Log Analysis
by dloss
Analyze, filter, transform, and convert log files using Kelora. Use for parsing logs, extracting patterns, investigating incidents, calculating metrics, or converting formats.
Skill Details
Repository Files
1 file in this skill directory
name: log-analysis description: Analyze, filter, transform, and convert log files using Kelora. Use for parsing logs, extracting patterns, investigating incidents, calculating metrics, or converting formats. metadata: version: "1.0"
Log Analysis with Kelora
Kelora is a streaming log processor with Rhai scripting. It auto-detects formats and provides 150+ built-in functions.
Getting Help
Run these for detailed reference (prefer over asking the user):
kelora --help-examples- Common patternskelora --help-functions- All 150+ functionskelora --help- Full CLI referencekelora --help-rhai- Scripting guide
Core Patterns
Filter logs:
kelora -l ERROR,WARN app.log # By level
kelora --filter 'e.status >= 500' api.log # By expression
kelora --since "1 hour ago" app.log # By time
Transform:
kelora -e 'e.duration_sec = e.duration_ms / 1000' api.log
kelora -e 'e.absorb_json("data")' events.log # Parse embedded JSON
Convert formats:
kelora -f combined -J access.log > access.jsonl # Apache to JSON
kelora -j -F logfmt events.jsonl # JSON to logfmt
kelora -f syslog -F csv syslog.log # Syslog to CSV
Metrics:
kelora -s app.log # Summary stats
kelora -q --metrics -e 'track_count("by:" + e.level)' app.log
Pattern discovery:
kelora --drain app.log # Find message templates
Context around matches:
kelora -C 5 --filter 'e.level == "ERROR"' app.log # 5 lines before/after
Field Access
e.level // Direct
e["@timestamp"] // Special chars
e.get_path("a.b.c") // Safe nested (returns () if missing)
e.has("field") // Check exists
Key Options
| Option | Purpose |
|---|---|
-f <fmt> |
Input format (auto/json/logfmt/syslog/combined/csv/regex:...) |
-F <fmt> |
Output format (json/logfmt/csv) |
-j / -J |
Shorthand for -f json / -F json |
--filter |
Boolean expression filter |
-e |
Rhai script per event |
-l / -L |
Include/exclude log levels |
-k / -K |
Include/exclude fields |
-n |
Limit output events |
--head |
Limit input lines (faster) |
-q |
Suppress events (metrics only) |
-s / -m |
Show stats/metrics |
--drain |
Discover message patterns |
-C / -B / -A |
Context lines around matches |
Tips
- Use
-f auto(default) - Kelora detects JSON, logfmt, syslog, combined, CSV - Preview with
-n 10or--head 100before processing large files - Use
-qwith--metricswhen you only need aggregates - Run
kelora --help-functionsto find the right function for your task
Related Skills
Attack Tree Construction
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Grafana Dashboards
Create and manage production Grafana dashboards for real-time visualization of system and application metrics. Use when building monitoring dashboards, visualizing metrics, or creating operational observability interfaces.
Matplotlib
Foundational plotting library. Create line plots, scatter, bar, histograms, heatmaps, 3D, subplots, export PNG/PDF/SVG, for scientific visualization and publication figures.
Scientific Visualization
Create publication figures with matplotlib/seaborn/plotly. Multi-panel layouts, error bars, significance markers, colorblind-safe, export PDF/EPS/TIFF, for journal-ready scientific plots.
Seaborn
Statistical visualization. Scatter, box, violin, heatmaps, pair plots, regression, correlation matrices, KDE, faceted plots, for exploratory analysis and publication figures.
Shap
Model interpretability and explainability using SHAP (SHapley Additive exPlanations). Use this skill when explaining machine learning model predictions, computing feature importance, generating SHAP plots (waterfall, beeswarm, bar, scatter, force, heatmap), debugging models, analyzing model bias or fairness, comparing models, or implementing explainable AI. Works with tree-based models (XGBoost, LightGBM, Random Forest), deep learning (TensorFlow, PyTorch), linear models, and any black-box model
Pydeseq2
Differential gene expression analysis (Python DESeq2). Identify DE genes from bulk RNA-seq counts, Wald tests, FDR correction, volcano/MA plots, for RNA-seq analysis.
Query Writing
For writing and executing SQL queries - from simple single-table queries to complex multi-table JOINs and aggregations
Pydeseq2
Differential gene expression analysis (Python DESeq2). Identify DE genes from bulk RNA-seq counts, Wald tests, FDR correction, volcano/MA plots, for RNA-seq analysis.
Scientific Visualization
Meta-skill for publication-ready figures. Use when creating journal submission figures requiring multi-panel layouts, significance annotations, error bars, colorblind-safe palettes, and specific journal formatting (Nature, Science, Cell). Orchestrates matplotlib/seaborn/plotly with publication styles. For quick exploration use seaborn or plotly directly.