On 03/03/2016 03:42 PM, Ruediger Meier wrote:
Hehe this comparision is even better. :)
$ time grep "sshd" /var/log/messages | wc -l 34755
real 0m0.066s user 0m0.052s sys 0m0.016s
$ time journalctl --no-pager _COMM=sshd | wc -l 34945
real 0m2.097s user 0m1.916s sys 0m0.168s
Note that this journal is stored in RAM. What is RAM speed today? 10-20GB/s? Journald is able to show 7MB/s. Congratulations.
Actually, thinking about it, that doesn't surprise me at all. Firstly, grep is really about regular expressions. you've given it a single fixed string, not a regular expression. Asking it to look for "s\{2\}[Hh]\{1\}[^A-Za-ce-z]" is also valid but is going to be a more demanding and hence slower evaluation (I how I've got the RE right) Secondly, anyone who has had to deal with relational databases, that is ones where the query is based on arbitrary fields, know that the setup time is what dominates. The setup time for a single value of a field and for a number of different values of the same field is going to be about the same. And of course there's then formatting for IO. The original question had a RE for grep, not a single value, and a multiple OR for the same field for journalctl. That's quite a different balance between setup and evaluation from your example above. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org