|
Size: 3579
Comment:
|
Size: 4541
Comment: Major clean-up. There were several substantial errors.
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
| == What is buffering? Or, Why does my command line produce no output: tail -f logfile | grep 'foo bar' == | == What is buffering? Or, why does my command line produce no output: tail -f logfile | grep 'foo bar' | awk ... == |
| Line 4: | Line 4: |
| This means that they don't write each character (or even each line) as the input arrives, | This means that they don't write each character (or even each line) immediately, |
| Line 7: | Line 7: |
| In the case above, the {{{tail}}} command buffers its output, and therefore {{{grep}}} only gets its input in e.g. 4K blocks. |
In the case above, the {{{grep}}} command buffers its output, and therefore {{{awk}}} only gets its input in large chunks. |
| Line 13: | Line 13: |
| but when commands are in scripts, functions, or part of a complicated set of pipes, the command might not recognize that the final output is needed in (near-)real-time. |
but when a command is part of a complicated pipeline, the command might not recognize that the final output is needed in (near) real time. |
| Line 16: | Line 16: |
The most important thing to understand about buffering is that it's the ''writer'' who's doing it, not the reader. ==== Eliminate unnecessary commands ==== In the question, we have the pipeline `tail -f logfile | grep 'foo bar' | awk ...` (with the actual AWK command being unspecified). There is no problem if we simply run `tail -f logfile`, because `tail -f` never buffers its output. Nor is there a problem if we run `tail -f logfile | grep 'foo bar'` interactively, because `grep` does not buffer its output if its standard output is a terminal. However, if the output of `grep` is being piped into something else (such as an AWK command), it starts buffering to improve efficiency. In this particular example, the `grep` is actually redundant. We can remove it, and have AWK perform the filtering in addition to whatever else it's doing: {{{ tail -f logfile | awk '/foo bar/ ...' }}} In other cases, this sort of consolidation may not be possible. But you should always look for the simplest solution first. |
|
| Line 25: | Line 38: |
| Each command that writes to a pipe would have to be told to disable buffering, in order for the entire pipeline to run in (near) real time. The last command in the pipeline, if it's writing to a terminal, will not typically need any special consideration. |
|
| Line 32: | Line 47: |
| unbuffer tail -f logfile | grep 'foo bar' | tail -f logfile | unbuffer grep 'foo bar' | awk ... |
| Line 36: | Line 51: |
| ==== tee ==== At least the GNU version of `tee` appears to produce unbuffered output. For example: {{{ $ program | tee -a program.log In another window: $ tail -f program.log | grep whatever }}} This has only been tested on GNU `tee`, so [[http://en.wiktionary.org/wiki/your_mileage_may_vary|YMMV]]. |
|
| Line 48: | Line 53: |
| rather than filter out non-matching lines, you can use the `less` program instead of Bash: | rather than filter out non-matching lines, you can use the `less` program instead of a filtered `tail -f`: |
| Line 50: | Line 55: |
| $ less program.log | $ less program.log |
What is buffering? Or, why does my command line produce no output: tail -f logfile | grep 'foo bar' | awk ...
Most standard Unix commands buffer their output when used non-interactively. This means that they don't write each character (or even each line) immediately, but instead collect a larger number of characters (often 4 kilobytes) before printing anything at all. In the case above, the grep command buffers its output, and therefore awk only gets its input in large chunks.
Buffering greatly increases the efficiency of I/O operations, and it's usually done in a way that doesn't visibly affect the user. A simple tail -f from an interactive terminal session works just fine, but when a command is part of a complicated pipeline, the command might not recognize that the final output is needed in (near) real time. Fortunately, there are several techniques available for controlling I/O buffering behavior.
The most important thing to understand about buffering is that it's the writer who's doing it, not the reader.
Eliminate unnecessary commands
In the question, we have the pipeline tail -f logfile | grep 'foo bar' | awk ... (with the actual AWK command being unspecified). There is no problem if we simply run tail -f logfile, because tail -f never buffers its output. Nor is there a problem if we run tail -f logfile | grep 'foo bar' interactively, because grep does not buffer its output if its standard output is a terminal. However, if the output of grep is being piped into something else (such as an AWK command), it starts buffering to improve efficiency.
In this particular example, the grep is actually redundant. We can remove it, and have AWK perform the filtering in addition to whatever else it's doing:
tail -f logfile | awk '/foo bar/ ...'
In other cases, this sort of consolidation may not be possible. But you should always look for the simplest solution first.
Your command may already support unbuffered output
Some programs provide special command line options specifically for this sort of problem:
grep (e.g. GNU version 2.5.1) |
--line-buffered |
sed (e.g. GNU version 4.0.6) |
-u,--unbuffered |
awk (some GNU versions) |
-W interactive, or use the fflush() function |
tcpdump, tethereal |
-l |
Each command that writes to a pipe would have to be told to disable buffering, in order for the entire pipeline to run in (near) real time. The last command in the pipeline, if it's writing to a terminal, will not typically need any special consideration.
unbuffer
The expect package has an unbuffer program which effectively tricks other programs into always behaving as if they were being used interactively (which may often disable buffering). Here's a simple example:
tail -f logfile | unbuffer grep 'foo bar' | awk ...
expect and unbuffer are not standard POSIX tools, but they may already be installed on your system.
less
If you simply wanted to highlight the search term, rather than filter out non-matching lines, you can use the less program instead of a filtered tail -f:
$ less program.log
Inside less, start a search with the '/' command (similar to searching in vi).
- This should highlight any instances of the search term.
Now put less into "follow" mode, which by default is bound to shift+f.
- You should get an unfiltered tail of the specified file, with the search term highlighted.
"follow" mode is stopped with an interrupt, which is probably control+c on your system. The '/' command accepts regular expressions, so you could do things like highlight the entire line on which a term appears. For details, consult man less.
coproc
If you're using ksh or Bash 4.0+, whatever you're really trying to do with tail -f might benefit from using coproc and fflush() to create a coprocess. Note well that coproc does not itself address buffering issues (in fact it's prone to buffering problems -- hence the reference to fflush). coproc is only mentioned here because whenever someone is trying to continuously monitor and react to a still-growing file (or pipe), they might be trying to do something which would benefit from coprocesses.