(This change is in v0.10.0+)

XML snippets in log messages can now be queried using the xpath() table-valued SQL function. The function takes an XPath, the XML snippet to be queried, and returns a table with the results of the XPath query. For example, given following XML document:

<msg>Hello, World!</msg>

Extracting the text value from the msg node can be done using the following query:

SELECT result FROM xpath('/msg/text()', '<msg>Hello, World!</msg>')

Of course, you won’t typically be passing XML values as string literals, you will be extracting them from log messages. Assuming your log format already extracts the XML data, you can do a SELECT on the log format table and join that with the xpath() call. Since it can be challenging to construct a correct xpath() call, lnav will suggest calls for the nodes it finds in any XML log message fields. The following asciicast demonstrates this flow:

The implementation uses the pugixml library.