loggrep 0.2.0

A smarter log parser with color-coded severity, time filtering, regex matching, and stats
loggrep-0.2.0 is not a library.

loggrep demo

What is this

A log parser for the terminal that does what you actually want. Color-codes severity levels, filters by time range, regex searches, gives you stats, handles JSON logs, and follows files in real-time.

Install

From source (requires Rust):

git clone https://github.com/dyascj/loggrep-cli.git
cd loggrep-cli
cargo install --path .

Prebuilt binaries — grab the latest from Releases.

Usage

# just color-code a log file
loggrep app.log

# filter by severity
loggrep app.log -l error
loggrep app.log -l error,warn
loggrep app.log -l warn+             # warn and above

# regex search
loggrep app.log -p "timeout|OOM"

# time range
loggrep app.log --from "11:00" --to "12:00"

# combine filters
loggrep app.log -l error -p "stripe" --from "07:00" --to "15:00"

# stats summary
loggrep app.log --stats              # lines + stats
loggrep app.log -S                   # stats only

# follow mode (like tail -f with filtering)
loggrep app.log -f
loggrep app.log -f -l error

# pipe from stdin
kubectl logs my-pod | loggrep -p "timeout"
journalctl -f | loggrep -l warn+

# context lines (like grep -C/-B/-A)
loggrep app.log -p "error" -C 3      # 3 lines before & after
loggrep app.log -p "OOM" -B 5        # 5 lines before each match
loggrep app.log -p "crash" -A 2      # 2 lines after each match

# compressed logs
loggrep app.log.gz -l error          # reads gzip files directly

# multiple files
loggrep *.log -l error               # prefixes each match with filename

# other stuff
loggrep app.log -c                   # count matches
loggrep app.log -l error --json      # output as JSON
loggrep app.log -v -p "healthcheck"  # invert match
loggrep app.log -n                   # line numbers

Features

Severity detection

Picks up log levels from [ERROR], level: error, {"level": "error"}, and color-codes them automatically.

Severity filtering

Time ranges & regex

Handles bracketed datetimes, ISO 8601, syslog format, and JSON timestamp fields. The --from / --to flags are flexible. Combine with -p for regex pattern matching with highlighted results.

"2026-02-24 11:00:00"   full datetime
"2026-02-24"            date (starts at midnight)
"11:00"                 time (assumes today)

Regex and time range filtering

Stats

Line counts, time span, severity breakdown, and top recurring errors.

Stats summary

Pipes into anything

Works with stdin so you can pipe from kubectl, journalctl, docker logs, or anything else.

Pipe support

Follow mode

Like tail -f but with all filtering and coloring applied. Uses filesystem events (kqueue/inotify) so it's not polling.

Context lines

Show surrounding lines around matches, just like grep -C:

loggrep app.log -p "panic" -C 5      # 5 lines before and after
loggrep app.log -p "OOM" -B 10       # 10 lines before each match
loggrep app.log -p "timeout" -A 3    # 3 lines after each match

Compressed logs

Reads .gz files directly — no need to decompress first:

loggrep /var/log/syslog.1.gz -l error
loggrep app.log.gz app.log -p "crash"   # mix compressed and plain

JSON logs

Parses structured JSON logs (one object per line), extracts message/level/timestamp fields, and displays the rest as key=value pairs.

Config file

Create .loggrep.toml in your project or ~/.config/loggrep/config.toml for defaults:

line_numbers = true
level = "warn+"

Shell completions

Generate completions for your shell:

loggrep --completions bash > ~/.local/share/bash-completion/completions/loggrep
loggrep --completions zsh > ~/.zfunc/_loggrep
loggrep --completions fish > ~/.config/fish/completions/loggrep.fish

License

MIT