SpectX | Universal Log Parser
SpectX is a universal parser and query engine for any text-based log formats
- SpectX Desktop can autodetect the structure for many common formats: Apache access, S3 access, IIS web server and Syslog.
- The parser language helps you quickly write readable custom schemas without the complexity of regex.
- There is no need to extract every field - sometimes the timestamp, IP and rest-of-the-message are enough. You decide.
- SpectX applies the parser at query runtime on raw logs stored in flat text files. No need to ingest or index the data.
- The desktop edition of SpectX is free for personal use, parsing and querying unlimited volumes of data stored locally or in the cloud.
How to Parse Logs with SpectX1.
Download, install and open SpectX (instructions for installing on
Windows,
OSX,
Linux)
2. Open SpectX in the browser, click on Input Data and navigate to the file you'd like to parse
Note: If the data is stored remotely, e.g. in S3, Azure, Google Storage or a local file server configure data access by clicking
New>
Datastore in the upper menu.
3. Click on the file you'd like to parse and then on Prepare Pattern.
Note: If your data is unique, e.g. you're dealing with custom application logs,
send us a few lines of your anonymised data and we'll help you get started with the parser.
SpectX parsing language
This is logic of the pattern matching language is the following. On the top you see a raw logline, then the SpectX pattern or schema that extracts the IP address and time as typified fields and everything else after the timestamp as text. Finally, in the bottom, you see the parsed result.
What's next? Log analysis.
As soon as the data is parsed, you can press 'Prepare query' and start asking questions from the data with SQL-like queries, for example, to search for records containing a specific string apply this filter:
| filter(text contains 'setup')
or to look at a time period:
| filter(timestamp < t("2020-03-17 05:45:32.241 +0300"))Learn more about the SpectX parsing and query languages in the documentation.
