Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mtrunkat/jsonlash

CLI utility for filtering and aggregation of JSONL streams.
https://github.com/mtrunkat/jsonlash

aggregation cli filtering logs stream

Last synced: about 1 month ago
JSON representation

CLI utility for filtering and aggregation of JSONL streams.

Awesome Lists containing this project

README 

        
jsonlash

========



[![oclif](https://img.shields.io/badge/cli-oclif-brightgreen.svg)](https://oclif.io)

[![Version](https://img.shields.io/npm/v/jsonlash.svg)](https://npmjs.org/package/jsonlash)



CLI utility for filtering and aggregation of [JSONL](http://jsonlines.org/) streams. No matter which service for logging you use (LogDNA, Papertrail, Loggly, etc.) simply pipe log into **jsonlash** set up filters and aggregators and see aggregated data in realtime.



## Usage



### Installation



Install from [NPM](http://npmjs.com) globally:



```bash

npm install -g jsonlash

```



After installation you can simply run jsonlash from your terminal with `-h` parameter to display help page:



```bash

jsonlash -h

```



### Basic usage with filtering



We currently use [Log DNA](https://logdna.com/) as logging service so I am going to use it in examples but it's going to work with any [JSONL](http://jsonlines.org/) stream. So pipe your log stream to jsonlash:



```bash

logdna tail | jsonlash

```



Now it will simply print out the log as it comes. So let's filter the API logs that are in the form:



```

{

    "msg": "API call",

    "req": {

        "duration": 590,

        "method": "GET",

        "route": "V2.datasets.items",

        ...

    }

    ...

}

```



Filtering is done using `-f [FILTER]` parameter:



```bash

logdna tail | jsonlash -f 'msg=API call'

```



We can add more filters to filter out only requests with POST method and duration over 1000ms. And also add parameter `-e` to expand printed JSONs to be more readable:



```bash

logdna tail | jsonlash -f 'msg=API call' -f 'req.method=POST' -f 'req.duration>1000' -e

```



### Aggregations



Let's continue with API logs example. To group log lines by request method and compute average and maximal duration call:



```bash

logdna tail | jsonlash -f 'msg=API call' -a req.method --max req.duration --avg req.duration

```



and output will be a table with data aggregated in realtime:





    




## Examples



### 1.



Aggregate logs by two fields `req.method` and `req.routeName` and compute average duration and the maximum duration



```bash



... | jsonlash -a req.method -a req.routeName --max req.duration --avg req.duration



```



### 2.



Filter out requests taking more than a 10s, grouped them by `req.routeName` and compute how many users requested each of them:



```bash

... | jsonlash -f 'req.duration>10000' -a req.routeName --uni req.userId

```



## Command reference



```

This is a simple command line tool to filter and aggregate JSONL (json-lines) streams.



USAGE

  $ jsonlash



OPTIONS

  -a, --aggregate=[FIELD]    aggregate JSONL items

  -d, --debug                debug mode, shows JSON parsing errors

  -e, --expand               expand outputted JSON

  -f, --filter=[CONDITION]   filter JSONL items

  -h, --help                 show CLI help



  -v, --version              show CLI version

  --avg=avg                  aggregate average value over all occurrences of given field

  --max=max                  aggregate maximum value over all occurrences of given field

  --min=min                  aggregate minimum value over all occurrences of given field

  --sum=sum                  aggregate sum over all occurrences of given field

  --uni=uni                  aggregate number of unique occurrences of given field



DESCRIPTION

Simply pipe in any JSONL stream and with filter and/or aggregation flags.



If you use only --filter flag then jsonlash outputs filtered jsonl stream.



If you also use --aggregate flag then it renders a table with aggregated data.

Additionally you may add one or more --min|--max|--sum|---avg|--uni flags to

compute aggregated values of given fields.

```