Hosting Operations
Read-onlyGroup Server Errors by URL Path
A site is returning 5xx responses and you need to see whether one route is failing or the whole app path is unhealthy.
Command
awk '$9 ~ /^5/ {count[$7]++} END {for (path in count) print count[path], path}' ./fixtures/nginx/access.log | sort -nr | headBefore you run this
System impact: Read-only. Low when scoped to the shown target.
When not to use it: Do not assume the path itself is the root cause. A 502 may be an upstream service, a 500 may be app code, and a 503 may be capacity or maintenance.
Expected output
A descending list of 5xx counts followed by URL paths, giving you a short list for app logs or upstream checks.
System impact
Read-only. Nothing changes. The command reads access-log paths and groups only 5xx responses.
Recovery / rollback: no state is changed.
When to use it
Use this before restarting services when you need to know whether server errors are concentrated on one endpoint.
When not to use it
Do not assume the path itself is the root cause. A 502 may be an upstream service, a 500 may be app code, and a 503 may be capacity or maintenance.
Watch this command run
Command transcript
This sanitized transcript shows the commands and output shape without exposing host details.
$ awk '$9 ~ /^5/ {print $1, $7, $9}' ./sample-files/nginx/access.log
198.51.100.21 /api/report 500
198.51.100.22 /api/report 502
198.51.100.23 /api/report 503$ awk '$9 ~ /^5/ {count[$7]++} END {for (path in count) print count[path], path}' ./sample-files/nginx/access.log | sort -nr | head
3 /api/report$ awk '{count[$9]++} END {for (code in count) print count[code], code}' ./sample-files/nginx/access.log | sort -nr
13 200
5 404
2 405
2 403
1 503
1 502
1 500View commands shown
These are the commands shown in the sanitized transcript.
Commands shown
awk '$9 ~ /^5/ {print $1, $7, $9}' ./fixtures/nginx/access.logawk '$9 ~ /^5/ {count[$7]++} END {for (path in count) print count[path], path}' ./fixtures/nginx/access.log | sort -nr | headawk '{count[$9]++} END {for (code in count) print count[code], code}' ./fixtures/nginx/access.log | sort -nr
next steps
Related commands
Summarize HTTP Status Codes
Before chasing individual lines, get the shape of the whole log.
awk '{count[$9]++} END {for (code in count) print count[code], code}' ./fixtures/nginx/access.log | sort -nr
Find Paths Repeatedly Returning 404
One missing URL is normal. A repeated missing URL is a signal.
awk '$9==404 {count[$7]++} END {for (path in count) if (count[path] >= 3) print count[path], path}' ./fixtures/nginx/access.log | sort -nr | head
Find Unusually Large Web Responses
A few huge responses can explain bandwidth, latency, and suspicious download patterns.
awk '$10 ~ /^[0-9]+$/ && $10 > 1000000 {print $10, $1, $7, $9}' ./fixtures/nginx/access.log | sort -nr | head
Count App Errors by Minute
A minute-by-minute count shows whether an incident is a spike or a drip.
awk 'tolower($0) ~ /(error|fatal|timeout|exception)/ {minute=substr($1,1,16); count[minute]++} END {for (m in count) print count[m], m}' fixtures/incidents/app.log | sort -nr
Spot Request Bursts by Minute
Traffic spikes are easier to read when you bucket them by time.
awk '{minute=substr($4,2,17); count[minute]++} END {for (m in count) print count[m], m}' ./fixtures/nginx/access.log | sort -nr | head
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.