Metadata-Version: 2.1
Name: loganalyst
Version: 1.0.6
Summary: Analyse some log files
Home-page: https://github.com/fdev31/loganalyst
License: MIT
Author: fdev31
Author-email: fdev31@gmail.com
Requires-Python: >=3.8
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.1
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.2
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Requires-Dist: python-dateutil (>=2.8.2,<3.0.0)
Requires-Dist: termcolor (>=1.1.0,<2.0.0)
Requires-Dist: tomli (>=2.0.1,<3.0.0)
Description-Content-Type: text/markdown

# Log analyst

## Features

- parse log files
- filters by date / timestamps
- correlates log lines (start and end of some processing)
   - show total duration
- friendly colored output
- able to output short summaries
- supports gzipped files

## Usage

For instance, with systemd logs:

```
journalctl -b 5 -o short-iso | loga -s correlators/sample.toml
```

## Sample correlation


*Note*: the "loganalyst" section is a configuration, which is optional, use only in case overriding values is needed.

Find the sample correlation in `correlators/sample.toml`:

```ini
[loganalyst]
# patterns required before & after the ISO date to consider the log line valid
ts_lines_prefix = ".*"
ts_lines_suffix = ""
# What will be searched for in each line to extract the ISO date
iso_regex = '(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d\.\d+)|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d)|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d)'
# timezone used in dates input by the user
timezone = "CEST"

["Basic pattern-less correlation"]
start = "this is the start"
end = "end over"

["Correlation using a pattern"]
start = 'starting request (\d+)'
end = 'request (\d+) ended.'
debug = true # adds some extra verbosity, useful when making new rules

["systemd units start"]
start = 'systemd\[\d+\]: Starting (.*?)[.]+'
end = 'systemd\[\d+\]: Started (.*)\.$'

["systemd units sockets"]
start = 'systemd\[\d+\]: Listening on (.*?)[.]+'
end = 'systemd\[\d+\]: Closed (.*)\.$'

["systemd units duration"]
start = 'systemd\[\d+\]: Started (.*?) ?[.]+$'
end = 'systemd\[\d+\]: Stopped (.*)\.$'
```

