lnav
Terminal-based log file viewer that merges, indexes, and analyzes multiple log formats with SQL querying capabilities
lnav is a terminal-based log file viewer that automatically detects and merges multiple log file formats into a unified time-ordered view. It handles decompression, format detection, file tailing, and directory monitoring without configuration. The tool builds indexes of errors and warnings, pretty-prints JSON lines, and can follow log rotations and new files in directories.
The TUI interface provides navigation hotkeys for jumping between errors (e/E), regex search (/), text highlighting, and message filtering using regular expressions or SQLite expressions. Users can view message histograms over time (i), pretty-print structured text (P), and analyze logs using embedded SQLite queries (;). The tool supports semantic highlighting of identifiers like IP addresses and PIDs.
lnav integrates with systemd-journald through piped input from journalctl, supporting both standard and JSON output formats. It can process journal fields like PRIORITY and _SYSTEMD_UNIT when using JSON output. The tool handles compressed files natively and works with various log formats including syslog, web access logs, and JSON lines without requiring format definitions for common log types.
Installation
# via Homebrew
brew install lnav
