Master Real-Time Log Troubleshooting with Tail, Grep, and Zgrep

Background

A new teammate, Xiao Wang, struggled with log inspection using only tail -f and grep, which showed only the exception type without the stack trace. The author demonstrates a more powerful approach to log troubleshooting.

Problems with naive log inspection

Single‑line trap: tail -f | grep captures only a fragment, losing the full stack trace.

Visual fatigue: Scrolling line‑by‑line consumes attention and makes context hard to follow.

Format barrier: Compressed logs require an extra unzip step, breaking the workflow.

Effective command‑line techniques

1. Capture full exception stack

Use -A to include following lines and pipe to less for paging.

grep -A50 "NullPointerException" application.log | less

2. Real‑time monitoring with context

Combine tail -f with case‑insensitive, multi‑pattern grep.

tail -f application.log | grep -Ai30 "ERROR\|Exception"

3. Analyze compressed logs without decompressing

zgrep

searches .gz files directly and keeps filenames.

zgrep -H -A50 "OutOfMemoryError" *.gz

4. Exception trend statistics

Count occurrences across files and sort to reveal hotspots.

grep -c "ConnectionTimeout" *.log | sort -nr -t: -k2

5. Advanced parameter usage

Examples of noise filtering and context control.

grep -v "健康检查\|心跳" app.log | grep -A30 "异常"

Extended toolchain

Line counting with wc

grep "ERROR" app.log | wc -l

Field extraction and aggregation with awk

awk '$7 == 500' app.log

Stream editing with sed

sed -n '/2023-11-15 14:00:00/,/2023-11-15 14:10:00/p' app.log