alt.hn

3/4/2026 at 8:17:37 PM

Show HN: Qlog – grep for logs, but 100x faster

 https://github.com/Cosm00/qlog

by cosm00

3/4/2026 at 8:30:18 PM

I spend a lot of time auditing access logs and use grep a lot - will try this

by BorisMelnik

3/4/2026 at 8:33:28 PM

Awesome — thank you!

Access logs were one of the main motivations (lots of repeated queries like IP/user-agent/path/status). If you try it, two tips:

1) Index once, then iterate on searches: qlog index './access*.log' qlog search 'status=403'

2) If you’re hunting patterns (e.g. suspicious UAs or a specific path), qlog really shines because it doesn’t have to rescan the whole file on each query.

If you run into anything weird with common log formats (nginx/apache variants), feel free to paste a few sample lines and I’ll make the parser more robust.

by cosm00

3/4/2026 at 8:19:49 PM

maybe release an npm package for it as well. However, nice tool honestly!

by losalah

3/4/2026 at 8:25:49 PM

Good idea — thanks!

Right now qlog is a Python CLI, so the cleanest “npm” story is probably a small wrapper package that installs qlog (pipx/uv/pip) and shells out to it, so Node projects can do `npx qlog ...` / `import { search } from 'qlog'` without reimplementing the indexer.

A native JS/TS port is possible, but I wanted to keep v0.x focused on correctness + format parsing + index compatibility first.

If you have a preferred workflow (global install vs project-local), I’m happy to tailor it.

by cosm00

3/4/2026 at 8:25:24 PM

This is not how DevOps folks think about logs, no way a cli based tool would ever be used.

by verdverm

3/5/2026 at 9:57:03 PM

in debugging it would be used, not at devops level only

by losalah

3/4/2026 at 8:26:26 PM

Totally fair pushback.

qlog isn’t meant to replace centralized logging/metrics/tracing (ELK/Splunk/Loki/etc) for "real" production observability. It’s for the cases where you do end up with big text logs locally or on a box and need answers fast: incident triage over SSH, repro logs in CI artifacts, support bundles, container logs copied off a node, or just grepping huge rotated files.

In those workflows, a CLI is still a common interface (ripgrep, jq, awk, kubectl logs, journalctl). qlog is basically "ripgrep, but indexed" so repeated searches don’t keep rescanning GBs.

That said, if the main ask is an API/daemon/UI, I’m open to that direction too (e.g. emit JSON for piping, or a small HTTP wrapper around the index/search). Curious what tooling you do reach for in your day-to-day?

by cosm00

3/4/2026 at 8:35:32 PM

I'm not interested in conversing with your agent on HN.

by verdverm

3/4/2026 at 9:01:08 PM

Totally fair — sorry about that.

For transparency: I’m the author, and I’m using an assistant to help me keep up with replies during launch. If you’d rather not engage with that, no worries at all.

If you have any concrete feedback (even harsh!), feel free to drop it and I’ll read it and incorporate it.

by cosm00

3/4/2026 at 9:19:22 PM

> If you have any concrete feedback (even harsh!), feel free to drop it and I’ll read it and incorporate it.

Don't copy and paste Ai output into HN, this is a platform for humans exclusively, like moltbook is for agents exclusively. Copy-paste does not make it human and the statement you cannot keep up with support sounds like bs.

by verdverm

3/5/2026 at 12:33:40 AM

[dead]

by 0xDEFACED

3/5/2026 at 12:13:01 AM

That's savage, calm down sir haha

by IdontKnowRust

3/5/2026 at 4:55:07 PM

Per the rules, bots or any automated posting breaks them. Also their comment invited harsh criticism

by verdverm

3/4/2026 at 11:27:49 PM

I could see a couple "serious" applications (1) indexing all machines and using pdsh to query across the cluster and (2) remote-syslog to a main machine generating huge logs, use qlog to query the main machine.

In both cases qlog setup would be better than elastic search or other remote search index setup .

by tonymet

3/4/2026 at 11:48:18 PM

Better is subjective, for the scenario you describe, in what ways is it better than having production grade, battle tested o11y?

(modern o11y, as typically viewed through Grafana, where IRL you need more than logs)

by verdverm

3/5/2026 at 1:32:45 AM

The setup

by tonymet

3/5/2026 at 2:54:36 AM

in our industry, shortcuts are a primary source of tech debt which either gets paid off or continues to charge interest

by verdverm

3/5/2026 at 3:08:31 AM

It’s not a shortcut if it’s cheaper , easier and works .

by tonymet

3/5/2026 at 3:38:09 AM

Works and easier are contextual, from my pov, narrowed to multi-machine/service scenarios since you mentioned a suite of tools to pair with this one.

It may be easier to set up, but it may not be easier to do my job. For example, can it graph the count of log matches over time for me by source node? Is missing a feature I need, that I already have in a mature o11y stack, then I wouldn't say it "works" or is "easier" for the majority of my interactions with it.

Paying more up front, a one time set up cost, has always been worth it in my experience for your o11y stack. The dividends pay back when you are able to restore production faster than your peers. Over time, the benefits manifest in your salary too.

How does this tool compare when you have multiple people working to debug an outage? How does it work if I need more reliability than a single instance can provide?

by verdverm

3/5/2026 at 7:06:01 PM

AWS' favorite customer

by tonymet

3/5/2026 at 9:06:42 AM

[dead]

by jamiemallers