Delve is a powerful, extensible platform for ingesting, transforming, and searching structured, unstructured, and semi-structured data. It is designed for easy local development, robust production deployments, and seamless integration with modern tools and containerization workflows.
- Ingest data from diverse sources (REST API, file tail, syslog, scheduled queries)
- Transform and normalize data with custom pipelines
- Perform powerful search and filtering with a pipeline syntax
- Create interactive dashboards and visualizations
- Set up alerts and notifications
- Extend functionality with custom apps and commands
manage.pyat the repository root for standard Django management- Core apps (e.g.,
events,users) and configuration in top-level folders requirements.txtandpyproject.tomlfor Python dependenciesbootstrap.pyfor automated build, packaging, and asset managementfrontend/for JavaScript and SCSS assetsdoc/for user and admin documentationutilities/cli/for ingestion utilities such astail-files.pyandsyslog-receiver.py
git clone https://github.com/McIndi/delve
cd delvepython -m venv .venv
.venv\Scripts\activate # On Windows
source .venv/bin/activate # On Linux/macOSpip install -r requirements.txtpython manage.py migratenpm install
npx webpack --config webpack.config.jspython manage.py collectstatic --no-inputpython manage.py createsuperuserpython manage.py runserver# Task scheduler
python manage.py qcluster
# Syslog server
python utilities/cli/syslog-receiver.py
# Tail log files
python utilities/cli/tail-files.py /var/log/*.logDefaults: Delve ships with Whitenoise + CherryPy by default to keep air-gapped/offline use simple. Swap components as desired.
All Python runtime dependencies are managed via a single, pinned requirements.txt at the repository root. Do not add runtime dependencies to pyproject.toml or use pip install . or pip install -e .. For local development, Docker, and ZIP/air-gapped workflows, always install with:
pip install -r requirements.txtIf you need to update dependencies, edit requirements.txt directly.
When you set DELVE_DATABASE_NAME, DELVE_DATABASE_USER, and DELVE_DATABASE_PASSWORD in your .env, the Postgres container automatically creates the database and user with those credentials on first startup. No manual setup is required.
Delve ships with a docker-compose.yaml for easy setup. Make sure to copy .env.example to .env and fill in required values (see comments in the file).
docker-compose up --buildThis will build the images and start the web server, worker, and Postgres database.
docker-compose exec web python manage.py migratedocker-compose exec web python manage.py createsuperuserdocker-compose logs -fdocker-compose restartdocker-compose downVisit http://127.0.0.1:8000/ in your browser to access the web UI.
- If a service fails to start, check logs with
docker-compose logs <service> - If environment variables are missing, Compose will error out with a message (for required secrets and DB credentials)
- To rebuild images after changing the Dockerfile, use
docker-compose build
- List all containers (running and stopped):
docker ps -a
- List all images:
docker images
- List all volumes:
docker volume ls
- Show disk usage (images, containers, volumes, build cache):
docker system df
- Remove stopped containers:
docker container prune -f
- Remove unused images:
docker image prune -a -f
- Remove unused volumes:
docker volume prune -f
- Remove everything (containers, images, volumes, networks, build cache):
docker system prune -a -f
You can use bootstrap.py to automate building, packaging, and asset management for deployment to air-gapped systems. While containerization is also supported, this utility enables deployment to air-gapped environments without requiring dependencies on the target system.
After running the following commands, you will have a zip file under ./dist/ containing everything needed to deploy Delve to an air-gapped system, including source code, Python interpreter, frontend and backend dependencies, and more:
- Clean build artefacts:
python bootstrap.py clean --all
- Download and extract Python:
python bootstrap.py download_python python bootstrap.py extract_python
- Install Python dependencies:
python bootstrap.py run_pip_install
- Install frontend dependencies and build assets:
python bootstrap.py run_npm_install python bootstrap.py build_frontend
- Collect static files:
python bootstrap.py collectstatic
- Package everything:
python bootstrap.py package
Or run all steps in sequence:
python bootstrap.py allSee doc/admin/Bootstrap_Guide.md for full details and extensibility options.
- User Guide:
doc/user/Getting_Started.md - Admin Guide:
doc/admin/Installation_and_Setup.md,doc/admin/Bootstrap_Guide.md - API Reference: Browse the REST API via the web UI after starting the server
- Events: The core data unit, with indexed and extracted fields
- Queries: Pipeline-based data retrieval and transformation
- Ingestion: Multiple methods, including REST, file tail, and syslog
- Field Extraction: Index-time and search-time extraction
- Custom Apps: Extend Delve with new commands, dashboards, and APIs
- Alerts: Search-based and processor-based alerting
Contributions are welcome! Please see the documentation and open an issue or pull request.
Delve is an open-source project maintained in my spare time.
If you find it useful, please consider sponsoring me on GitHub
Delve is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0). See doc/LICENSES.txt for details.
