-
Notifications
You must be signed in to change notification settings - Fork 0
Quick Start
sat edited this page Jun 26, 2026
·
1 revision
Parse a log line with the default parser and read back the fields.
import log2seq
mes = ("Jan 1 12:34:56 host-device1 system[12345]: "
"host 2001:0db8:1234::1 (interface:eth0) disconnected")
parser = log2seq.init_parser() # the default syslog/ISO parser
d = parser.process_line(mes)process_line returns a plain dict:
d["timestamp"] # datetime.datetime(2026, 1, 1, 12, 34, 56)
d["host"] # 'host-device1'
d["message"] # 'system[12345]: host 2001:0db8:1234::1 (interface:eth0) disconnected'
d["words"] # ['system', '12345', 'host', '2001:0db8:1234::1',
# 'interface', 'eth0', 'disconnected']
d["symbols"] # ['', '[', ']: ', ' ', ' (', ':', ') ', '']What you get:
-
timestamp— adatetime. A syslog line has no year, so the default parser fills the current year. -
host— present because the default rule names an itemhost; header keys depend on the rule (see Header Rules). -
message— the body left for the statement stage. -
words/symbols— the tokenized body. Note2001:0db8:1234::1survived as one word: the default parser fixes IP addresses before splitting on:.symbolsis always one longer thanwords.
Process a file line by line:
with open("app.log") as f:
for line in f:
d = parser.process_line(line.rstrip("\n"))
print(d["words"])A line that matches no header rule raises log2seq.LogParseFailure; build the
parser with ignore_failure=True to get None instead. From the shell, the same
thing is one command — python -m log2seq app.log — see
Practical Patterns.
- Building a Parser — when the default parser doesn't fit your format.
- Installation — if you haven't installed log2seq yet.