All posts
September 10, 20252 min read

Automating Log Analysis with lnav and Shell Scripting

Not in the sense of falsehood, but in the subtle way truth hides when you can’t see the whole picture. That’s where lnav changes everything. And when you combine lnav with shell scripting, you stop reading logs — you control them. You turn chaos into signal. You run commands that answer questions. You make your logs work for you. What is lnav? lnav (Logfile Navigator) is a terminal-based log viewer that understands log formats, colors them, indexes them, and lets you query them like a databas

Free White Paper

CloudTrail Log Analysis: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

Not in the sense of falsehood, but in the subtle way truth hides when you can’t see the whole picture. That’s where lnav changes everything. And when you combine lnav with shell scripting, you stop reading logs — you control them. You turn chaos into signal. You run commands that answer questions. You make your logs work for you.

What is lnav?

lnav (Logfile Navigator) is a terminal-based log viewer that understands log formats, colors them, indexes them, and lets you query them like a database. It’s fast. It’s local. It doesn’t need an external service. Developers use it to detect errors, track requests, and debug complex systems. Systems engineers use it to parse huge logs without wasting hours scrolling.

Why combine lnav with shell scripts?

Because automation turns insight into action. Instead of reading lines, you can write shell scripts that parse specific fields, filter results, and trigger alerts. Using the SQL interface inside lnav, you can run SQL queries from the shell, extract structured data from raw logs, and pass that data into any script you need.

A simple script could pull yesterday’s errors:

Continue reading? Get the full guide.

CloudTrail Log Analysis: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.
lnav -n \
 -c ":select * from logs where log_level = 'error' and log_time >= date('now','-1 day');"\
 /var/log/app.log

Chain it with shell tools like grep, awk, and jq to transform and feed data into your deployment pipelines or monitoring dashboards.

Key techniques for lnav shell scripting

  • Batch mode processing: Use -n to disable curses UI and run scripts automatically.
  • SQL queries in one-liners: Pull metrics, counts, and patterns without external parsers.
  • Pattern extraction: Create SQL views with regex extraction for recurring log structures.
  • Multi-log analysis: Pass multiple files or entire directories for cross-service correlation.
  • Automated reporting: Combine with cron jobs for daily summaries or anomaly alerts.

Example: Generating a quick performance report

lnav -n \
 -c ":select count(*) as total, log_level from logs group by log_level;"\
 /var/log/*.log

Send the output to a file or a messaging API, and you have an automated status feed.

Speed, scale, and control

With raw shell access and lnav’s structured query power, your logging pipeline doesn’t depend on slow UIs or third-party dashboards. You stay close to the source, react faster, and adapt scripts instantly. That agility compounds across systems.

If you want to take this further, you don’t have to build it all from scratch. You can see similar capabilities — and more advanced automation — running live in minutes with Hoop.dev.

Do you want me to also include a section on advanced SQL views in lnav that can be reused across scripts for even more automation?

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts