Docs / Monitoring & Logging / Log Analysis with grep awk and jq

Log Analysis with grep awk and jq

By Admin · Feb 25, 2026 · Updated Apr 23, 2026 · 27 views · 1 min read

Nginx Access Log Analysis

# Top 10 most visited pages
awk '{print $7}' /var/log/nginx/access.log | sort | uniq -c | sort -rn | head -10

# Top 10 IPs by request count
awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -rn | head -10

# 404 errors
awk '$9 == 404 {print $7}' /var/log/nginx/access.log | sort | uniq -c | sort -rn

# 5xx errors
awk '$9 >= 500 {print $9, $7}' /var/log/nginx/access.log | sort | uniq -c | sort -rn

# Requests per hour
awk '{print $4}' /var/log/nginx/access.log | cut -d: -f1,2 | uniq -c

Authentication Log Analysis

# Failed SSH login attempts
grep "Failed password" /var/log/auth.log | awk '{print $(NF-3)}' | sort | uniq -c | sort -rn | head -10

# Successful logins
grep "Accepted" /var/log/auth.log | awk '{print $1, $2, $3, $9, $11}'

JSON Log Processing with jq

# Parse JSON log lines
cat app.log | jq '.level'

# Filter errors
cat app.log | jq 'select(.level == "error")'

# Extract specific fields
cat app.log | jq '{timestamp: .time, message: .msg, status: .status}'

# Count by status code
cat app.log | jq -r '.status' | sort | uniq -c | sort -rn

Was this article helpful?

Related Articles