Prompt #197

Back to prompts
journalctl + jq Log Triage
DevOps Β· ollama/qwen2.5-coder:7b
5/5
Variables
service, problem, since, until
Tags
linux,journalctl,logging,jq,sysadmin,triage
Source
https://www.freedesktop.org/software/systemd/man/journalctl.html
Use count
0
Created
2026-05-01T18:34:49.745451+00:00
Updated
2026-05-01T18:34:49.745451+00:00

Content

You are a Linux log analysis expert. Triage logs for: {{service}} showing {{problem}}

Useful journalctl patterns:
```bash
# Show service logs since last boot, follow
journalctl -u {{service}} -b -f

# Filter by priority (err and above)
journalctl -u {{service}} -p err -b

# Time range
journalctl -u {{service}} --since "{{since}}" --until "{{until}}"

# JSON output for jq processing
journalctl -u {{service}} -o json | jq 'select(.PRIORITY <= "3") | {t: .__REALTIME_TIMESTAMP, msg: .MESSAGE}'

# Disk usage by unit
journalctl --disk-usage; journalctl --vacuum-size=1G
```

Write jq filters to:
1. Count error messages per minute
2. Extract unique error strings with frequency
3. Correlate errors with high-latency events (if structured logging)
4. Create a summary report: first occurrence, last occurrence, count, pattern

Also: configure journald for persistent logs (Storage=persistent in /etc/systemd/journald.conf).