Realm of Chaos - metrics
Welcome to my notebook! I’m a Site Reliability Engineer who is curious, loves to learn and discover the nature of things.
Zola
2022-05-10T00:00:00+00:00
https://realmofchaos.xyz/tags/metrics/atom.xml
The art of extracting metrics
2022-05-10T00:00:00+00:00
2022-05-10T00:00:00+00:00
Thomas Cuthbert
https://realmofchaos.xyz/tech/performance-analysis/extracting-metrics/
<h2 id="awk">Awk</h2>
<h3 id="filtering-between-log-timestamps">filtering between log timestamps</h3>
<p>second precision</p>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>awk \</span></span>
<span class="giallo-l"><span> -v from="$(date +'%s' -d '2021-10-29 02:34' --utc)" \</span></span>
<span class="giallo-l"><span> -v to="$(date +'%s' -d '2021-10-29 02:36' --utc)" \</span></span>
<span class="giallo-l"><span> '</span></span>
<span class="giallo-l"><span> split($0, parts, /[\- :]/) {</span></span>
<span class="giallo-l"><span> linefmt=""</span></span>
<span class="giallo-l"><span> for(i=1;i<=6;i++) linefmt = sprintf("%s %s",linefmt, parts[i]);</span></span>
<span class="giallo-l"><span> ts=mktime(sprintf("%s UTC", linefmt))</span></span>
<span class="giallo-l"><span> if (ts > from && ts < to) print</span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span> '<<<'2021-10-29 04:50:00 172.31.43.164'</span></span>
<span class="giallo-l"></span>
<span class="giallo-l"><span>awk \</span></span>
<span class="giallo-l"><span> -v from="$(date +'%s' -d '2021-11-27 04:15:00 UTC' --utc)" \</span></span>
<span class="giallo-l"><span> -v to="$(date +'%s' -d 'now UTC' --utc)" \</span></span>
<span class="giallo-l"><span> '</span></span>
<span class="giallo-l"><span> patsplit($1, p, /[0-9]+/) {</span></span>
<span class="giallo-l"><span> ts=mktime(sprintf("%d %d %d %d %d %d", p[1], p[2], p[3], p[4], p[5], p[6]), 1)</span></span>
<span class="giallo-l"><span> if (ts > from && ts < to) print</span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span> ' <(tac /var/log/frr/frr.log)|head</span></span></code></pre><h2 id="perl-alternative">perl alternative</h2>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>from="$(date -Is -d '2021-11-27T04:15:00 UTC' --utc)" \</span></span>
<span class="giallo-l"><span>to="$(date -Is -d 'now UTC' --utc)" \</span></span>
<span class="giallo-l"><span>perl \</span></span>
<span class="giallo-l"><span> -MDate::Parse \</span></span>
<span class="giallo-l"><span> -lane \</span></span>
<span class="giallo-l"><span> '</span></span>
<span class="giallo-l"><span> $ts=str2time($F[0]);</span></span>
<span class="giallo-l"><span> $f=str2time($ENV{from});</span></span>
<span class="giallo-l"><span> $t=str2time($ENV{to});</span></span>
<span class="giallo-l"><span> print if ($ts >= $f && $ts <= $t )</span></span>
<span class="giallo-l"><span> ' <(zcat -f /var/log/syslog*) | tee "/syslog-$(date -Im)"</span></span></code></pre><h2 id="from-ms-precision-unix-timestamp">from ms precision unix timestamp</h2>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>awk \</span></span>
<span class="giallo-l"><span> -v format="%F %T" \</span></span>
<span class="giallo-l"><span> -v from="$(date +'%s' -d '2021-10-29 02:34' --utc)" \</span></span>
<span class="giallo-l"><span> -v to="$(date +'%s' -d '2021-10-29 02:36' --utc)" \</span></span>
<span class="giallo-l"><span> '{</span></span>
<span class="giallo-l"><span> ts=substr($0, 0, index($0, ".")-1)</span></span>
<span class="giallo-l"><span> if (ts > from && ts < to) print strftime(format, ts), substr($0,index($0,$1))</span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span> ' <<<'2021-10-29 04:50:00 172.31.43.164'</span></span></code></pre><h2 id="sed">Sed</h2>
<p>Filtering interesting lines for nxos. Note, NXOS has an ancient version of sed, it only supports the <code>-n</code> flag.</p>
<h2 id="monitoring-procfs">monitoring procfs</h2>
<p>Continuously monitor a procfs file, output is tabular.</p>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>cat /proc/pressure/cpu</span></span>
<span class="giallo-l"><span>some avg10=1.34 avg60=1.63 avg300=2.33 total=2483371233</span></span>
<span class="giallo-l"><span>full avg10=0.18 avg60=0.03 avg300=0.06 total=827064553</span></span></code></pre>
<ul>
<li>sleep trap: <a rel="external" href="https://stackoverflow.com/questions/65644307/ctrl-c-doesnt-always-terminate-a-shell-script">https://stackoverflow.com/questions/65644307/ctrl-c-doesnt-always-terminate-a-shell-script</a></li>
<li>getline summary: <a rel="external" href="https://www.gnu.org/software/gawk/manual/gawk.html#Getline-Summary">https://www.gnu.org/software/gawk/manual/gawk.html#Getline-Summary</a></li>
<li>printf formatting: <a rel="external" href="https://bl831.als.lbl.gov/~gmeigs/scripting_help/printf_awk_notes.txt">https://bl831.als.lbl.gov/~gmeigs/scripting_help/printf_awk_notes.txt</a>, <a rel="external" href="https://www.gnu.org/software/gawk/manual/html_node/Printf.html">https://www.gnu.org/software/gawk/manual/html_node/Printf.html</a></li>
</ul>
<!-- -->
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>awk -F'[ =]' -vlinefmt="%-8s%-8s%-10s%-10s%-8s\n" -vcpu_pressure="/proc/pressure/cpu" 'BEGIN {</span></span>
<span class="giallo-l"><span> printf linefmt, "avg10", "avg60", "avg300", "increase", "total"</span></span>
<span class="giallo-l"><span> do {</span></span>
<span class="giallo-l"><span> if (system("trap true INT; sleep 1")) {</span></span>
<span class="giallo-l"><span> exit</span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span> if ($1=="full") {</span></span>
<span class="giallo-l"><span> printf linefmt, $3, $5, $7, int($9-prev_tot), $9</span></span>
<span class="giallo-l"><span> prev_tot = $9</span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span> } while ((getline < cpu_pressure) || (close(cpu_pressure) == 0))</span></span>
<span class="giallo-l"><span>}'</span></span>
<span class="giallo-l"></span>
<span class="giallo-l"><span>avg10 avg60 avg300 increase total</span></span>
<span class="giallo-l"><span>0.36 0.17 0.07 829472174 829472174</span></span>
<span class="giallo-l"><span>0.36 0.17 0.07 0 829472174</span></span>
<span class="giallo-l"><span>0.24 0.16 0.07 24957 829497131</span></span></code></pre>
<p>collect metrics for all PSI.</p>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>awk -F'[ =\t]' -vlinefmt="%-14s" -vfields='"cpuavg10", "cpuavg60", "cpuavg300", "cputotal", "cpuincrease", "ioavg10", "ioavg60", "ioavg300", "iototal", "ioincrease", "memavg10", "memavg60", "memavg300", "memtotal","memincrease"' -vcpu_pressure="bash -c 'paste /proc/pressure/{cpu,io,memory}'" \</span></span>
<span class="giallo-l"><span>'BEGIN { patsplit(fields, fmts, /[^", ]+/)</span></span>
<span class="giallo-l"><span> do {</span></span>
<span class="giallo-l"><span> if (system("trap true INT; sleep 1")) {</span></span>
<span class="giallo-l"><span> exit</span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span> if ($1=="some") {</span></span>
<span class="giallo-l"><span> for(x in fmts) {</span></span>
<span class="giallo-l"><span> printf linefmt, fmts[x]</span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span> printf "\n"</span></span>
<span class="giallo-l"><span> for(i=3;i<=NF;i+=2) {</span></span>
<span class="giallo-l"><span> if(i%9 == 0 && i%3 == 0) {</span></span>
<span class="giallo-l"><span> printf linefmt""linefmt, $(i), int($(i)-increase[i]) </span></span>
<span class="giallo-l"><span> increase[i]=$i</span></span>
<span class="giallo-l"><span> i+=1</span></span>
<span class="giallo-l"><span> } else {</span></span>
<span class="giallo-l"><span> printf linefmt, $i</span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span> </span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span> printf "\n\n"</span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span> } while ((cpu_pressure|getline) || (close(cpu_pressure) == 0))</span></span>
<span class="giallo-l"><span>}'</span></span></code></pre><h2 id="histograms">histograms</h2>
<p>The .1 decimal for size helps tie breakers when min == max.</p>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>while :; do</span></span>
<span class="giallo-l"><span> ss -n -t -o $(printf " state %s" {fin-wait-1,fin-wait-2,time-wait,close-wait,last-ack,closing}) |\</span></span>
<span class="giallo-l"><span> awk -v bmin=0 -vsize=10000.1 'BEGIN{tm["sec"] = 1000;tm["min"] = "60000"} match($6,/,([0-9.]+)(sec|ms|min)/,m){t=(m[2]=="ms"?int(m[1]):int(tm[m[2]]*m[1]) );b=int(t/size);a[b]++;bmax=b>bmax?b:bmax; bmin=b<bmin?b:bmin} END{for(i=bmin;i<=bmax;++i) printf "%d %d %d\n", (i*size)/tm["sec"],((i+1)*size)/tm["sec"],a[i]}'</span></span>
<span class="giallo-l"><span> sleep 1</span></span>
<span class="giallo-l"><span>done</span></span></code></pre>
<p>Using time functions.</p>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>LC_ALL=C awk -v bmin=0 -vsize=10.1 -v date="2022 03 06" 'split($4,p,/[: ]/){t=mktime(date" "p[2]" "p[3]" "p[4]); b=int(t/size);a[b]++;bmax=b>bmax?b:bmax; bmin=b<bmin?b:bmin} END{for(i=bmin;i<=bmax;++i) if(a[i]) printf "%s %s %d\n", strftime("%T",(i*size)),strftime("%T",((i+1)*size)),a[i]}' gopkg.in-access.log-2022-03-06T13\:00.log</span></span></code></pre>
<p>Useful squid one</p>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>for i in $(awk '!s[$4]++{print $4}' squid-access.log); do LC_ALL=C awk -v bmin=0 -vsize=300.1 -vhist="$i" '$0 !~ hist{next} {t=int($1);b=int(t/size);a[b]++;bmax=b>bmax?b:bmax; bmin=b<bmin?b:bmin} END{printf "%s 300s histogram\n", hist;for(i=bmin;i<=bmax;++i) if(a[i]) printf "%s %s %d\n", strftime("%T",(i*size)),strftime("%T",((i+1)*size)),a[i] > "histograms.sout"}' squid-access.log; done</span></span>
<span class="giallo-l"></span>
<span class="giallo-l"><span>LC_ALL=C awk -v bmin=0 -vsize=10.1 -v date="2022 03 06" \</span></span>
<span class="giallo-l"><span>'split($4, p, /[: ]/) {</span></span>
<span class="giallo-l"><span> t = mktime(date " " p[2] " " p[3] " " p[4])</span></span>
<span class="giallo-l"><span> b = int(t / size)</span></span>
<span class="giallo-l"><span> a[b]++</span></span>
<span class="giallo-l"><span> bmax = b > bmax ? b : bmax</span></span>
<span class="giallo-l"><span> bmin = b < bmin ? b : bmin</span></span>
<span class="giallo-l"><span>}</span></span>
<span class="giallo-l"></span>
<span class="giallo-l"><span>END {</span></span>
<span class="giallo-l"><span> for (i = bmin; i <= bmax; ++i) {</span></span>
<span class="giallo-l"><span> if (a[i]) {</span></span>
<span class="giallo-l"><span> printf "%s %s %d\n", strftime("%T", (i * size)), strftime("%T", ((i + 1) * size)), a[i]</span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span> }</span></span>
<span class="giallo-l"><span>}'</span></span></code></pre>
<p>iptables filtering</p>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>sudo iptables -t nat -nL |awk -vrgxp="$(rgxg cidr 10.131.31.0/24)" '/^(Chain|target)/{f=1} f==1||$0 ~ rgxp{s[NR]=$0;f++}; length($0)==0{if(f>2){for(i in s) print s[i]};split("",s);f=0}'</span></span></code></pre>