Fixed feedback.

Author: harneshalaka

articles/journalctl.asm.xml

@@ -20,6 +20,7 @@ xmlns="http://docbook.org/ns/docbook">
 <!-- tasks--> 
 <resource href="../tasks/journald-configure.xml" xml:id="_journald-configure"/> 
 <resource href="../tasks/systemd-journald-troubleshooting.xml" xml:id="_systemd-journald-troubleshooting"/> 
+<resource href="../tasks/journald-filter-journals.xml" xml:id="_journald-filter-journals"/> 
 <!-- references-->
 <resource href="../references/journalctl-usage.xml" xml:id="_journalctl-usage"/> 
 </resources>
@@ -137,8 +138,9 @@ You must have &sudo; privileges.
 </abstract>
 </merge>
 <module renderas="section" resourceref="_journal-about-journald"/>
-<module renderas="section" resourceref="_journald-configure"/>
+<module renderas="section" resourceref="_journald-filter-journals"/>
 <module renderas="section" resourceref="_journalctl-usage"/>
+<module renderas="section" resourceref="_journald-configure"/>
 <module renderas="section" resourceref="_systemd-journald-troubleshooting"/>
 <module resourceref="_legal"/>
 <module resourceref="_gfdl">

concepts/journal-about-journald.xml

@@ -25,9 +25,7 @@
    <para><command>journalctl</command> is the command-line tool to view and analyze the logs from the <command>systemd-journald</command> service.</para></abstract>
 
    </info>
-  <section xml:id="sec-journalctl-managing">
-  <title><command>journalctl</command>: configuration and structure</title>
-
+   <section><title>Understanding <command>journalctl</command> configuration and structure</title>
   <para>
    This section describes the <command>journalctl</command> location, configuring the location for persistent logs, and the <command>journalctl</command> entry structure.
   </para>
@@ -69,117 +67,4 @@
 </listitem>
 </itemizedlist>
 </section>
-<section xml:id="sec-journalctl-filter">
-  <title>Filtering the journal output</title>
-
-  <para>
-   This section describes how to refine the search in logs according to boot numbers, for specific time interval or to view specific data fields.
-   content of the journal, the oldest entries listed first. The output can be
-   filtered by specific switches and fields.
-  </para>
-  <section xml:id="sec-journalctl-filter-boot">
-   <title>Filtering based on a boot number</title>
-   <para>
-    <command>journalctl</command> can filter messages based on a specific
-    system boot. To list all available boots, run
-   </para>
-<screen>&prompt.sudo;journalctl --list-boots</screen>
-   <para>
-    The first column lists the boot offset: <literal>0</literal> for the
-    current boot, <literal>-1</literal> for the previous one,
-    <literal>-2</literal> for the one before that, etc. The second column
-    contains the boot ID followed by the limiting time stamps of the specific
-    boot.
-   </para>
-   <para>
-    Show all messages from the current boot:
-   </para>
-<screen>&prompt.sudo;journalctl -b</screen>
-   <para>
-    If you need to see journal messages from the previous boot, add an offset
-    parameter. The following example outputs the previous boot messages:
-   </para>
-<screen>&prompt.sudo;journalctl -b -1</screen>
-   <para>
-    Another way is to list boot messages based on the boot ID. For this
-    purpose, use the _BOOT_ID field:
-   </para>
-<screen>&prompt.sudo;journalctl _BOOT_ID=156019a44a774a0bb0148a92df4af81b</screen>
-  </section>
-
-  <section xml:id="sec-journalctl-filter-time">
-   <title>Filtering based on time interval</title>
-   <para>
-    You can filter the output of <command>journalctl</command> by specifying the
-    starting and/or ending date. The date specification should be of the format
-    <literal>2025-06-30 9:17:16</literal>. If the time part is omitted, midnight
-    is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If
-    the date part is omitted, the current day is assumed. Instead of numeric
-    expression, you can specify the keywords <literal>yesterday</literal>,
-    <literal>today</literal> or <literal>tomorrow</literal>. They refer to
-    midnight of the day before the current day, of the current day, or of the
-    day after the current day. If you specify <literal>now</literal>, it refers
-    to the current time. You can also specify relative times prefixed with
-    <literal>-</literal> or <literal>+</literal>, referring to times before or
-    after the current time.
-   </para>
-   <para>
-    Show only new messages since now, and update the output continuously:
-   </para>
-<screen>&prompt.sudo;journalctl --since "now" -f</screen>
-   <para>
-    Show all messages since last midnight till 3:20am:
-   </para>
-<screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen>
-  </section>
-  <section xml:id="sec-journalctl-filter-fields">
-   <title>Filtering based on fields</title>
-   <para>
-    You can filter the output of the journal by specific fields. The syntax of
-    a field to be matched is <literal>FIELD_NAME=MATCHED_VALUE</literal>, such
-    as <literal>_SYSTEMD_UNIT=httpd.service</literal>. You can specify multiple
-    matches in a single query to filter the output messages even more. See
-    <command>man 7 systemd.journal-fields</command> for a list of default
-    fields.
-   </para>
-   <para>
-    Show messages produced by a specific process ID:
-   </para>
-<screen>&prompt.sudo;journalctl _PID=1039</screen>
-   <para>
-    Show messages belonging to a specific user ID:
-   </para>
-<screen># journalctl _UID=1000</screen>
-   <para>
-    Show messages from the kernel ring buffer (the same as
-    <command>dmesg</command> displays):
-   </para>
-<screen>&prompt.sudo;journalctl _TRANSPORT=kernel</screen>
-   <para>
-    Show messages from the service's standard or error output:
-   </para>
-<screen>&prompt.sudo;journalctl _TRANSPORT=stdout</screen>
-   <para>
-    Show messages produced by a specified service only:
-   </para>
-<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service</screen>
-   <para>
-    If two different fields are specified, only entries that match both
-    expressions at the same time are shown:
-   </para>
-<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1488</screen>
-   <para>
-    If two matches refer to the same field, all entries matching either
-    expression are shown:
-   </para>
-<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</screen>
-   <para>
-    You can use the <literal>+</literal> separator to combine two expressions in
-    a logical <literal>OR</literal>. The following example shows all messages
-    from the Avahi service process with the process ID 1480 together with all
-    messages from the D-Bus service:
-   </para>
-<screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen>
-  </section> 
-</section>
 </topic>

references/journalctl-usage.xml

@@ -18,7 +18,7 @@
  xmlns:trans="http://docbook.org/ns/transclusion">
 
  <info>
-  <title><command>journalctl</command> usage</title>
+  <title>Using <command>journalctl</command></title>
   <abstract>
     <para>
    Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
@@ -31,7 +31,7 @@
    You can run the <command>journalctl</command>:
   </para>
    <section xml:id="sec-journalctl-usage">
-  <title>Using <command>journalctl</command>sage</title>
+  <title>Use <command>journalctl</command></title>
   <para>
    Running the <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like less) for easy navigation.
   </para>
@@ -77,8 +77,7 @@
     <listitem>
      <para>
       Shows only kernel messages. This is equivalent to the field match
-      <literal>_TRANSPORT=kernel</literal> (see
-      <xref linkend="sec-journalctl-filter-fields"/>).
+      <literal>_TRANSPORT=kernel</literal>.
      </para>
     </listitem>
    </varlistentry>
@@ -88,8 +87,7 @@
      <para>
       Shows only messages for the specified &systemd; unit. This is equivalent
       to the field match
-      <literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal> (see
-      <xref linkend="sec-journalctl-filter-fields"/>).
+      <literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal>.
      </para>
 <screen>&prompt.sudo;journalctl -u apache2</screen>
     </listitem>

tasks/journald-filter-journals.xml

@@ -8,15 +8,15 @@
 <!-- point back to this document with a similar comment added to your legacy doc piece -->
 <!-- refer to README.md for file and id naming conventions -->
 <!-- metadata is dealt with on the assembly level -->
-<topic xml:id="journal-configure-journald"
+<topic xml:id="journal-filter-journals"
  role="task" xml:lang="en"
  xmlns="http://docbook.org/ns/docbook" version="5.2"
  xmlns:its="http://www.w3.org/2005/11/its"
  xmlns:xi="http://www.w3.org/2001/XInclude"
  xmlns:xlink="http://www.w3.org/1999/xlink"
  xmlns:trans="http://docbook.org/ns/transclusion">
   <info>
-    <title>Filter the journal output</title><!-- can be changed via merge
+    <title>Filtering the journal output</title><!-- can be changed via merge
 in the assembly -->
     <!-- add author's e-mail -->
     <meta name="maintainer" content="[email protected]" its:translate="no"/>
@@ -30,8 +30,59 @@ in the assembly -->
   <para>
     You can filter journals based on boot number, time interval, and fields.
   </para>
-  <procedure>
-    <title>Filtering journals</title>
-    
-  </procedure>
+    <procedure>
+      <title>Filtering journals</title>
+       <step><para>Filter logs based on specific system boot:</para>
+        <itemizedlist>
+          <listitem>
+            <para>List all the available boots:</para>
+              <screen>&prompt.sudo;journalctl --list-boots</screen>
+            <para>The first column lists the boot offset: <literal>0</literal> for the current boot, <literal>-1</literal> for the previous one,
+    <literal>-2</literal> for the one before that, etc. The second column contains the boot ID followed by the limiting time stamps of the specific
+    boot.</para>
+          </listitem>
+          <listitem><para>Show all messages from the current boot:</para>
+            <screen>&prompt.sudo;journalctl -b</screen></listitem>
+          <listitem><para>To view journal messages from the previous boot, add an offset
+    parameter. The following example command shows the previous boot messages:</para>
+            <screen>&prompt.sudo;journalctl -b -1</screen></listitem>
+          <listitem><para>To view boot messages based on the boot ID, <literal>156019a44a774a0bb0148a92df4af81b</literal>:</para>
+            <screen>&prompt.sudo;journalctl _BOOT_ID=156019a44a774a0bb0148a92df4af81b</screen></listitem>
+  </itemizedlist></step>
+        <step><para>Filter logs based on time interval</para>
+              <para>You can filter the output of <command>journalctl</command> by specifying the starting and/or ending date. The date specification should be of the format<literal>YYYY-MM-DD H:MM:SS</literal>. If the time part is omitted, midnight is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If the date part is omitted, the current day is assumed. Instead of numeric expression, you can specify the keywords <literal>yesterday</literal>,
+    <literal>today</literal> or <literal>tomorrow</literal>. They refer to midnight of the day before the current day, of the current day, or of the day after the current day. If you specify <literal>now</literal>, it refers to the current time. You can also specify relative times prefixed with <literal>-</literal> or <literal>+</literal>, referring to times before or after the current time.</para>
+          <itemizedlist>
+            <listitem>
+              <para>To view only new messages since now, and update the output continuously:</para>
+              <screen>&prompt.sudo;journalctl --since "now" -f</screen></listitem>
+            <listitem><para>To view all messages since last midnight till <literal>3:20am</literal>:</para>
+              <screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen></listitem>
+          </itemizedlist>
+        </step>
+        <step><para>Filter logs based on fields</para>
+          <para>You can filter the output of the journal by specific fields. The syntax of a field to be matched is <literal>FIELD_NAME=MATCHED_VALUE</literal>, such
+    as <literal>_SYSTEMD_UNIT=httpd.service</literal>. You can specify multiple matches in a single query to filter the output messages even more. See
+    <command>man 7 systemd.journal-fields</command> for a list of default fields.</para>
+          <itemizedlist>
+            <listitem>
+              <para>To view messages produced by a specific process ID, for example <literal>PID_1039</literal>:</para>
+<screen>&prompt.sudo;journalctl _PID=1039</screen></listitem>
+            <listitem><para>To view messages belonging to a specific user ID, for example <literal>UID_1000</literal>:</para>
+              <screen># journalctl _UID=1000</screen></listitem>
+            <listitem><para>To view messages from the kernel ring buffer (the same as <command>dmesg</command> displays):</para>
+              <screen>&prompt.sudo;journalctl _TRANSPORT=kernel</screen></listitem>
+            <listitem><para>To view messages from the service's standard or error output:</para>
+              <screen>&prompt.sudo;journalctl _TRANSPORT=stdout</screen></listitem>
+            <listitem><para>To view messages produced by a specified service only:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service</screen>
+              <para>If two different fields are specified, only entries that match both expressions at the same time are shown:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1488</screen>
+              <para>If two matches refer to the same field, all entries matching either expression are shown:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</screen>
+              <para>You can use the <literal>+</literal> separator to combine two expressions in a logical <literal>OR</literal>. The following example shows all messages from the Avahi service process with the process ID 1480 together with all messages from the D-Bus service:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen></listitem>
+            </itemizedlist>
+    </step>
+</procedure>
 </topic>