LynxDB - I wanted Splunk's query language without Splunk

I've spent years staring at access and application logs, and the tool I missed most was Splunk's SPL - piping raw logs through transforms and aggregations and just exploring. But Splunk is heavy and expensive, and most lightweight alternatives optimize storage and search rather than the "sit in the data and keep re-asking the question" workflow.

So I built LynxDB: a single Go binary with a pipe-based, SPL-style query language (Lynx Flow). Two things I care about:

The same binary is a grep-like pipe filter and a server. cat app.log | lynxdb query '...' needs no server or config; lynxdb server adds indexing, retention and materialized views.

Logs stay raw and you parse/aggregate at read time, so you can turn messy semi-structured text into metrics in a couple of lines.

To be upfront about alternatives: VictoriaLogs is more mature and more resource-efficient at scale; ClickHouse will beat it on heavy analytical queries. LynxDB's bet is the exploratory workflow and the zero-infrastructure pipe mode, not out-performing those.