A cli tool to search logs/tail logs from loggly. It fetches events from loggly paginated events API
Each line is a json event from the paginated API. Since json events from loggly can be arbitrary structures, this utility does not take responsibility to parse and process this json. This responsibility is expected to be shared in conjunction with a utility like jq which is specialized for parsing newline delimited json events.
$ loggly -h
loggly 0.1.0
Ayush Goyal <perfectayush@gmail.com>
Search logs from loggly cloud
USAGE:
loggly [FLAGS] [OPTIONS]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v Increase message verbosity
OPTIONS:
-a, --account <ACCOUNT> Loggly Account to search logs in use [env: LOGGLY_ACCOUNT=]
-f, --from <FROM> Time to start seaching from.
Can take absolute date in format 'yyyy-MM-dd HH:mm:ss.SSS'. Eg: `2020-08-13T18:45:00.000`
Or relative date values like `now`, last 10 mins `-10m`, last 5 weeks `-5w`, last 12
hours `-12h`
Or absolute Unix timestamp in *milliseconds* eg. `1617315836793` [default: -10m]
-q, --query <Query> Query search. Refer:
https://documentation.solarwinds.com/en/Success_Center/loggly/Content/admin/search-
query-language.htm [default: *]
-t, --token <API_TOKEN> Loggly API token to use [env: LOGGLY_API_TOKEN=]You can pass loggly account and loggly api token info with flags above, or you can also pass the credentials via following environment variables.
export LOGGLY_ACCOUNT=<loggly_account_name>
export LOGGLY_API_TOKEN=<loggly_secret_api_token>Refer these docs on how to retrieve API token
loggly -f -10sloggly -f -10s | jqBasic search can be done with ES like expressions. Refer loggly Search query language
loggly -f -12h -q 'json.hostname:stage01'Query search with multiple search fields is also supported
loggly -f -12h -q 'json.hostname:stage01 json.status:400'loggly -f -12h -q 'json.hostname:stage01' | jq -c '.event.json |"\(.hostname) \(.status)"'MIT License