Installation
Get the single static binary running on Linux or macOS in under a minute.
Quick start
Write your first query and filter logs in seconds.
Why Zeal?
Existing tools each solve part of the problem, but none covers all of it:grepmatches text but can’t filter by field values, compare numbers, or correlate events across time.jqis powerful for JSON but can’t handle logfmt or plain text, and has no temporal logic.zealgives you a single consistent query language across all log formats — plus temporal correlation that neither tool can do.
| Capability | grep | jq | zeal |
|---|---|---|---|
| Filter by field value | — | JSON only | JSON, logfmt, plain text |
Numeric comparisons (>= 500) | — | JSON only | All formats |
| Substring search | With regex | With test() | CONTAINS (case-insensitive) |
| logfmt support | Text only | — | Native |
| Plain text support | Native | — | Native |
| Temporal correlation | — | — | WITHIN 5s OF |
| Aggregate / group | — | With reduce | GROUP BY |
| Follow mode | — | — | --follow |
Core concepts
Query language
Zeal uses a SQL-inspired syntax with four clauses:FROM clause names the log file (or files). WHERE filters entries using operators like =, >=, CONTAINS, and boolean logic.
Temporal correlation
The standout feature. TheWITHIN ... OF clause lets you find log entries that occurred near other entries in time:
ms, s, m, h, and d.
Auto-detection
Zeal reads the first line of each file to detect the format — no flags required:| Format | Detection rule | Example |
|---|---|---|
| JSON | First line starts with { | {"level":"error","msg":"timeout"} |
| logfmt | First line contains key=value pairs | level=error msg="timeout" |
| Plain text | Everything else | 2024-01-15 10:30:06 ERROR timeout |
level/lvl/severity/log_level, message/msg/text/body, timestamp/ts/time/t/@timestamp/datetime/date) are mapped automatically across formats.