Quick Start

Get from zero to your first log analytics query in under 5 minutes.

Install

curl (Linux/macOS)

curl -fsSL https://lynxdb.org/install.sh | sh

Homebrew

brew install lynxbase/tap/lynxdb

Docker

docker run -p 3100:3100 ghcr.io/lynxbase/lynxdb server

From Source

go install github.com/lynxbase/lynxdb/cmd/lynxdb@latest

Verify the installation:

lynxdb version

Option 1: Query Local Files (No Server)

The fastest way to try LynxDB is local file mode. It starts no server and writes nothing outside the process.

Create a small NDJSON file:

cat > events.ndjson <<'EOF'
{"_time":"2026-01-15T00:00:00Z","level":"error","status":500,"duration_ms":120,"message":"failed"}
{"_time":"2026-01-15T00:01:00Z","level":"info","status":200,"duration_ms":15,"message":"ok"}
{"_time":"2026-01-15T00:02:00Z","level":"error","status":503,"duration_ms":250,"message":"timeout"}
EOF

Run an aggregation:

lynxdb query --file events.ndjson 'stats count() as count by level | sort level' --format ndjson --no-stats

Expected output:

{"count":2,"level":"error"}
{"count":1,"level":"info"}

Run a filter and projection:

lynxdb query --file events.ndjson 'where status >= 500 | keep level, status, message | sort message' --format vertical --no-stats

Expected output:

  record 1
    level  error
  message  failed
   status  500


  record 2
    level  error
  message  timeout
   status  503

You can query any log file the same way:

# Query a local log file
lynxdb query --file /var/log/syslog 'stats count() by level'

# Pipe from any command
kubectl logs deploy/api | lynxdb query 'stats avg(duration_ms) by endpoint'

# Query nginx access logs
lynxdb query --file '/var/log/nginx/*.log' 'where status >= 500 | top 10 uri'

Option 2: Run the Built-in Demo

Start the demo to generate realistic log data from 4 sources:

# Terminal 1: Start the demo (generates 200 events/sec)
lynxdb demo

# Terminal 2: Query the demo data
lynxdb query 'from main _source=nginx status>=500
  | stats count() as count, avg(duration_ms) as avg_lat by uri
  | sort -count
  | head 5'

# Live tail errors
lynxdb tail 'where level == "error"'

Option 3: Start a Server

For persistent storage and the full API:

# Start the server
lynxdb server &

# Ingest a structured event
curl -X POST localhost:3100/api/v1/ingest \
  -H 'Content-Type: application/json' \
  -d '[{"event":"hello from lynxdb","source":"quickstart","fields":{"level":"info","service":"demo"}}]'

# Or ingest a raw log file
lynxdb ingest access.log --source web-01

# Query it
lynxdb query 'from main level=info | stats count() by service'

Your First LynxFlow Query

LynxFlow is a pipeline language. Data flows left to right through | (pipe) operators:

from main source=nginx status>=500
  | stats count() as count, avg(duration_ms) by uri
  | sort -count
  | head 10

This reads as: "From nginx logs where status is 500+, count events and average duration by URI, sort by count descending, take top 10."

tip

If your query omits the from stage, LynxDB reads from the default main dataset -- so stats count() is the same as from main | stats count().

Next Steps

• Pipe Mode -- Master serverless querying
• Server Mode -- Set up persistent storage
• Your First LynxFlow Query -- LynxFlow crash course
• LynxFlow v2 Reference -- Full language reference