使用正则表达式搜索元数据的journalctl

时间:2017-10-17 14:55:05

标签: regex linux

是否可以通过带有模式的元数据在journalctl中进行搜索。我现在正在做的是搜索journalctl CONTAINER_NAME=cranky.hello --lines=100 -f。但我想要实现的是在那之后搜索所有内容。'。一些搜索模式,如journalctl CONTAINER_NAME=cranky.* --lines=100 -f。这也将搜索 CONTAINER_NAME 元数据,如:

  • cranky.world
  • cranky.alive

以下是执行journalctl时的输出示例:

journalctl CONTAINER_NAME = cranky.hello --lines = 100 -f Oct 17 14:33:35 lottery-staging docker[55587]: chdir: /usr/src/app Oct 17 14:33:35 lottery-staging docker[55587]: daemon: False Oct 17 14:33:35 lottery-staging docker[55587]: raw_env: [] Oct 17 14:33:35 lottery-staging docker[55587]: pidfile: None Oct 17 14:33:35 lottery-staging docker[55587]: worker_tmp_dir: None

journalctl CONTAINER_NAME = cranky.hello --lines = 100 -f -o json { "__CURSOR" : "s=d98b3d664a71409d9a4d6145b0f8ad93;i=731e;b=2f9d75ec91044d52b8c5e5091370bcf7;m=285b067a063;t=55bbf0361352a;x=64b377c33c8fba96", "__REALTIME_TIMESTAMP" : "1508250837136682", "__MONOTONIC_TIMESTAMP" : "2773213487203", "_BOOT_ID" : "2f9d75ec91044d52b8c5e5091370bcf7", "CONTAINER_TAG" : "", "_TRANSPORT" : "journal", "_PID" : "55587", "_UID" : "0", "_GID" : "0", "_COMM" : "docker", "_EXE" : "/usr/bin/docker", "_CMDLINE" : "/usr/bin/docker daemon -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375 --userland-proxy=false --tlscert /etc/dockercloud/agent/cert.pem --tlskey /etc/dockercloud/agent/key.pem --tlscacert /etc/dockercloud/agent/ca.pem --tlsverify --log-driver journald", "_SYSTEMD_CGROUP" : "/", "_SELINUX_CONTEXT" : [ 117, 110, 99, 111, 110, 102, 105, 110, 101, 100, 10 ], "_MACHINE_ID" : "0a80624bd4c45a792b0a857c59a858d6", "_HOSTNAME" : "lottery-staging", "PRIORITY" : "6", "MESSAGE" : "Running migrations:", "CONTAINER_ID_FULL" : "c8f60546e9d50f034f364259c409760b3390d979d57a773eccd8d852e1c3553f", "CONTAINER_NAME" : "ghost-1.lottery-staging-stack.c6118be4", "CONTAINER_ID" : "c8f60546e9d5", "_SOURCE_REALTIME_TIMESTAMP" : "1508250837135650" } { "__CURSOR" : "s=d98b3d664a71409d9a4d6145b0f8ad93;i=731f;b=2f9d75ec91044d52b8c5e5091370bcf7;m=285b067a2a2;t=55bbf0361376a;x=6c87fea4ea155d00", "__REALTIME_TIMESTAMP" : "1508250837137258", "__MONOTONIC_TIMESTAMP" : "2773213487778", "_BOOT_ID" : "2f9d75ec91044d52b8c5e5091370bcf7", "CONTAINER_TAG" : "", "_TRANSPORT" : "journal", "_PID" : "55587", "_UID" : "0", "_GID" : "0", "_COMM" : "docker", "_EXE" : "/usr/bin/docker", "_CMDLINE" : "/usr/bin/docker daemon -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375 --userland-proxy=false --tlscert /etc/dockercloud/agent/cert.pem --tlskey /etc/dockercloud/agent/key.pem --tlscacert /etc/dockercloud/agent/ca.pem --tlsverify --log-driver journald", "_SYSTEMD_CGROUP" : "/", "_SELINUX_CONTEXT" : [ 117, 110, 99, 111, 110, 102, 105, 110, 101, 100, 10 ], "_MACHINE_ID" : "0a80624bd4c45a792b0a857c59a858d6", "_HOSTNAME" : "lottery-staging", "PRIORITY" : "6", "MESSAGE" : " No migrations to apply.", "CONTAINER_ID_FULL" : "c8f60546e9d50f034f364259c409760b3390d979d57a773eccd8d852e1c3553f", "CONTAINER_NAME" : "ghost-1.lottery-staging-stack.c6118be4", "CONTAINER_ID" : "c8f60546e9d5", "_SOURCE_REALTIME_TIMESTAMP" : "1508250837135667" }

1 个答案:

答案 0 :(得分:3)

journalctl不接受单位名称以外的任何模式(在-u参数中)。根据您的需要,您可以使用JSON输出和grep执行一些过滤,如:

journalctl -u docker -o json -n1000 | grep 'CONTAINER_NAME.*cranky\.'