@kyanny's blog

My thoughts, my life. Views/opinions are my own.

halog の -time オプションが受け付けるのは unix timestamp

HAProxy のログを解析する halog というコマンドがある。

Usage: halog [-h|--help] for long help
       halog [-q] [-c] [-m <lines>]
       {-cc|-gt|-pct|-st|-tc|-srv|-u|-uc|-ue|-ua|-ut|-uao|-uto|-uba|-ubt|-ic}
       [-s <skip>] [-e|-E] [-H] [-rt|-RT <time>] [-ad <delay>] [-ac <count>]
       [-v] [-Q|-QS] [-tcn|-TCN <termcode>] [ -hs|-HS [min][:[max]] ] [ -time [min][:[max]] ] < log

Input filters (several filters may be combined) :
 -H                      only match lines containing HTTP logs (ignore TCP)
 -E                      only match lines without any error (no 5xx status)
 -e                      only match lines with errors (status 5xx or negative)
 -rt|-RT <time>          only match response times larger|smaller than <time>
 -Q|-QS                  only match queued requests (any queue|server queue)
 -tcn|-TCN <code>        only match requests with/without termination code <code>
 -hs|-HS <[min][:][max]> only match requests with HTTP status codes within/not
                         within min..max. Any of them may be omitted. Exact
                         code is checked for if no ':' is specified.
 -time <[min][:max]>     only match requests recorded between timestamps.
                         Any of them may be omitted.
Modifiers
 -v                      invert the input filtering condition
 -q                      don't report errors/warnings
 -m <lines>              limit output to the first <lines> lines
Output filters - only one may be used at a time
 -c    only report the number of lines that would have been printed
 -pct  output connect and response times percentiles
 -st   output number of requests per HTTP status code
 -cc   output number of requests per cookie code (2 chars)
 -tc   output number of requests per termination code (2 chars)
 -srv  output statistics per server (time, requests, errors)
 -u*   output statistics per URL (time, requests, errors)
       Additional characters indicate the output sorting key :
       -u : by URL, -uc : request count, -ue : error count
       -ua : average response time, -ut : average total time
       -uao, -uto: average times computed on valid ('OK') requests
       -uba, -ubt: average bytes returned, total bytes returned

検索してヒットする man page には載ってないが、-time というオプションで解析対象にするログを時刻で絞り込める。

 -time <[min][:max]>     only match requests recorded between timestamps.
                         Any of them may be omitted.

このオプションが受け付けるタイムスタンプとはどういう書式なのか、検索してもヒットしないしエーアイに聞いても「ISO 8601 形式です」と嘘をつかれる(実際、これは期待通り動作しない)。

ソースコードにもコメントがないが、unix timestamp を数値として比較してるだけっぽい?と思って halog -time 1746979200:1747012200 などとしてみたらうまくいった。