[转帖]rsar - Extract data from plain-text sar files
sar -A -t -f /tmp/sa11 >/tmp/sar11 https://github.com/ryran/rsar
When dealing with sysstat sar data in a sosreport, it's almost always easier to parse through the plain-text sar data files than it is to get the binary sa files onto a system where you can use sar to parse through them for exactly what you're looking for.
The goal behind rsar is to make this process a little bit easier. rsar is like the sar command, but for plain-text sar files instead of sa files. It supports almost all of the same data-selection options sar uses.
INSTALLATION
Two choices:
Manual install: Get the very latest version directly by downloading the main rsar file from raw.github.com/ryran/rsar/master/rsar. Updating will need to be done manually by re-downloading it. Explicitly, you could run the following as root:
curl -Lo /usr/local/bin/rsar raw.github.com/ryran/rsar/master/rsar
chmod +x /usr/local/bin/rsar
RPM/Yum repo (recommended): Configure access to the Fedora/RHEL6+ yum repository @ people.redhat.com/rsawhill/rpms and install the rsar RPM from there. Updating can happen automatically along with the rest of your system. Two-step instructions @ How to install xsos or rsar via yum?
Once rsar is installed by one of the above methods, run rsar -h as a normal user to see the help page and get started.
USAGE
rsar has an extensive help page. Use it. Feel free to make it better. Here's what it looks like in v0.1.0rc6:
Usage: rsar SARFILE... [--12hr] [--hn] [--noxh] [-t TIME] [SAROPTS] [DRILLDOWN]
SAROPTS is any mix of: [-AbBcdHInqrRSuvwWy]
DRILLDOWN is any mix of: [-P CPU] [-D DISK] [-N NIC]
Note that getopt is used for arg-parsing (so argument order is arbitrary)
rsar requires at least 1 plaintext sar data file (optionally-compressed)
Spaces in SARFILE name or path will break things (complain if you care)
Supported file extensions for compressed sar files:
z, gz, gzip, b, b2, bz, bz2, bzip, bzip2, x, xz, lzma
Opts Specific to rsar:
--12hr Switch input format from default 24-hr to 12-hr AM/PM
--hn Show hostname/kernel version lines from each sar file
--noxh Hide extra column header lines (usually indicative of reboots)
-t <TIME> Where TIME is a regex for time period to display
Ex: '^1[2-5]' or ':[23]0:' or '^(0.:40|2.:40)' or '^12.*AM'
-x <PATTERN> Where PATTERN is used to select a section
Ex: 'svctm', 'iowait', 'runq', 'proc|cswch'
Recommended to stick with below sar opts to avoid collisions
-z Disable showing 'Average:' lines
Hint: To show _only_ 'Average:' lines, use -t Av
Standard sar Selection Opts:
-A { 5 | 6 | 7 }
Like sar -A: alias for all selection opts (excl. -d & -n)
The required number corresponds with a major RHEL version
-b I/O and transfer rate statistics
-B Paging statistics
-c Process creation statistics
-d Block device statistics
-H Hugepages utilization statistics
-I { SUM }
Interrupts statistics
-n { <KEYWORD> [,...] | ALL }
Network statistics
KEYWORD may be any of the following (case-insensitive):
DEV Network interfaces
EDEV Network interfaces (errors)
NFS NFS client
NFSD NFS server
SOCK Sockets (v4)
IP IP traffic (v4)
EIP IP traffic (v4) (errors)
ICMP ICMP traffic (v4)
EICMP ICMP traffic (v4) (errors)
TCP TCP traffic (v4)
ETCP TCP traffic (v4) (errors)
UDP UDP traffic (v4)
SOCK6 Sockets (v6)
IP6 IP traffic (v6)
EIP6 IP traffic (v6) (errors)
ICMP6 ICMP traffic (v6)
EICMP6 ICMP traffic (v6) (errors)
UDP6 UDP traffic (v6)
-q Queue length and load average statistics
-r Memory utilization statistics
-R Memory statistics
-S Swap space utilization statistics
-u CPU utilization statistics
-v Kernel table statistics
-w System switching statistics
-W Swapping statistics
-y TTY device statistics
Note that args passed to -I & -n & -P are cumulative and case-insensitive
Ex: -n Dev,eDEV works, as does -n Dev -n eDEV -n icmp as does -nALL
-P all works, as does -P 0,4,7, as does -P0 -P 4 -P 3. -P '[78]|22'
Drill-Down Opts:
-P { <CPU> [,...] | ALL }
Where CPU can be comma-separated list of CPU-numbers (like sar)
Else, if 'ALL' is used, then everything will be shown
Unlike with sar, CPU can also be a regex
Ex: '1,4,6' or '1|4|6' or '0,[1-3]0'
-D <DISK> Where DISK is a regex for which block devices to select
Ex: 'dev8-16' or '7.$' or 'sda2|rootlv'
-N <NIC> Where NIC is a regex for which network interfaces to select
Ex: 'eth0' or 'eth[12]' or 'bond[1-3]|em1'
Examples:
rsar sar03 -qut ^2
rsar sar03 -P all -t Average
rsar -t^09:30 -n edev,sock -N eth3 -I sum sar19.bz2
rsar -x iowait -P [0-3] -t^15:30 /tmp/sar26.gz /tmp/sar27.xz -RB
Version info: rsar v0.1.0rc6 last mod 2013/02/16
See <github.com/ryran/xsos> to report bugs or suggestions
EXAMPLES IN ACTION
rsar doesn't read binary files; it's meant to read sar-generated plain-text sar files. Reading a single file with no options, rsar behaves the same as sar would, i.e.: shows the combined cpu-utilization.
[rsaw:sa]$ rsar sa22
rsar: Unable to read file: 'sa22'
Need a plain-text sar data file to continue
[rsaw:sa]$ rsar sar22
00:00:01 CPU %user %nice %system %iowait %steal %idle
00:10:01 all 0.10 0.00 0.08 0.00 0.00 99.82
00:20:01 all 0.09 0.00 0.08 0.00 0.00 99.82
00:30:01 all 0.10 0.00 0.08 0.00 0.00 99.81
00:40:01 all 0.11 0.00 0.09 0.01 0.00 99.80
00:50:01 all 0.10 0.00 0.09 0.01 0.00 99.81
01:00:01 all 0.10 0.00 0.09 0.00 0.00 99.80
01:10:01 all 0.11 0.00 0.11 0.00 0.00 99.78
01:20:02 all 0.09 0.00 0.09 0.00 0.00 99.82
01:30:01 all 0.10 0.00 0.08 0.00 0.00 99.82
01:40:01 all 0.11 0.00 0.08 0.00 0.00 99.80
01:50:01 all 0.09 0.00 0.08 0.00 0.00 99.83
02:00:01 all 0.10 0.00 0.08 0.00 0.00 99.82
02:10:01 all 0.10 0.00 0.08 0.00 0.00 99.82
(Note: Output truncated. That would have shown all available cpu utilization data, including any new header-lines caused by reboots and plus any "Average" lines.)
Time-selection is NOT like the -e and -s options of sar; instead, rsar has a -t option that takes a regular expression which is matched against the time field in the sar data. Be as specific or as general as you want.
[rsaw:sa]$ rsar sar22 -t ^21
00:00:01 CPU %user %nice %system %iowait %steal %idle
21:00:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:10:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:20:01 all 0.09 0.00 0.08 0.00 0.00 99.83
21:30:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:40:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:50:01 all 0.09 0.00 0.08 0.00 0.00 99.83
Average: all 0.10 0.00 0.08 0.00 0.00 99.82
rsar supports many sar-specific data-selection options like -q for queue/loadavg or -r for memory utilization. So here's that, plus a very specific time selection.
[rsaw:sa]$ rsar -qt '^12:10|16:40' sar22 -r
00:00:01 runq-sz plist-sz ldavg-1 ldavg-5 ldavg-15
12:10:01 0 1221 1.14 1.14 1.12
16:40:01 2 1228 1.22 1.25 1.20
Average: 0 1221 1.21 1.21 1.18
00:00:01 kbmemfree kbmemused %memused kbbuffers kbcached kbswpfree kbswpused %swpused kbswpcad
12:10:01 77117704 54967744 41.62 502620 47472612 33551744 0 0.00 0
16:40:01 77067032 55018416 41.65 502904 47516168 33551744 0 0.00 0
Average: 77145109 54940339 41.59 502192 47449826 33551744 0 0.00 0
For those unfamiliar with sar options, regex searching for headers with -x is supported. You can also use -P in the same way as with the sar command, namely, to specify which CPUs to display info for (comma-separated numbers or else ALL to see each CPU + combined avg). With this example output, we can see how easy rsar makes it to spot in the data when a system was rebooted -- no scrolling halfway through the file necessary.
[rsaw:sa]$ rsar sar22 -t'^1(3:5|4:[0-5])' -x nice -P 0,9
00:00:01 CPU %user %nice %system %iowait %steal %idle
13:50:01 0 0.05 0.00 0.12 0.00 0.00 99.82
13:50:01 9 0.02 0.00 0.01 0.00 0.00 99.97
14:00:01 0 5.38 0.00 0.22 0.00 0.00 94.40
14:00:01 9 0.05 0.00 0.10 0.00 0.00 99.84
14:10:01 0 0.04 0.00 0.05 0.00 0.00 99.91
14:10:01 9 0.01 0.00 0.02 0.00 0.00 99.97
14:20:01 0 0.04 0.00 0.13 0.00 0.00 99.83
14:20:01 9 0.01 0.00 0.00 0.00 0.00 99.98
Average: 0 0.13 0.00 0.07 0.00 0.00 99.80
Average: 9 0.02 0.00 0.05 0.00 0.00 99.92
14:40:01 CPU %user %nice %system %iowait %steal %idle
14:50:01 0 0.22 0.00 0.19 0.01 0.00 99.58
14:50:01 9 0.03 0.00 0.01 0.00 0.00 99.96
Average: 0 0.08 0.00 0.08 0.00 0.00 99.84
Average: 9 0.03 0.00 0.05 0.00 0.00 99.91
[rsaw:sa]$ grep -i restart sar22
14:31:23 LINUX RESTART
Paging & page info:
[rsaw:sa]$ rsar sar22 -t2:30 -BR
00:00:01 pgpgin/s pgpgout/s fault/s majflt/s
02:30:01 0.59 340.28 13167.06 0.00
12:30:01 0.11 339.28 13130.51 0.00
22:30:01 0.11 350.35 13141.76 0.00
Average: 53.62 379.68 13026.00 0.01
00:00:01 frmpg/s bufpg/s campg/s
02:30:01 0.78 0.01 -0.05
12:30:01 -2.04 0.00 0.19
22:30:01 -1.42 0.00 0.19
Average: -0.80 0.01 0.70
Interface-specific selection (-N) of network stats from multiple compressed files:
[rsaw:sa]$ rsar -n DEV -N eth4 sar24.gz -t^19:[12] sar26.bz2
------------------------ sar24.gz ------------------------
00:00:01 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
19:10:01 eth4 2.42 2.56 203.47 225.20 0.00 0.00 0.00
19:20:01 eth4 2.41 2.57 210.17 224.31 0.00 0.00 0.00
Average: eth4 2.42 2.56 205.99 224.09 0.00 0.00 0.00
------------------------ sar26.bz2 ------------------------
00:00:01 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
19:10:01 eth4 2.43 2.55 204.02 224.23 0.00 0.00 0.00
19:20:01 eth4 2.41 2.57 205.94 225.02 0.00 0.00 0.00
Average: eth4 2.42 2.56 206.07 224.04 0.00 0.00 0.00
Disk stats via regex (could also use the sar option: -d).
[rsaw:sa]$ rsar -x await sar19 -t^04:[0-4]
00:00:01 DEV tps rd_sec/s wr_sec/s avgrq-sz avgqu-sz await svctm %util
04:00:01 dev8-0 0.14 0.00 1.79 12.92 0.00 1.37 0.81 0.01
04:00:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:10:01 dev8-0 0.22 6.28 2.28 39.51 0.00 1.74 1.04 0.02
04:10:01 dev8-16 0.14 0.00 2.07 15.33 0.00 2.83 0.88 0.01
04:20:01 dev8-0 0.19 0.00 2.40 12.74 0.00 1.78 0.80 0.02
04:20:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:30:01 dev8-0 0.19 0.00 2.35 12.46 0.00 1.42 0.65 0.01
04:30:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:40:01 dev8-0 0.19 0.00 2.48 13.05 0.00 1.61 0.75 0.01
04:40:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: dev8-0 0.23 1.00 2.37 14.56 0.00 1.60 0.88 0.02
Average: dev8-16 0.07 0.01 14.89 218.58 0.00 5.12 1.44 0.01
And just like with network interfaces, there's an option to specify specific block devices. Here I did that (-D) along with the -z option to hide the "Average" lines, plus threw in network errs (-n edev).
[rsaw:sa]$ rsar -x await sar19 -t^04:[0-4] -D 16 -zn edev -N eth0
00:00:01 DEV tps rd_sec/s wr_sec/s avgrq-sz avgqu-sz await svctm %util
04:00:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:10:01 dev8-16 0.14 0.00 2.07 15.33 0.00 2.83 0.88 0.01
04:20:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:30:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:40:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
00:00:01 IFACE rxerr/s txerr/s coll/s rxdrop/s txdrop/s txcarr/s rxfram/s rxfifo/s txfifo/s
04:00:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:10:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:20:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:30:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:40:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
AUTHORS
So far it's just me, ryran, aka rsaw, aka Ryan Sawhill Aroha
Please contact me if you have ideas, suggestions, questions, or want to collaborate on this or something similar. For specific bugs and feature-requests, you can post a new issue on the tracker.
LICENSE
Copyright (C) 2012-2013, 2015 Ryan Sawhill Aroha
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License @gnu.org/licenses/gpl.html for more details.
[转帖]rsar - Extract data from plain-text sar files的更多相关文章
- [转帖]浅谈程序中的text段、data段和bss段
作者:百问科技链接:https://zhuanlan.zhihu.com/p/28659560来源:知乎著作权归作者所有.商业转载请联系作者获得授权,非商业转载请注明出处. 一般情况,一个程序本质上都 ...
- Insert Plain Text and Images into RichTextBox at Runtime
Insert Plain Text and Images into RichTextBox at Runtime' https://www.codeproject.com/Articles/4544/ ...
- Plain text considered harmful: A cross-domain exploit
referer:http://balpha.de/2013/02/plain-text-considered-harmful-a-cross-domain-exploit/ Data from aro ...
- 如何撤销 PhpStorm/Clion 等 JetBrains 产品的 “Mark as Plain Text” 操作 ?
当把某个文件“Mark as Plain Text”时,该文件被当做普通文本,就不会有“代码自动完成提示”功能,如下图所示: 但是呢,右键菜单中貌似没有 相应的撤销 操作, 即使是把它删除,再新建一个 ...
- Jade之Plain Text
Plain Text jade提供了3种得到纯文本的方法. Piped Text 添加纯文本的一个最简单的方法就是在文本最前面加|符号即可. jade: p | It must always be o ...
- [Regular Expressions] Find Plain Text Patterns
The simplest use of Regular Expressions is to find a plain text pattern. In this lesson we'll look a ...
- [转] bss段、data段、text段
1.前言 一个程序本质上都是由 BSS 段.DATA段.TEXT段三个组成的. 本文主要分编译时和运行时分别对 对data段 bss段 text段 堆 栈作一简要说明 2. 程序编译时概念说明 程序与 ...
- How to return plain text from AWS Lambda & API Gateway
With limited experience in AWS Lambda & API Gateway, it's struggling to find the correct way to ...
- (深入理解计算机系统) bss段,data段、text段、堆(heap)和栈(stack)
bss段: bss段(bss segment)通常是指用来存放程序中未初始化的全局变量的一块内存区域. bss是英文Block Started by Symbol的简称. bss段属于静态内存分配. ...
- 【转】(深入理解计算机系统) bss段,data段、text段、堆(heap)和栈(stack)
bss段: bss段(bss segment)通常是指用来存放程序中未初始化的全局变量的一块内存区域. bss是英文Block Started by Symbol的简称. bss段属于静态内存分配. ...
随机推荐
- macOS 安装 clang-tidy
先安装 homebrew,网上教程很多,推荐官方教程,此处略过 通过 brew 安装 llvm brew install llvm 创建软连接,指向 homebrew 安装的 clang-tidy m ...
- Spark SQL快速入门
Spark SQL快速入门 1.概述 spark SQL是Apache用于处理结构化数据的模块.其中包含SQL.DataFrame API.DataSet API,意味着开发人员可以在不同的API之间 ...
- 当创建statefulset资源后,k8s组件如何协作
本文分享自华为云社区<当创建StatefulSet后,k8s会发生什么?>,作者:可以交个朋友 . 一.StatefulSet介绍 StatefulSet 是用来管理有状态应用的工作负载对 ...
- 零代码搭建一个微信小程序
本文分享自华为云社区<[新手指引]体验通过Astro Zero零代码快速搭建微信小程序>,作者:华为云Astro . 您将学会如何基于Astro零代码能力,DIY开发,完成问卷.投票.信息 ...
- 想了解Python中的super 函数么
摘要:经常有朋友问,学 Python 面向对象时,翻阅别人代码,会发现一个 super() 函数,那这个函数的作用到底是什么? 本文分享自华为云社区<Python 中的 super 函数怎么学, ...
- 【Docker】docker介绍 什么是虚拟化 容器与虚拟机比较 Docker 概念 docker安装
目录 docker介绍 什么是虚拟化 docker是什么 容器与虚拟机比较 Docker 概念 docker安装 docker介绍 什么是虚拟化 在计算机中,虚拟化(英语:Virtualization ...
- QA32增强
一.QA32报表新增字段 二.QA32报表程序RQEEAL10 结构增加字段,该结构就是报表展示字段列的结构 表新增字段 找到报表展示的子例程 找到程序RQEEAL10,子例程中新增隐式增强 隐式增强 ...
- AtCoder ABC 164 (D~E)
比赛链接:Here ABC水题, D - Multiple of 2019 (DP + 分析) 题意: 给定数字串S,计算有多少个子串 \(S[L,R]\) ,满足 \(S[L,R]\) 是 \(2 ...
- 全国城市地级市区县sql
全国城市地级市区县sql CREATE TABLE `region` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `title` varchar( ...
- spring管理实务有几种方式
一:事务认识 大家所了解的事务Transaction,它是一些列严密操作动作,要么都操作完成,要么都回滚撤销.Spring事务管理基于底层数据库本身的事务处理机制.数据库事务的基础,是掌握Spring ...