I'm using Ubuntu 16.04 and I am seeing some strange behavior when analyzing journalctl logs.
Here's unfiltered output (I used json output to hopefully include all relevant fields):
$ journalctl -o json-pretty --since "2018-01-11 12:00:00" --until "2018-01-11 12:00:05" { "__CURSOR" : "s=bac060082d1c447a972958f176cdcec7;i=1d2a2e;b=a948062f9f0b4091ae299c0523a99111;m=337bc483bf3;t=5627c5f8a3bae;x=7fd2518d6b70b9d", "__REALTIME_TIMESTAMP" : "1515661201914798", "__MONOTONIC_TIMESTAMP" : "3537916935155", "_BOOT_ID" : "a948062f9f0b4091ae299c0523a99111", "_TRANSPORT" : "stdout", "PRIORITY" : "6", "SYSLOG_FACILITY" : "3", "SYSLOG_IDENTIFIER" : "start.sh", "_PID" : "6474", "_UID" : "1000", "_GID" : "1000", "_COMM" : "start.sh", "_EXE" : "/bin/bash", "_CMDLINE" : "/bin/bash /usr/local/malibu/start.sh", "_CAP_EFFECTIVE" : "0", "_SYSTEMD_CGROUP" : "/system.slice/malibu.service", "_SYSTEMD_UNIT" : "malibu.service", "_SYSTEMD_SLICE" : "system.slice", "_MACHINE_ID" : "f03ff2ad269ea529c82323dd57f29b00", "_HOSTNAME" : "terminal", "MESSAGE" : "2018-01-11 12:00:01.914 DEBUG: malibu.devices.validator.ValidatorPortService$ - health check succeeded" } As you can see, the output contains a single log message.
But if I add filter by unit name (-u malibu.service), this message disappears:
$ journalctl -u malibu.service -o json-pretty --since "2018-01-11 12:00:00" --until "2018-01-11 12:00:05" The unit name is exactly equal to _SYSTEMD_UNIT field in unfiltered output. Why journalctl does not display it in the filtered version?
EDIT: Turns out I was using old version of systemd - 229, while latest is 236, and using newer journalctl fixes this problem. Unfortunately, 229 is the latest available systemd version for 16.04 LTS, so I do not see a sensible workaround for the issue (apart from building latest systemd in user-space and using freshly built journalctl binary directly).
