explaingit

tstack/lnav

10,263C++Audience · ops devopsComplexity · 2/5Setup · easy

TLDR

lnav is a terminal-based log file viewer that automatically detects formats, merges multiple logs into one time-sorted view, and lets you search, filter, and run SQL queries against your logs.

Mindmap

mindmap
  root((repo))
    What it does
      Merges log files
      Time-sorted view
      SQL queries on logs
      Error highlighting
    Tech Stack
      C++ core
      Linux macOS Windows
      Terminal UI
    Use Cases
      Incident debugging
      Multi-file tailing
      Log analysis
    Audience
      DevOps engineers
      System admins
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

View and search across multiple log files merged into one chronological timeline in real time

USE CASE 2

Jump between errors and warnings in large log files with a single key press instead of scrolling

USE CASE 3

Run SQL queries against log data directly inside the viewer to find patterns and counts

USE CASE 4

Monitor live log files as they grow and see a histogram of message volume over time

Tech stack

C++LinuxmacOSWindows

Getting it running

Difficulty · easy Time to first run · 5min

In plain English

lnav (the Log File Navigator) is a terminal-based viewer for reading and analyzing log files. Instead of using basic command-line tools like tail or grep, which treat log files as plain text and have no understanding of what a log message means, lnav reads the structure of log files and presents them in a more useful way. You point it at one or more files or directories, and it automatically detects the log format, decompresses compressed files, merges everything into a single time-sorted view, and highlights errors and warnings in color. The interactive display lets you jump directly from one error to the next with a single key press, which is much faster than scrolling through thousands of lines looking for problems. You can search using regular expressions, filter out uninteresting lines, and pretty-print structured data like JSON. A histogram view shows you at a glance how many log messages appeared at each point in time, making it easier to spot when an incident started. You can also run SQL queries against the log data directly from inside lnav, treating log lines as rows in a database table. One of the practical advantages over standard tools is how it handles multiple files: it merges syslog, web access logs, and application logs into one chronological stream, so you can see what was happening across different parts of your system at the same moment. It also handles compressed files and follows files as they grow in real time. lnav runs on Linux, macOS, and Windows. Pre-built binaries are available from the releases page, and it can also be installed through Homebrew on Mac. The project offers an SSH-accessible demo server so you can try the tool before installing it locally. It is written in C++ and has been in active development for many years.

Copy-paste prompts

Prompt 1
I'm using lnav on a server with mixed syslog and nginx access logs. How do I filter out all lines that don't contain errors, then save just the matching lines?
Prompt 2
Write me a SQL query I can run inside lnav to count error-level messages grouped by hour for the last 24 hours.
Prompt 3
I opened lnav on my app logs but it's not detecting the format correctly. How do I define a custom log format so lnav parses my log lines properly?
Prompt 4
How do I open lnav to tail multiple log files at once and jump between warnings across all of them with keyboard shortcuts?
Prompt 5
My log file is gzip-compressed. Can lnav read it directly, and how do I open it?
Open on GitHub → Explain another repo

← tstack on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.