Log Formatter
Paste JSON, nginx, Docker, syslog, or plain logs to normalize, filter by level, and inspect them locally in your browser.
log-formatter.input
Paste JSON logs, nginx access/error lines, Docker logs, or syslog entries. TeaFun normalizes them locally and lets you filter by level or search terms.
0 bytes
You just tested your Log Formatter — Try JSON Formatter & Validator next →
What Is a Log Formatter?
The Log Formatter ingests log lines from multiple sources and renders a unified, filterable view. Supported inputs: Common Log Format and Combined Log Format from nginx and Apache (127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326), JSON Lines from Node.js / Python structlog / Go zap, syslog per RFC 5424 with the priority value (<13>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog ...), Docker JSON-file driver output, and free-form level-prefixed lines ([ERROR] message...). Each parsed line is normalised to four required fields — timestamp (ISO-8601), level (trace through fatal), source (process / container / host), message — plus any extra structured fields the original carried. Multiline stack traces are joined back to their parent line via indentation heuristics so a Java exception or Python traceback stays as one entry instead of fragmenting across the table.
How to Use the Log Formatter
Paste log lines — mixed formats are fine in a single paste. The parser auto-detects per line: a leading { triggers JSON parsing, an <n> PRIVAL prefix triggers syslog RFC 5424, an IP at the start triggers Common Log Format, a level token in brackets triggers level-prefixed parsing. The summary reports total / parsed / unparsed counts and which formats were detected. Filter by severity (trace, debug, info, warn, error, fatal); the levels follow syslog ordering so picking "warn" includes warn, error, and fatal. Type in the search box to filter across timestamp, source, and message fields simultaneously. Click any row to see the raw line beside the parsed view. Copy the normalised JSON Lines output for downstream tools — jq, grep, or ingestion into Elasticsearch / Loki via filebeat.
Why Log Normalization Matters
Production incidents involve correlating events across services that each pick their own log format. An nginx 502 in Common Log Format, a Node.js JSON log saying the upstream timed out, and a syslog message from the host kernel about an OOM kill all describe the same incident from three angles. The slow path is opening three terminals, running tail | grep against each, and mentally aligning timestamps. The fast path is normalising all three streams to a common schema and filtering them together. Aggregation platforms (Datadog, Grafana Loki, OpenSearch / Elasticsearch) provide this server-side, but they cost money per GB and require shipping logs out of your network. For local triage — especially on staging boxes, on customer-on-prem deployments, or when sensitive logs cannot leave the LAN — a browser-based normaliser is faster than spinning up a log stack just to ask "what failed at 14:32:07?".
Frequently Asked Questions
Which log formats are supported?
The formatter recognizes structured JSON logs, nginx access/error logs, Docker stream output, syslog-style lines, and plain level-prefixed logs. Unknown lines are still shown as plain text.
Are logs uploaded anywhere?
No. Logs stay in the browser for parsing, filtering, and copy/export actions. Nothing leaves your device, so sensitive log entries remain private.
Why are some lines marked as plain?
If a line does not match one of the known formats, it is kept as plain text so you can still search it and inspect it without losing any content.
Use this tool inside a bigger workflow
These collections group follow-up tools and guides that commonly belong in the same job.
Browse same tags
Jump to other tools that share the same workflow, format, or use case.