turbinia icon indicating copy to clipboard operation
turbinia copied to clipboard
verified publisher icon google

turbiniactl log gathering features

Open aarontp opened this issue 4 years ago • 3 comments

The new turbiniactl gcplogs command is really great to have, and it would also be nice to be able to filter the output to make it a little easier to read. A couple quick ideas are:

  • By default parse the json and only show the interesting fields. Maybe something like $timestamp, $origin, $severity, $message . Then we can have a separate --json flag that will dump it in the original jsonl format if needed.
  • Add a --severity flag so that we can filter out things below a given log severity level (e.g. INFO, DEBUG, etc).

aarontp avatar Jan 28 '21 20:01 aarontp

FYI @alimez

aarontp avatar Jan 28 '21 20:01 aarontp

A couple other nice to have things:

  • Make logs sort by "ascending" by default (could add a --descending option if we think that's useful)
  • Have some kind of --maxlines default (maybe 1000?) since a days worth of logs can be quite a lot (and can take a bit of time). It would be nice if this could be the "tail" of the logs, but not sure if that's feasible.
  • Add worker name to logs and possibly have a flag that can filter on that (or at least document how to add that to the query filter).

aarontp avatar Jan 28 '21 22:01 aarontp

We are in the process creating a new API server which will handle gathering of logs in the future, so I don't think that we will want to invest more time into the gcplogs command directly. I am still going to keep this open for now as these features will still likely be nice to have in the new implementation.

aarontp avatar Apr 11 '22 22:04 aarontp

I am going to close this out because this is mostly just relevant to the existing turbiniactl gcplogs command implementation which will be going away in the new architecture.

aarontp avatar Aug 17 '22 20:08 aarontp