[转帖]rsar - Extract data from plain-text sar files
sar -A -t -f /tmp/sa11 >/tmp/sar11 https://github.com/ryran/rsar
When dealing with sysstat sar data in a sosreport, it's almost always easier to parse through the plain-text sar data files than it is to get the binary sa files onto a system where you can use sar to parse through them for exactly what you're looking for.
The goal behind rsar is to make this process a little bit easier. rsar is like the sar command, but for plain-text sar files instead of sa files. It supports almost all of the same data-selection options sar uses.
INSTALLATION
Two choices:
Manual install: Get the very latest version directly by downloading the main rsar file from raw.github.com/ryran/rsar/master/rsar. Updating will need to be done manually by re-downloading it. Explicitly, you could run the following as root:
curl -Lo /usr/local/bin/rsar raw.github.com/ryran/rsar/master/rsar
chmod +x /usr/local/bin/rsar
RPM/Yum repo (recommended): Configure access to the Fedora/RHEL6+ yum repository @ people.redhat.com/rsawhill/rpms and install the rsar RPM from there. Updating can happen automatically along with the rest of your system. Two-step instructions @ How to install xsos or rsar via yum?
Once rsar is installed by one of the above methods, run rsar -h as a normal user to see the help page and get started.
USAGE
rsar has an extensive help page. Use it. Feel free to make it better. Here's what it looks like in v0.1.0rc6:
Usage: rsar SARFILE... [--12hr] [--hn] [--noxh] [-t TIME] [SAROPTS] [DRILLDOWN]
SAROPTS is any mix of: [-AbBcdHInqrRSuvwWy]
DRILLDOWN is any mix of: [-P CPU] [-D DISK] [-N NIC]
Note that getopt is used for arg-parsing (so argument order is arbitrary)
rsar requires at least 1 plaintext sar data file (optionally-compressed)
Spaces in SARFILE name or path will break things (complain if you care)
Supported file extensions for compressed sar files:
z, gz, gzip, b, b2, bz, bz2, bzip, bzip2, x, xz, lzma
Opts Specific to rsar:
--12hr Switch input format from default 24-hr to 12-hr AM/PM
--hn Show hostname/kernel version lines from each sar file
--noxh Hide extra column header lines (usually indicative of reboots)
-t <TIME> Where TIME is a regex for time period to display
Ex: '^1[2-5]' or ':[23]0:' or '^(0.:40|2.:40)' or '^12.*AM'
-x <PATTERN> Where PATTERN is used to select a section
Ex: 'svctm', 'iowait', 'runq', 'proc|cswch'
Recommended to stick with below sar opts to avoid collisions
-z Disable showing 'Average:' lines
Hint: To show _only_ 'Average:' lines, use -t Av
Standard sar Selection Opts:
-A { 5 | 6 | 7 }
Like sar -A: alias for all selection opts (excl. -d & -n)
The required number corresponds with a major RHEL version
-b I/O and transfer rate statistics
-B Paging statistics
-c Process creation statistics
-d Block device statistics
-H Hugepages utilization statistics
-I { SUM }
Interrupts statistics
-n { <KEYWORD> [,...] | ALL }
Network statistics
KEYWORD may be any of the following (case-insensitive):
DEV Network interfaces
EDEV Network interfaces (errors)
NFS NFS client
NFSD NFS server
SOCK Sockets (v4)
IP IP traffic (v4)
EIP IP traffic (v4) (errors)
ICMP ICMP traffic (v4)
EICMP ICMP traffic (v4) (errors)
TCP TCP traffic (v4)
ETCP TCP traffic (v4) (errors)
UDP UDP traffic (v4)
SOCK6 Sockets (v6)
IP6 IP traffic (v6)
EIP6 IP traffic (v6) (errors)
ICMP6 ICMP traffic (v6)
EICMP6 ICMP traffic (v6) (errors)
UDP6 UDP traffic (v6)
-q Queue length and load average statistics
-r Memory utilization statistics
-R Memory statistics
-S Swap space utilization statistics
-u CPU utilization statistics
-v Kernel table statistics
-w System switching statistics
-W Swapping statistics
-y TTY device statistics
Note that args passed to -I & -n & -P are cumulative and case-insensitive
Ex: -n Dev,eDEV works, as does -n Dev -n eDEV -n icmp as does -nALL
-P all works, as does -P 0,4,7, as does -P0 -P 4 -P 3. -P '[78]|22'
Drill-Down Opts:
-P { <CPU> [,...] | ALL }
Where CPU can be comma-separated list of CPU-numbers (like sar)
Else, if 'ALL' is used, then everything will be shown
Unlike with sar, CPU can also be a regex
Ex: '1,4,6' or '1|4|6' or '0,[1-3]0'
-D <DISK> Where DISK is a regex for which block devices to select
Ex: 'dev8-16' or '7.$' or 'sda2|rootlv'
-N <NIC> Where NIC is a regex for which network interfaces to select
Ex: 'eth0' or 'eth[12]' or 'bond[1-3]|em1'
Examples:
rsar sar03 -qut ^2
rsar sar03 -P all -t Average
rsar -t^09:30 -n edev,sock -N eth3 -I sum sar19.bz2
rsar -x iowait -P [0-3] -t^15:30 /tmp/sar26.gz /tmp/sar27.xz -RB
Version info: rsar v0.1.0rc6 last mod 2013/02/16
See <github.com/ryran/xsos> to report bugs or suggestions
EXAMPLES IN ACTION
rsar doesn't read binary files; it's meant to read sar-generated plain-text sar files. Reading a single file with no options, rsar behaves the same as sar would, i.e.: shows the combined cpu-utilization.
[rsaw:sa]$ rsar sa22
rsar: Unable to read file: 'sa22'
Need a plain-text sar data file to continue
[rsaw:sa]$ rsar sar22
00:00:01 CPU %user %nice %system %iowait %steal %idle
00:10:01 all 0.10 0.00 0.08 0.00 0.00 99.82
00:20:01 all 0.09 0.00 0.08 0.00 0.00 99.82
00:30:01 all 0.10 0.00 0.08 0.00 0.00 99.81
00:40:01 all 0.11 0.00 0.09 0.01 0.00 99.80
00:50:01 all 0.10 0.00 0.09 0.01 0.00 99.81
01:00:01 all 0.10 0.00 0.09 0.00 0.00 99.80
01:10:01 all 0.11 0.00 0.11 0.00 0.00 99.78
01:20:02 all 0.09 0.00 0.09 0.00 0.00 99.82
01:30:01 all 0.10 0.00 0.08 0.00 0.00 99.82
01:40:01 all 0.11 0.00 0.08 0.00 0.00 99.80
01:50:01 all 0.09 0.00 0.08 0.00 0.00 99.83
02:00:01 all 0.10 0.00 0.08 0.00 0.00 99.82
02:10:01 all 0.10 0.00 0.08 0.00 0.00 99.82
(Note: Output truncated. That would have shown all available cpu utilization data, including any new header-lines caused by reboots and plus any "Average" lines.)
Time-selection is NOT like the -e and -s options of sar; instead, rsar has a -t option that takes a regular expression which is matched against the time field in the sar data. Be as specific or as general as you want.
[rsaw:sa]$ rsar sar22 -t ^21
00:00:01 CPU %user %nice %system %iowait %steal %idle
21:00:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:10:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:20:01 all 0.09 0.00 0.08 0.00 0.00 99.83
21:30:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:40:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:50:01 all 0.09 0.00 0.08 0.00 0.00 99.83
Average: all 0.10 0.00 0.08 0.00 0.00 99.82
rsar supports many sar-specific data-selection options like -q for queue/loadavg or -r for memory utilization. So here's that, plus a very specific time selection.
[rsaw:sa]$ rsar -qt '^12:10|16:40' sar22 -r
00:00:01 runq-sz plist-sz ldavg-1 ldavg-5 ldavg-15
12:10:01 0 1221 1.14 1.14 1.12
16:40:01 2 1228 1.22 1.25 1.20
Average: 0 1221 1.21 1.21 1.18
00:00:01 kbmemfree kbmemused %memused kbbuffers kbcached kbswpfree kbswpused %swpused kbswpcad
12:10:01 77117704 54967744 41.62 502620 47472612 33551744 0 0.00 0
16:40:01 77067032 55018416 41.65 502904 47516168 33551744 0 0.00 0
Average: 77145109 54940339 41.59 502192 47449826 33551744 0 0.00 0
For those unfamiliar with sar options, regex searching for headers with -x is supported. You can also use -P in the same way as with the sar command, namely, to specify which CPUs to display info for (comma-separated numbers or else ALL to see each CPU + combined avg). With this example output, we can see how easy rsar makes it to spot in the data when a system was rebooted -- no scrolling halfway through the file necessary.
[rsaw:sa]$ rsar sar22 -t'^1(3:5|4:[0-5])' -x nice -P 0,9
00:00:01 CPU %user %nice %system %iowait %steal %idle
13:50:01 0 0.05 0.00 0.12 0.00 0.00 99.82
13:50:01 9 0.02 0.00 0.01 0.00 0.00 99.97
14:00:01 0 5.38 0.00 0.22 0.00 0.00 94.40
14:00:01 9 0.05 0.00 0.10 0.00 0.00 99.84
14:10:01 0 0.04 0.00 0.05 0.00 0.00 99.91
14:10:01 9 0.01 0.00 0.02 0.00 0.00 99.97
14:20:01 0 0.04 0.00 0.13 0.00 0.00 99.83
14:20:01 9 0.01 0.00 0.00 0.00 0.00 99.98
Average: 0 0.13 0.00 0.07 0.00 0.00 99.80
Average: 9 0.02 0.00 0.05 0.00 0.00 99.92
14:40:01 CPU %user %nice %system %iowait %steal %idle
14:50:01 0 0.22 0.00 0.19 0.01 0.00 99.58
14:50:01 9 0.03 0.00 0.01 0.00 0.00 99.96
Average: 0 0.08 0.00 0.08 0.00 0.00 99.84
Average: 9 0.03 0.00 0.05 0.00 0.00 99.91
[rsaw:sa]$ grep -i restart sar22
14:31:23 LINUX RESTART
Paging & page info:
[rsaw:sa]$ rsar sar22 -t2:30 -BR
00:00:01 pgpgin/s pgpgout/s fault/s majflt/s
02:30:01 0.59 340.28 13167.06 0.00
12:30:01 0.11 339.28 13130.51 0.00
22:30:01 0.11 350.35 13141.76 0.00
Average: 53.62 379.68 13026.00 0.01
00:00:01 frmpg/s bufpg/s campg/s
02:30:01 0.78 0.01 -0.05
12:30:01 -2.04 0.00 0.19
22:30:01 -1.42 0.00 0.19
Average: -0.80 0.01 0.70
Interface-specific selection (-N) of network stats from multiple compressed files:
[rsaw:sa]$ rsar -n DEV -N eth4 sar24.gz -t^19:[12] sar26.bz2
------------------------ sar24.gz ------------------------
00:00:01 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
19:10:01 eth4 2.42 2.56 203.47 225.20 0.00 0.00 0.00
19:20:01 eth4 2.41 2.57 210.17 224.31 0.00 0.00 0.00
Average: eth4 2.42 2.56 205.99 224.09 0.00 0.00 0.00
------------------------ sar26.bz2 ------------------------
00:00:01 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
19:10:01 eth4 2.43 2.55 204.02 224.23 0.00 0.00 0.00
19:20:01 eth4 2.41 2.57 205.94 225.02 0.00 0.00 0.00
Average: eth4 2.42 2.56 206.07 224.04 0.00 0.00 0.00
Disk stats via regex (could also use the sar option: -d).
[rsaw:sa]$ rsar -x await sar19 -t^04:[0-4]
00:00:01 DEV tps rd_sec/s wr_sec/s avgrq-sz avgqu-sz await svctm %util
04:00:01 dev8-0 0.14 0.00 1.79 12.92 0.00 1.37 0.81 0.01
04:00:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:10:01 dev8-0 0.22 6.28 2.28 39.51 0.00 1.74 1.04 0.02
04:10:01 dev8-16 0.14 0.00 2.07 15.33 0.00 2.83 0.88 0.01
04:20:01 dev8-0 0.19 0.00 2.40 12.74 0.00 1.78 0.80 0.02
04:20:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:30:01 dev8-0 0.19 0.00 2.35 12.46 0.00 1.42 0.65 0.01
04:30:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:40:01 dev8-0 0.19 0.00 2.48 13.05 0.00 1.61 0.75 0.01
04:40:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: dev8-0 0.23 1.00 2.37 14.56 0.00 1.60 0.88 0.02
Average: dev8-16 0.07 0.01 14.89 218.58 0.00 5.12 1.44 0.01
And just like with network interfaces, there's an option to specify specific block devices. Here I did that (-D) along with the -z option to hide the "Average" lines, plus threw in network errs (-n edev).
[rsaw:sa]$ rsar -x await sar19 -t^04:[0-4] -D 16 -zn edev -N eth0
00:00:01 DEV tps rd_sec/s wr_sec/s avgrq-sz avgqu-sz await svctm %util
04:00:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:10:01 dev8-16 0.14 0.00 2.07 15.33 0.00 2.83 0.88 0.01
04:20:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:30:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:40:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
00:00:01 IFACE rxerr/s txerr/s coll/s rxdrop/s txdrop/s txcarr/s rxfram/s rxfifo/s txfifo/s
04:00:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:10:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:20:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:30:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:40:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
AUTHORS
So far it's just me, ryran, aka rsaw, aka Ryan Sawhill Aroha
Please contact me if you have ideas, suggestions, questions, or want to collaborate on this or something similar. For specific bugs and feature-requests, you can post a new issue on the tracker.
LICENSE
Copyright (C) 2012-2013, 2015 Ryan Sawhill Aroha
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License @gnu.org/licenses/gpl.html for more details.
[转帖]rsar - Extract data from plain-text sar files的更多相关文章
- [转帖]浅谈程序中的text段、data段和bss段
作者:百问科技链接:https://zhuanlan.zhihu.com/p/28659560来源:知乎著作权归作者所有.商业转载请联系作者获得授权,非商业转载请注明出处. 一般情况,一个程序本质上都 ...
- Insert Plain Text and Images into RichTextBox at Runtime
Insert Plain Text and Images into RichTextBox at Runtime' https://www.codeproject.com/Articles/4544/ ...
- Plain text considered harmful: A cross-domain exploit
referer:http://balpha.de/2013/02/plain-text-considered-harmful-a-cross-domain-exploit/ Data from aro ...
- 如何撤销 PhpStorm/Clion 等 JetBrains 产品的 “Mark as Plain Text” 操作 ?
当把某个文件“Mark as Plain Text”时,该文件被当做普通文本,就不会有“代码自动完成提示”功能,如下图所示: 但是呢,右键菜单中貌似没有 相应的撤销 操作, 即使是把它删除,再新建一个 ...
- Jade之Plain Text
Plain Text jade提供了3种得到纯文本的方法. Piped Text 添加纯文本的一个最简单的方法就是在文本最前面加|符号即可. jade: p | It must always be o ...
- [Regular Expressions] Find Plain Text Patterns
The simplest use of Regular Expressions is to find a plain text pattern. In this lesson we'll look a ...
- [转] bss段、data段、text段
1.前言 一个程序本质上都是由 BSS 段.DATA段.TEXT段三个组成的. 本文主要分编译时和运行时分别对 对data段 bss段 text段 堆 栈作一简要说明 2. 程序编译时概念说明 程序与 ...
- How to return plain text from AWS Lambda & API Gateway
With limited experience in AWS Lambda & API Gateway, it's struggling to find the correct way to ...
- (深入理解计算机系统) bss段,data段、text段、堆(heap)和栈(stack)
bss段: bss段(bss segment)通常是指用来存放程序中未初始化的全局变量的一块内存区域. bss是英文Block Started by Symbol的简称. bss段属于静态内存分配. ...
- 【转】(深入理解计算机系统) bss段,data段、text段、堆(heap)和栈(stack)
bss段: bss段(bss segment)通常是指用来存放程序中未初始化的全局变量的一块内存区域. bss是英文Block Started by Symbol的简称. bss段属于静态内存分配. ...
随机推荐
- [Python急救站]百钱买百鸡
百钱买百鸡:一人用100元买了100只鸡,其中公鸡5元一只,母鸡3元一只,小鸡1元一只.问:公鸡.母鸡.小鸡各多少只? 程序采用穷举法. for x in range(1, 21): for y in ...
- Provider 四种消费者
Provider.of Provider.of 方法是 Provider 库中最常用的获取共享数据的方法之一.它接收一个 BuildContext 对象和一个泛型类型参数 T,会查找 Widget 树 ...
- 原理一、Java中的HashMap的实现
文章从JDK1.7和JDK1.8两个版本解析HashMap的实现原理及其中常见的面试题(两个版本HashMap最大的区别,1.7版HashMap=数组+链表,1.8版HashMap=数组+红黑树+链表 ...
- 第八部分_Shell脚本之综合案例实训
综合案例 1. 实战案例1 ㈠ 具体需求 写一个脚本,将跳板机上yunwei用户的公钥推送到局域网内可以ping通的所有机器上 说明:主机和密码文件已经提供 10.1.1.1:123456 10.1. ...
- 解读分布式调度平台Airflow在华为云MRS中的实践
摘要:Airflow是一个使用Python语言编写的分布式调度平台,通过DAG(Directed acyclic graph 有向无环图)来管理任务. 本文分享自华为云社区<分布式调度平台Air ...
- gis经纬度坐标转换多格式兼容:支持字符串/数组/GeoJSON
格式 let coordinatesStrReg = /((-*[1][0-9]{0,2}|0)(\.[0-9]{1,6})*),\s{0,2}((-*[1-9][0-9]{0,1}|0)(\.[0- ...
- Solon 项目的单元测试插件
1.引入依赖 <dependency> <groupId>org.noear</groupId> <artifactId>solon-test</ ...
- Solon 的多配置文件切换
比如有配置文件: app.yml app-dev.yml app-pro.yml 可以通过启动参数:-env java -jar demoapp.jar -env=dev
- 阿里OSS文件访问变成下载
将 ECS 挂载 OSS 多Bucket ,进行文件存储后,发现PDF.图片在浏览器中访问URL,变成了下载,页不是预览. 1. 解决办法,文件类型 application/octet-stream ...
- Hystrix 如何解决 ThreadLocal 信息丢失
本文分享 ThreadLocal 遇到 Hystrix 时上下文信息传递的方案. 一.背景 笔者在业务开发中涉及到使用 ThreadLocal 来存放上下文链路中一些关键信息,其中一些业务实现对外部接 ...