A CLI tool to query structured logs, including Kibana, Cloudwatch, Stackdriver, Docker and plain JSON file logs.
It's a structured logging world we live in, but do we really have to look at JSON logs? Not with Ax.
Ax features:
Ax can be installed in two ways:
On Linux or Mac (this will attempt to install the binary into /usr/local/bin
by default):
curl -sfL https://raw.githubusercontent.com/egnyte/ax/master/install.sh | sh
If you want to install the ax
binary into another location, simply set the BINDIR
environment variable, e.g.:
curl -sfL https://raw.githubusercontent.com/egnyte/ax/master/install.sh | BINDIR=. sh
to install in the current directory.
If you don't trust piping random shell scripts from the internet into a shell, feel free to download the install.sh
script first, inspect it, then run it through bash manually or, simply go through the Ax releases page and download the tarball of your choice.
Upgrade using:
ax upgrade
For now there's no pre-built binaries, so to run this you need a reasonably recent version of Go, then download it into your GOPATH:
go get -u github.com/egnyte/ax/...
This will also put the ax
binary into your $GOPATH/bin
so make sure that's in your $PATH
.
To update Ax to the latest and greatest, just rerun the command above.
After the above go get
call, you will have a git checkout of the repo under $GOPATH/src/github.com/egnyte/ax
. If you want to work on Ax, just fork the repo and update .git/config
appropriately.
To make sure you're building Ax with the approriate versions of its dependencies run:
dep ensure
To run tests:
make test
To "go install" ax (this will put the resulting binary in $GOPATH/bin
so put that in your $PATH
)
make
Once you have ax
installed, the first thing you'll want to do is setup bash or zsh command completion (I'm not kidding).
For bash, add to ~/.bash_profile
:
eval "$(ax --completion-script-bash)"
For zsh, add to ~/.zshrc
:
eval "$(ax --completion-script-zsh)"
After this, you can auto complete commands, flags, environments, docker container names and even attribute names by hittig TAB. Use it, love it, never go back.
To setup Ax for use with Kibana, Cloudwatch or Stackdriver, run:
ax env add
This will prompt you for a name, backend-type and various other things depending on your backend of choice. After a successful setup, you should be ready to go.
To see if it works, just run:
ax --env yourenvname
Or, most likely your new env is the default (check with ax env
) and you can just run:
ax
This should show you the (200) most recent logs.
If you're comfortable with YAML, you can run ax env edit
which will open an editor with the ~/.config/ax/ax.yaml
file (either the editor set in your EDITOR
env variable, with a fallback to nano
). In there you can easily create more environments quickly.
To use Ax with docker, simply use the --docker
flag and a container name pattern. I usually use auto complete here (which works for docker containers too):
ax --docker turbo_
To query logs for all containers with "turbo_" in the name. This assumes you have the docker
binary in your path and setup properly.
You can also pipe logs directly into Ax:
tail -f /var/log/something.log | ax
Looking at all logs is nice, but it only gets really interesting if you can start to filter stuff and by selecting only certain attributes.
To search for all logs containing the phrase "Traceback":
ax "Traceback"
To search for all logs with the phrase "Traceback" and where the attribute "domain" is set to "zef":
ax --where domain=zef "Traceback"
Again, after running Ax once on an environment it will cache attribute names, so you get completion for those too, usually.
Ax also supports the !=
operator:
ax --where domain!=zef
If you have a lot of extra attributes in your log messages, you can select just a few of them:
ax --where domain=zef --select message --select tag
Ax also allows you to filter by the existence of a field in a message, or to test field values for membership in a set of values.
To search for all logs with a domain
field:
ax --where-exists domain
Or for all logs without a traceback field:
ax --where-not-exists traceback
To search for messages from a subset of domains:
ax --where-on-of domain:zef --where-one-of domain:fredek
To search for all messages except ones from specific domains: ax --where-not-on-of domain:boring --where-not-one-of domain:dull
NOTE Advanced filtering is currently only implemented for the stream and Docker backends. Attempting to use them with other backend will raise an error.
Use the -f
flag:
ax -f --where domain=zef
Don't like the default textual output, perhaps you prefer YAML:
ax --output yaml
or pretty JSON:
ax --output pretty-json
In your ~/.config/ax/ax.yaml
file (ax env edit
) you can override the default colors as follows:
colors:
timestamp:
fg: magenta
message:
bold: true
attributekey:
faint: true
fg: green
attributevalue:
faint: true
fg: blue
For each "color" you can set:
fg
— foreground color (red
, green
, yellow
, blue
, magenta
, cyan
, white
)bg
— background color (same options)bold
— bold font (true
or false
)italic
— italic font (true
or false
)underline
— underline font (true
or false
)faint
— faint (color) font (true
or false
)ax --help
ax query --help
Report it as a Github issue!