Quick Tip

Master `journalctl` Time Filtering for Instant Log Insights

Challenge: When troubleshooting issues on a RHEL or Ubuntu system, you often need to sift through large log files to find events within a specific time frame. Manually scrolling or grepping can be inefficient.

The Solution: Use the `journalctl` command with its powerful time filtering options.

journalctl --since "2 hours ago" --until "now" -u sshd

Why it works: The `–since` and `–until` flags allow you to specify a time range (e.g., “2 hours ago”, “yesterday”, “2023-10-27 10:00:00”). The `-u` flag filters logs for a specific systemd unit, like `sshd`.

Pro-Tip: You can also use relative times like “1h”, “30m”, or specific dates like “2023-10-27”.

Linux Tips & Tricks | © ngelinux.com | 4/27/2026