Coralogix CLI

Coralogix is on a mission to provide a CLI that will enable you to do all your Coralogix operations without the web interface involved. Currently, we support LiveTail (a live log stream from all your services) and our archive query to help you directly query your archived logs that were stored to S3 using the Elasticsearch syntax.

You can filter your logs by Coralogix metadata fields such as application name, subsystem name, and severity and also by querying the data itself.

Live tail is much like how the stern command in K8s streams logs in real-time.

*Before using the CLI to query archived data, please make sure that you’ve configured your own S3 bucket on AWS to work with Coralogix, as described in this tutorial.

Install the Coralogix CLI for MacOS/Linux

Download:

curl -O https://coralogix-public.s3-eu-west-1.amazonaws.com/cxctl/latest/cxctl-macOS.gz

Or

curl -O https://coralogix-public.s3-eu-west-1.amazonaws.com/cxctl/latest/cxctl-Linux.gz

Unzip

gunzip -N cxctl-*.gz

Make Executable:

chmod +x cxctl

Set Environment Variables:

Require for S3 Query

export AWS_REGION=YOUR_REGION

export AWS_ACCESS_KEY=YOUR_AWS_ACCESS_KEY

export AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_ACCESS_KEY

Require for Live Tail

export CORALOGIX_API_KEY=YOUR_LOGS_API_KEY

The API key to use can be found in settings->account–>’API Access’ –> Logs API Key

 

Scan Option:

S3 bucket	--bucket <bucket name>, -b <bucket name>
Time range - Start	--range-start <start time>, -s <start time>
Time range - End	--range-end <end time>, -e <end time>
Application	--application <app1,app2>
Subsystem	--subsystem <sub1,sub2>
Severity	--severity <severity>
Limit the number of logs	-c <number>
Query	" <Your Query> "

Scan Examples

Query	Explanation
./cxctl scan --bucket coralogix-tutorial -s "2020-08-18T16:30:00Z" -e "2020-08-18T17:00:00Z" -c 5	Retrieve the first 5 rows within the time range
./cxctl scan --bucket coralogix-tutorial --range-start 2020-08-18T00:01:01Z --range-end 2020-08-18T00:09:05Z -c 5 "NOT s3_bucket:amir-blog-logs"	Retrieves the top 5 results of the query within the time range
./cxctl scan -b coralogix-tutorial -s 2020-08-18T00:01:01Z -e 2020-08-18T16:59:05Z --application-name Prod --subsystem Coralogix --severity info	Retrieve all the logs from Prod application and Coralogix subsystem with info severity within the time range

Histogram:

Prints a time-based log count histogram.

S3 bucket	--bucket <bucket name>, -b <bucket name>
Time range - Start	--range-start <start time>, -s <start time>
Time range - End	--range-end <end time>, -e <end time>
Application	--application <app1,app2>
Subsystem	--subsystem <sub1,sub2>
Severity	--severity <severity>
Limit the number of logs	-c <number>
Query	" <Your Query> "

Log Streaming

In order to stream the logs in real-time (as they are being archived) use the following command:

./cxctl livetail --region "region-name" --api-key <api-key> --format pretty --application "app-name" --subsystem "subsystem-name"

A Coralogix API key can be passed to the scanner through the `–api-key` argument or as an environment variable

Streaming supports the EU and IN regions; specify them as `eu` and `in` respectively

By default, the logs use the `pretty` format. A `raw` format is also available which prints out the logs as JSON objects

The scanner will tail the logs infinitely by default but can stop after a specified number of log lines using –count

LiveTail Option:

Coralogix Alerts & Rules API Key	--api-key <api-key>, -k <api-key>
Application name to filter on	--application <app1>,<app2>
Add a custom field to the colored fields when pretty-printing	--color-by <field path>
How many lines to read	--count <count>, -c <count>
How to render the logs (raw/pretty)	--format <format>
Print logs without any colors	--monochrome, -m
Coralogix account region (eu/in)	--region <region>, -r <region>
Subsystem to filter on	--subsystem <sub1>,<sub2>
Severity to filter on (case-sensitive - use DEBUG/INFO/etc.)	--severity <severity>