Skip to main content

Usage

zeal '<query>'
zeal -f <file> [options] '<query>'

Options

FlagShortTypeDefaultDescription
--help-hbooleanfalseShow help and exit
--version-VbooleanfalseShow version and exit
--file <path>-fstringLog file path (repeatable; alternative to FROM)
--format <fmt>stringtextOutput format: text, json, raw
--color <mode>stringautoColor mode: auto, always, never
--no-colorbooleanfalseDisable color output (same as --color never)
--follow-FbooleanfalseTail file for new entries
--explainbooleanfalseShow query plan without executing

Notes

-f / --file and FROM You can specify log sources either in the query itself with a FROM clause or with -f flags on the command line. Both approaches are equivalent. You can repeat -f to query multiple files: 
# Using FROM in the query
zeal 'FROM /var/log/app.log WHERE level = "error"'

# Using -f flag (FROM clause is optional)
zeal -f /var/log/app.log 'WHERE level = "error"'

# Multiple files with -f
zeal -f app.log -f nginx.log 'WHERE status >= 500'
Argument order Options can appear before or after the query string. The query must be a single positional argument (quote it to prevent shell word-splitting): 
zeal --format json --no-color 'FROM app.json WHERE level = "error"'

Examples

# Show version
zeal --version

# Basic query
zeal 'FROM app.json WHERE level = "error"'

# Specify file with flag, output as NDJSON
zeal -f app.json --format json 'WHERE level = "error"'

# Disable colors for piping
zeal --no-color 'FROM app.json WHERE status >= 500'

# Preview the query plan before running
zeal --explain 'FROM app.json WHERE level = "error" WITHIN 5s OF level = "warn"'

# Follow a log file in real time
zeal --follow 'FROM /var/log/app.log WHERE level = "fatal"'
zeal -F 'FROM /var/log/app.log WHERE level = "fatal"'

Build docs developers (and LLMs) love

Get started for freeTalk to us