One command for messy logs. Parse, filter, transform, and summarize logs across JSON, logfmt, syslog, CSV, and plain text — with embedded Rhai scripting when simple filters aren't enough.
Watch Hack the Clown's 5-minute introduction video to see Kelora in action.
You have a log file full of errors. You want to know what's actually breaking — not scroll through hundreds of near-duplicates that differ only by hostname, UUID, or timestamp.
kelora -f syslog examples/syslog_errors.log --drain -k msgtemplates (4 items):
438: Connection timeout to database host <fqdn> after <duration>
187: Upstream <fqdn> returned <num> for request <uuid>
94: Failed to acquire lock on resource <path> after <duration>
23: Payment gateway <fqdn> rejected transaction <uuid> insufficient_funds
One command. No temp files, no intermediate scripts, no manual regex. --drain auto-groups similar messages so you see the handful of patterns actually causing the noise.
Kelora also handles live streams: tail -f app.log | kelora -j -l error,warn.
Run kelora without arguments for an interactive REPL with readline, glob expansion, and history — handy on Windows where shell quoting is awkward.
Reach for Kelora when you'd otherwise be writing a throwaway Python script. It's the middle ground between "grep is enough" and "I need a real observability platform."
- Chained pipelines collapse into one command.
grep | awk | jq | script.pybecomeskelora, with state preserved across the pipeline instead of lost between pipes. - Messy formats parse cleanly. Mixed JSON and plaintext in the same file, key=value pairs inside message strings, nested JSON fanned out to flat rows — without regex gymnastics.
- Embedded scripting when you need it. Simple filters are one-liners. When logic gets stateful — session reconstruction, per-service error rates, request/response correlation — there's a full scripting layer.
- Plays well with your existing tools. Pipe
ripgreporjqupstream to pre-filter; pipe Kelora's JSON or CSV output into whatever comes next.
Kelora trades raw speed for programmability. Simple filters and format conversions handle multi-GB files comfortably; heavy Rhai scripting tops out in the low hundreds of thousands of lines before you'll want to pre-filter. For pure text search use grep; for pure JSON queries use jq.
See Power-User Techniques for JWT parsing, cryptographic pseudonymization, pattern normalization, and deterministic sampling.
macOS (Homebrew):
brew tap dloss/kelora && brew install keloraLinux (binary):
curl -LO https://github.com/dloss/kelora/releases/latest/download/kelora-x86_64-unknown-linux-musl.tar.gz
tar xzf kelora-x86_64-unknown-linux-musl.tar.gz
sudo mv kelora /usr/local/bin/Rust (any platform):
cargo install keloraOn Windows, download kelora-x86_64-pc-windows-msvc.zip, extract, and add to PATH.
For Debian/Ubuntu (.deb), Fedora/RHEL (.rpm), ARM Linux, FreeBSD, OpenBSD, and other platforms: see all releases.
Kelora follows semver starting with v1.0 — CLI flags and Rhai functions are stable.
The examples/ directory contains 60+ sample log files covering JSON, logfmt, syslog, CSV, and more. Use them to test filters, transformations, and edge cases.
For common patterns and usage recipes, run:
kelora --help-examplesKelora is an experiment in agentic AI development: AI agents generate all implementation and tests, and I steer requirements rather than writing or reviewing code. Validation relies on an extensive automated test suite plus cargo audit and cargo deny. Kelora is local-only with no networking or telemetry, enforced by a CI check.
This is a single-developer spare-time project, and support is best-effort. Review the Security Policy before using it on sensitive data in production.
Kelora is open source software licensed under the MIT License.