Is lnav — The Logfile Navigator with SQL and Live Tailing free to use?

Yes. lnav — The Logfile Navigator with SQL and Live Tailing is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install lnav — The Logfile Navigator with SQL and Live Tailing?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

ScriptsApr 15, 2026·2 min read

lnav — The Logfile Navigator with SQL and Live Tailing

lnav is an advanced log file viewer that understands dozens of log formats, provides SQL queries against log records, live-tails rotating files, and timestamps-merges multiple logs into one view.

Script Depot · Community

TL;DR

Advanced terminal log viewer with SQL queries against log records, live tailing, and automatic format detection for dozens of formats.

§01

What it is

lnav is an advanced log file viewer for the terminal that understands dozens of log formats out of the box. It merges multiple log files by timestamp, provides SQL queries against log records, live-tails rotating files, and highlights errors and warnings automatically. Unlike tail -f or grep, lnav gives you a structured, queryable view of your logs.

The tool targets system administrators, SREs, and developers who debug production issues by reading log files. It works with syslog, Apache, NGINX, Docker, journald, and many other formats without configuration.

§02

How it saves time or tokens

lnav replaces the cycle of grep, awk, and tail commands with a single interactive viewer. SQL queries let you aggregate, filter, and correlate log events without piping between tools. Timestamp-based merging across multiple files means you see events in chronological order regardless of which service produced them. For incident response, this reduces log investigation time from minutes of command chaining to seconds of SQL queries.

§03

How to use

Install lnav:

brew install lnav

Open one or more log files:

lnav /var/log/nginx/access.log /var/log/app/*.log

Inside lnav, use keyboard shortcuts and SQL:

-- Jump to a specific time
:go 15:30

-- Query log records
;SELECT c_ip, COUNT(*) FROM nginx_log GROUP BY c_ip ORDER BY COUNT(*) DESC LIMIT 10

§04

Example

Investigate a spike in 500 errors across multiple services:

# Open all relevant logs
lnav /var/log/nginx/error.log /var/log/app/api.log /var/log/app/worker.log

# Inside lnav - find error patterns
;SELECT log_time, log_level, log_body 
 FROM all_logs 
 WHERE log_level = 'error' 
 AND log_time > '2026-04-15 14:00'
 ORDER BY log_time

# Filter to specific IP
:filter-in 192.168.1.100

lnav merges all three log files by timestamp, so you see the exact sequence of events across services.

§05

Related on TokRepo

AI Tools for Monitoring — Monitoring and observability tools for production systems
AI Tools for DevOps — DevOps tools for debugging and incident response

§06

Common pitfalls

lnav auto-detects log formats, but custom formats need a JSON format definition file. Without it, custom logs display as plain text without structure.
SQL queries run against in-memory log data. Very large log files (10GB+) may cause high memory usage. Filter or limit the time range before loading.
The :go time command uses the log file's timezone. Ensure your log timestamps include timezone information to avoid confusion with UTC offsets.

Frequently Asked Questions

What log formats does lnav support?+

lnav supports dozens of formats out of the box including syslog, Apache access/error, NGINX, Docker, journald, Python logging, Java log4j, and many more. Custom formats can be added via JSON format definition files.

Can lnav handle compressed log files?+

Yes. lnav can read gzip and bzip2 compressed log files directly. This is useful for analyzing rotated log files without manually decompressing them first.

How does the SQL query feature work?+

lnav parses log records into structured fields based on the detected format. You query these fields using SQLite-compatible SQL syntax. Each log format exposes different columns like timestamp, level, message, IP address, and HTTP status code.

Can lnav tail multiple files simultaneously?+

Yes. lnav live-tails multiple files at once, merging new entries by timestamp as they arrive. This gives you a unified, chronological view of events across multiple services in real time.

Does lnav work with Docker container logs?+

Yes. You can pipe Docker logs to lnav or point it at Docker's JSON log files directly. lnav recognizes the Docker log format and parses container names, timestamps, and log levels automatically.

Citations (3)

lnav GitHub— lnav is an advanced log file viewer with SQL and live tailing
lnav Documentation— Log format auto-detection and custom format definitions
lnav SQL Reference— SQLite-compatible queries against log records

Related on TokRepo

Monitoring tools DevOps tools Featured workflows

Discussion

No comments yet. Be the first to share your thoughts.

lnav — The Logfile Navigator with SQL and Live Tailing

What it is

How it saves time or tokens

How to use

Example

Related on TokRepo

Common pitfalls

Frequently Asked Questions

Citations (3)

Related on TokRepo

Discussion

Related Assets

NAPI-RS — Build Node.js Native Addons in Rust

Mamba — Fast Cross-Platform Package Manager

Plasmo — The Browser Extension Framework