Logler’s CLI commands return JSON — great for AI agents, less great for humans staring at log files trying to figure out what went wrong. Logler Web puts a visual layer on top of the same Rust-powered analysis engine: browse files, filter by level, follow threads across services, chart numeric metrics, and correlate events — all in a browser.
The frontend is Vue 3 + TypeScript + Naive UI. The backend is 29 FastAPI endpoints that proxy to logler’s Python API. No separate database, no ingestion pipeline. Point it at a directory of log files and start investigating.
The Six Views
Each view answers a different kind of question about your logs.
Log Viewer
The default view. Entries from one or more log files, displayed as a scrollable list with level-based color coding. Filter by level (toggle INFO/DEBUG/WARN/ERROR), search by text or regex, paginate through large files.
When multiple files are open, entries interleave by timestamp — you see what happened across all files in chronological order. Each entry shows its source file with a color-coded dot (up to 12 distinct colors, automatically assigned).
Hierarchy
Builds a tree from thread IDs and naming patterns. If your threads follow a convention like worker-1 → worker-1.task-a → worker-1.task-a.subtask, logler infers the parent-child structure and renders it as a collapsible tree with log counts and error propagation.
Waterfall
Timeline bars showing when each thread or span was active and how long it took. Useful for spotting overlap, gaps, and which operations are on the critical path.
SQL
DuckDB-powered query editor. All loaded log entries are available as a SQL table. The editor includes preset queries (error summary, level distribution, busiest threads) and a full results table. An escape hatch when the built-in views don’t cover your question.
Metrics
Numeric value extraction from log fields and messages. Select fields like response_time_ms or queue_depth, see statistics (min, max, mean, p95, p99), and chart values over time with ECharts. Z-score anomaly detection highlights outliers.
Event Correlation
Cross-file event correlation with time windows. Pick an anchor event (an ERROR, a specific timestamp), define a window (5 seconds, 30 seconds), and see what happened across all files within that window. Clusters related events into groups.
Architecture
Browser (Vue 3 + Naive UI)
↕ HTTP/JSON + WebSocket
FastAPI backend (29 endpoints)
↕ Python function calls
logler (Rust core + Python API)
↕ File I/O
Local log files
The backend is a single app.py file. No ORM, no migrations, no background workers. It holds a ThreadTracker instance in memory and exposes logler’s investigation functions as REST endpoints. The tracker accumulates state as you open files — threads, traces, and statistics grow as you load more data.
State management in the frontend uses 9 Pinia stores, each handling a specific domain: logs (entries + filtering), files (browser + active files), threads (thread list), metrics (numeric extraction + charts), correlations (virtual traces + events), and four more for UI state, navigation, investigation context, and file colors.
Key Features
File Color Coding
Each open file gets a distinct color from a 12-color palette. Colors appear as dots next to log entries, in the sidebar file list, and as filter toggles. When looking at interleaved entries from 5 different microservice logs, the colors make source attribution instant.
Format Auto-Detection
When you open a file, logler’s format detector runs in the background and reports what it found: JSON, syslog RFC-3164, syslog RFC-5424, logfmt, Apache CLF, or custom. A confidence banner appears above the log entries showing the detected format and match rate.
Custom formats are defined in .logler/formats.yaml and tested against sample lines in a live regex editor in the sidebar.
Virtual Trace Correlation
Correlation rules (defined in .logler/correlations.yaml) let you link entries across files by matching field values. If api.log has request_id=abc-123 and worker.log has req_id=abc-123, a field-match rule creates a virtual trace connecting them. The sidebar shows discovered correlations and lets you navigate between linked entries.
Live Following
A WebSocket connection enables live tailing of log files — new entries appear in real-time as they’re written.
The Backend Test Suite
The 29 endpoints now have 109 pytest tests across 9 test files:
| Test File | Endpoints | Tests |
|---|---|---|
test_files_browse | browse, glob | 11 |
test_files_open | open, open_many, filter | 20 |
test_threads_traces | threads, traces | 4 |
test_search_analysis | search + 9 analysis endpoints | 15 |
test_formats | format config, builtin, test, save | 14 |
test_correlations | correlation config, run, events | 11 |
test_metrics_detect | metrics extract, format detect | 7 |
test_sql | SQL query | 4 |
test_security | path traversal, malformed input, edge cases | 21 |
The file operation tests use real log files — deterministic fixtures with known content (10 lines: 4 INFO, 2 DEBUG, 2 WARN, 2 ERROR). Assertions check exact values, not just shapes. The analysis endpoint tests mock logler’s backend to isolate the API layer. Security tests verify path traversal protection (all file operations check against LOG_ROOT).
Running It
# Install
pip install logler-web # or: uv add logler-web
# Start the server
logler-web --root /path/to/logs
# Development
pnpm dev # Frontend dev server
pnpm test:run # Vitest unit tests
pnpm test:e2e # Playwright E2E tests
uv run pytest # Backend tests (109 tests)
pnpm build # Production build
What’s Missing
- No authentication — This is a local development tool. Running it on a shared server would expose log files to anyone who can reach the port.
- No persistent sessions — State lives in memory. Restart the server and you start fresh.
- No log aggregation — You point it at existing files. It doesn’t collect logs from running services.
- ECharts bundle size — The metrics view pulls in ~1.6MB of ECharts. Tree-shaking helps but it’s still large for a dev tool.
- Logler version coupling — The backend requires logler >= 1.2.1 for all features (formats, correlations, metrics, detection). With older versions, those features degrade gracefully but are unavailable.
These are intentional scope boundaries, not bugs. Logler Web is a local investigation tool, not a production observability platform.