Imagine sifting through mountains of log data at lightning speed—up to 2GiB/s, to be precise. Sounds too good to be true? Meet hl, a Rust-based, open-source JSON log viewer that’s turning heads in the DevOps world. But here’s where it gets controversial: while some swear by complex tools like Grafana Loki, others argue that hl’s simplicity and raw power make it the better choice for many scenarios. Could hl be the unsung hero of log management?
Designed for efficiency, hl excels at processing structured logs in JSON or logfmt format. Built with Rust, it delivers blazing-fast indexing and parsing, allowing you to scan massive log files—compressed or not—in record time. According to benchmarks by its creator, hl achieves a staggering ~2 GiB/s throughput on initial scans and up to ~10 GiB/s when reindexing growing files. This dwarfs competitors like hlogf, humanlog, fblog, and fblog-d, making it a game-changer for DevOps engineers drowning in log data.
But speed isn’t its only trick. Hl handles hundreds of gigabytes across local files with ease, proving it’s not just fast—it’s scalable. And this is the part most people miss: its integrated pager, reminiscent of less, makes navigating log entries a breeze. Plus, it packs a rich toolkit for filtering, searching, sorting, and formatting logs. Need to filter by log level (e.g., error, warn)? Check. Want to search by field or key-value pair (e.g., component=tsdb)? Done. Even time-based queries (e.g., --since yesterday) are a cinch.
Here’s where it gets even more interesting: hl’s follow mode (think tail -f on steroids) automatically sorts timestamps across multiple sources. It also supports customizable output, timezone switching, and UI themes—because who says logs can’t look good? But the real showstopper is its ability to build complex queries using logical, comparison, set-based, and string operators. For example:
bash
hl my-service.log --query 'level > info or status-code >= 400 or duration > 0.5'
And here’s a subtle yet powerful feature: hl lets you handle missing fields explicitly. Want to find logs where .price exists, regardless of its value? Use exists(.price). Or maybe you want entries where the price is missing or equals 3? Try .price?=3. This level of granularity is a rarity in log viewers.
In a recent Hacker News discussion, user solatic pointed out that for single-instance apps, hl is a compelling alternative to heavier tools like Grafana Loki. But they also noted: "If you have multiple machines, sending your logs to one place may not be necessary, but it's incredibly helpful; the alternative is basically ssh multiplexing." Is centralizing logs always the best approach? Or does hl’s decentralized approach offer a smarter solution?
Available under the MIT license and compatible with macOS, Linux, and Windows, hl is accessible to everyone. Whether you’re a DevOps pro or a beginner, its intuitive design and raw performance make it a tool worth exploring. So, here’s the question: In a world obsessed with complexity, could hl’s simplicity and speed redefine how we handle logs? Let us know your thoughts in the comments—we’re all ears!
