kelora
| Crates.io | kelora |
| lib.rs | kelora |
| version | 1.4.9 |
| created_at | 2025-05-24 19:21:14.069341+00 |
| updated_at | 2026-01-25 07:02:47.276074+00 |
| description | A command-line log analysis tool with embedded Rhai scripting |
| homepage | |
| repository | https://github.com/dloss/kelora |
| max_upload_size | |
| id | 1687700 |
| size | 3,173,311 |
Dirk Loss (dloss)
documentation
README
Kelora
Turn messy logs into structured data.
Kelora is a scriptable log processor for the command line. Parse structured or semi-structured logs (one format per file/stream), filter with complex logic, and analyze streams using embedded Rhai scripting with 150+ built-in functions. Handles JSON, logfmt, syslog, CSV/TSV, gzip, with sequential or --parallel execution and built-in metrics.
Quick Example
kelora examples/quickstart.log -f 'cols:ts(3) level *msg' -l error -e 'e.absorb_kv("msg")' --normalize-ts -J
Input (unstructured logs with embedded key=value pairs):
Jan 15 10:00:15 ERROR Payment timeout order=1234 gateway=stripe duration=5s
Jan 15 10:00:22 ERROR Gateway unreachable host=stripe.com
Jan 15 10:00:28 ERROR Authentication failed user=admin ip=192.168.1.50 reason=invalid_token
Output (structured JSON with extracted fields):
{"ts":"2025-01-15T10:00:15+00:00","level":"ERROR","msg":"Payment timeout","order":"1234","gateway":"stripe","duration":"5s"}
{"ts":"2025-01-15T10:00:22+00:00","level":"ERROR","msg":"Gateway unreachable","host":"stripe.com"}
{"ts":"2025-01-15T10:00:28+00:00","level":"ERROR","msg":"Authentication failed","user":"admin","ip":"192.168.1.50","reason":"invalid_token"}
Kelora also handles live streams: tail -f app.log | kelora -j -l error,warn.
Interactive Mode: Run kelora without arguments to enter an interactive REPL with readline support, automatic glob expansion, and command history—especially helpful on Windows where shell quoting is difficult.
When to Use Kelora
Kelora trades speed for programmability—slower than grep/awk/jq, but adds stateful scripting for complex transformations. Use it when your logs are messy (stick to one format per file/stream, but pull out embedded JSON/logfmt fields), need stateful logic (counters, windowed metrics, lookup tables), or are chaining multiple tools. For simple text search use grep, for JSON queries use jq.
See Power-User Techniques for JWT parsing, cryptographic pseudonymization, pattern normalization, and deterministic sampling.
Installation
macOS (Homebrew):
brew tap dloss/kelora
brew install kelora
Download pre-built binaries:
| Platform | Download |
|---|---|
| Windows (x64) | kelora-x86_64-pc-windows-msvc.zip |
| macOS (Apple Silicon) | kelora-aarch64-apple-darwin.tar.gz |
| macOS (Intel) | kelora-x86_64-apple-darwin.tar.gz |
| Linux (x64) | kelora-x86_64-unknown-linux-musl.tar.gz |
| Linux (ARM64) | kelora-aarch64-unknown-linux-musl.tar.gz |
| Other platforms | All releases (ARMv7, FreeBSD, OpenBSD) |
Linux packages: .deb and .rpm also available.
Extract the archive and add the kelora binary to your PATH.
Or install via Cargo:
cargo install kelora
Kelora follows semver starting with v1.0—CLI flags and Rhai functions are stable.
Documentation
Examples
The examples/ directory contains 60+ sample log files covering JSON, logfmt, syslog, CSV, and more. Use them to test filters, transformations, and edge cases.
For common patterns and usage recipes, run:
kelora --help-examples
License
Kelora is open source software licensed under the MIT License.
Development Approach
Kelora is an experiment in agentic AI development using vibe-coding. AI agents generate all implementation and tests; I steer requirements but do not write or review code. Validation relies on the automated test suite plus cargo audit and cargo deny.
This is a spare-time, single-developer project, so support and updates are best-effort.