Hi there,
I was just analyzing some (way too big) ownCloud log file. Standard ownCloud log files are JSON, so you can just parse them with the CLI tool jq
.
jq
is available in the standard repositories of all the main Linux distributions.
So I built the following filter, which I think could be very helpful for other people too:
jq 'select(.time | .[:-6] + "Z" | fromdateiso8601 > (now - (60*60*24*14)) ) | select(.message | contains("NotFoundException") // contains("LockedException") | not)' owncloud.log
Let’s break it down:
jq # calling the binary
'# beginning of filter
select # using the builtin select function
(.time | .[:-6] + "Z" # making the value of the key "time" compatible with the fromdate function
| fromdate #fromdate converts date string to unix epoch
> # value of time needs to be bigger than (this is a comparison operator)
(now - (60*60*24*14)) ) # current unix epoch - seconds of 14 days
| # this filtered result we want to further filter down so you can just use the pipe to pass it to the next filter
select # we know this one already
(.message # this time we want to check what's in the message field
| contains("NotFoundException") # return true if the string is in the message field
// # logical OR operator
contains("LockedException") # also return true for this other string
| # here we are using the pipe like a logical AND operator
not) # negate the result, so we DON'T see the strings above in the output
' # end of the filter
owncloud.log # path to the owncloud log file to analyse
There are a lot more possibilities and I am also just scratching the surface. For more options see the offical jq docs:
https://stedolan.github.io/jq/manual/