Command & Flag Reference

Comprehensive specification of Docklog commands and operational flags for log processing.

Core Commands

docklog check: Diagnostics for Docker socket connectivity and API compatibility.
docklog start: Main entry point for log aggregation and stream processing.
docklog run: Modern alias for start, providing identical functionality.
docklog smell-error: Pre-configured execution profile for high-velocity error pattern detection.
docklog list: Discover and preview container matching before starting streams.

Flag Reference

Operational parameters available for the start command:

--container, -c: Regex filter for container name matching.
--filter, -f: Substring inclusion filter for log messages.
--exclude, -x: Substring exclusion filter (inverse matching).
--redact: Enables the data masking engine for PII (IPv4, Emails, Tokens).
--json: Switches output encoding to structured JSON.
--dedupe: Suppresses consecutive identical log messages.
--tail, -t: Set initial buffer size from historical logs (Default: 10 lines).
--since, -s: Temporal filter for historical logs (RFC3339 or duration e.g., 5m).
--output, -o: Specifies a file path for persistent serialization.

Execution Patterns

Flags can be composed to implement specific observability logic:

Log Stream Denoising

Aggregation across microservices with keyword filtering and healthcheck exclusion:

docklog start --container "^app-.*" --filter "ERROR" --exclude "healthcheck" --dedupe

Secure Stream Auditing

Monitoring event streams while redacting sensitive fields via the internal masking engine:

docklog start --filter "auth-event" --redact

Temporal Investigation

Historical log retrieval for specific service instances with custom buffers:

docklog start --container "postgres-db" --since 30m --tail 500

Structured Data Pipeline

Persistent JSON serialization for downstream consumption (e.g., via jq):

docklog start --json --output production_dump.json

Regex Pattern Extraction

Global status code monitoring across all active container streams:

docklog start --regex "HTTP/1.1 [5][0-9][0-9]"

Data Serialization Examples

ANSI Colored Stream

Standard terminal output with container-specific color tagging:

INFO  [10:30:00] container="auth-svc" User "john_doe" logged in.
WARN  [10:30:05] container="api-gateway" Rate limit approaching for IP 192.168.1.50
ERROR [10:30:10] container="db-prod" Failed to acquire lock on table 'orders'

Redacted Stream

Output after passing through the masking transformation layer:

INFO [10:35:00] container="web-app" Password reset requested for ****@****.com
INFO [10:35:01] container="web-app" Login attempt from ***.***.***.***

JSON Object Structure

Schema for structured output serialization:

{
  "container": "api-gateway",
  "message": "GET /health 200 OK",
  "is_error": false,
  "timestamp": "2026-05-03T10:40:00Z"
}