N00b-friendly SQL examples for use with lnav?
632 views
Skip to first unread message
hagf...@gmail.com
Apr 1, 2015, 1:52:25 PM4/1/15
to ln...@googlegroups.com
Hello everyone,
I use as much of lnav as I can manage, but I'm lost when it comes to using its SQL functionality. I've read all the help/documentation I can find on it, but it's just not connecting for me. Does anyone know of a set of example usages, or perhaps a 'for dummies' sort of material for this feature set?
Thanks!
Hagfelsh
I use as much of lnav as I can manage, but I'm lost when it comes to using its SQL functionality. I've read all the help/documentation I can find on it, but it's just not connecting for me. Does anyone know of a set of example usages, or perhaps a 'for dummies' sort of material for this feature set?
Thanks!
Hagfelsh
Timothy Stack
Apr 1, 2015, 4:52:44 PM4/1/15
to Chris Keiser, ln...@googlegroups.com
What kind of logs are you looking to analyze? If they're highly structured, like weblogs, it's
a little easier to write queries than for logs with less structure, like syslog.
And, what types of data are you looking to extract? top-n messages? Get the sum of a
value in all messages?
I myself don't use the SQL stuff too much, so I don't think you're missing out on too much.
I use it mostly for tracking performance problems.
thanks,
tim
--
You received this message because you are subscribed to the Google Groups "lnav" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lnav+uns...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
hagf...@gmail.com
Apr 3, 2015, 11:09:03 AM4/3/15
to ln...@googlegroups.com, hagf...@gmail.com
Most of the logs I look at are /var/log/messages, dmesg, and vmkernel files. I think I'd probably find the query system to be most useful when trying to answer 'how often does this type of message happen' or 'how many <objects with unique names> are mentioned in <this specific type of message with unique string>'?
Timothy Stack
Apr 3, 2015, 12:28:06 PM4/3/15
to Chris Keiser, ln...@googlegroups.com
On Fri, Apr 3, 2015 at 8:09 AM, <hagf...@gmail.com> wrote:
Most of the logs I look at are /var/log/messages, dmesg, and vmkernel files. I think I'd probably find the query system to be most useful when trying to answer 'how often does this type of message happen'
I usually use filtering and check the histogram view to answer the 'how often
does this happen' question. For example, if you wanted to know when
dhclient was getting DHCPACKs, you could do a filter-in so you're just looking
at those messages:
:filter-in DHCPACK
Then, press 'i' to look at the histogram view that should show when the
messages are happening. Unfortunately, it looks like there is a bug that
is causing the view to not refresh with the newly filtered data, you can workaround
by pressing z/Z to zoom in/out and that should refresh the view. (I'll get this
fixed right away)
or 'how many <objects with unique names> are mentioned in <this specific type of message with unique string>'?
You might be able to use the 'logline' table if the log message has enough structure
that lnav can reliably extract data from it. If you haven't already, you should read
through the following doc page:
Another piece of software you might to take a look at for answering these types of
questions is petit:
I haven't tried it, but it has some good ideas that I'm planning on incorporating
into lnav when I get a chance.
thanks,
tim
hagf...@gmail.com
Apr 15, 2015, 9:40:34 AM4/15/15
to ln...@googlegroups.com, hagf...@gmail.com
Thanks Tim! I use petit also. It'll be neat to see something similar folded into lnav.
Reply all
Reply to author
Forward
0 new messages