Like most operations teams, at SRC:CLR we’re offloading our logs to an aggregated log solution. We use the popular ELK (Elasticsearch, Logstash, Kibana). I love this solution but when it comes to simply copying and pasting log data from Kibana things get messy. When our developers need to get data quickly it would be easier to have a CLI utility that can do the same queries than having to open a browser and screen grab from Kibana.
Logasaurus runs in realtime just like Kibana on similar searches. This is great if your workflow is primarily in the console and you’re using Kibana mainly for query operations. You can use your tmux copy/paste shortcuts to grab data quickly. Queries are just as fast.
Logasuarous was written in Go, so it’s performant and lightweight.
How it works
First, download and build the go binary:
1 2 3
Configure the config.yaml:
Update your Elasticsearch URI, and add some service abstractions to the ‘define’ section.
Execute your first query:
Add some queries to config.yaml
You can store long, hard to type queries in the config.yaml for use later:
1 2 3 4 5 6
Do a defined query on the CLI
If you need to run a lookup quickly you can do a defined query directly on the CLI:
1 2 3 4 5 6 7
Want to know what host the log message is coming from?
You can use
-h to highlight the hostname/ip address at the beginning of the line:
1 2 3 4 5 6
Change sync window
By default Loga will querey time.Now() minus 10 minutes, and return those logs up to 500 queries. You can change start time with
-st, and start time.Now() minutes back.
To query logs 24 hours ago in a 10 minute window you could run:
1 2 3 4 5 6 7 8 9 10
Override the sync and depth interval
Sync interval = time in seconds to refresh the logs. Default: 5 seconds. Sync depth = time in minutes to go back in the ES datastore. Default: 10 minutes.
^^ Queries logs from the last 1 minute, refreshing every 10 seconds.
Something is broken
We love Kibana but sometimes it’s just faster to have a CLI utility to do the mundane things. We really like this tool and we hope you will to. If you have any suggestions please reach out jeff at srcclr dot com.
Visit Logasaurus on github.com for complete details.