journalctl looks like a great tool for looking through logs, but I'm stuck on what feels like a simple ask: I want to see all cron messages that contain the phrase update-ipsets
.
Of course I can do this
journalctl -u cron.service | grep update-ipsets
but then you lose all the other benefits of journalctl's output (colour coding, auto paging, live view etc.)
I've tried:
journalctl -u cron.service MESSAGE=update-ipsets
journalctl -u cron.service "MESSAGE=*update-ipsets*"
journalctl -u cron.service "MESSAGE=.*update-ipsets.*"
journalctl -u cron.service "MESSAGE=/.*update-ipsets.*/"
And you don't want to experiment by hitting tab after MESSAGE=
– hangs the (zsh/Debian Jessie) shell and Ctrl-C didn't help either!
I sort of can't believe that it doesn't have this basic functionality built in, so I'm sure I must have missed something?
Thanks.
Best Answer
Currently, journalctl does not support patterns or wildcards in field matches.
grep
is your best option.I had the same problem, and I think that
journalctl
only searches for an exact match for VALUE whenNAME=VALUE
is passed as arguments.My investigations:
man page
From
journalctl(1)
The pattern is not mentioned in the description of the matches:
The man page refers to a pattern when describing
-u
option only.Source code
The function
fnmatch
insrc/journal
is used when searching for units only.debug journalctl
Enabling debug output you can see that the pattern is expanded only when using
-u
.All the matches are treated as exact, including
UNIT
: