tail -f that actually looks at your logs.
live regex highlights. counts whatever you tell it to count. survives logrotate. one static binary. i got tired of having three terminals open to watch the same file.
$ ztail app.log --match 'ERROR:(\w+)' --group '\[(\w+)\]' --since 5m 2026-04-20T14:22:01 [billing] ERROR:timeout dispatch took 31s [billing x12 3/min] 2026-04-20T14:22:03 [auth] handshake ok user=aiko 2026-04-20T14:22:04 [billing] ERROR:timeout retry 2/3 [billing x13 3/min] 2026-04-20T14:22:07 [search] warn: cold index, rebuilding 2026-04-20T14:22:09 [billing] ERROR:db_closed [billing x14 4/min]
highlights on the bits that matter. counts for the rest.
--match paints regexes live as they stream past. each pattern gets its own color from a 6-slot palette. --group buckets lines by the first capture so you can see "the billing worker is on fire" without a second grep.
$ ztail access.log \ --match ' 5\d\d ' \ --group '"(?:GET|POST) (\S+)' 10.0.0.4 - - "GET /api/orders" 503 0.81 [/api/orders x3 1/min] 10.0.0.9 - - "POST /api/pay" 502 0.12 [/api/pay x1 1/min] 10.0.0.4 - - "GET /api/orders" 500 0.04 [/api/orders x4 2/min]
three flags do most of the work.
--match, repeatable.
highlight any regex. repeat the flag to stack patterns. capture groups render dimmer inside the color. the matcher is a tiny in-tree engine because zig 0.16 ships no regex. it handles the 90% case. if you need pcre, pipe through grep first.
--group PAT.
buckets lines by the first capture and tacks a running counter on the end. useful when you want to know which worker, which endpoint, which user is misbehaving. resets silently after a few minutes of quiet.
--follow-rotation, --since, --json.
polls inode and size so logrotate doesn't kill the stream. --since 5m skips lines older than the duration (iso-ish timestamp parsing). --json dumps structured output per line so jq can eat it.
$ git clone https://github.com/f4rkh4d/ztail $ cd ztail $ zig build -Doptimize=ReleaseSafe $ ./zig-out/bin/ztail --help
needs zig 0.13+. tested on 0.16 on my mac. no windows build yet. haven't tried.