pub fn parse_log(log_text: &str) -> Vec<Evidence>Expand description
Parse a log buffer into evidence items by scanning for known markers.
The parser is deliberately substring-based, not regex-driven: the
markers it recognizes are documented in docs/architecture.md, and
adding a new marker should be a one-line change. The cost of that
simplicity is that the parser does not understand log-line structure
(level, component, timestamp) — it only checks whether specific
substrings appear and pulls key=value pairs out of the surrounding
text via [extract_kv_str].
This is also the public entry point for the diagnose-log subcommand,
which accepts a bare log file with no JSON case fixture. Evidence
extracted here is identical to what collect_evidence would extract
from the same log; only the context-derived items (DNS state, clock
skew, etc.) are missing.