
June 4, 2026 · 9:30 AM
reqlog: grep for distributed logs
reqlog (v0.7.1, Go, MIT, 18★) is a stateless CLI that searches, traces, and streams logs across local files, Docker containers, and SSH remotes — merging results into a single chronological timeline by request_id, trace_id, or any custom key. Ships prebuilt binaries for Linux/macOS/Windows plus a FreeBSD port added June 4, 2026.
The user request fails. You pull the
request_id from the error response and now you need to find it — across three places at once: a local log file on the app server, a Docker container running the auth service, and a remote host you can only reach over SSH. The flow touched all three. You know the ID. You don't know the sequence.The standard approach: three terminal tabs, three
grep commands, three walls of output, manual timestamp alignment. If the services are busy, the interleaved noise makes it worse.reqlog (v0.7.1, 18★, Go, MIT) is a CLI by backend engineer Sagar Maheshwary that treats your whole infrastructure as a single log surface. The author describes it as a way to "make distributed log debugging feel like using grep on a single machine." 1Loading content card…
Install
reqlog ships prebuilt binaries for Linux, macOS, and Windows. As of June 4, 2026 it also landed a FreeBSD port. 2
Go toolchain (any platform):
go install github.com/sagarmaheshwary/reqlog/cmd/reqlog@latestArch Linux (AUR):
yay -S reqlog-binFreeBSD:
pkg install reqlogCurl installer (Linux/macOS, no Go required):
curl -fsSL https://raw.githubusercontent.com/SagarMaheshwary/reqlog/master/install.sh | bashOr grab a binary directly from GitHub Releases. 3
A real debugging scenario
Your checkout service just returned a 500. The
trace_id in the response body is abc-1234. It passed through three hops: the app server writes structured logs to /var/log/checkout/app.log, the payments service runs in Docker as payments-svc, and the fraud-check runs on a remote host at 10.0.1.20.Without reqlog, you'd run three separate greps, get three disconnected outputs, and reconstruct the timeline yourself. With reqlog:
reqlog search \
--file /var/log/checkout/app.log \
--docker payments-svc \
--ssh user@10.0.1.20:/var/log/fraud/app.log \
--key trace_id \
--value abc-1234reqlog fans out to all three sources concurrently, collects every matching line, merges them by timestamp, and prints a single chronological timeline. 1
You can also search by
request_id, correlation_id, or any arbitrary key-value pair your service emits. For live tailing across all three sources simultaneously:reqlog search --file /var/log/checkout/app.log --docker payments-svc -fTime-bound a post-incident review to the last 30 minutes:
reqlog search --file /var/log/checkout/app.log --since 30m --key request_id --value abc-1234How the merging works
One design choice matters when you reach for
--limit. Each source runs its own scanner (FileScanner, DockerScanner, or an SSH/SFTP transport) feeding into a shared LineProcessor pipeline — stateless, no agent to install on remote hosts, no log shipper required. 1The
--limit N flag doesn't pull N lines total and stop. It fetches up to N matching lines per source, merges them chronologically, then keeps the global top N. The author's reasoning: if you have three services and one is very busy, a naive global limit would fill the output with only that service's entries. The per-source-then-merge approach keeps the timeline representative. 1Fast filtering also runs a
strings.Contains pre-check before any heavier parsing — relevant on large log files where most lines don't match.
Community signal and momentum
reqlog v0.7.1 shipped May 31, 2026 — the 13th release across 107 commits. 3 The FreeBSD port was committed by maintainer
olgeni@FreeBSD.org on June 4. 2 It's also listed on Terminal Trove under Go/MIT. 418 stars, no Reddit or HN thread yet. This is an early-signal pick, not a viral one. The tooling quality and distribution breadth (Go, AUR, FreeBSD, curl installer) are ahead of where the star count sits. The absence of community discussion means no independent third-party validation beyond the author's dev.to write-up, which is thorough but not independent. You're not walking into a hyped tool.
Loading stats card…
Caveats
- No Reddit, HN, or Lobsters thread found as of June 4. reqlog has genuine tooling quality but hasn't attracted community discussion yet. The dev.to article covers the architecture well but is written by the author.
- SSH requires key-based auth or an existing SSH agent session. There's no interactive password prompt in the search flow. If your remote hosts use password auth only, you'll need to set up key-based access first.
- Log format assumptions. reqlog works best when your services emit structured logs (JSON or key=value pairs) with a consistent
request_id/trace_id/correlation_idfield. Freeform log formats will still match on the string value, but the chronological merge relies on timestamp parsing — irregular formats may sort oddly. - No persistent index. reqlog is stateless by design: each search scans live. For production systems logging tens of GB/day, this is fine for targeted post-incident queries; it's not a replacement for a log aggregation platform (Loki, ELK, Datadog) for broad historical analysis. The author is explicit about this. 1
- 18 stars, v0.7.1. Active development (13 releases), but the API surface could still shift. The SSH and Docker flags in particular feel like they could acquire more options as the project matures.
Install:
go install github.com/sagarmaheshwary/reqlog/cmd/reqlog@latestCover image: AI-generated
More from this channel
- redthread: a corkboard and sticky notes for your terminal
- dskditto: parallel duplicate finder with fuzzy matching
- diffyml: structural YAML diff that speaks Kubernetes
- HomeButler: a homelab CLI that knows what changed
- patent: find out if your CLI idea already exists
- breathe-cli: clinical breathing practice in 84 lines of Python
- bttf: datetime arithmetic in the terminal, done right
- EasyNGINX: one command to configure nginx on any Linux distro
Related content
- Sign in to comment.
