mirror of
https://github.com/tstack/lnav
synced 2024-11-09 19:10:52 +00:00
383 lines
15 KiB
ReStructuredText
383 lines
15 KiB
ReStructuredText
.. _ui:
|
|
|
|
User Interface
|
|
==============
|
|
|
|
The **lnav** TUI displays the content of the current "view" in the middle,
|
|
with status bars above and below, and the interactive prompt as the last line.
|
|
|
|
.. figure:: lnav-ui.png
|
|
:align: center
|
|
:alt: Screenshot of lnav showing a mix of syslog and web access_log messages.
|
|
|
|
Screenshot of **lnav** viewing syslog and web access_log messages.
|
|
|
|
The default view shows the log messages from the log files that have been
|
|
loaded. There are other views for displaying content like plaintext files
|
|
and SQL results. The :ref:`ui_views` section describes the characteristics of
|
|
each view in more detail. You can switch to the different views using the
|
|
hotkeys described in the :ref:`hotkeys_display` section or by pressing
|
|
:kbd:`ENTER` to activate the breadcrumb bar, moving to the first crumb, and
|
|
then selecting the desired view. You can switch back to the previous view by
|
|
pressing :kbd:`q`. You can switch forward to the new view by pressing
|
|
:kbd:`a`. If the views are time-based (e.g. log and histogram), pressing
|
|
:kbd:`Shift` + :kbd:`q` and :kbd:`Shift` + :kbd:`a` will synchronize the top
|
|
times in the views.
|
|
|
|
**lnav** provides many operations to work with the log/text data in the
|
|
main view. For example, you can add comments and tags to log messages.
|
|
By default, the top line is used as the reference point to edit the
|
|
comment or tags. Alternatively, you can press :kbd:`Ctrl` + :kbd:`x`
|
|
to switch to "cursor" mode where the "focused" line is highlighted and
|
|
most operations now work with that line. When in "cursor" mode, the
|
|
:kbd:`↑` and :kbd:`↓` keys now move the focused line instead of scrolling
|
|
the view. Jumping to bookmarks, like errors, will also move the focused
|
|
line instead of moving the next error to the top of the view.
|
|
|
|
The right side of the display has a proportionally sized 'scrollbar' that
|
|
shows:
|
|
|
|
* the current position in the file;
|
|
* the locations of errors/warnings in the log files by using red or yellow
|
|
coloring;
|
|
* the locations of search hits by using a tick-mark pointing to the left;
|
|
* the locations of bookmarks by using a tick-mark pointing to the right.
|
|
|
|
Top Status Bar
|
|
--------------
|
|
|
|
The top status bar shows the current time and messages stored in the
|
|
:ref:`table_lnav_user_notifications` table.
|
|
|
|
Below the top status bar is the breadcrumb bar that displays the semantic
|
|
location of the focused line in the main view. For example, within a
|
|
pretty-printed JSON document, it will show the path to property at the top
|
|
of the view. The actual content of the bar depends on the current view and
|
|
will be updated as you navigate around the main view. The bar can also be
|
|
used to navigate around the document by focusing on it.
|
|
|
|
Breadcrumb Bar
|
|
--------------
|
|
|
|
.. figure:: lnav-breadcrumbs-help.png
|
|
:align: center
|
|
:figwidth: 90%
|
|
|
|
Screenshot of the breadcrumb bar focused and navigating the help text
|
|
|
|
To focus on the breadcrumb bar, press :kbd:`ENTER`. The :kbd:`←`/:kbd:`→`
|
|
cursor keys can be used to select a crumb and the :kbd:`↑`/:kbd:`↓` keys can
|
|
be used select a value of that crumb. To accept a value and drop focus on the
|
|
bar, press :kbd:`ENTER`. To accept a value and move to the next crumb, press
|
|
:kbd:`→`. Using :kbd:`→` makes it quicker to drill down into a document
|
|
without having to constantly switch focus. To drop focus on the bar without
|
|
accepting anything, press :kbd:`Escape`.
|
|
|
|
There are three types of crumbs:
|
|
|
|
* a dropdown where one of a limited set of values can be selected;
|
|
* a combobox where a value can be entered directly or selected;
|
|
* a numeric input for entering array indexes.
|
|
|
|
When a dropdown or combobox is selected, you can type part of the desired value
|
|
to filter the list of values. For example, the first crumb is always the
|
|
current view, typing in "hi" will filter the list down to the "HIST" value.
|
|
|
|
Configuration Panels
|
|
--------------------
|
|
|
|
.. figure:: lnav-config-header.png
|
|
:align: center
|
|
:figwidth: 90%
|
|
|
|
Screenshot of the header for the configuration panels when they are hidden.
|
|
|
|
After the main view content, there is a header bar for two configuration
|
|
panels: Files and Filters. These panels provide visual access to parts of
|
|
lnav's configuration. To access the panels, press the :kbd:`TAB` key.
|
|
To hide the panels again, press :kbd:`q`.
|
|
|
|
.. figure:: lnav-files-panel.png
|
|
:align: center
|
|
:figwidth: 90%
|
|
|
|
Screenshot of the files panel showing the loaded files.
|
|
|
|
The Files panel is open initially to display progress in loading files.
|
|
The following information can be displayed for each file:
|
|
|
|
* the "unique" portion of the path relative to the other files;
|
|
* the amount of data that has been indexed;
|
|
* the date range of log messages contained in the file;
|
|
* the errors that were encountered while trying to index the file;
|
|
* the notes recorded for files where some automatic action was taken,
|
|
like hiding the file if it was seen as a duplicate of another file.
|
|
|
|
.. figure:: lnav-filters-panel.png
|
|
:align: center
|
|
:figwidth: 90%
|
|
|
|
Screenshot of the filters panel showing an OUT and a disabled IN filter.
|
|
|
|
If the view supports filtering, there will be a status line showing the
|
|
following:
|
|
|
|
* the number of enabled filters and the total number of filters;
|
|
* the number of lines that are **not** displayed because of filtering.
|
|
|
|
To edit the filters, you can press TAB to change the focus from the main
|
|
view to the filter editor. The editor allows you to create, enable/disable,
|
|
and delete filters easily.
|
|
|
|
Bottom Status Bar
|
|
-----------------
|
|
|
|
The second to last line is the bottom status bar, which shows the following:
|
|
|
|
* the line number of the focused line, starting from zero;
|
|
* the location within the view, as a percentage;
|
|
* the current search hit, the total number of hits, and the search term;
|
|
* the loading indicator.
|
|
|
|
When the interactive prompt is active, this bar can show the prompt
|
|
description, help text, or error message.
|
|
|
|
Prompt
|
|
------
|
|
|
|
Finally, the last line on the display is where you can enter search
|
|
patterns and execute internal commands, such as converting a
|
|
unix-timestamp into a human-readable date. The following key-presses
|
|
will activate a corresponding prompt:
|
|
|
|
* :kbd:`/` - The search prompt. You can enter a PCRE2-flavored regular
|
|
expression to search for in the current view.
|
|
* :kbd:`:` - The command prompt. Commands are used to perform common
|
|
operations.
|
|
* :kbd:`;` - The SQL prompt. SQL queries can be used for log analysis
|
|
and manipulating **lnav**'s state.
|
|
* :kbd:`|` - The script prompt. Enter a path to the lnav script to
|
|
execute, along with the arguments to pass in.
|
|
|
|
The command-line is by the readline library, so the usual set of keyboard
|
|
shortcuts can be used for editing and moving within the command-line.
|
|
|
|
.. _ui_views:
|
|
|
|
Views
|
|
-----
|
|
|
|
The accessible content within lnav is separated into the following views.
|
|
|
|
LOG
|
|
^^^
|
|
|
|
The log view displays the log messages from any loaded log files in time
|
|
order. This view will be shown by default if any log messages are available.
|
|
|
|
On color displays, the log messages will be highlighted as follows:
|
|
|
|
* Errors will be colored in red;
|
|
* warnings will be yellow;
|
|
* search hits are reverse video;
|
|
* various color highlights will be applied to: IP addresses, SQL keywords,
|
|
XML tags, file and line numbers in Java backtraces, and quoted strings;
|
|
* "identifiers" in the messages will be randomly assigned colors based on their
|
|
content (works best on "xterm-256color" terminals).
|
|
|
|
.. note::
|
|
|
|
If the coloring is too much for your tastes, you can change to the
|
|
"grayscale" theme by entering the following command:
|
|
|
|
.. code-block:: lnav
|
|
|
|
:config /ui/theme grayscale
|
|
|
|
.. note::
|
|
|
|
If a log message has a timestamp that is out-of-order with its neighboring
|
|
messages, the timestamp will be highlighted in yellow. When one of these
|
|
messages is at the top of the log view, an overlay will display the
|
|
difference between the "actual time" and the "received time". The "actual
|
|
time" is the original textual timestamp. The "received time" is the time
|
|
of an earlier message that is larger than this log message's time.
|
|
|
|
The source file name for each message can be displayed by scrolling left.
|
|
Scrolling left once will show the shortened version of the file name relative
|
|
to the other files that are loaded. In the shortened version, the unique
|
|
portion of the file name will be in square brackets. Scrolling left a second
|
|
time will show the full path.
|
|
|
|
The breadcrumb bar will show the following crumbs:
|
|
|
|
* the timestamp for the focused line;
|
|
* the log format for the focused line;
|
|
* the name of the file the focused line was pulled from;
|
|
* the "operation ID" of the focused log message, if it is supported by the log
|
|
format.
|
|
|
|
These crumbs are interactive and can be used to navigate to different parts
|
|
of the log view. For example, selecting a different value in the log format
|
|
crumb will jump to the first message with that format.
|
|
|
|
The file crumb will show a "↻" icon if the file is from the output of a FIFO,
|
|
:code:`:sh` command, or data that was piped into the standard input. When
|
|
the pipe is closed, the icon will disappear.
|
|
|
|
TEXT
|
|
^^^^
|
|
|
|
The text view displays files for which lnav could not detect any log messages.
|
|
|
|
Press :kbd:`t` to switch to the text view. While in the text view, you can
|
|
press :kbd:`f` or :kbd:`Shift` + :kbd:`F` to switch to the next / previous
|
|
text file.
|
|
|
|
The breadcrumb bar will show the name of the file and any structure that was
|
|
discovered in the content. The file crumb will show a "↻" icon if the file
|
|
is from the output of a FIFO, :code:`:sh` command, or data that was piped
|
|
into the standard input. When the pipe is closed, the icon will disappear.
|
|
|
|
If the content is piped into lnav through standard input, a FIFO, or a
|
|
:code:`:sh` command, the time that lines are received are recorded. You
|
|
can press :kbd:`Shift` + :kbd:`T` to view the elapsed time like in the
|
|
LOG view. The breadcrumb bar will also show the received time of the
|
|
focused line after the file name crumb. If the output being shown is from
|
|
a :code:`:sh` command, you can press :kbd:`Ctrl` + :kbd:`C` to send a
|
|
SIGINT to the child process without killing **lnav** itself.
|
|
|
|
.. figure:: lnav-make-check-log.png
|
|
:align: center
|
|
:figwidth: 90%
|
|
|
|
Screenshot of the TEXT view showing the output of :code:`sh make check`.
|
|
Each line is timestamped internally when it was received so it's
|
|
possible to view how long each test is taking to run. The "↻" icon
|
|
next to the file name in the breadcrumb bar means that the make is
|
|
still running.
|
|
|
|
Markdown
|
|
""""""""
|
|
|
|
Files with an :code:`.md` (or :code:`.markdown`) extension will be treated as
|
|
Markdown files and rendered separately.
|
|
|
|
.. figure:: lnav-markdown-example.png
|
|
:align: center
|
|
|
|
Viewing the **lnav** :file:`README.md` file.
|
|
|
|
|
|
DB
|
|
^^
|
|
|
|
The DB view shows the results of queries done through the SQLite interface.
|
|
You can execute a query by pressing :kbd:`;` and then entering a SQL statement.
|
|
|
|
Press :kbd:`v` to switch to the database result view.
|
|
|
|
HELP
|
|
^^^^
|
|
|
|
The help view displays the builtin help text. While in the help view, the
|
|
breadcrumb bar can be used to navigate to different sections of the document.
|
|
|
|
Press :kbd:`?` to switch to the help view.
|
|
|
|
HIST
|
|
^^^^
|
|
|
|
The histogram view displays a stacked bar chart of messages over time
|
|
classified by their log level and whether they've been bookmarked.
|
|
|
|
Press :kbd:`i` to switch back and forth to the histogram view. You
|
|
can also press :kbd:`Shift` + :kbd:`i` to toggle the histogram view
|
|
while synchronizing the top time. While in the histogram view,
|
|
pressing :kbd:`z` / :kbd:`Shift` + :kbd:`z` will zoom in/out.
|
|
|
|
GANTT
|
|
^^^^^
|
|
|
|
.. note:: This feature is available in v0.12.0+.
|
|
|
|
The Gantt Chart view visualizes operations over time. The operations
|
|
are identified by the "opid" field defined in the log format. In the
|
|
view, there is a header that shows the overall time span, the
|
|
narrowed time span around the focused line, and the column headers.
|
|
Each row in the view shows the following:
|
|
|
|
* The duration of the operation
|
|
* Sparklines showing the number of errors and warnings relative to the
|
|
total number of messages associated with the OPID.
|
|
* The OPID itself.
|
|
* A description of the operation as captured from the log messages.
|
|
|
|
The rows are sorted by the start time of each operation.
|
|
|
|
If an operation row is in the focused time span, a reverse-video
|
|
bar will show when the operation started and finished (unless it
|
|
extends outside the time span). As you move the focused line, the
|
|
focused time span will be adjusted to keep the preceding and following
|
|
five operations within the span.
|
|
|
|
The preview panel at the bottom of the display will show the
|
|
messages associated with the operation.
|
|
|
|
PRETTY
|
|
^^^^^^
|
|
|
|
The pretty-print view takes the text displayed in the current view and shows
|
|
the result of a pretty-printer run on that text. For example, if a log
|
|
message contained an XML message on a single line, the pretty-printer would
|
|
break the XML across multiple lines with appropriate indentation.
|
|
|
|
.. figure:: lnav-pretty-view-before.png
|
|
:align: center
|
|
:figwidth: 90%
|
|
|
|
Screenshot of a log message with a flat JSON object.
|
|
|
|
.. figure:: lnav-pretty-view-after.png
|
|
:align: center
|
|
:figwidth: 90%
|
|
|
|
Screenshot of the same log message in the PRETTY view. The JSON object
|
|
is now indented for easier reading.
|
|
|
|
Press :kbd:`Shift` + :kbd:`P` to switch to the pretty-print view.
|
|
|
|
SCHEMA
|
|
^^^^^^
|
|
|
|
The schema view displays the current schema of the builtin SQLite database.
|
|
|
|
Press :kbd:`;` to enter the SQL prompt and then enter :code:`.schema` to
|
|
open the schema view.
|
|
|
|
SPECTRO
|
|
^^^^^^^
|
|
|
|
The spectrogram view is a "three"-dimensional display of data points of a log
|
|
field or a SQL query column. The dimensions are time on the Y axis, the range
|
|
of data point values on the X axis, and the number of data points as a color.
|
|
For example, if you were to visualize process CPU usage over time, the range
|
|
of values on the X axis would be CPU percentages and there would be colored
|
|
blocks at each point on the line where a process had that CPU percentage, like
|
|
so
|
|
|
|
.. figure:: lnav-spectro-cpu-pct.png
|
|
:align: center
|
|
|
|
Screenshot of the **lnav** spectrogram view showing CPU usage of processes.
|
|
|
|
The colors correspond to the relative number of data points in a bucket.
|
|
The legend overlaid at the top line in the view shows the counts of data
|
|
points that are in a particular color, with green having the fewest number of
|
|
data points, yellow the middle, and red the most. You can select a particular
|
|
bucket using the cursor keys to see the exact number of data points and the
|
|
range of values. The panel at the bottom of the view shows the data points
|
|
themselves from the original source, the log file or the SQL query results.
|
|
You can press :kbd:`TAB` to focus on the details panel so you can scroll
|
|
around and get a closer look at the values.
|