$ Linux One Liners
Back to commands

Hosting Operations

Read-only

Find the Noisiest Incident Log Files

Several incident log files exist and you need to know which ones have the most lines before opening them.

Command

wc -l fixtures/incidents/*.log | sort -nr

Before you run this

System impact: Read-only. Low when scoped to the shown target.

When not to use it: Do not confuse line volume with importance; a short kernel or deploy log can still explain the incident.

Expected output

Line counts sorted from largest to smallest.

System impact

Read-only. Nothing changes. The command counts lines per log file and sorts the result.

Recovery / rollback: no state is changed.

When to use it

Use when a service emits several logs and you need a quick noise map.

When not to use it

Do not confuse line volume with importance; a short kernel or deploy log can still explain the incident.

Watch this command run

Command transcript

This sanitized transcript shows the commands and output shape without exposing host details.

demo@lab:~$

$ ls sample-files/incidents

app.log
deploy.log
kernel.journal
system.journal

$ wc -l sample-files/incidents/*.log | sort -nr

  14 total
  10 sample-files/incidents/app.log
   4 sample-files/incidents/deploy.log
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. ls fixtures/incidents
  2. wc -l fixtures/incidents/*.log | sort -nr

next steps

Related commands

Hosting Operations Read-only

Count App Errors by Minute

A minute-by-minute count shows whether an incident is a spike or a drip.

awk 'tolower($0) ~ /(error|fatal|timeout|exception)/ {minute=substr($1,1,16); count[minute]++} END {for (m in count) print count[m], m}' fixtures/incidents/app.log | sort -nr
Hosting Operations Can be slow

Count Request IDs in Error Lines

Repeated request IDs can connect separate error lines to one failing path.

grep -Ei 'error|timeout|fatal|exception' fixtures/incidents/app.log | awk '{for (i=1;i<=NF;i++) if ($i ~ /^request_id=/) print $i}' | sort | uniq -c | sort -nr
Hosting Operations Can be slow

Build a Deploy and Restart Timeline

Deploys and restarts are incident landmarks.

grep -Eh 'deploy|release|restart|started|stopped|rolled back' fixtures/incidents/*.log | sort
Hosting Operations Read-only

Find Unusually Large Web Responses

A few huge responses can explain bandwidth, latency, and suspicious download patterns.

awk '$10 ~ /^[0-9]+$/ && $10 > 1000000 {print $10, $1, $7, $9}' ./fixtures/nginx/access.log | sort -nr | head
Hosting Operations Read-only

Summarize HTTP Status Codes

Before chasing individual lines, get the shape of the whole log.

awk '{count[$9]++} END {for (code in count) print count[code], code}' ./fixtures/nginx/access.log | sort -nr
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:103-gnu-unix-commands
  • lfcs:essential-commands
  • lfcs:operations-deployment
  • lfcs:services-logs
  • linuxplus:automation-scripting
  • linuxplus:provisional
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.