Join/Merge Multiple Log Files For Big Data Analysis

Normally log automatically should grow as big possible. But we use logrotate which does the opposite action as running cat and other tools on SSH over big files consumes memory, time and often difficult to do what we want. Also, old files are compressed. Here are the ways to join/merge multiple log files for big data analysis, store them to openstack based cloud storage and delete old files.

Join/Merge Multiple Log Files For Big Data Analysis

To test this method, you can go to /var/log/ and your web server’s directory like /var/log/nginx or /var/log/apache2. There will be access.log files. In order to get a list of filenames sorted by time listed by newest first, you can run this command :

Normally we can run cat to concat files in this fashish :

But more that access.log.1 become compressed, which we can list by running this command :

Which will give this kind of output :

To make it practical, we will create a directory named access_combo :

Then move all the files to that directory :

Move the current access.log back, properly chown and restart web server :

echo " " > /var/log/apache2/access.log command empties a file.

For the compressed files, we can use zcat instead of cat like :

As only two files are uncompressed in our case, we can compress them and delete the original :

Now if you run ls -t, you’ll get a sorted, same format list of files :

We can simply merge them them with a time stamp :

The command will take some time. However, I will suggest a manual work as possibly you need a manual check of dates of each files, access.log.1.gz not newest. access.log.14.gz is oldest in out case.

We can rename with date stamp :

Now, we do not need the old compressed files :

The total thing appearing many commands but we can create a small bash script to make it automated except the last step to merge :