Today there are a variety of tools like Kibana, splunk, sumo, cloudwatch for aws etc which are tailor mode to solve problems associated with log storage and analysis. With more and more companies moving towards cloud architecture, these tools are becoming increasingly popular. But the harsh reality is that, in majority of workplaces, you will still need to debug logs the old fashioned way - Log into the server and use a tool to search for the exact line.
I have personally used less to analyse log files. Less does not load the entire file into memory and because log files are normally large, it makes it very efficient. Today after a long time I faced a similar situation and had to brush up myself with less before I could use it. Hence I thought of putting together a blog with the minimum commands required to search log files.
Ok, Lets get started with the important bits first, entry and exit.
To open: less <filename>
To exit: q
Next use the arrow keys to navigate up and down, if you want to jump pages
To go to the Next page: [Space bar]
To go to the Previous page: b
To go to the beginning of the file: g
To go to the end of the file: G
To search for a pattern from the start of the page use:
/pattern
Next match: n
Previous match: N
Once you find your point of interest:
Mark the line: m followed by any letter
In case you are lost and want to come back to the mark:
'<the letter>
To search for a pattern from the end of the page use:
?pattern
Next match: n
Previous match: N
Since logs are constantly changing use 'r' to repaint the screen
These basic commands should be enough for most of the cases.
Top comments (2)
And what might be the reason for that? I mean,
less(andmore) allow(s) you to navigate back and forward within a log file, but it does not update automatically and filtering is really annoying with it.I, personally, usually use
tail -f LOGFILE | grep SEARCHTERMfor filtering ongoing logs, ag for filtering existing logs.Thanks for the info. I have updated the blog accordingly.
Same here, use tail for monitoring live logs. Haven’t heard of ag though.
Maybe due to the fact that less was the widely used command for debugging among devs in the companies I have worked.
It satisfied all my needs hence never needed to explore for something better.