Coralogix is on a mission to provide a CLI that will enable you to do all your Coralogix operations without the web interface involved. Currently, we support:
curl -O https://coralogix-public.s3-eu-west-1.amazonaws.com/cxctl/latest/cxctl-macOS.gz
Or
curl -O https://coralogix-public.s3-eu-west-1.amazonaws.com/cxctl/latest/cxctl-Linux.gz
gunzip -N cxctl-*.gz
chmod +x cxctl
Require for S3 Query
export AWS_REGION=YOUR_REGION export AWS_ACCESS_KEY=YOUR_AWS_ACCESS_KEY export AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_ACCESS_KEY
Require for Live Tail
export CORALOGIX_API_KEY=YOUR_LOGS_API_KEY
The API key to use can be found in settings->account–>’API Access’ –> Logs API Key
| S3 bucket | --bucket <bucket name>, -b <bucket name> |
| Time range - Start | --range-start <start time>, -s <start time> |
| Time range - End | --range-end <end time>, -e <end time> |
| Application | --application <app1,app2> |
| Subsystem | --subsystem <sub1,sub2> |
| Severity | --severity <severity> |
| Limit the number of logs | -c <number> |
| Query | " <Your Query> " |
| Query | Explanation |
|---|---|
| ./cxctl scan --bucket coralogix-tutorial -s "2020-08-18T16:30:00Z" -e "2020-08-18T17:00:00Z" -c 5 | Retrieve the first 5 rows within the time range |
| ./cxctl scan --bucket coralogix-tutorial --range-start 2020-08-18T00:01:01Z --range-end 2020-08-18T00:09:05Z -c 5 "NOT s3_bucket:amir-blog-logs" | Retrieves the top 5 results of the query within the time range |
| ./cxctl scan -b coralogix-tutorial -s 2020-08-18T00:01:01Z -e 2020-08-18T16:59:05Z --application-name Prod --subsystem Coralogix --severity info | Retrieve all the logs from Prod application and Coralogix subsystem with info severity within the time range |
Prints a time-based log count histogram.
| S3 bucket | --bucket <bucket name>, -b <bucket name> |
| Time range - Start | --range-start <start time>, -s <start time> |
| Time range - End | --range-end <end time>, -e <end time> |
| Application | --application <app1,app2> |
| Subsystem | --subsystem <sub1,sub2> |
| Severity | --severity <severity> |
| Limit the number of logs | -c <number> |
| Query | " <Your Query> " |
In order to stream the logs in real-time (as they are being archived) use the following command:
./cxctl livetail --region "region-name" --api-key <api-key> --format pretty --application "app-name" --subsystem "subsystem-name"
A Coralogix API key can be passed to the scanner through the `–api-key` argument or as an environment variable
Streaming supports EU, IN and US regions; specify them as `eu`, `in` and `us` respectively
By default, the logs use the `pretty` format. A `raw` format is also available which prints out the logs as JSON objects
The scanner will tail the logs infinitely by default but can stop after a specified number of log lines using –count
| Coralogix Alerts & Rules API Key | --api-key <api-key>, -k <api-key> |
| Application name to filter on | --application <app1>,<app2> |
| Add a custom field to the colored fields when pretty-printing | --color-by <field path> |
| How many lines to read | --count <count>, -c <count> |
| How to render the logs (raw/pretty) | --format <format> |
| Print logs without any colors | --monochrome, -m |
| Coralogix account region (eu/in/us) | --region <region>, -r <region> |
| Subsystem to filter on | --subsystem <sub1>,<sub2> |
| Severity to filter on (case-sensitive - use DEBUG/INFO/etc.) | --severity <severity> |