Collect, index, and search logs from any source. Label-based indexing, full-text search, LogQL-compatible queries, structured logging, and real-time live tail.
Everything you need for log management at any scale.
HTTP push API (JSON, NDJSON, raw text), syslog receiver (RFC 5424/3164), and file tail agent with glob patterns and rotation detection.
Loki-compatible label-based architecture. Logs organized into streams by label set, with efficient chunk storage and zstd compression.
Inverted index with bloom filters and trigram indexing for fast full-text search across all stored log data.
Complete LogQL support: stream selectors, line filters, parsers (JSON, logfmt, regex), label filters, range aggregations, and vector aggregations.
Real-time log streaming via WebSocket with dynamic filter updates, pause/resume, and auto-reconnect.
Pattern matching, thresholds, rate changes, and absence detection. Notifications via webhook, Slack, email, and PagerDuty.
Configurable stages: parse, filter, transform, route, and output. Built-in parsers for JSON, logfmt, regex, syslog, Docker, and Apache/Nginx.
Organization isolation with per-tenant quotas, retention policies, and independent label namespaces.
Local filesystem or S3-compatible object storage. Time-based and size-based retention with automatic compaction.
Up and running in seconds.
klog serve --config koder.toml# Push from stdin
echo "Application started successfully" | klog push --labels "job=myapp,level=info"
# Push JSON
curl -X POST https://log.koder.dev/api/v1/push \
-H "Content-Type: application/json" \
-d '{"streams":[{"stream":{"job":"nginx"},"values":[["'$(date +%s)000000000'","GET /api 200 OK"]]}]}'# Simple query
klog query '{job="nginx"}'
# Filter by content
klog query '{job="nginx"} |= "error"' --from 1h
# Parse JSON and filter
klog query '{job="app"} | json | status >= 500'
# Rate calculation
klog query 'rate({job="nginx"} |= "error" [5m])'klog tail '{level="error"}'REST API with Loki-compatible push format.
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/push | Push log entries (JSON, NDJSON, raw text) |
| GET | /api/v1/query | Instant LogQL query |
| GET | /api/v1/query_range | Range query with step interval |
| GET | /api/v1/labels | List all label names |
| GET | /api/v1/label/{name}/values | List values for a label |
| GET | /api/v1/streams | List log streams |
| GET | /api/v1/tail | WebSocket live tail |
| GET | /api/v1/alerts | List alert rules |
| POST | /api/v1/alerts | Create alert rule |
| DEL | /api/v1/alerts/{id} | Delete alert rule |
| GET | /api/v1/stats | Server statistics |
| GET | /metrics | Prometheus metrics |
| GET | /health | Health check |
Powerful queries compatible with Grafana Loki.
{job="nginx"} # Exact match
{job="nginx", level="error"} # Multiple labels
{job=~"nginx|apache"} # Regex match
{host!~"dev-.*"} # Regex not match{job="app"} |= "error" # Line contains
{job="app"} | json | status >= 500 # Parse JSON + filter
{job="app"} | logfmt | duration > 1s # Parse logfmt + filter
{job="app"} | regexp "(?P<method>\\w+) (?P<path>\\S+)" # Regex extraction
{job="app"} | json | line_format "{{.method}} {{.path}}" # Format outputcount_over_time({job="nginx"}[5m]) # Count in window
rate({job="nginx"} |= "error" [5m]) # Error rate
sum by (job) (rate({level="error"}[5m])) # Group by job
topk(10, sum by (path) (rate({job="nginx"}[5m]))) # Top 10 paths