$ Linux One Liners
Back to lessons

Hosting Operations

Find the Noisiest Incident Log Files

Several incident log files exist and you need to know which ones have the most lines before opening them.

Command

wc -l fixtures/incidents/*.log | sort -nr

What changed

Nothing changes. The command counts lines per log file and sorts the result.

Danger

safe

When to use it

Use when a service emits several logs and you need a quick noise map.

When not to use it

Do not confuse line volume with importance; a short kernel or deploy log can still explain the incident.

Undo or recovery

No undo needed because the command is read-only.

Expected output

Line counts sorted from largest to smallest.

demo script

Disposable terminal steps

  1. ls fixtures/incidents
  2. wc -l fixtures/incidents/*.log | sort -nr
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ ls fixtures/incidents
app.log
deploy.log
kernel.journal
system.journal
::exit-code::0
$ wc -l fixtures/incidents/*.log | sort -nr
  14 total
  10 fixtures/incidents/app.log
   4 fixtures/incidents/deploy.log
::exit-code::0

YouTube Short

Map noisy log files.

When there are several logs, count lines first. It tells you where the noise is before you start reading.

LinkedIn hook

The biggest log is not always right, but it is worth knowing.

Question: Do you check log volume before opening multi-file incident logs?

experiments

A/B tests to run

Metric: shorts_3_second_hold_rate

A: Find the noisy logs first.

B: Line counts before scrolling.