lnav is a terminal-based log viewer and analyzer designed for aggregating, filtering, and analyzing multiple log files in a single chronological view. It functions as a console application that can replace the system pager, providing syntax highlighting and document navigation for system or application logs.
The project distinguishes itself by mapping unstructured log data to virtual SQLite tables, enabling the use of SQL and PRQL for structured data analysis, aggregations, and relational queries. It further differentiates its capability set through native integration for retrieving and tailing Docker container logs and the ability to access remote files over SSH without manual downloads.
The tool provides comprehensive observability and analysis features, including chronological log merging, real-time monitoring, and visual analytics such as event distribution charts and numeric field spectrograms. It covers a broad operational surface including structured text formatting for JSON and XML, regex-based format detection, and non-destructive log entry annotation.
The product supports the extraction of compressed archives and provides utilities for sensitive data anonymization and session state export.
