How to Filter Keywords Like “ELB”, “Pingdom”, “Health” in Real-Time Logs Using tail -f


2 views

When monitoring application logs in real-time using tail -f, we often encounter irrelevant entries that clutter our view. Common examples include:

  • Load balancer health checks ("ELB")
  • External monitoring pings ("Pingdom")
  • Application health endpoints ("Health")

The most efficient solution combines tail -f with grep's filtering capabilities:

tail -f application.log | grep -v -E "ELB|Pingdom|Health"

Breaking this down:

  • -v inverts the match (excludes lines)
  • -E enables extended regex patterns
  • The pipe-separated list contains our exclusion terms

For more complex scenarios, we can enhance our filtering:

Case-Insensitive Matching

tail -f application.log | grep -vi -E "elb|pingdom|health"

Multiple Exclusions with Context

tail -f application.log | grep -v -E "ELB|Pingdom|Health" | grep --color -C 2 "ERROR"

Persistent Filtering with watch

watch -n 5 "tail -n 50 application.log | grep -v -E 'ELB|Pingdom|Health'"

When grep isn't sufficient, consider these alternatives:

Using awk for Field-Specific Filtering

tail -f application.log | awk '!($0 ~ /ELB|Pingdom|Health/)'

Combining Multiple Filters

tail -f application.log | grep -v "ELB" | grep -v "Pingdom" | grep -v "Health"

For persistent filtering needs:

Create a Bash Function

function clean_tail() {
    tail -f "$1" | grep -v -E "ELB|Pingdom|Health"
}

Make an Alias

alias cleantail='tail -f $1 | grep -v -E "ELB|Pingdom|Health"'

Here's how I filter AWS application logs:

tail -f /var/log/tomcat/catalina.out | grep -vi -E "ELB-HealthChecker|Pingdom|HealthCheckServlet"

This effectively removes:

  • AWS load balancer health checks
  • Pingdom monitoring requests
  • Application health endpoint accesses

When monitoring application logs in real-time using tail -f, we often encounter excessive noise from automated systems like load balancers (ELB), monitoring tools (Pingdom), or health checks. These entries can overwhelm the useful information we actually need to see.

The most efficient solution combines tail -f with grep -v (inverse matching) to exclude unwanted patterns:

tail -f application.log | grep -v -E "ELB|Pingdom|Health"

The -E flag enables extended regular expressions, while -v inverts the match to exclude rather than include.

For more complex scenarios, consider these variants:


# Case-insensitive filtering
tail -f app.log | grep -vi "elb\|pingdom\|health"

# Multiple log files with exclusion
tail -f *.log | grep -v -E "ELB|Pingdom|Health"

# Combining inclusion and exclusion
tail -f debug.log | grep "Error" | grep -v "HealthCheck"

When you need to both monitor and save filtered output:

tail -f production.log | grep -v -E "ELB|Pingdom" | tee filtered_output.log

For more sophisticated filtering, consider these tools:

  • ack - Perl-based grep replacement
  • ag (The Silver Searcher) - Faster for large logs
  • multitail - Colorized, multi-window log monitoring

For high-volume logs, these optimizations help:


# Use fixed strings for faster matching
tail -f app.log | grep -vF "ELB"

# Combine multiple greps for complex filters
tail -f app.log | grep -v "ELB" | grep -v "Pingdom"