Last active
October 21, 2023 02:11
-
-
Save kylemanna/c6fc87b62ff404d41f6970a1927c4cb5 to your computer and use it in GitHub Desktop.
JSON jq magic for journalctl. https://blog.kylemanna.com/linux/systemd-journalctl-sort-by-frequency
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Read from journalctl outputting json and sort the data by program frequency | |
| # | |
| # https://blog.kylemanna.com/linux/systemd-journalctl-sort-by-frequency | |
| # | |
| # Author: Kyle Manna | |
| # | |
| # invocation: journalctl -o json --since "1 month ago" | jq -s -f systemd-journalctl-sort-by-program-frequency.jq | |
| # | |
| # Grab the most useful name and a pointer/cursor to each occurrence | |
| [.[] | { name: (if .SYSLOG_IDENTIFIER then .SYSLOG_IDENTIFIER else ._COMM end), cursor:.__CURSOR }] | |
| # Group by name | |
| | group_by(.name) | |
| # Collapse the grouping in to a simple { name: $NAME, length: XX } object | |
| | map({name: .[0].name, length: [.[].cursor] | length}) | |
| # Sort by length | |
| | sort_by(.length) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment