Got tired of your log analysis workflow being: export logs → wait for jq → try different filter → wait again → eventually load into ELK → wait for indexing.

Built JSONL Viewer Pro to solve this. Native desktop app (Mac) that handles the log analysis I do daily without needing infrastructure.

Technical details:

• Multi-threaded simdjson parser - opens 5GB files in ~10 seconds
• Automatic nested JSON flattening (alert.signature, flow.bytes_toserver, etc.)
• Advanced filtering with operators: alert.severity <= 2, flow.bytes > 100000
• Handles 10M+ rows in memory
• C++ native implementation (6MB binary, not Electron)
• Supports .jsonl and .jsonl.gz

Supported formats:

• Suricata EVE JSON logs
• Zeek (Bro) JSON logs
• EDR logs (CrowdStrike, SentinelOne, etc.)
• Cloud audit trails (CloudTrail, Azure, GCP)
• Any JSONL-formatted security data

Workflow improvements:

• Daily log review: Load overnight alerts, filter by severity, export indicators
• Threat hunting: Quick pivots on IPs, domains, hashes across millions of records
• Incident response: Rapidly filter timeline data without waiting for SIEM queries
• IOC extraction: Filter and export specific fields for threat intel

Privacy/Security:

• Zero telemetry
• No internet connection required
• Data never leaves your machine
• Good for analyzing sensitive logs on air-gapped systems

Launch pricing: $49 (normally $79)
https://iotdata.systems/jsonlviewerpro/

Built this for my own workflow but would love feedback from other analysts. What log formats or features would make this more useful?