Turn messy logs into structured data.
Kelora is a scriptable log processor for the command line. Parse structured and semi-structured logs, filter with embedded Rhai, and analyze streams with built-in metrics. Handles JSON, logfmt, syslog, CSV/TSV, gzip, and more.
Watch Hack the Clown's 5-minute introduction video to see Kelora in action.
kelora examples/quickstart.log -f 'cols:ts(3) level *msg' -l error -e 'e.absorb_kv("msg")' --normalize-ts -JInput (unstructured logs with embedded key=value pairs):
Jan 15 10:00:15 ERROR Payment timeout order=1234 gateway=stripe duration=5s
Jan 15 10:00:22 ERROR Gateway unreachable host=stripe.com
Jan 15 10:00:28 ERROR Authentication failed user=admin ip=192.168.1.50 reason=invalid_token
Output (structured JSON with extracted fields):
{"ts":"2025-01-15T10:00:15+00:00","level":"ERROR","msg":"Payment timeout","order":"1234","gateway":"stripe","duration":"5s"}
{"ts":"2025-01-15T10:00:22+00:00","level":"ERROR","msg":"Gateway unreachable","host":"stripe.com"}
{"ts":"2025-01-15T10:00:28+00:00","level":"ERROR","msg":"Authentication failed","user":"admin","ip":"192.168.1.50","reason":"invalid_token"}Kelora also handles live streams: tail -f app.log | kelora -j -l error,warn.
Interactive Mode: Run kelora without arguments to enter an interactive REPL with readline support, automatic glob expansion, and command history—especially helpful on Windows where shell quoting is difficult.
Kelora trades speed for programmability—slower than grep/awk/jq, but adds stateful scripting for complex transformations. Use it when your logs are messy (semi-structured text or embedded JSON/logfmt fields), need stateful logic (counters, windowed metrics, lookup tables), or are chaining multiple tools. For simple text search use grep, for JSON queries use jq.
See Power-User Techniques for JWT parsing, cryptographic pseudonymization, pattern normalization, and deterministic sampling.
macOS (Homebrew):
brew tap dloss/kelora
brew install keloraDownload pre-built binaries:
| Platform | Download |
|---|---|
| Windows (x64) | kelora-x86_64-pc-windows-msvc.zip |
| macOS (Apple Silicon) | kelora-aarch64-apple-darwin.tar.gz |
| macOS (Intel) | kelora-x86_64-apple-darwin.tar.gz |
| Linux (x64) | kelora-x86_64-unknown-linux-musl.tar.gz |
| Linux (ARM64) | kelora-aarch64-unknown-linux-musl.tar.gz |
| Other platforms | All releases (ARMv7, FreeBSD, OpenBSD) |
Linux packages: .deb and .rpm also available.
Extract the archive and add the kelora binary to your PATH.
Or install via Cargo:
cargo install keloraKelora follows semver starting with v1.0—CLI flags and Rhai functions are stable.
The examples/ directory contains 60+ sample log files covering JSON, logfmt, syslog, CSV, and more. Use them to test filters, transformations, and edge cases.
For common patterns and usage recipes, run:
kelora --help-examplesKelora is open source software licensed under the MIT License.
Kelora is an experiment in agentic AI development using vibe-coding. AI agents generate all implementation and tests; I steer requirements but do not write or review code. Validation relies on the automated test suite plus cargo audit and cargo deny.
This is a spare-time, single-developer project, so support and updates are best-effort.