- Basic Syntax
- Flags
- Common Workflows
- Remote Logs Over SSH
- JSON Output
- Supported Log Formats
- Supported Timestamp Formats
- Tips
reqlog [flags] <search_value>reqlog searches using common tracing keys by default:
request_idreq_idtrace_idcorrelation_id
Use --key (-k) to override the default search key.
| Flag | Shorthand | Description |
|---|---|---|
--dir |
-d |
Directory containing log files |
--key |
-k |
Field key to match |
--service |
-s |
Filter by service/container name |
--source |
-S |
Log source backend (file or docker) |
--format |
-F |
Log parsing format (auto, json, text) |
--output |
-o |
Output format (pretty or json) |
--limit |
-n |
Limit number of matches |
--latest |
-l |
Return globally latest matches |
--follow |
-f |
Follow logs in real time |
--context |
-c |
Show surrounding log lines |
--since |
-t |
Filter logs newer than timestamp/duration |
--ignore-case |
-i |
Case-insensitive search |
--recursive |
-r |
Scan directories recursively |
--version |
-v |
Print version information |
Search logs in ./logs:
reqlog abc123Search a specific directory:
reqlog -d ./logs abc123reqlog -k request_id abc123
reqlog -k event_key order.createdreqlog automatically detects JSON logs by default.
reqlog -k trace_id trace-123Force parsing mode explicitly when needed:
reqlog --format json abc123
reqlog --format text abc123Available formats:
auto(default)jsontext
--jsonhas been replaced with--format=json.
reqlog -S docker abc123Filter specific containers:
reqlog -S docker -s api-gateway abc123Filter logs by service name.
- When using Docker logs, this filters container names
- Otherwise, it filters log file names
reqlog -s api-gateway,order-service abc123reqlog -s order-service* abc123Show surrounding log lines before and after each match:
reqlog -c 2 abc123Return first N matches per source:
reqlog -n 10 abc123Tail-style shorthand is also supported:
reqlog -100 abc123Return globally latest N matches across all sources:
reqlog -l -n 10 abc123
--latest(-l) scans all matching logs to determine the newest entries globally, so it may be slower on very large log files or containers.
--since (-t) accepts either a Go duration or an absolute timestamp.
reqlog -t 10m abc123
reqlog -t 2h abc123
reqlog -t 1h30m abc123Supported duration formats:
30s5m1h1h30m
reqlog -t 2026-04-29 abc123
reqlog -t 2026-04-29T14:00:00Z abc123
reqlog -t 2026-04-29T14:00:00.123Z abc123
reqlog -t 1710943200 abc123Supported timestamp formats:
YYYY-MM-DD- RFC3339 / ISO-8601 timestamps
- RFC3339 timestamps with fractional seconds
- Unix timestamps
- seconds (10 digits)
- milliseconds (13 digits)
- microseconds (16 digits)
- nanoseconds (19 digits)
reqlog -i -k event_key ORDER.CREATEDreqlog -f abc123Disable recursive directory scanning:
reqlog --recursive=false abc123Search logs across remote hosts using SSH by defining hosts in config.yaml.
Place config.yaml in one of the following locations:
- macOS/Linux:
~/.config/reqlog/config.yaml - Windows:
%APPDATA%\reqlog\config.yaml
Example config.yaml
version: 1
defaults:
key: ~/.ssh/id_rsa
timeout: 30s
hosts:
srv1:
host: 10.0.0.10
user: ubuntu
srv2:
host: 10.0.0.11
user: ec2-user
port: 2222
key: ~/.ssh/prod.pem
timeout: 60sSearch logs on a single remote host:
reqlog -H srv1 abc123Search across multiple hosts:
reqlog -H srv1,srv2 abc123Search Docker logs on remote hosts:
reqlog -H srv1,srv2 -S docker abc123Host names passed to
-Hmust match entries underhostsinconfig.yaml.SSH logs include host context in outputs:
- Pretty output:
[host:service]- JSON output includes a
hostfield
Specify a custom config file:
reqlog --config ./config.yaml -H srv1 abc123
Structured output for piping and integrations:
reqlog -o json abc123
reqlog -o json abc123 | jq .Example output:
{
"timestamp": "2026-03-20T14:00:05Z",
"service": "order-service",
"message": "request started",
"level": "info",
"request_id": "abc123"
}reqlog supports both text and JSON logs.
In auto mode (default), reqlog automatically detects the log format per line.
Use --format to force a specific parser when needed.
Requirements:
- timestamp must appear first
- supports mixed message and
key=valuefields
Examples:
2026-03-20T14:00:00Z request_id=abc123 start request
2026-03-20T14:00:00Z start request request_id=abc123
2026-03-20T14:00:00Z level=info request_id=abc123 request started
1710943200 request_id=abc123 unix seconds
1710943200123 request_id=abc123 unix milliseconds
Requirements:
- one JSON object per line
- supported timestamp fields:
timetimestampts
Examples:
{ "time": "2026-03-20T14:10:00Z", "request_id": "abc", "message": "start" }
{ "time": "2026-03-20T14:10:00.456Z", "request_id": "abc", "message": "processing" }
{ "ts": 1710943200, "request_id": "abc", "message": "unix seconds" }
{ "ts": 1710943200123, "request_id": "abc", "message": "unix milliseconds" }2026-03-20T14:00:00Z
2026-03-20T14:00:00.123Z
1710943200
1710943200123
1710943200123456
1710943200123456789
Supported precisions:
- seconds (10 digits)
- milliseconds (13 digits)
- microseconds (16 digits)
- nanoseconds (19 digits)
Timestamps are normalized to millisecond precision in output.
- Use
-kfor faster and more precise searches - Use
-nor tail-style-100for high-volume logs - Use
-o jsonfor integrations and piping - Prefer structured logs for better filtering and output