Features:
- Added a spectrogram command and view that displays the values of a
numeric field over time. The view works for log message fields or
for database result columns. - Log formats can now create SQL views and execute other statements
by adding '.sql' files to their format directories. The SQL scripts
will be executed on startup. - Added 'json_group_object' and 'json_group_array' aggregate SQL
functions that collects values from a GROUP BY query into a JSON
object or array, respectively. - The SQL view will now graph values found in JSON objects/arrays in
addition to the regular columns in the result. - Added an 'regexp_match(, )' SQL function that can be used to
extract values from a string using a regular expression. - Added an 'extract()' SQL function that extracts values using the
same data discover/extraction parser used in the 'logline' table. - Added a "summary" overlay line to the bottom of the log view that
displays how long ago the last message was received, along with the
total number of files and the error rate over the past five minutes. - Pressing 'V' in the DB view will now check for a column with a
timestamp and move to the corresponding time in the log view. - Added 'a/A' hotkeys to restore a view previously popped with 'q/Q'.
- Added ":hide-lines-before", ":hide-lines-after", and
":show-lines-before-and-after" commands so that you can filter out
log lines based on time. - Scripts containing lnav commands/queries can now be executed using
the pipe ('|') hotkey. See the documentation for more information. - Added an ":eval" command that can be used to execute a command or
query after performing environment variable substitution. - Added an ":echo" command that can be useful for scripts to message
the user. - The "log_part" column can now be set with an SQL UPDATE statement.
- Added a "log_body" hidden column that returns the body of the log
message. - Added ":config", ":reset-config", and ":save-config" commands to change
configuration options, reset to default, and save them for future
executions. - Added a "/ui/clock-format" configuration option that controls the time
format in the top-left corner. - Added a "/ui/dim-text" configuration option that controls the brightness
of text in the UI. - Added support for TAI64 timestamps (http://cr.yp.to/libtai/tai64.html).
- Added a safe execution mode. If the 'LNAVSECURE' environment variable is
set before executing lnav, the following commands are disabled:- open
- pipe-to
- pipe-line-to
- write-*-to
This makes it easier to run lnav with escalated privileges in restricted
environments, without the risk of users being able to use the above
mentioned commands to gain privileged access.
Interface Changes:
- The 'o/O' hotkeys have been reassigned to navigate through log
messages that have a matching "opid" field. The old action of
moving forward and backward by 60 minutes can be simulated by
using the ':goto' command with a relative time and the 'r/R'
hotkeys. - Log messages with timestamps that pre-date previous log messages will
have the timestamp highlighted in yellow and underlined. These out-
of-time-order messages will be assigned the time of the previous
message for sorting purposes. You can press the 'p' hotkey to examine
the 'Received Time' of the message as well as the time parsed from the
original message. A "log_actual_time" hidden field has also been
added to the SQLite virtual table so you can operate on the original
message time from the file. - The 'A/B' hotkeys for moving forward/backward by 10% line increments
have been reassigned to '[' and ']'. The 'a' and 'A' hotkeys are now
used to return to the previously popped view while trying to preserve
the time range. For example, after leaving the spectrogram view with
'q', you can press 'A' return to the view with the top time in the
spectrogram matching the top time in the log view. - The 'Q' hotkey now pops the current view off of the stack while
maintaining the top time between views.
Fixes:
- Issues with tailing JSON logs have been fixed.
- The jget() SQL function should now work for objects nested in arrays.