@@ -155,6 +155,113 @@ You can use comparison and logical operations.
155155 cat log.txt | json-log-viewer --filter " (level = 'ERROR' OR level = 'WARN') AND message LIKE '%connection%'"
156156 ```
157157
158+ ### Fuzzy Search Filtering
159+
160+ ` json-log-viewer ` supports fuzzy search filtering that searches for words across all JSON fields.
161+ Unlike ` rawInclude ` /` rawExclude ` (which use regex on raw strings), fuzzy search:
162+ - Works after JSON parsing
163+ - Searches across all fields (level, message, stackTrace, custom fields, etc.)
164+ - Is case-insensitive
165+ - Ignores punctuation
166+ - Supports partial token matching
167+
168+ #### How It Works
169+
170+ Fuzzy search tokenizes both the search pattern and log content, then checks if all pattern tokens are present.
171+
172+ ** Example:**
173+ ``` yaml
174+ fuzzyInclude : ["error timeout"]
175+ ` ` `
176+
177+ **Will match:**
178+ ` ` ` json
179+ {"level": "ERROR", "message": "Connection timeout"}
180+ {"level": "WARN", "message": "Error: request timeout occurred"}
181+ {"severity": "ERROR", "details": "timeout"}
182+ ```
183+
184+ All words from the pattern must be present in the log entry (order doesn't matter).
185+
186+ #### Examples
187+
188+ 1 . Simple fuzzy search:
189+ ``` yaml
190+ feeds :
191+ - name : " app-errors"
192+ commands : ["kubectl logs -f app-pod"]
193+ fuzzyInclude :
194+ - " error timeout" # Both words must be present
195+ - " database connection" # OR these words
196+ ` ` `
197+
198+ 2. With exclusions:
199+ ` ` ` yaml
200+ feeds :
201+ - name : " production-logs"
202+ commands : ["cat prod.log"]
203+ fuzzyInclude :
204+ - " payment failed"
205+ - " order timeout"
206+ fuzzyExclude :
207+ - " test mock" # Exclude test logs
208+ - " health check" # Exclude health checks
209+ ` ` `
210+
211+ 3. Combining with other filters:
212+ ` ` ` yaml
213+ feeds :
214+ - name : " critical-errors"
215+ commands : ["cat app.log"]
216+
217+ # Step 1: Fast regex pre-filter (before parsing)
218+ rawInclude :
219+ - " ERROR|WARN|FATAL"
220+
221+ # Step 2: Fuzzy search (after parsing, across all fields)
222+ fuzzyInclude :
223+ - " database timeout"
224+ - " user authentication failed"
225+
226+ # Step 3: SQL-like precise filtering
227+ filter : |
228+ level != 'DEBUG'
229+ ` ` `
230+
231+ #### Token-Based Matching
232+
233+ Fuzzy search uses intelligent tokenization:
234+ - Preserves dots and underscores: ` user_id`, `john.doe`, `database.query`
235+ - Ignores punctuation : ` "error"` , `(timeout)`, `failed!` → `error`, `timeout`, `failed`
236+ - Minimum token length : 2 characters
237+ - Supports partial matching : pattern `"timeout"` matches `"timeout_ms"`, `"timeouts"`
238+
239+ # ### Practical Examples
240+
241+ **Kubernetes logs:**
242+ ` ` ` yaml
243+ feeds:
244+ - name: "backend-issues"
245+ commands:
246+ - "kubectl logs -f backend-1"
247+ - "kubectl logs -f backend-2"
248+ fuzzyInclude:
249+ - "payment card failed"
250+ - "inventory timeout"
251+ ` ` `
252+
253+ **Multiple services:**
254+ ` ` ` yaml
255+ feeds:
256+ - name: "service-1"
257+ commands: ["cat service1.log"]
258+ fuzzyInclude: ["error timeout"]
259+
260+ - name: "service-2"
261+ commands: ["cat service2.log"]
262+ fuzzyInclude: ["connection refused"]
263+ ` ` `
264+
158265# ## Timestamp Filtering
159266
160267Filter logs by timestamp range :
0 commit comments