journalctl is a powerful command-line utility for querying and displaying messages from the journal managed by systemd. This cheat sheet provides essential commands to navigate and extract information from the system journal effectively.
Viewing Journal Entries:
Command
Description
journalctl
Display all journal entries.
journalctl -n [number]
Show the last [number] entries.
Filtering by Time:
Command
Description
journalctl --since "2022-01-01"
Show entries since a specific date.
journalctl --until "2022-02-01"
Show entries until a specific date.
journalctl --since "1 hour ago"
Show entries from the last hour.
Filtering by Unit or Service:
Command
Description
journalctl -u [unit]
Show entries for a specific unit or service.
journalctl -u [unit] --since "today"
Show entries for a unit since today.
Filtering by Priority:
Command
Description
journalctl -p [priority]
Show entries with a specific priority.
journalctl -p err
Show entries with “err” priority.
Output Format and Details:
Command
Description
journalctl -o verbose
Show entries in verbose mode.
journalctl -o json
Display entries in JSON format.
journalctl -o short-precise
Show entries in short and precise format.
Searching for Keywords:
Command
Description
journalctl /keyword/
Search for a specific keyword in entries.
Exporting Journal Entries:
Command
Description
journalctl > output.txt
Export journal entries to a text file.
journalctl -o json > output.json
Export entries in JSON format to a file.
Real-Time Monitoring:
Command
Description
journalctl -f
Monitor journal entries in real-time.
Conclusion
This journalctl cheat sheet covers essential commands to efficiently navigate and extract information from the systemd journal. Whether you’re troubleshooting or monitoring system events, these commands will help you effectively analyze the journal entries.