🔬 LogLens 2.0

Don't spend money to analyze your logs. Do it all free, on your machine, locally — no data ever leaves your browser.

---

LogLens is a universal log explorer that runs entirely in your browser. Drop any log file in, query it with KQL, visualize it on a timeline, and analyze it with a local AI — all without a single byte of your data touching the internet.

No servers. No SaaS. No subscriptions. Just open the HTML file.

---

✨ Features

🔍 Powerful Query Engine

• KQL syntax — level:ERROR AND service:auth*
• Boolean logic — AND, OR, NOT, parentheses
• Ranges — status_code:>=500, latency_ms:<=100
• Wildcards — message:*timeout*, src_ip:10.0.*
• Regex — message:/timeout|refused/i, src_ip:/^192\.168\./
• Free text search — type anything, searches all fields

📊 Visualization

• Timeline histogram — canvas-based, color-coded by log level
• Drag to select a time range directly on the chart
• Quick time filters — Last 5m / 30m / 1h / 6h / 24h / 7d / All
• Custom from/to datetime pickers
• Field value distribution bars (top-10 values per field, click to expand)

⚡ Performance

• True virtual scroll — renders only visible rows, handles 500k+ logs without slowdown
• Incremental loading — load multiple files, they merge automatically
• Dedup mode — collapse repeated identical messages

📁 Universal Format Support

Format	Details
JSON / NDJSON	Arrays and newline-delimited
CSV	Auto-header detection, quoted fields
Syslog	RFC 3164 — host proc[pid]: msg
Apache / Nginx	Access logs + error logs
Log4j / Log4net	timestamp [thread] LEVEL class - msg
CEF / LEEF	Common/Log Event Extended Format
logfmt	key=value key="quoted value"
GELF	Graylog Extended Log Format
W3C / IIS	#Fields: extended log format
Docker / k8s	Timestamped container logs
Windows Event XML	Exported from Event Viewer or PowerShell
.evtx binary	Shows conversion guide with PowerShell/wevtutil commands
Plain text	Any .log / .txt — every line becomes a row

🪟 Windows Event Logs (.evtx)

LogLens fully parses Windows XML Event Log format. For binary .evtx files, it detects the format and shows an instant conversion guide:

# Export to JSON (simplest)
Get-WinEvent -Path "C:\path\to\your.evtx" |
  Select-Object TimeCreated,Id,LevelDisplayName,Message,ProviderName,MachineName |
  ConvertTo-Json -Depth 3 | Out-File -Encoding UTF8 events.json

# Export to XML (preserves all fields — drop directly into LogLens)
$events = Get-WinEvent -Path "C:\path\to\your.evtx"
"<Events>" | Out-File events.xml -Encoding UTF8
$events | ForEach-Object { $_.ToXml() } | Out-File events.xml -Append -Encoding UTF8
"</Events>" | Out-File events.xml -Append -Encoding UTF8

🤖 Local AI Analyst

Zero-cost AI analysis. No API keys. No cloud. Everything stays on your machine.

Powered by Ollama, the AI panel lets you chat with your logs:

Action	What it does
🔍 Analyze	Top errors, patterns, anomalies, cascading failures
📋 Report	Full incident report — summary, timeline, root cause, actions
💡 KQL Hints	Suggests 8-10 investigative queries you can apply with one click
🔥 Root Cause	Identifies the most likely root cause from evidence in the logs
🛡 Security Audit	Suspicious IPs, brute force, privilege escalation, exfiltration
📊 Stats	Error rate, latency p95, volume trends, per-service breakdowns

AI is context-aware — injects your current filter, field names, level distribution, top errors, and up to 100 log sample entries into every request.

Context window control — choose 4K / 8K / 16K / 32K / 128K tokens and how many log entries to include. A live token meter shows usage and auto-prunes conversation history before overflow.

Stop button — abort mid-stream at any time. Partial responses are saved to context.

🧭 Navigation & UX

• Keyboard-first — j/k rows, / search, m bookmark, c copy, d theme, ? help
• Detail panel — Fields / Raw / JSON Tree tabs, prev/next row navigation
• Column picker — choose exactly which columns to display (up to 12)
• Resizable panels — drag handles on sidebar and detail panel
• Saved queries — name and persist your favourite KQL queries
• Query history — last 20 queries, one click to re-run
• Bookmarks — star rows with m, filter to starred-only
• Export — JSON or CSV of current filtered results
• Share URL — encodes your query in #q=… hash, zero log data included
• Light / Dark theme — persisted to localStorage

---

🚀 Quick Start

Option 1 — GitHub Pages (online, still 100% local)

Visit the live deployment. Everything runs in your browser — no data leaves your machine.

https://zrnge.github.io/LogLens/

Option 2 — Download and open locally (best for Ollama AI)

1. Download LogLens.html
2. Open it directly in your browser — no server needed
3. Drop your log files in

Option 3 — Clone and use

git clone https://github.com/zrnge/LogLens.git
cd LogLens
# Just open LogLens.html in a browser
start LogLens.html       # Windows
open LogLens.html        # Mac
xdg-open LogLens.html    # Linux

---

🤖 Setting Up Ollama (Local AI)

1. Install Ollama — ollama.com (free, Windows / Mac / Linux)

2. Pull a model:

   ollama pull mistral        # default — fast, good quality (~4GB)
   ollama pull llama3.2       # great for analysis (~2GB)
   ollama pull deepseek-r1:7b # strong reasoning
   ollama pull phi3           # lightweight (~2GB)

3. Start Ollama with CORS allowed (required for browser access):

   Windows CMD:

   set OLLAMA_ORIGINS=*&& ollama serve

   Windows PowerShell:

   $env:OLLAMA_ORIGINS="*"; ollama serve

   Mac / Linux:

   OLLAMA_ORIGINS=* ollama serve

   Tip (Windows): Set it permanently so you never need to think about it again:

   [System.Environment]::SetEnvironmentVariable("OLLAMA_ORIGINS","*","User")

4. Click 🤖 AI in LogLens → Connect → start asking questions

---

⌨️ Keyboard Shortcuts

Key	Action
j / ↓	Next row
k / ↑	Previous row
Enter	Open detail panel for selected row
Esc	Close detail / modal
/	Focus search bar
Ctrl+Enter	Run KQL query
m	Bookmark selected row
c	Copy selected row as JSON
w	Toggle line wrap
d	Toggle dark / light theme
t	Toggle timeline
?	Show keyboard help

---

💡 KQL Query Examples

# All errors and criticals
level:ERROR OR level:CRITICAL

# HTTP server errors
status_code:>=500

# Failed authentication (wildcard)
message:*Invalid* OR message:*denied* OR message:*failed*

# Slow requests
latency_ms:>=1000

# Specific service in production
service:auth* AND env:production

# Regex — find IPs in a subnet
src_ip:/^192\.168\./

# Exclude health checks
NOT url:/health AND status_code:>=400

# Combine everything
level:ERROR AND service:api-gateway AND latency_ms:>=500 AND NOT method:OPTIONS

---

🏗️ Architecture

LogLens is intentionally a single HTML file (~2,500 lines). No build step, no npm, no dependencies, no CDN (except optional Google Fonts for the UI font — falls back to system monospace).

LogLens.html
├── CSS (theme variables, virtual scroll, AI panel, modals)
├── HTML (upload overlay, topbar, timeline, KQL bar, sidebar, log table, detail, AI panel)
└── JavaScript (pure vanilla ES2020)
    ├── Auto-parser (12 formats)
    ├── KQL engine (AND/OR/NOT/wildcards/ranges/regex)
    ├── Virtual scroll (26px fixed rows, buffer rendering)
    ├── Canvas timeline histogram
    ├── Ollama streaming chat client
    └── localStorage persistence (history, saved queries, theme)

Why a single file?

• Zero setup for end users
• Works offline once cached
• Can be bookmarked, downloaded, and shared as a file attachment
• Zero supply-chain risk

---

🔒 Privacy Guarantee

LogLens is architecturally incapable of sending your data anywhere:

• No fetch() calls to external servers (only to localhost:11434 for local Ollama)
• No analytics, no tracking pixels, no beacons
• No cookies (localStorage only, stays on your device)
• No service workers that could cache and transmit data
• Open source — read every line of the single HTML file yourself

---

👨‍💻 Developer

Built by zrnge — open source, free forever.

---

📄 License

MIT — free to use, modify, and distribute.

---

🔬 LogLens 2.0 — built by zrnge for engineers who believe their logs are their own business.

Don't spend money to analyze your logs. Do it all free, on your machine, locally — no data ever leaves your browser.