All log file contents are merged into a single view based on message timestamps. You no longer need to manually correlate timestamps across multiple windows or figure out the order in which to view rotated log files. The color bars on the left-hand side help to show which file a message belongs to.
Automatic Log Format Detection
The log message format is automatically determined by lnav while scanning your files. The following are some of the formats that are built in by default: • Common Web Access Log format • W3C Extended Log File Format • logfmt • CUPS page_log • Syslog • Glog • VMware ESXi/vCenter Logs • dpkg.log • uwsgi • “Generic” - Any message that starts with a timestamp • Strace • sudo
If your log file format is JSON-lines or can be matched by a PCRE regular expression, you can define your own format in a JSON file. GZIP’ed and BZIP2’ed files are also detected automatically and decompressed on-the-fly.
Display only lines that match or do not match a set of regular expressions. Useful for removing extraneous log lines that you are not interested in.
The timeline view shows a histogram of messages over time. The number of warnings and errors are highlighted in the display so that you can easily see where problems have occurred. Once you have found a period of time that is of interest, a key-press will take you back to the log message view at the corresponding time.
The pretty-print view will reformat structured data, like XML or JSON, so that it is easier to read. Simply press SHIFT+P in the log view to have all the currently displayed lines pretty-printed. The following screenshot shows an XML blob with no indentation:
After pressing SHIFT+P, the XML is pretty-printed for easier viewing: