Skip to main content
1

Install Zeal

Download the pre-built binary for your platform. See the Installation page for full instructions.
# Linux (x86_64)
curl -Lo zeal.tar.gz https://github.com/aryanjha256/zeal/releases/latest/download/zeal-x86_64-linux.tar.gz
tar xzf zeal.tar.gz
sudo mv zeal-x86_64-linux /usr/local/bin/zeal
Verify the install:
zeal --version
2

Run a basic filter

Query a JSON log file and filter by field value:
zeal 'FROM app.json WHERE level = "error"'
This returns every log entry where the level field equals "error". Matching is case-insensitive.
3

Try numeric comparisons

Filter by numeric fields and limit output:
zeal 'FROM app.json WHERE status >= 500 SHOW LAST 10'
SHOW LAST 10 returns only the 10 most recent matches.
4

Use CONTAINS for substring search

Find entries where a field contains a substring (case-insensitive):
zeal 'FROM app.json WHERE message CONTAINS "timeout"'
5

Try temporal correlation

The killer feature — find errors that happened within 5 seconds of a warning:
zeal 'FROM app.json WHERE level = "error" WITHIN 5s OF level = "warn"'
Temporal correlation requires timestamps in your log entries. Zeal auto-maps common timestamp field names: timestamp, ts, time, @timestamp.
6

Output as JSON and pipe to jq

Use --format json to output NDJSON (one JSON object per line) for piping:
zeal --format json 'FROM app.json WHERE level = "error"' | jq '.request_id'
Use --format json whenever you want to feed results into another tool. Use --format raw to get the original unmodified log lines.

Next steps

Query language

Learn the full syntax: FROM, WHERE, GROUP BY, SHOW.

Temporal correlation

Explore the WITHIN…OF feature in depth.

CLI options

See all available flags and options.

Build docs developers (and LLMs) love

Get started for freeTalk to us