelora examples/quickstart.log -f 'cols:ts(3) level *msg' -l error -e 'e.absorb_kv("msg")' --normalize-ts -J

Input (unstructured logs with embedded key=value pairs):

Jan 15 10:00:15 ERROR Payment timeout order=1234 gateway=stripe duration=5s
Jan 15 10:00:22 ERROR Gateway unreachable host=stripe.com
Jan 15 10:00:28 ERROR Authentication failed user=admin ip=192.168.1.50 reason=invalid_token

Output (structured JSON with extracted fields):

{"ts":"2025-01-15T10:00:15+00:00","level":"ERROR","msg":"Payment timeout","order":"1234","gateway":"stripe","duration":"5s"}
{"ts":"2025-01-15T10:00:22+00:00","level":"ERROR","msg":"Gateway unreachable","host":"stripe.com"}
{"ts":"2025-01-15T10:00:28+00:00","level":"ERROR","msg":"Authentication failed","user":"admin","ip":"192.168.1.50","reason":"invalid_token"}

Kelora also handles live streams: tail -f app.log | kelora -j -l error,warn.

Interactive Mode: Run kelora without arguments to enter an interactive REPL with readline support, automatic glob expansion, and command history—especially helpful on Windows where shell quoting is difficult.

When to Use Kelora

Kelora trades speed for programmability—slower than grep/awk/jq, but adds stateful scripting for complex transformations. Use it when your logs are messy (semi-structured text or embedded JSON/logfmt fields), need stateful logic (counters, windowed metrics, lookup tables), or are chaining multiple tools. For simple text search use grep, for JSON queries use jq.

See Power-User Techniques for JWT parsing, cryptographic pseudonymization, pattern normalization, and deterministic sampling.

Installation

macOS (Homebrew):

brew tap dloss/kelora
brew install kelora

Download pre-built binaries:

Platform Download
Windows (x64) kelora-x86_64-pc-windows-msvc.zip
macOS (Apple Silicon) kelora-aarch64-apple-darwin.tar.gz
macOS (Intel) kelora-x86_64-apple-darwin.tar.gz
Linux (x64) kelora-x86_64-unknown-linux-musl.tar.gz
Linux (ARM64) kelora-aarch64-unknown-linux-musl.tar.gz
Other platforms All releases (ARMv7, FreeBSD, OpenBSD)

Linux packages: .deb and .rpm also available.

Extract the archive and add the kelora binary to your PATH.

Or install via Cargo:

cargo install kelora

Kelora follows semver starting with v1.0—CLI flags and Rhai functions are stable.

Documentation

📚 Read the full documentation at kelora.dev

Examples

The examples/ directory contains 60+ sample log files covering JSON, logfmt, syslog, CSV, and more. Use them to test filters, transformations, and edge cases.

For common patterns and usage recipes, run:

kelora --help-examples

License

Kelora is open source software licensed under the MIT License.

Development Approach

Kelora is an experiment in agentic AI development using vibe-coding. AI agents generate all implementation and tests; I steer requirements but do not write or review code. Validation relies on the automated test suite plus cargo audit and cargo deny.

This is a spare-time, single-developer project, so support and updates are best-effort.