lnav v0.11.2 releases: an enhanced log file viewer

by do son · Published January 15, 2020 · Updated July 3, 2023

LNAV — The Logfile Navigator

The log file navigator, lnav, is an enhanced log file viewer that takes advantage of any semantic information that can be gleaned from the files being viewed, such as timestamps and log levels. Using this extra semantic information, lnav can do things like interleaving messages from different files, generate histograms of messages over time, and providing hotkeys for navigating through the file. It is hoped that these features will allow the user to quickly and efficiently zero in on problems.

Feature

Single Log View

All log file contents are merged into a single view based on message timestamps. You no longer need to manually correlate timestamps across multiple windows or figure out the order in which to view rotated log files. The color bars on the left-hand side help to show which file a message belongs to.

Automatic Log Format Detection

The log message format is automatically determined by lnav while scanning your files. The following formats are built-in by default:

Common Web Access Log format
CUPS page_log
Syslog
Glog
VMware ESXi/vCenter Logs
dpkg.log
uwsgi
“Generic” – Any message that starts with a timestamp
Strace
sudo

GZIP’ed and BZIP2’ed files are also detected automatically and decompressed on-the-fly.

Filters

Display only lines that match or do not match a set of regular expressions. Useful for removing extraneous log lines that you are not interested in.

Timeline View

The timeline view shows a histogram of messages over time. The number of warnings and errors are highlighted in the display so that you can easily see where problems have occurred. Once you have found a period of time that is of interest, a key-press will take you back to the log message view at the corresponding time.

Pretty-Print View

The pretty-print view will reformat structured data, like XML or JSON, so that it is easier to read. Simply press SHIFT+P in the log view to have all the currently displayed lines pretty-printed.

Query Logs Using SQL

Log files are directly used as the backing for SQLite virtual tables. This means you can perform queries on messages without having to load the data into an SQL database.

Automatic Data Extraction (BETA)

The built-in log message parser can automatically discover and extract interesting data from plainly formatted log messages. For example, the screenshot above shows the key/value pairs extracted from a sudo log message. These pairs can then be accessed using SQL.

“Live” Operation

Searches are done as you type; new log lines are automatically loaded and searched as they are added; filters apply to lines as they are loaded; and, SQL queries are checked for correctness as you type.

Syntax Highlighting

Errors and warnings are colored in red and yellow, respectively. Highlights are also applied to: SQL keywords, XML tags, file and line numbers in Java backtraces, and quoted strings. The search and SQL query prompt are also highlighted as you type, making it easier to see errors and matching brackets.

Tab-completion

The command prompt supports tab-completion for almost all operations. For example, when doing a search, you can tab-complete words that are displayed on-screen rather than having to do a copy & paste.

Sessions

Session information is saved automatically and restored when you are viewing the same set of files. The current location in files, bookmarks, and applied filters are all saved as part of the session.

Headless Mode

The log processing features of lnav can be used in scripts if you have a canned set of operations or queries that you want to perform regularly. You can enable headless mode with the ‘-n’ switch on the command-line and then use the ‘-c’ flag to specify the commands or queries you want to execute.

Cross-Platform Support

Support for Mac OS X and Linux.

Changelog v0.11.2

Features:

A “cursor” mode has been added to the main view that can
be toggled by pressing CTRL-X. While in cursor mode, any
operations that would normally work on the “top” line will
now operate on the focused line instead.
Added CTRL-D and CTRL-U hotkeys to move down/up by half
a page.
Added an auto-width flag to the elements of the
line-format array that indicates that the width of the
field should automatically be determined by the observed
values.
Added bunyan log format from Tobias Gruetzmacher.
Added cloudlare log format from @minusf.
Number fields used in a JSON log format line-format
array now default to being right-aligned. Also, added
prefix and suffix to line-format elements so a
string can optionally be prepended/appended if the value
is not empty.
JSON log format detection has been improved to not rely
on matching the file name. All possible formats are
tried and the one with the most available fields for a
given line-format is used. For example, if the first
log message has 8 fields and format A contains 5 of
those fields in its line-format while format B only
contains 2 of those fields in its line-format, format
A will be used for the file.

Changes:

For JSON-lines logs, line-feeds at the end of a value are
automatically stripped.

Bug Fixes:

Hidden values in JSON logs are now hidden by default.
Text with ANSI-escapes is now filtered properly.