Reads a log stream (stdin or file) and uses a sliding time window to count how often each line pattern appears. When frequency exceeds a configurable threshold, it surfaces the pattern. Detects spikes by comparing current window count to the previous window. Normalises common patterns (timestamps, UUIDs, IPs) for better grouping. Essential for spotting error bursts during incidents without staring at the firehose.
LoggingObservabilityMonitoringCLI
Features
- Sliding time window frequency counting
- Spike detection: ratio-based alert when count spikes
- Pattern normalisation (timestamps, UUIDs, IPs)
- File mode and stdin streaming mode
- Configurable window size, threshold, and spike ratio
Flags
| Long | Short | Description |
|---|---|---|
| --version | -V | Show version and license |
| --file | -f | Read from file instead of stdin |
| --window | -w | Time window in seconds (default 60) |
| --threshold | -t | Min occurrences to surface (default 10) |
| --spike-ratio | -r | Spike alert ratio pct (default 200) |
| --json | -j | Output JSON lines |
| --quiet | -q | Only show spikes, not regular events |
Usage
terminal
$ tail -f app.log | logspike
$
$ logspike --file app.log --window 120 --threshold 5 --spike-ratio 300
Dependencies
stdlib only — sys, re, collections, time
Install
$ curl -LO https://labs.stech-sol.com/downloads/logspike/0.4.0/logspike_0.4.0.tar.gz
$ tar xzf logspike_0.4.0.tar.gz
$ chmod +x logspike/logspike.py
$ sudo ln -s $PWD/logspike/logspike.py /usr/local/bin/logspike
About
Downloads
Verify integrity
SHA256 checksums