> From: m.a.young@durham.ac.uk
>
> On Wed, 17 Jul 2013, Lennart Poettering wrote:
>
> > "cat /var/log/messages" becomes "journalctl"
> > "tail -f /var/log/messages" becomes "journalctl -f"
> > "tail -n100 /var/log/messages" becomes "journalctl -n100"
> > "grep foobar /var/log/messages" becomes "journalctl | grep foobar"
> >
> > This isn't complex. You can grep/sed/awk as much as you want. You just
> > do it over the output of journalctl rather than teh file. That's not
> > that big a difference.
>
> One thing you have missed is how you edit the log file. There may be cases
> where you want to strip out log entries, eg. when a process has gone wild
> and swamped the useful messages with useless ones and you want to keep the
> useful ones and throw away the useless ones.


I used to do something like this with vim ":g/NOISE/d" until I could see the detail I wanted when the alternations for grep would have been tremendously long.  With journalctl's built-in filtering capabilities I'm glad I don't have to do that anymore; it's way more concise.  However, all use cases differ, so if you must, you can:  "journalctl | vim -".  YMMV with other editors though.


--
John Florian