Master the essential Gonzo usage patterns. This guide covers the most common ways to analyze logs and the fundamental workflows you'll use daily.
New to Gonzo? Complete the Quick Start Tutorial first for a hands-on introduction to the interface.
Core Usage Patterns
Reading from Files
The most common way to use Gonzo is analyzing log files directly:
# Analyze a single log filegonzo-fapplication.log# Analyze multiple specific filesgonzo-fapplication.log-ferror.log-fdebug.log# Use glob patterns for multiple filesgonzo-f"/var/log/*.log"gonzo-f"/var/log/app/*.log"-f"/var/log/nginx/*.log"
Perfect for focused analysis of one application or service:
gonzo-f/var/log/myapp.log
Best for:
Debugging specific applications
Analyzing archived log files
Initial investigation of issues
Combine logs from related services for comprehensive analysis:
Pro Tip: Use Space to pause the live feed while keeping the data flowing in the background. Press Space again to resume auto-scrolling.
Stdin Processing (Piping)
Gonzo excels at processing log streams from other commands:
Command-Line Options
Essential Flags
Flag
Description
Example
-h, --help
Gonzo help
-h, --help
-f, --file
Specify log files or patterns
gonzo -f app.log
--follow
Follow files like tail -f
gonzo -f app.log --follow
-u, --update-interval
Dashboard refresh rate
gonzo -f app.log -u 2s
-b, --log-buffer
Maximum log entries to keep
gonzo -f app.log -b 5000
--ai-model
AI model for analysis
gonzo -f app.log --ai-model="gpt-4"
Buffer and Performance Tuning
Optimize Gonzo for your log volume and system resources:
Working with Different Log Formats
Gonzo automatically detects and handles multiple log formats, including Custom Formats. Use the Quick Start section to try out a few of the supported log formats.
JSON Logs
Features:
✅ Automatic field extraction
✅ Structured attribute display
✅ Nested object support
✅ Array handling
Logfmt Format
Features:
✅ Key-value pair extraction
✅ Quoted value support
✅ Numeric type detection
✅ Space and special character handling
Plain Text Logs
Features:
✅ Pattern-based level detection
✅ Timestamp recognition
✅ Service name extraction
✅ Word frequency analysis
Format Detection: Gonzo automatically detects the format of each log entry. You can mix different formats in the same analysis session.
Essential Workflows
Debugging Application Issues
Performance Monitoring
System Health Monitoring
Navigation Essentials
Panel Navigation
Key Shortcuts for Daily Use
Key
Action
Try This
Tab / Shift+Tab
Switch between panels
Navigate around the 2x2 grid
↑/↓ or k/j
Move up/down in lists
Navigate through log entries
Enter
View details
Press on a log entry or the Counts panel
Space
Pause/unpause dashboard
Freeze the display to examine data
/
Enter filter mode
Type regex patterns to filter logs
s
Search/highlight
Search and highlight text in logs
f
Enter full screen log viewer
Fill your terminal with full screen log viewer
Escape
Close modal/exit filter mode
Close modal/exit filter mode
q
Quit Gonzo
Exit the application
?/h
Show help
Show help
Configuration for Daily Use
Environment Variables
Set these for consistent behavior:
Config File Setup
Create ~/.config/gonzo/config.yml for persistent settings:
Common Patterns by Use Case
Web Application Monitoring
Microservices Debugging
Database Troubleshooting
CI/CD Pipeline Analysis
Best Practices
🎯 Efficient Filtering
Start broad, then narrow down with specific filters
Use regex for pattern matching: *(api|web)
Combine severity with keywords: *error.*database
⚡ Performance Optimization
Use --follow only when needed for real-time analysis
Adjust buffer sizes based on log volume
Filter early to reduce processing overhead
🔍 Effective Analysis
Use the Counts panel for pattern recognition
Leverage AI analysis for complex issues
Pause the feed when examining specific entries
🛠️ Workflow Integration
Create shell aliases for common commands
Use config files for consistent settings
Combine with other tools (stern, kubectl, docker)
Troubleshooting Common Issues
File Access Problems
Performance Issues
Display Issues
What's Next?
Now that you've mastered basic usage, explore these advanced features:
Interface Overview - Deep dive into each panel
Log Input Methods - OTLP, streaming, and advanced sources
2024-01-15 10:30:00 [ERROR] api: Database timeout after 30.5 seconds
# 1. Start with error-level filtering
gonzo -f app.log --follow
# Press '/' and type: error|Error
# 2. Examine patterns in Counts panel
# Press Enter on Counts panel for detailed analysis
# 3. Use AI for insights (if configured)
# Press 'i' in any log detail view
# Monitor multiple services
gonzo -f "/var/log/app-*.log" --follow
# Focus on warnings and errors
# Use filtering press '/': warn|error
# Track response times and patterns
# Watch Word Frequency panel for performance keywords
# Monitor system logs
sudo gonzo -f "/var/log/syslog" --follow
# Multi-service monitoring
gonzo -f "/var/log/*.log" --follow
# Filter for critical events
# Use regex in filter press '/': fail|error|critical|timeout
# Add to your ~/.bashrc or ~/.zshrc
export GONZO_UPDATE_INTERVAL="2s"
export GONZO_LOG_BUFFER="2000"
export GONZO_MEMORY_SIZE="15000"
# AI configuration
export OPENAI_API_KEY="your-key-here"
# Default file patterns
files:
- "/var/log/app.log"
- "/var/log/error.log"
# Enable real-time following
follow: true
# Performance settings
update-interval: 2s
log-buffer: 2000
memory-size: 15000
# AI model preference
ai-model: "gpt-4"
# Monitor web server and application logs
gonzo -f /var/log/nginx/access.log -f /var/log/app/error.log --follow
# Filter for HTTP errors
# Regex: (4[0-9]{2}|5[0-9]{2}|error)
# Monitor all service logs
gonzo -f "/var/log/service-*.log" --follow
# Focus on service communication
# Filter: (http|api|request|response)
