pg-logstats 0.1.0

PostgreSQL log investigation CLI for query-family findings and follow-up SQL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208

# pg-logstats

`pg-logstats` is a PostgreSQL log investigation CLI. It reads supported
PostgreSQL stderr logs, groups related statements into query families, ranks the
most useful findings, and prints follow-up SQL for live PostgreSQL inspection.

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

## Supported Workflows

- `top query-families`: rank query families in one log window by total runtime.
- `slow-queries diff`: compare a target log window against a baseline window.
- `suggest-sql`: print `pg_stat_statements` and `pg_stat_activity` follow-up SQL
  for a finding from JSON output.

Supported input is PostgreSQL stderr logs using this prefix shape:

```text
2024-01-15 10:00:00.000 UTC [2001] app@appdb api: LOG:  statement: SELECT * FROM users WHERE id = 1;
2024-01-15 10:00:00.020 UTC [2001] app@appdb api: LOG:  duration: 20.000 ms
```

That corresponds to a PostgreSQL `log_line_prefix` similar to:

```text
%m [%p] %u@%d %a:
```

## Quick Start

```bash
cargo install pg-logstats

pg-logstats top query-families tests/fixtures/cli/sample_stderr.log

pg-logstats top query-families \
  --output-format json \
  --outfile findings.json \
  tests/fixtures/cli/sample_stderr.log

pg-logstats slow-queries diff \
  --baseline tests/fixtures/cli/diff_baseline.log \
  --target tests/fixtures/cli/diff_target.log

pg-logstats suggest-sql --findings-file findings.json --rank 1
```

Global flags such as `--output-format`, `--outfile`, `--outdir`, and `--quiet`
can be placed before or after the workflow command.

## Installation

From crates.io:

```bash
cargo install pg-logstats
pg-logstats --version
```

From a local checkout:

```bash
git clone https://github.com/vrajat/pg-logstats.git
cd pg-logstats
cargo install --path .
pg-logstats --version
```

From source without installing:

```bash
cargo run -- top query-families tests/fixtures/cli/sample_stderr.log
```

## Commands

### Top Query Families

Rank normalized query families in one log window:

```bash
pg-logstats top query-families tests/fixtures/cli/sample_stderr.log
```

Analyze every `.log` or `.txt` file in a directory:

```bash
pg-logstats top query-families --log-dir tests/fixtures/cli
```

Limit the number of emitted findings:

```bash
pg-logstats top query-families --limit 5 tests/fixtures/cli/sample_stderr.log
```

Write JSON findings for shell or agent workflows:

```bash
pg-logstats top query-families \
  --output-format json \
  --outfile findings.json \
  tests/fixtures/cli/sample_stderr.log
```

### Slow Query Diff

Compare a target log window with a baseline log window:

```bash
pg-logstats slow-queries diff \
  --baseline tests/fixtures/cli/diff_baseline.log \
  --target tests/fixtures/cli/diff_target.log
```

Apply eligibility thresholds:

```bash
pg-logstats slow-queries diff \
  --baseline tests/fixtures/cli/diff_baseline.log \
  --target tests/fixtures/cli/diff_target.log \
  --min-target-count 2 \
  --min-target-total-ms 100 \
  --min-p95-delta-ms 10
```

### Suggested SQL

Generate follow-up SQL for a finding selected by rank:

```bash
pg-logstats suggest-sql --findings-file findings.json --rank 1
```

Or select by exact finding id:

```bash
pg-logstats suggest-sql \
  --findings-file findings.json \
  --finding-id 'query_family:queryid=|db=appdb|user=app|app=api|sql=SELECT * FROM users WHERE id = ?'
```

## JSON Output

JSON output is centered on findings:

```bash
pg-logstats top query-families \
  --output-format json \
  tests/fixtures/cli/sample_stderr.log | jq '.findings[0]'
```

Useful fields include:

- `schema_version`
- `metadata.analysis_timestamp`
- `metadata.tool_version`
- `metadata.total_log_entries`
- `findings[].finding_id`
- `findings[].kind`
- `findings[].rank`
- `findings[].title`
- `findings[].reason`
- `findings[].reason_codes`
- `findings[].score`
- `findings[].confidence`
- `findings[].query_family.normalized_sql`
- `findings[].query_family.database`
- `findings[].query_family.user`
- `findings[].query_family.application_name`
- `findings[].metrics.execution_count`
- `findings[].metrics.total_duration_ms`
- `findings[].metrics.max_duration_ms`
- `findings[].next_sql`

For diff findings, each finding also includes `baseline`, `target`, and `delta`
duration summaries.

## Fixture Logs

[tests/fixtures/cli](tests/fixtures/cli/) contains the checked-in fixture logs
used by the commands above.

## Development

```bash
make fmt
make check
```

Run a smoke command during local development:

```bash
cargo run -- top query-families tests/fixtures/cli/sample_stderr.log
```

## Troubleshooting

If no findings are emitted, first check the log prefix. The current parser expects
the supported stderr prefix shown above and statement/duration lines that can be
correlated by process id and order.

Use `--sample-size <N>` with `top query-families` or `slow-queries diff` when you
want a quick pass over the first N lines of each file.

## License

This project is licensed under the MIT License. See [LICENSE](LICENSE).