go build loga.go
If you're on OSx I recommend placing the build binary in /usr/local/bin or somewhere else in your $PATH.
The config.yaml is located in ~/.loga/config.yaml. YOU NEED TO MOVE THE config file to this location, making the dot dir along the way.
Make sure to update the config.yaml with your elasticsearch URI and port assignements.
You can override the config location is -c - don't use ~ or other shell expansion, provide the fully qualified path if you use this option.
loga -d "some_query AND another_query"
Will return matched messages from the last 10 minutes (see -sd override below) and resync backwards 5 seconds every 5 seconds (see -si override below).
loga -s my_service_name
Will return the query lookup from 'my_service_name' which should be in the 'define' section of the config.yaml.
loga will present the results from the search as a stream to stdin. Since the query is over standard http sockets, it'll return the query every 1s by default.
NAME
loga -- query ES logs on the CL
SYNOPSIS
loga [-d | --define string] [-i | --intervel time-in-seconds] [-v | --verbose] [-e | --elasticsearch-uri string-uri] [-p | --port elasticsearch-port] [-in | --es-index elasticsearch-index] [-c | --configuration path-to-config]
DESCRIPTION
The logasaurous (loga command) utility queries elasticsearch for logs based on a valid elasticsearch query. All requests are made to elasticsearch's REST endpoint over HTTP (HTTPS will be an option down the road).
Logasaurous maintains a YAML configuration file where you can pre-set service definitions. You can leverage a one-time temporary service definition by using the define directive on the CLI.
Many configurations in the config file can be overridden on the CLI as well.
Override the default configuration path. Default is ~/.loga.yaml on osx and /etc/loga.yaml on *nix distros. Ex: loga -c /fully/qualified/path/config.yaml
Override the default count of queries to return. Default is 500. Ex: loga -d "some_query" -co 10 # Returns 10 queries from most recent.
A temporary service definition. Must be a valid elasticsearch query. Can not be used with -s. Ex: loga -d "some_value AND "a-long-string""
Override for elasticsearch_uri in config file. Default is localhost.
Ex: loga -d "some_query" -e my.elastic.com
Outputs the hostname for the log message before the message in cyan Ex: loga -d "some_query" -h
Highlights the string in the message that contains a match to your query. Outputs in yellow. Ex: logo -d "some_query" -hl
A defined service in the config.yaml. Can not be used with -d. Ex: loga -s my_defined_service_in_config_yaml
Time in seconds between elasticsearch queries. Default is 5s. Ex: loga -d "some_query" -si 10
Time in minutes to sync backwards - only affects first sync. Start time is always time.Meow() but this might change. Ex: loga -d "some_query" -sd 120
Time in past in minutes to start the search. Ex: loga -d "some_query" -st 20 # Starts the search 20 minutes in the past to the sync depth, so a window 30-20 minutes ago if used with defualt sync depth of 10 minutes. It will update itself every 5 seconds by default.
Override for elasticsearch_port in config file. Default is 9300.
Ex: loga -d "some_query" -p 4500
Verbose output. Ex: Figure it out.
Elasticsearch > 1.4.4 Logstash > 1.5x