logslice

Time-bounded log extraction that doesn't split multiline entries.

The problem with naive slicing

Most log tools cut on timestamp boundaries, which splits stacktraces and JSON blobs mid-entry. logslice buffers entries and only emits a complete record once it can confirm the next line belongs to a new entry.

Sources

• journald (via journalctl --output=json)
• flat files with RFC3339 or ISO8601 timestamps at line start
• nginx/caddy access log format (auto-detected)

Example

logslice --since "2026-04-28 14:00" --until "2026-04-28 15:00" \
  --unit caddy.service | jq 'select(.level == "error")'

← All projects