Byte Size TCP: tailspin, Log Highlighter
Welcome to the 3rd edition of Byte Size TCP (Tools, Concepts, and Projects), where we do a bite-sized breakdown of a command, tool, or concept you can put to use right away.
Today we are going to look at tailspin, a customizable CLI log file highlighter that makes calling out items of interest easy via.
The Tool: tailspin
tailspin helps streamline reviewing log files and highlighting fields of interest in data streams. It comes with standard regex detection while also providing customization via the editable theme.toml file . It can be extended to detect custom user defined keywords, regex, the ability to enable or disable certain regex categories, and even works with stdin or stdout!
The Concept: Techno Colored Logs
While not a replacement for grep, tspin is a great addition in the tool box to make overwhelming log files and data streams more easily parsable and user friendly. It helps find the needle in the hey stack and throws a spotlight on it for good measure.
The Project: Colorful Logs, Less Navigation
There are a variety of install methods depending on OS and package managers. On Mac the command brew install tailspin is the easy button using Homebrew.
By default tailspin will read a log file and output the default highlights view in 'less' view.
Flags of Interest
tspin /var/log/install.log - Highlight a log file with default regex detections with tailspin using less key navigation shortcuts. A similar command would be cat /var/log/syslog | tspin.
tspin -f /var/log/system.log - Use tailspin highlighting on continuous stream but gives the ability to pause and scroll. It gives users the ability to follow a stream, highlight elements and navigate with less. This works on logs written to disk, with the source of truth being the log file. The equivalent command would be tail -f /var/log/system.log | tspin.
tspin --exec 'log stream' - Just as the command above, this highlights a continuous stream with the ability to pause and scroll. The major difference is that tailspin here there is no file being read. It spawns the command log stream and begins highlighting the output stream. The source of truth is the process's output, not a file on disk. The equivalent command would be log stream | tspin.
Extra Credit
Be aware multiple systems can utilize the same command and the flags or operators can be different. TLDR does provide an indicator when there is a command found for an alternative OS, which you can look up, such as the example below.
To highlight matches without editing theme.toml file, you can use the --highlight flag to high light specific text.
tspin network.log --highlight=red:error,fail --highlight=green:success,ok
Disable one group and keep the others with
tspin /var/log/system.log --disable=numbers
Highlight only IPs
sudo tcpdump | tspin --enable=ip-addresses
or Paths
spin -f --enable=paths /var/log/system.log
Reference:
https://github.com/bensadeh/tailspin