Rust 2021 · Cross-Platform · v1.0

LogBlast

A blazing-fast CLI log analyzer that processes multi-GB files in seconds — streaming parsing, smart format detection, anomaly alerts, and beautiful output.

Get LogBlast — $29 → See Features
LogBlast terminal banner — blazing-fast log analyzer
logblast — zsh — 120×38
logblast analyze access.log Format detected Nginx Combined Log Format File size 1.04 GB Lines parsed 5,231,904 in 3.8s · 12 MB RAM ERROR ██████░░░░░░░░░░ 1,204 (0.02%) WARN ███░░░░░░░░░░░░░ 648 (0.01%) INFO ████████████████ 5,229,052 (99.9%) Top IP 203.0.113.42 → 12,408 reqs Top path /api/v2/users → 8,921 hits 5xx rate 0.008% ⚠ Anomaly: ERROR spike at 14:22 — 47 errors/min (threshold: 10) ⚠ IP burst: 203.0.113.42 — 3,200 req/min (threshold: 100)
>200
MB/s throughput
~12
MB RAM for 10 GB file
3
auto-detected formats
3
platforms supported

What it does

Everything grep can't.

LogBlast combines the raw speed of streaming I/O with the intelligence of a purpose-built log tool — no scripting required.

Streaming architecture

Uses a BufReader pipeline — never loads the entire file into memory. RAM stays flat at ~12 MB whether the log is 100 MB or 10 GB. Benchmarked at over 200 MB/s on commodity NVMe hardware.

Rust BufReader
🔍

Composable filtering

Filter by log level, time range, regex pattern, IP address, and HTTP status code or range — all at once. Combine any number of filters and invert them with --invert.

Fully composable
📊

Rich statistics

Per-level breakdowns with visual bars, top N IPs, top paths, top user agents, and byte stats. All displayed in color-coded tables via comfy-table. Configurable --top N.

comfy-table
🚨

Anomaly detection

Automatically flags error spikes, IP bursts, and HTTP 5xx storms against configurable thresholds. Set custom per-minute limits in your YAML config or via --spike-threshold.

Configurable thresholds
📤

CSV & JSON export

Convert any log format to structured CSV or NDJSON with a single --out flag. Pipe results into your BI tool, S3 bucket, or data pipeline downstream.

--out flag
🔗

Stdin support

Pass - as the file argument to read from stdin. Works seamlessly in shell pipelines with cat, tail -f, and ssh remote | logblast filter -.

UNIX-native
⚙️

YAML config file

Save reusable filters, anomaly thresholds, and custom regex patterns in logblast.yaml. Auto-loaded from the working directory — no flags needed for your standard setup.

logblast.yaml
🎨

Format auto-detection

Instantly recognizes Nginx/Apache CLF and Combined formats, structured NDJSON, and plain-text logs with mixed timestamp styles — no --format flag needed.

--format override

Command reference

Four focused subcommands.

Each command does one thing well. Compose them in shell scripts or use them interactively.

logblast analyze
Full pipeline: parse → filter → stats → anomaly detection. The default command for one-shot analysis of any log file.
--level--min-level--from / --to --pattern--ip--status --invert--anomaly--spike-threshold --top N--out FILE--format
logblast filter
Stream matching lines — like grep, but log-aware. Understands levels, timestamps, and IPs natively. Outputs raw, JSON, or plain text.
all filter flags--limit N --line-numbers--output raw|json|text
logblast stats
Statistics and summaries only — no entry listing. Great for a quick health check in CI or a monitoring cron job.
--top N--output table|json|csv
logblast convert
Convert any supported log format to JSON or CSV. Pipe the output to jq, import into a database, or push to S3.
--output json|csv--out FILE
logblast init-config
Scaffold a logblast.yaml config file in the current directory with commented defaults for every available option.
no flags

Performance

Numbers, not claims.

Benchmarked on AMD Ryzen 7 5800X, NVMe SSD, Linux. Memory stays constant regardless of file size due to streaming.

// Comparison — 1 GB Nginx access log

ToolSpeedTimeMemory
grep "ERROR"
~1.2s~4 MB
awk (custom)
~2.8s~6 MB
logblast analyze
~3.8s~12 MB

// Scale test — Nginx format

File sizeRelativeTimeMemory
100 MB
~0.4s~12 MB
1 GB
~3.8s~12 MB
10 GB (JSON)
~38s~15 MB
The key detail: memory stays flat at ~12–15 MB regardless of file size. LogBlast never loads the log into RAM — it streams line by line. A 10 GB file uses barely more memory than a 10 MB one.

Supported formats

Auto-detected. No config required.

LogBlast sniffs the format from the first few lines. Override with --format auto|nginx|json|text if needed.

Nginx / Apache

Common Log Format and Combined Log Format. Extracts IP, timestamp, method, path, status code, bytes, referer, and user agent.

CLFCombinedip statusbytesuser_agent

JSON / NDJSON

One JSON object per line. Fuzzy-matches common field names for timestamp and log level across frameworks.

timestamp / ts / @timestamp level / severity / lvl message / msg

Plain text

Handles mixed timestamp formats including ISO 8601, syslog, and common app logger patterns. Extracts level from inline keywords.

ISO 8601syslog [ERROR]WARN prefix

In action

Real terminal output.

No mockups — these are actual screenshots from LogBlast running on real log files.

LogBlast top request paths output
Top request paths — ranked by hit count
LogBlast top user agents output
Top user agents — curl, bots, browsers
LogBlast anomaly alerts output
Anomaly alerts — 5xx storm detection

Configuration

One YAML file. Reusable everywhere.

Drop a logblast.yaml in any directory and it's auto-loaded on every run. Scaffold one with logblast init-config.

# logblast.yaml — auto-loaded from working directory filters: levels: [] # empty = show all levels exclude_ips: [] # IPs to silently drop from results anomaly: error_spike_per_minute: 10 # alert if >10 errors/min ip_burst_per_minute: 100 # alert if one IP hits 100 req/min http_5xx_storm_pct: 10.0 # alert if 5xx rate exceeds 10% output: format: table # table | json | csv | raw color: true top_n: 10 custom_patterns: - name: "DB Timeout" regex: "connection timed out" severity: ERROR - name: "Auth Failure" regex: "authentication failed|invalid password" severity: WARN

Roadmap

What's next.

Shipped features are stable and tested. Upcoming items are actively in development or planned for v1.x.

Streaming BufReader engine

Constant-memory parsing regardless of file size

shipped

Anomaly detection

Error spikes, IP bursts, 5xx storms with configurable thresholds

shipped

CSV & JSON export

Structured output for downstream pipelines and BI tools

shipped

YAML config file

Reusable filters, thresholds, and custom regex patterns

shipped

logblast tail — live tail with filtering

Real-time log monitoring with all filter flags applied on the fly

coming soon

Gzip / zstd compressed log support

Analyze rotated compressed logs without decompressing first

coming soon

Multi-file glob — logblast analyze logs/*.log

Aggregate stats and anomalies across an entire log directory

planned

Terminal histogram — time-series error rate

Sparkline chart of errors per minute rendered inline in the terminal

planned

PDF summary report export

Share a formatted analysis report without sharing raw log data

planned

Plugin system for custom parsers

Extend LogBlast with your own format parsers and output plugins

planned

Pricing

One-time payment. Lifetime access.

Pay once, get all current and future v1.x updates. No subscription, no telemetry, no nonsense.

one-time payment

$29

Lifetime access · All platforms included · No recurring fees

Pre-built Linux binary (musl static)
Pre-built macOS binary (ARM + Intel)
Pre-built Windows binary (MSVC)
Full source code included
logblast.yaml config scaffold
All future v1.x updates free
Linux x86_64 (musl) macOS aarch64 macOS x86_64 Windows x86_64 One-time No telemetry
Buy on Gumroad — $29 →

Questions? Reach out on Telegram: @DevEcho