[转帖]rsar - Extract data from plain-text sar files
sar -A -t -f /tmp/sa11 >/tmp/sar11 https://github.com/ryran/rsar
When dealing with sysstat sar data in a sosreport, it's almost always easier to parse through the plain-text sar data files than it is to get the binary sa files onto a system where you can use sar to parse through them for exactly what you're looking for.
The goal behind rsar is to make this process a little bit easier. rsar is like the sar command, but for plain-text sar files instead of sa files. It supports almost all of the same data-selection options sar uses.
INSTALLATION
Two choices:
Manual install: Get the very latest version directly by downloading the main rsar file from raw.github.com/ryran/rsar/master/rsar. Updating will need to be done manually by re-downloading it. Explicitly, you could run the following as root:
curl -Lo /usr/local/bin/rsar raw.github.com/ryran/rsar/master/rsar
chmod +x /usr/local/bin/rsar
RPM/Yum repo (recommended): Configure access to the Fedora/RHEL6+ yum repository @ people.redhat.com/rsawhill/rpms and install the rsar RPM from there. Updating can happen automatically along with the rest of your system. Two-step instructions @ How to install xsos or rsar via yum?
Once rsar is installed by one of the above methods, run rsar -h as a normal user to see the help page and get started.
USAGE
rsar has an extensive help page. Use it. Feel free to make it better. Here's what it looks like in v0.1.0rc6:
Usage: rsar SARFILE... [--12hr] [--hn] [--noxh] [-t TIME] [SAROPTS] [DRILLDOWN]
SAROPTS is any mix of: [-AbBcdHInqrRSuvwWy]
DRILLDOWN is any mix of: [-P CPU] [-D DISK] [-N NIC]
Note that getopt is used for arg-parsing (so argument order is arbitrary)
rsar requires at least 1 plaintext sar data file (optionally-compressed)
Spaces in SARFILE name or path will break things (complain if you care)
Supported file extensions for compressed sar files:
z, gz, gzip, b, b2, bz, bz2, bzip, bzip2, x, xz, lzma
Opts Specific to rsar:
--12hr Switch input format from default 24-hr to 12-hr AM/PM
--hn Show hostname/kernel version lines from each sar file
--noxh Hide extra column header lines (usually indicative of reboots)
-t <TIME> Where TIME is a regex for time period to display
Ex: '^1[2-5]' or ':[23]0:' or '^(0.:40|2.:40)' or '^12.*AM'
-x <PATTERN> Where PATTERN is used to select a section
Ex: 'svctm', 'iowait', 'runq', 'proc|cswch'
Recommended to stick with below sar opts to avoid collisions
-z Disable showing 'Average:' lines
Hint: To show _only_ 'Average:' lines, use -t Av
Standard sar Selection Opts:
-A { 5 | 6 | 7 }
Like sar -A: alias for all selection opts (excl. -d & -n)
The required number corresponds with a major RHEL version
-b I/O and transfer rate statistics
-B Paging statistics
-c Process creation statistics
-d Block device statistics
-H Hugepages utilization statistics
-I { SUM }
Interrupts statistics
-n { <KEYWORD> [,...] | ALL }
Network statistics
KEYWORD may be any of the following (case-insensitive):
DEV Network interfaces
EDEV Network interfaces (errors)
NFS NFS client
NFSD NFS server
SOCK Sockets (v4)
IP IP traffic (v4)
EIP IP traffic (v4) (errors)
ICMP ICMP traffic (v4)
EICMP ICMP traffic (v4) (errors)
TCP TCP traffic (v4)
ETCP TCP traffic (v4) (errors)
UDP UDP traffic (v4)
SOCK6 Sockets (v6)
IP6 IP traffic (v6)
EIP6 IP traffic (v6) (errors)
ICMP6 ICMP traffic (v6)
EICMP6 ICMP traffic (v6) (errors)
UDP6 UDP traffic (v6)
-q Queue length and load average statistics
-r Memory utilization statistics
-R Memory statistics
-S Swap space utilization statistics
-u CPU utilization statistics
-v Kernel table statistics
-w System switching statistics
-W Swapping statistics
-y TTY device statistics
Note that args passed to -I & -n & -P are cumulative and case-insensitive
Ex: -n Dev,eDEV works, as does -n Dev -n eDEV -n icmp as does -nALL
-P all works, as does -P 0,4,7, as does -P0 -P 4 -P 3. -P '[78]|22'
Drill-Down Opts:
-P { <CPU> [,...] | ALL }
Where CPU can be comma-separated list of CPU-numbers (like sar)
Else, if 'ALL' is used, then everything will be shown
Unlike with sar, CPU can also be a regex
Ex: '1,4,6' or '1|4|6' or '0,[1-3]0'
-D <DISK> Where DISK is a regex for which block devices to select
Ex: 'dev8-16' or '7.$' or 'sda2|rootlv'
-N <NIC> Where NIC is a regex for which network interfaces to select
Ex: 'eth0' or 'eth[12]' or 'bond[1-3]|em1'
Examples:
rsar sar03 -qut ^2
rsar sar03 -P all -t Average
rsar -t^09:30 -n edev,sock -N eth3 -I sum sar19.bz2
rsar -x iowait -P [0-3] -t^15:30 /tmp/sar26.gz /tmp/sar27.xz -RB
Version info: rsar v0.1.0rc6 last mod 2013/02/16
See <github.com/ryran/xsos> to report bugs or suggestions
EXAMPLES IN ACTION
rsar doesn't read binary files; it's meant to read sar-generated plain-text sar files. Reading a single file with no options, rsar behaves the same as sar would, i.e.: shows the combined cpu-utilization.
[rsaw:sa]$ rsar sa22
rsar: Unable to read file: 'sa22'
Need a plain-text sar data file to continue
[rsaw:sa]$ rsar sar22
00:00:01 CPU %user %nice %system %iowait %steal %idle
00:10:01 all 0.10 0.00 0.08 0.00 0.00 99.82
00:20:01 all 0.09 0.00 0.08 0.00 0.00 99.82
00:30:01 all 0.10 0.00 0.08 0.00 0.00 99.81
00:40:01 all 0.11 0.00 0.09 0.01 0.00 99.80
00:50:01 all 0.10 0.00 0.09 0.01 0.00 99.81
01:00:01 all 0.10 0.00 0.09 0.00 0.00 99.80
01:10:01 all 0.11 0.00 0.11 0.00 0.00 99.78
01:20:02 all 0.09 0.00 0.09 0.00 0.00 99.82
01:30:01 all 0.10 0.00 0.08 0.00 0.00 99.82
01:40:01 all 0.11 0.00 0.08 0.00 0.00 99.80
01:50:01 all 0.09 0.00 0.08 0.00 0.00 99.83
02:00:01 all 0.10 0.00 0.08 0.00 0.00 99.82
02:10:01 all 0.10 0.00 0.08 0.00 0.00 99.82
(Note: Output truncated. That would have shown all available cpu utilization data, including any new header-lines caused by reboots and plus any "Average" lines.)
Time-selection is NOT like the -e and -s options of sar; instead, rsar has a -t option that takes a regular expression which is matched against the time field in the sar data. Be as specific or as general as you want.
[rsaw:sa]$ rsar sar22 -t ^21
00:00:01 CPU %user %nice %system %iowait %steal %idle
21:00:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:10:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:20:01 all 0.09 0.00 0.08 0.00 0.00 99.83
21:30:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:40:01 all 0.10 0.00 0.08 0.00 0.00 99.82
21:50:01 all 0.09 0.00 0.08 0.00 0.00 99.83
Average: all 0.10 0.00 0.08 0.00 0.00 99.82
rsar supports many sar-specific data-selection options like -q for queue/loadavg or -r for memory utilization. So here's that, plus a very specific time selection.
[rsaw:sa]$ rsar -qt '^12:10|16:40' sar22 -r
00:00:01 runq-sz plist-sz ldavg-1 ldavg-5 ldavg-15
12:10:01 0 1221 1.14 1.14 1.12
16:40:01 2 1228 1.22 1.25 1.20
Average: 0 1221 1.21 1.21 1.18
00:00:01 kbmemfree kbmemused %memused kbbuffers kbcached kbswpfree kbswpused %swpused kbswpcad
12:10:01 77117704 54967744 41.62 502620 47472612 33551744 0 0.00 0
16:40:01 77067032 55018416 41.65 502904 47516168 33551744 0 0.00 0
Average: 77145109 54940339 41.59 502192 47449826 33551744 0 0.00 0
For those unfamiliar with sar options, regex searching for headers with -x is supported. You can also use -P in the same way as with the sar command, namely, to specify which CPUs to display info for (comma-separated numbers or else ALL to see each CPU + combined avg). With this example output, we can see how easy rsar makes it to spot in the data when a system was rebooted -- no scrolling halfway through the file necessary.
[rsaw:sa]$ rsar sar22 -t'^1(3:5|4:[0-5])' -x nice -P 0,9
00:00:01 CPU %user %nice %system %iowait %steal %idle
13:50:01 0 0.05 0.00 0.12 0.00 0.00 99.82
13:50:01 9 0.02 0.00 0.01 0.00 0.00 99.97
14:00:01 0 5.38 0.00 0.22 0.00 0.00 94.40
14:00:01 9 0.05 0.00 0.10 0.00 0.00 99.84
14:10:01 0 0.04 0.00 0.05 0.00 0.00 99.91
14:10:01 9 0.01 0.00 0.02 0.00 0.00 99.97
14:20:01 0 0.04 0.00 0.13 0.00 0.00 99.83
14:20:01 9 0.01 0.00 0.00 0.00 0.00 99.98
Average: 0 0.13 0.00 0.07 0.00 0.00 99.80
Average: 9 0.02 0.00 0.05 0.00 0.00 99.92
14:40:01 CPU %user %nice %system %iowait %steal %idle
14:50:01 0 0.22 0.00 0.19 0.01 0.00 99.58
14:50:01 9 0.03 0.00 0.01 0.00 0.00 99.96
Average: 0 0.08 0.00 0.08 0.00 0.00 99.84
Average: 9 0.03 0.00 0.05 0.00 0.00 99.91
[rsaw:sa]$ grep -i restart sar22
14:31:23 LINUX RESTART
Paging & page info:
[rsaw:sa]$ rsar sar22 -t2:30 -BR
00:00:01 pgpgin/s pgpgout/s fault/s majflt/s
02:30:01 0.59 340.28 13167.06 0.00
12:30:01 0.11 339.28 13130.51 0.00
22:30:01 0.11 350.35 13141.76 0.00
Average: 53.62 379.68 13026.00 0.01
00:00:01 frmpg/s bufpg/s campg/s
02:30:01 0.78 0.01 -0.05
12:30:01 -2.04 0.00 0.19
22:30:01 -1.42 0.00 0.19
Average: -0.80 0.01 0.70
Interface-specific selection (-N) of network stats from multiple compressed files:
[rsaw:sa]$ rsar -n DEV -N eth4 sar24.gz -t^19:[12] sar26.bz2
------------------------ sar24.gz ------------------------
00:00:01 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
19:10:01 eth4 2.42 2.56 203.47 225.20 0.00 0.00 0.00
19:20:01 eth4 2.41 2.57 210.17 224.31 0.00 0.00 0.00
Average: eth4 2.42 2.56 205.99 224.09 0.00 0.00 0.00
------------------------ sar26.bz2 ------------------------
00:00:01 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
19:10:01 eth4 2.43 2.55 204.02 224.23 0.00 0.00 0.00
19:20:01 eth4 2.41 2.57 205.94 225.02 0.00 0.00 0.00
Average: eth4 2.42 2.56 206.07 224.04 0.00 0.00 0.00
Disk stats via regex (could also use the sar option: -d).
[rsaw:sa]$ rsar -x await sar19 -t^04:[0-4]
00:00:01 DEV tps rd_sec/s wr_sec/s avgrq-sz avgqu-sz await svctm %util
04:00:01 dev8-0 0.14 0.00 1.79 12.92 0.00 1.37 0.81 0.01
04:00:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:10:01 dev8-0 0.22 6.28 2.28 39.51 0.00 1.74 1.04 0.02
04:10:01 dev8-16 0.14 0.00 2.07 15.33 0.00 2.83 0.88 0.01
04:20:01 dev8-0 0.19 0.00 2.40 12.74 0.00 1.78 0.80 0.02
04:20:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:30:01 dev8-0 0.19 0.00 2.35 12.46 0.00 1.42 0.65 0.01
04:30:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:40:01 dev8-0 0.19 0.00 2.48 13.05 0.00 1.61 0.75 0.01
04:40:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: dev8-0 0.23 1.00 2.37 14.56 0.00 1.60 0.88 0.02
Average: dev8-16 0.07 0.01 14.89 218.58 0.00 5.12 1.44 0.01
And just like with network interfaces, there's an option to specify specific block devices. Here I did that (-D) along with the -z option to hide the "Average" lines, plus threw in network errs (-n edev).
[rsaw:sa]$ rsar -x await sar19 -t^04:[0-4] -D 16 -zn edev -N eth0
00:00:01 DEV tps rd_sec/s wr_sec/s avgrq-sz avgqu-sz await svctm %util
04:00:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:10:01 dev8-16 0.14 0.00 2.07 15.33 0.00 2.83 0.88 0.01
04:20:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:30:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:40:01 dev8-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
00:00:01 IFACE rxerr/s txerr/s coll/s rxdrop/s txdrop/s txcarr/s rxfram/s rxfifo/s txfifo/s
04:00:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:10:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:20:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:30:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
04:40:01 eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
AUTHORS
So far it's just me, ryran, aka rsaw, aka Ryan Sawhill Aroha
Please contact me if you have ideas, suggestions, questions, or want to collaborate on this or something similar. For specific bugs and feature-requests, you can post a new issue on the tracker.
LICENSE
Copyright (C) 2012-2013, 2015 Ryan Sawhill Aroha
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License @gnu.org/licenses/gpl.html for more details.
[转帖]rsar - Extract data from plain-text sar files的更多相关文章
- [转帖]浅谈程序中的text段、data段和bss段
作者:百问科技链接:https://zhuanlan.zhihu.com/p/28659560来源:知乎著作权归作者所有.商业转载请联系作者获得授权,非商业转载请注明出处. 一般情况,一个程序本质上都 ...
- Insert Plain Text and Images into RichTextBox at Runtime
Insert Plain Text and Images into RichTextBox at Runtime' https://www.codeproject.com/Articles/4544/ ...
- Plain text considered harmful: A cross-domain exploit
referer:http://balpha.de/2013/02/plain-text-considered-harmful-a-cross-domain-exploit/ Data from aro ...
- 如何撤销 PhpStorm/Clion 等 JetBrains 产品的 “Mark as Plain Text” 操作 ?
当把某个文件“Mark as Plain Text”时,该文件被当做普通文本,就不会有“代码自动完成提示”功能,如下图所示: 但是呢,右键菜单中貌似没有 相应的撤销 操作, 即使是把它删除,再新建一个 ...
- Jade之Plain Text
Plain Text jade提供了3种得到纯文本的方法. Piped Text 添加纯文本的一个最简单的方法就是在文本最前面加|符号即可. jade: p | It must always be o ...
- [Regular Expressions] Find Plain Text Patterns
The simplest use of Regular Expressions is to find a plain text pattern. In this lesson we'll look a ...
- [转] bss段、data段、text段
1.前言 一个程序本质上都是由 BSS 段.DATA段.TEXT段三个组成的. 本文主要分编译时和运行时分别对 对data段 bss段 text段 堆 栈作一简要说明 2. 程序编译时概念说明 程序与 ...
- How to return plain text from AWS Lambda & API Gateway
With limited experience in AWS Lambda & API Gateway, it's struggling to find the correct way to ...
- (深入理解计算机系统) bss段,data段、text段、堆(heap)和栈(stack)
bss段: bss段(bss segment)通常是指用来存放程序中未初始化的全局变量的一块内存区域. bss是英文Block Started by Symbol的简称. bss段属于静态内存分配. ...
- 【转】(深入理解计算机系统) bss段,data段、text段、堆(heap)和栈(stack)
bss段: bss段(bss segment)通常是指用来存放程序中未初始化的全局变量的一块内存区域. bss是英文Block Started by Symbol的简称. bss段属于静态内存分配. ...
随机推荐
- vue常用函数
this.$router.back(); //回退上一页面
- MES/MOM国内市场现状趋势与新生态模式参考
本文分享自华为云社区<工业互联网系列(七)MES/MOM国内市场现状趋势与新生态模式参考>,作者:云起MAE . 国内工业互联网平台服务整体围绕数字化及数据价值挖掘的底层逻辑没有变,变的是 ...
- 带你掌握数仓的作业级监控TopSQL
摘要:目前TopSQL功能被用户广泛使用,是性能定位.劣化分析.审计回溯等重要的基石,为用户提供覆盖内存.耗时.IO.网络.空间等多方面的监控能力. 本文分享自华为云社区<GaussDB(DWS ...
- 设备如何使用go sdk轻松连接华为云IoT平台?
摘要:本文介绍使用huaweicloud-iot-device-sdk-go 连接华为云IoT平台,实现简单的华为云文档介绍的四个功能:设备连接鉴权.设备命令.设备消息和设备属性. 本文分享自华为云社 ...
- 如何使用参数化查询提高Cypher查询的性能
摘要:在DBMS中,参数化查询被视为一种有效预防SQL注入攻击的手段. 本文分享自华为云社区<使用参数化查询提高Cypher查询的性能:以华为云图引擎GES为例>,作者: 蜉蝣与海. 在D ...
- VEGA:诺亚AutoML高性能开源算法集简介
摘要:VEGA是华为诺亚方舟实验室自研的全流程AutoML算法集合,提供架构搜索.超参优化.数据增强.模型压缩等全流程机器学习自动化基础能力. 本文分享自华为云社区<VEGA:诺亚AutoML高 ...
- 想提高运维效率,那就把MySQL数据库部署到Kubernetes 集群中
摘要:Kubernetes 很多看起来比较"繁琐"的设计的主要目的,都是希望为开发者提供更多的"可扩展性",给使用者带来更多的"稳定性"和& ...
- PPT 文字穿插
软件文字,添加一个形状 先选形状,再选文字 选择拆分 设置对象格式
- PPT 动画-制作一个倒酒
波浪往左上方,慢慢运动 数字 渐入 + 渐出 + 居中对齐 酒杯绘制 波浪绘制 上方的点全部设成[平滑顶点] https://getwaves.io/ 快速生成波浪[Office 2016 不支持插入 ...
- 鸿蒙HarmonyOS实战-工具安装和Helloworld案例
前言 HarmonyOS是华为自主开发的操作系统,它在2020年9月正式发布.它最初被称为鸿蒙OS,后来更名为HarmonyOS.HarmonyOS旨在提供一种可在各种设备上无缝运行的统一操作系统,包 ...