751
Average systemd debate
(lemmy.world)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 23 Sep 2024
751 points (95.5% liked)
linuxmemes
20817 readers
796 users here now
I use Arch btw
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules
- Follow the site-wide rules and code of conduct
- Be civil
- Post Linux-related content
- No recent reposts
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
The thing with journalctl is that it is a database. Thus means that searching and finding things can be fast and easy in high complexity cases but it can also stall in cases with very high resource usage.
Thing is that they could have preserved the textual nature and had some sort of external metadata to facilitate the 'fanciness'. I have worked in other logging systems that did that, with the ability to consume the plaintext logs in an 'old fashioned' way but a utility being able to do all the nice filtering, search, and special event marking that journalctl provides without compromising the existence of the plain text.
Plain text is slow and cumbersome for large amounts of logs. It would of had a decent performance penalty for little value add.
If you like text you can pipe journalctl
But if journalctl is slow, piping is not helping.
We have only one week of very sparse logs in it, yet it takes several seconds... greping tens of gigabytes of logs can be sometimes faster. That is insane.
Strange
Probably worth asking on a technical
As I said, I've dealt with logging where the variable length text was kept as plain text, with external metadata/index as binary. You have best of both worlds here. Plus it's easier to have very predictable entry alignment, as the messy variable data is kept outside the binary file, and the binary file can have more fixed record sizes. You may have some duplicate data (e.g. the text file has a text version of a timestamp duplicated with the metadata binary timestamp), but overall not too bad.
But why?
I just can't grasp why such elementary things need to be so fancied up.
It's not like we don't have databases and use them for relevant data. But this isn't it.
And databases with hundreds of milions of rows are faster than journalctl (in my experience on the same hardware).