What is lnav — The Logfile Navigator with SQL and Live Tailing?

lnav is an advanced log file viewer that understands dozens of log formats, provides SQL queries against log records, live-tails rotating files, and timestamps-merges multiple logs into one view.

Is lnav — The Logfile Navigator with SQL and Live Tailing free to use?

Yes. lnav — The Logfile Navigator with SQL and Live Tailing is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install lnav — The Logfile Navigator with SQL and Live Tailing?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

lnav — The Logfile Navigator with SQL and Live Tailing

Introduction

lnav is the Swiss Army knife for log triage. It recognizes syslog, nginx, Apache, JSON, generic timestamped lines, and lets you pivot freely between viewing, searching, filtering, and full SQL querying. Multiple logs open in one buffer are merged by time, so you can see your app, proxy, and db correlated in a single scroll.

What lnav Does

Opens log files with format detection (syslog, json, nginx, access_log, etc.).
Merges multiple files by timestamp into a single stream.
Lets you SQL-query the current buffer: ;SELECT ....
Live-tails rotating/truncated files.
Histogram view of error density over time.

Architecture Overview

lnav's format library parses each file into schema'd rows exposed as SQLite virtual tables. A ncurses renderer shows a merged view; a SQL engine executes interactive queries on the rolling window. Rotations are detected via inode changes and handled transparently.

Self-Hosting & Configuration

Install via brew, apt, dnf, dnf, pacman.
Format definitions JSON under ~/.config/lnav/formats/.
:config editor inside the tool.
SSH-over-stdin: ssh host "tail -f /var/log/app.log" | lnav.
Marks and bookmarks persist per file.

Key Features

Real-time merged tail of many files.
SQL over structured logs.
Format library covers most real-world logs.
Histogram + spectrogram views to spot anomalies.
Bookmarks, marks, filters stack cleanly.

Comparison with Similar Tools

tail -f / multitail — basic; no format parsing or SQL.
goaccess — nginx analytics dashboard; narrower.
angle-grinder (ag) — pipeline DSL for logs; different style.
vector/fluent-bit — pipelines for shipping; not for reading.
Grafana Loki + grafana — persistent solution; lnav is local triage.

FAQ

Q: Binary logs? A: No; text only. Use journalctl piped in for journal.

Q: Add a custom format? A: JSON file in ~/.config/lnav/formats/myapp/format.json.

Q: Windows? A: Experimental; WSL recommended.

Q: Query a past window? A: ;SELECT * FROM app_log WHERE log_time BETWEEN ....

lnav — The Logfile Navigator with SQL and Live Tailing

Introduction

What lnav Does

Architecture Overview

Self-Hosting & Configuration

Key Features

Comparison with Similar Tools

FAQ

Sources

讨论

相关资产

Crossplane — The Cloud Native Control Plane Framework

CoreDNS — Flexible DNS Server Written in Go

Apache APISIX — Cloud Native High-Performance API Gateway