Log Parser

Paste raw logs and get a structured, filterable table. Auto-detects JSON/NDJSON, logfmt, syslog (RFC 3164/5424), and Apache/nginx common & combined access logs — filter by severity or text, and export as Markdown, JSON, or CSV. Runs entirely in your browser, nothing is uploaded.

Try:
Parsed logs

What this tool does

Paste a chunk of raw logs and this tool figures out the format, pulls each line apart into named fields, and shows them as a structured, filterable table. It runs entirely in your browser — nothing is uploaded, it works offline once the page has loaded, and there is no sign-up.

It auto-detects and parses five common shapes:

FormatLooks likeFields you get
JSON / NDJSONone JSON object per lineevery key in the object, in order
logfmtlevel=info msg="hi" ms=12one column per key
Syslog<34>Oct 11 22:14:15 host su: ... (RFC 3164) or <PRI>1 ... (RFC 5424)timestamp, host, tag/app, pid, message
Access log — Common (CLF)ip - user [date] "req" status sizeip, user, time, request, status, size
Access log — CombinedCommon + "referer" "user-agent"the Common fields plus referer, user_agent

Anything the chosen parser can't match is kept as a single message field, so no line is silently dropped.

Filtering

Output

Choose Markdown table (the default, with a stats caption like combined · 3 entries · 1 error · 1 warn), JSON array (one object per line, key order preserved), or CSV (header + rows, ready for a spreadsheet).

Worked example

Paste this combined access log with Format: Auto-detect:

127.0.0.1 - - [10/Oct/2000:13:55:36 -0700] "GET /index.html HTTP/1.0" 200 2326 "-" "Mozilla/5.0"
10.0.0.5 - - [10/Oct/2000:13:55:37 -0700] "GET /missing HTTP/1.1" 404 512 "-" "curl/7.0"
10.0.0.9 - - [10/Oct/2000:13:55:38 -0700] "POST /api HTTP/1.1" 500 12 "-" "Go-http-client/1.1"

The tool detects combined, maps the 500 to error and the 404 to warn, and renders:

combined · 3 entries · 1 error · 1 warn

| ip | ident | user | time | request | status | size | referer | user_agent |
| --- | --- | --- | --- | --- | --- | --- | --- | --- |
| 127.0.0.1 | - | - | 10/Oct/2000:13:55:36 -0700 | GET /index.html HTTP/1.0 | 200 | 2326 | - | Mozilla/5.0 |
| 10.0.0.5 | - | - | 10/Oct/2000:13:55:37 -0700 | GET /missing HTTP/1.1 | 404 | 512 | - | curl/7.0 |
| 10.0.0.9 | - | - | 10/Oct/2000:13:55:38 -0700 | POST /api HTTP/1.1 | 500 | 12 | - | Go-http-client/1.1 |

Switch Minimum severity to Error and up and only the 500 row remains.

Limits and edge cases

FAQ

Is anything uploaded to a server?

No. All parsing happens locally in your browser with WebAssembly, so your logs never leave your device and the tool works offline once loaded.

How does the severity filter work across different formats?

Every line is mapped to one unified severity — Trace, Debug, Info, Warn, or Error — from whatever the format provides: a JSON/logfmt level key, a syslog priority number, or an HTTP status code (5xx → error, 4xx → warn). The Minimum severity control is a threshold, so Warning and up keeps both warnings and errors.

What's the difference between Common and Combined access logs?

Common Log Format (CLF) ends at the response size. Combined adds two more quoted fields — the Referer and the User-Agent — which is the default for Apache and nginx. Auto-detect tries combined first and falls back to common.

Can I export the parsed logs?

Yes. Set Output as to JSON array for one object per line (key order preserved) or CSV for a spreadsheet-ready file. Both respect the active severity and text filters, and there is a copy button on the result.

My log format isn't listed — what happens?

Lines the selected parser can't match are still shown, with the whole line in a single message column, so nothing disappears. If auto-detect can't recognise anything it asks you to pick a format. For CSV data, use the CSV tools instead.

Developer & Automation Access

Run it from the terminal

Same engine as this page, headless — via the gizza CLI:

gizza tool log-parser "127.0.0.1 - - [10/Oct/2000:13:55:36 -0700] "GET / HTTP/1.0" 200 2326 "-" "Mozilla/5.0""

New to the CLI? Get gizza →

Open it by URL

Pre-fill and auto-run this tool with query parameters — the names match the API/CLI:

https://gizza.ai/tools/log-parser/?logs=127.0.0.1%20-%20-%20%5B10%2FOct%2F2000%3A13%3A55%3A36%20-0700%5D%20%22GET%20%2F%20HTTP%2F1.0%22%20200%202326%20%22-%22%20%22Mozilla%2F5.0%22&format=auto&output=table&level=all&filter=e.g.%20%2Fapi%20or%20timeout&regex=true&limit=200