Makura no Soshi

Just to preserve it, here’s a useful shell command line to print a histogram of frequent log events:
grep -h 'expr' files | cut -d ' ' -f 1,2 | uniq -c | awk '{step=5; bar = ""; for(i = $1; i>=1; i = i-step) bar = bar "#"; printf $2, $3, bar; }'

Depending on the number of events the step has to be adjusted. The arguments to cut determine the used time intervals; the above aussumes a traditional BSD Syslog timestamp and will yield daily counts. For hourly counts one can use cut -d : -f 1 (then the print command has to be changed as well to printf $2, $3, $4, bar;) — for Syslog-Protocol timestamps one can use cut -d T -f 1 or cut -d : -f 1. Note that only intervals with matches are shown, there is no easy way to add empty lines.

Example:

[mschuett@mail] /var/log> fgrep -h 'idle for too long, closing connection' cyruslog | cut -d T -f 1 | uniq -c | awk '{step=10; bar = ""; for(i = $1; i>=1; i = i-step) bar = bar "#"; print $2, bar; }'
2010-03-01 ########################
2010-03-02 ################################
2010-03-03 #####################
2010-03-04 ##############################
2010-03-05 #################################
2010-03-06 ######################
2010-03-07 ###########################
2010-03-08 #####################
2010-03-09 ###################
2010-03-10 #####################
2010-03-11 ##################

This entry was posted on Tuesday, March 23rd, 2010 at 10:47 and is filed under Admin, BSD, english, Syslog. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.