Exclude lines in less (or journalctl)
source link: https://raymii.org/s/snippets/Exclude_lines_in_less_or_journalctl.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Exclude lines in less (or journalctl)
Published: 23-05-2021 | Author: Remy van Elst | Text only version of this article
This is a small tip I want to give you when using a less based pager, for example in journalctl or when viewing a file interactively with less or more. You can exclude certain lines that match one or multiple words (or a regex) with a few keystrokes, once less is open. This is one of those tips you never knew you needed, but when you know it, you'll use it frequently. Like in my case today when searching through some logfiles to find out why my database stopped working.
Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.
You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $100 credit for 60 days.
Once your file is open in less (or journalctl) press the following keys:
&(ampersand, capital 7)!(exclamation mark, capital 1)your-exclude-keyword
Ampersand opens the pattern matching mode, exclamation mark tells less to exclude the
following part, and then you enter your search term.
Here is a picture showing it in action:
(Here's a guide how to make such screen recordings with ffmpeg.)
To make this even more useful, if you have presses &!. you can
press UP to get your last command. Want to exclude another word?
Just add a pipe to it. Example to exclude both cron and sshd:
&!cron|sshd
As these are just simple regexes, imagine the rest you can do.
More information can be found in the manpage of less:
&pattern
Display only lines which match the pattern; lines which do not match the pattern are not displayed.
If pattern is empty (if you type & immediately followed by ENTER), any filtering is turned off, and
all lines are displayed. While filtering is in effect, an ampersand is displayed at the beginning
of the prompt, as a reminder that some lines in the file may be hidden.
Certain characters are special as in the / command+:
^N or !
Display only lines which do NOT match the pattern.
The pattern is a regular expression, as recognized by the regular expression library supplied by
your system.
I was troubleshooting why my RSS reader (miniflux) stopped working, it gave an error telling me it couldn't connect to the database. Turns out the VPS had run out of memory a day earlier and the database was hit by the out-of-memory (OOM) killer. By excluding all irrelevant stuff I was able to figure out really quickly what the actual error was:
May 23 03:00:49 s1 kernel: Out of memory: Kill process 18545 (postgres) score 140 or sacrifice child
May 23 03:00:49 s1 kernel: Killed process 18545 (postgres) total-vm:320656kB, anon-rss:2068kB, file-rss:1088kB, shmem-rss:137824kB
May 23 03:00:49 s1 kernel: oom_reaper: reaped process 18545 (postgres), now anon-rss:0kB, file-rss:0kB, shmem-rss:137824kB
May 23 03:00:49 s1 kernel: python invoked oom-killer: gfp_mask=0x14200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0
Earlier on in the log I could find out which process was the culprit to actually invoke the OOM killer, that has been resolved with some config file tweaking.
Tags: bash , journalctl , less , more , regex , snippetsHome | About | All pages | Cluster Status | Generated by ingsoc.
Recommend
-
21
Journalctl-mode This is a major-mode for emacs to view systemd’s journalctl output in emacs. The output is split into chunks for performance reasons. Fontification is provided and may be customized. At the moment...
-
20
lowleveldesign.org Software tracing, debugging, and security While working on a new version of wtrace
-
15
重写 500 Lines or Less 项目 - A Simple Object Model 版权声明:所有博客文章除特殊声明外均为原创,允许转载,但要求注明出处。 本文章是
-
15
重写 500 Lines or Less 项目 - Static Analysis 版权声明:所有博客文章除特殊声明外均为原创,允许转载,但要求注明出处。 本文章是
-
13
重写 500 Lines or Less 项目 - Continuous Integration 版权声明:所有博客文章除特殊声明外均为原创,允许转载,但要求注明出处。 本文章是
-
6
systemd-journald.service systemd本身使用 systemd-journald.service 来提供日志服务. 它默认以二进制的格式将日志文件存在 /var/log/journal/ 目录中. ls -R /var/log/journal/
-
10
Tutorial How To Use Journalctl to View and Manipulate Systemd Logs System Tools
-
9
systemd是大多数主要Linux发行版的默认的初始化程序。systemd的主要功能之一是它收集日志的方式以及为分析这些日志提供工具。在传统的SysVinit系统中,将日志存储在纯文本文件中的syslog 。读取和分析这些文件需要使用find、grep、cut和许多其他命令。...
-
3
Systemd与journalctl的双剑合璧 2022-10-19 2 分钟阅读 时代已经进化到 systemd 的年代了,service 应该是彻底没有市场了 systemd 的好处是写程序的时候再也不用 fork 甩脱父进程了,日志直接输出终端即可 对 java...
-
3
Ubuntu磁盘分析和清理:baobab journalctl 作者:疯狂Lawrence 2023-12-21 13:02:25 这里给大家分享一些 Linux 子系统中的Ubuntu桌面版的磁盘分析和日志清理的经验。 大概也就只有爱折腾的极客们,才敢将...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK