Applications and systems are always trying to communicate with us via log files. They write traces, errors, or acknowledgments in log files. In order to know our systems better, we need to learn how to read logs. If you are in a system administration or application support role, log parsing is a key skill!
Log files come in handy when troubleshooting is required. Log files always carry loads of useful information that can point towards cause of failure.
There are many convenient and alternate log analysis tools available in the market. They also support excellent visuals like graphs and statistics. Some examples include ELK, Splunk, Nagios. However, in order to understand those tools better, we need to have an understanding of manual log parsing. Also, manual log parsing can serve as a backup in case monitoring tools are not available. You can also code customized alerts that are triggered based on certain occurrences of an error in log files.
I’ll demonstrate some convenient and fool proof methods to search in verbose log files. Believe me it is as easy as abc 🙂
I am using the classic bash shell. The commands are generic and applicable to all Linux distros.
‘Grep’ and ‘view’ are covered in this tutorial. Together they make a powerful combo to catch errors with bulls eye accuracy.
List of matching Log Files
If there are multiple files in a folder, you can use the below command to find the required string.
The output would be a list of files containing the desired strings.
grep -l "String to Match" *.*
Searching using ‘grep’
Grep is a built-in bash utility. It stands for global regular expression. Grep is used to match strings in files. The output of a command can also be directed to grep to filter out results.
cat filename.txt | grep "String to Match"
Grep can also be used to state the line number against a matched string.
In the below example, 31 is the line number of matched string.
# Example cat trace.txt | grep -n "Signal Dispatcher" # Output 31:"Signal Dispatcher" 4 daemon prio=9 os_prio=31 cpu=0.27ms elapsed=103.28s tid=0x00007
By default, grep is case sensitive. In case you are unsure of the case type of the string to match, use ‘-i’ flag.
cat filename.txt | grep -i "String to match"
Sometimes we need to list lines that do ‘not’ match a given criteria. For example, if we need only success responses, we can filter out failures.
cat filename.txt | grep -v "Failures"
Last but not the least, it’s very easy to count the occurrences with ‘-c’ flag.
cat filename.txt | grep -c "String to count"
Log search with ‘View’
Grep displays output one line at a time. There are ways to list lines above and below the matched string, but sometimes we feel the need to navigate through lines. One case is a very long trace file and we need to go many lines below and above the exception.
View uses the same format as vi editor for saving, quitting and searching files. Let’s have a closer look.
I am using a sample syslog file. The output is as shown below.
Note the blinking cursor at the beginning of the line. You can easily navigate using it.
Match a pattern with view
Simply use ‘/’ in command mode and enter search string.
This will highlight the first occurrence.
- To move to the next occurrence, type ‘n’.
- For moving to the previous occurrence, type ‘N’.
- ‘ggn’ would take to the first occurrence.
- To move to the last occurrence, type ‘GGN’
View Line numbers and go to line
In command mode, type :set number.
On the left hand side, you can see line numbers. To add further, in the bottom right, columns and line numbers are also displayed.
Sometimes trace backs inform that line number x has an error.
With view, you can go to line number using :line_number where line_number is the actual line number.
View has many more options with which even complex operations can be performed. Do check the man page for view and grep.
Tp practice what you have just learnt, do check out replit. There is a ready bash shell there along with many other development tools. The tutorial was made using replit!
That’s all about ‘view’. Now, you must say ‘what a view’ 😀
For more tutorials on Linux, click here.
Now you know how to ace any search with grep and view. No matter how long or complicated the file is, the duo of view and grep can do magic!
About the Author
Hi there, I’m Zaira! I’m an IT professional with diverse experience in Linux-based application management. I keep applications up and running for businesses. I’m currently exploring cloud technologies. My message is simple and straightforward: ‘Always keep exploring and learning. IT is beautiful and almost like magic, you’ll never get bored and always find something surprising. So, keep learning 😊.
If you need any tech-related help, you can connect here: https://www.linkedin.com/in/zaira-hira/