npx duckviz ./logs/ -r. Correlate every log file in the folder with full DuckDB SQL, in a browser tab, in seconds. No ingestion pipeline. No Elastic cluster. No Kibana tax.
grep | awk | sort | uniq -c is a rite of passage. It's also a waste of a Tuesday.Three log files, three formats, one incident. Standing up an ELK stack just to correlate them takes longer than the incident itself. DuckViz skips the ingestion step entirely — the parser runs in a WASM worker, DuckDB runs in-tab, and you query everything as SQL tables.
Pager duty, the usual way
tail -f three filesPager duty with DuckViz
npx duckviz ./logs/ -rOne command. Zero install. The CLI spins up a local bridge, pushes your files into the browser app via a bearer-token channel, and opens the analysis view.
# Analyse a single file
npx duckviz ./access.log
# Recursively load a whole directory of logs
npx duckviz ./logs/ -r
# Fresh session, wiping any prior data
npx duckviz data.csv --fresh
# Pipe from another command
kubectl logs my-pod --since=1h | npx duckviz -time_bucket), regexp_extract, JSON extraction. Everything you need to correlate events.-- 5xx error rate per minute, windowed over 24h
WITH per_min AS (
SELECT
time_bucket(INTERVAL 1 MINUTE, ts) AS minute,
COUNT(*) FILTER (WHERE status >= 500)::DOUBLE
/ COUNT(*) AS err_rate
FROM t_access_log
WHERE ts >= now() - INTERVAL 24 HOUR
GROUP BY 1
)
SELECT
minute,
err_rate,
avg(err_rate) OVER (
ORDER BY minute
ROWS BETWEEN 10 PRECEDING AND CURRENT ROW
) AS smoothed
FROM per_min
ORDER BY minute;The chart goes straight into the post-mortem doc, PDF-exported in one click.
Does the CLI upload my logs anywhere?
No. The CLI opens a local bridge bound to 127.0.0.1, authenticated with a bearer token, and hands the files to a browser tab on the same machine. Nothing egresses.
Can I use it for incident response on production data?
That's exactly what it's built for. No cloud, no vendor review, no signed BAA required — just a CLI and a tab.
What log formats are supported?
Sysmon XML, Windows Event XML, JSON logs, NGINX / Apache access logs, syslog, CSV/TSV-style delimited logs, and any format AI can detect from a 10-line sample. Unknown formats can be parsed with a regex you supply.
Can I integrate this into CI or a runbook?
Yes. Pipe output into npx duckviz -, or use the Node SDK to headlessly generate dashboards and PDF reports during incident response.
npx duckviz ./logs/ -r. A browser tab. Full SQL. Answers before the next page.