Dumps syslog-formatted entries from an Elasticsearch-backed Logstash index.
It uses Elasticsearch's scroll API, so the results may not be sorted by time.
$ go get git.autistici.org/ai/logcat
will install the logcat binary in
The logcat tool provides a few command-line switches to simplify creating the final ES query:
--toallow you to select a time range (by default the last hour of logs will be selected)
--facilityfilters results for a specific syslog facility ("mail", "kernel", etc).
Any other arguments on the command line will be parsed as a query string, so you can do things like extracting logs for a specific program:
$ logcat --facility mail 'program:"postfix/smtpd"'
and other arbitrary queries using the Elasticsearch query string syntax.