# ripgrab
A small Rust CLI that tails one or more log files, applies ripgrep-style regex
filters, and optionally extracts named fields into a structured view. It is
intentionally narrow in scope: it does one thing and tries to do it well.
## Why
`tail -F foo.log | rg 'ERROR'` works for one file. When I am watching five
services at once I want:
- One merged stream, tagged by source file
- Filters that compose (include + exclude) without a shell pipeline
- Field extraction by regex named captures, dumped as aligned columns
- Sensible colors, with `NO_COLOR` honored
## Install
Released on crates.io:
cargo install ripgrab
MSRV is 1.76. On Linux the fast path uses inotify; on other platforms it
falls back to a 200ms poller.
## Quick start
Tail two files and highlight anything matching `timeout`:
ripgrab --match 'timeout' app.log worker.log
Exclude noisy health checks, then extract a request id and latency:
ripgrab \
--exclude 'GET /healthz' \
--extract '(?P<rid>[a-f0-9]{16}).*latency=(?P<ms>\d+)ms' \
api.log
When any `--extract` pattern is provided, matching lines are rendered as a
compact table; unmatched lines still stream through in the default view.
## Flags
| Flag | Meaning |
|-----------------|-----------------------------------------------------------|
| `-m, --match` | Include lines matching this pattern (repeatable) |
| `-v, --exclude` | Drop lines matching this pattern (repeatable) |
| `-x, --extract` | Named-capture regex for structured extraction |
| `--since` | Skip lines older than this duration (e.g. `10m`, `2h`) |
| `--no-follow` | Print existing contents once and exit |
| `--no-color` | Disable ANSI; also respects `NO_COLOR` |
| `-n, --lines` | Start with the last N lines before following (default 0) |
## Exit status
- `0` on clean shutdown via SIGINT
- `2` if a path could not be opened
- `64` on CLI / regex compile errors
## Building from source
git clone https://mercemay.top/src/ripgrab/
cd ripgrab
cargo build --release
Tests:
cargo test
## License
Apache-2.0. See `LICENSE`.