Hi.
I have an issue with podman that creates a lot of journal entries. I’d like to analyse the journal in steps:
I have tried the options --Dir (No journal files were found) and -i (Failed to open files: Bad message) without success.
Does anyone know how to achieve that?
Regards,
Holger
or
man journalctl
There’s also this quick doc that’s worth a look:
If you can tell us what you’ve tried so far in a bit more detail (what command did you run, and what output/errors you received), we can provide more specific information too.
Thanks for help. I just realized I never mentioned journalctl in original post. That’s what I used.
I’ve filtered the journal with --since and --until filters and outputs verbose and short-full. The result is in a file $OUTPUT_DIR/journal.log.
Next I wanted to apply additional filters, e.g. journalctl - p warning -i $OUTPUT_DIR/journal*.log or journalctl -p warning --dir $OUTPUT_DIR
–Dir prints No journal files were found and -i prints Failed to open files: Bad message
In the end my goal is to use journalctl on a file that contains output from a previous run of journalctl.
From what i know, journalctl does not work with plaintext files, so you cannot create these from the journal logs and use journalctl to parse them. Once exported to plaintext, you need to use the usual shell commands (grep/sed/awk) to parse the files.
The manual says, under --output:
export
serializes the journal into a binary (but mostly text-based) stream suitable
for backups and network transfer (see Journal Export Format[3] for more
information). To import the binary stream back into native journald format
use systemd-journal-remote(8).
So, my understanding is that you export what you need, then use systemd-journal-remote to convert the export back into the journald format, and then you can use journalctl on them.
It feels a bit roundabout—any reason you aren’t just doing all the filtering at once?
It feels a bit roundabout—any reason you aren’t just doing all the filtering at once?