tail command

The tail command (lw-tail) allows you to query a particular log table from the command-line, specifying conditions that the log entries must satisfy, and selecting which fields are displayed.

Like its standard Unix inspiration, the -f switch allows you to constantly tail a log table, with the binaries checking in the background every n seconds for new rows.

Syntax
$ cd 
$ lw-tail
Usage: /usr/local/bin/lw-tail [options] 
    -f [secs]                        Continuously check for more data, every [secs] seconds.
                                     Default: 10
    -r limit                         Specify how many log entries to fetch.
                                     Default: 200
    -k fields                        Specify a comma-separated list of fields to retrieve.
    -c condition                     Specify a condition to match. May be used multiple times
    -s starttime                     Specify the start time for the query
    -e endtime                       Specify the end time for the query
    --flat                           Do not expand log entries when printing them
    -v                               Show debug information
    -h, --help                       Display this screen
Conditions

The syntax for conditions is described in the Conditions section of the logworm query document.

Examples

Based on the web_log log table, which is created automatically when you use logworm:

$ lw-tail
    Usage: /usr/local/bin/lw-tail [options] 
    [...]
    
    The following are the tables that you've created thus far:
    	 - client_inserts, 5 rows, last updated on 2010-03-02 @ 15:39:38 GMT
    	 - models, 3 rows, last updated on 2010-03-05 @ 14:56:05 GMT
    	 - sales, 5 rows, last updated on 2010-03-02 @ 15:39:38 GMT
    	 - views, 9 rows, last updated on 2010-03-05 @ 14:56:05 GMT
    	 - visits, 136 rows, last updated on 2010-03-05 @ 14:56:05 GMT
    	 - web_log, 30420 rows, last updated on 2010-03-13 @ 17:55:44 GMT
    	 - web_log_long, 211 rows, last updated on 2010-03-05 @ 14:56:05 GMT

$ lw-tail web_log
    ==> list the last 200 entries
    [...]

    2010-03-13 @ 17:55:43 GMT ==> 
    	_request_id: "23943003387660-1268502943001"
    	_ts_utc: 1268502943002
    	input: ""
    	profiling: 0.000701
    	request_ip: "24.63.134.228, 10.194.94.207"
    	request_method: "GET"
    	request_path: "/"
    	response_status: 200
    	summary: "GET / - 200 0.000701"

    2010-03-13 @ 17:55:44 GMT ==> 
    	_request_id: "23943003387660-1268502944032"
    	_ts_utc: 1268502944032
    	input: ""
    	profiling: 0.000768
    	request_ip: "24.63.134.228, 10.194.94.207"
    	request_method: "GET"
    	request_path: "/"
    	response_status: 200
    	summary: "GET / - 200 0.000768"

$ lw-tail -f web_log    
	==> list the last 200 and continuously check for new entries

$ lw-tail web_log -k "request_ip, summary" 
	==> only show the request_ip and summary fields
	[...]

    2010-03-13 @ 17:55:43 GMT ==> 
    	request_ip: "24.63.134.228, 10.194.94.207"
    	summary: "GET / - 200 0.000701"

    2010-03-13 @ 17:55:44 GMT ==> 
    	request_ip: "24.63.134.228, 10.194.94.207"
    	summary: "GET / - 200 0.000768"

$ lw-tail web_log -c '"response_status":"500"'
  	==> list only those requests that caused 500 errors

$ lw-tail web_log -c '"response_status":{"$gt":"300"}'
  	==> list only those requests that returned a status > 300

$ lw-tail web_log -c '"response_status":{"$gt":"300"}, "request_path":"/foo"'
  	==> list only those requests for /foo that returned a status > 300

Back to documentation

Company   |   FAQ   |   Documentation   |   Blog