LogSight

The parser definition is a regular expression with named groups.

For example, given the following log lines:

12:34:56 myapp:1234 debug Start app
15:16:54 myapp:1234 warning Something went wrong

To create a parser which splits this into time, app, pid, level and message columns, you could use the following definition:

(?<time>\d+:\d+:\d+) (?<app>\w+):(?<pid>\d+) (?<level>\w+) (?<message>.*)

The log file view updates in real time as you type.

A highlight is made of two elements: the highlight condition and the highlight colors. A filter only contains conditions.

The highlight condition uses a simple DSL inspired from the Wireshark DSL. Its syntax is:

<column> <operator> <criteria>

• column is the name of a column defined in the log parser
• operator is one of:
  • = or ==: exact match
  • contains: the cell must contain the criteria string
  • ~: the cell must match the criteria regular expression
• criteria is the string to match. If it contains spaces, you must surround it with ".
• To use a literal ", escape it by prefixing it with another ".

LogSight does not use \ to escape strings, because it makes entering regular expressions painful.

LogSight currently loads all the log file in memory, so you should not try to use it on multiple gigabyte log files. This is not a major limitation for me now given my use-case, but that should be fixed nevertheless in future updates.

LogSight does not support compressed log files for now.