Imagine sifting through mountains of log data at lightning speed—up to 2 GiB/s, to be precise. Sounds like a dream for DevOps engineers, right? Enter HL, a Rust-based, open-source JSON log viewer that’s turning heads with its jaw-dropping performance. But here’s where it gets controversial: while tools like Grafana Loki dominate the scene, HL claims to outpace them in simplicity and speed, especially for single-instance applications. Could this be the underdog tool you’ve been missing? Let’s dive in.
HL (https://github.com/pamburus/hl?tab=readme-ov-file#performing-complex-queries) is designed to handle structured logs in JSON or logfmt format with unparalleled efficiency. Built in Rust, it leverages the language’s performance benefits to deliver blazing-fast indexing and parsing. Whether your log files are uncompressed or compressed, HL scans them in a fraction of the time compared to alternatives like hlogf, humanlog, fblog, and fblog-d. And this is the part most people miss: HL doesn’t just stop at speed—it’s also a powerhouse for processing massive datasets, effortlessly handling hundreds of gigabytes across local files.
According to benchmarks by its creator, HL achieves a staggering ~2 GiB/s throughput during initial scans with automatic indexing, and up to ~10 GiB/s when reindexing growing files. This isn’t just fast—it’s game-changing for anyone wrangling large-scale logs from the command line. But don’t just take our word for it: in a recent Hacker News discussion, user solatic praised HL as a simpler alternative to Grafana Loki for single-instance setups, though they noted that centralizing logs across multiple machines remains a debated necessity.
Now, let’s talk features. HL comes packed with tools that make log analysis a breeze. Its integrated pager, reminiscent of less, lets you browse log entries effortlessly. Need to filter, search, sort, or format logs? HL’s got you covered. Filter by log level (error, warn, info, etc.), field or key-value pairs (component=tsdb, request.method?!=GET), or even time ranges (--since yesterday, --until 'Jun 19 11:22:33'). Plus, its follow mode (think tail -f on steroids) automatically sorts timestamps across multiple sources, ensuring you never miss a beat.
Customization is another area where HL shines. Tailor the output to your liking by hiding or revealing fields, switch timezones on the fly, and even apply UI themes and color schemes. But the real magic lies in its query-building capabilities. Combine logical, comparison, set-based, and string operators to craft complex queries like a pro. For instance, the command hl my-service.log --query 'level > info or status-code >= 400 or duration > 0.5' filters logs based on multiple conditions simultaneously. And here’s a pro tip: HL lets you handle missing fields explicitly. Want to find entries where price is defined? Use hl my-service.log -q 'exists(.price)'. Or, if you’re okay with missing or specific values, try hl my-service.log -q '.price?=3'—it’s that flexible.
Available under the MIT license and compatible with macOS, Linux, and Windows, HL is a versatile addition to any developer’s toolkit. But we want to hear from you: Is HL the log viewer you’ve been waiting for, or do you stand by more complex tools like Grafana Loki? Let us know in the comments—this debate is far from over!
