By Splunk October 07, 2007
This is an easy-to-follow tutorial for charting battery usage on your Mac laptop with a small shell script and Splunk. Watching your battery charge is as exciting as watching paint dry, but analyzing it over time is pretty interesting. You may discover a few things about the software you run – like it eats your battery’s amps for desert.
A friend of mine, Sean Dick, showed me a version of this idea using Splunk on Linux and a program called ‘apci’. As I’m a Mac fanboy of sorts, I dug up a shell script for the Mac that will print out a single logfile-like line containing laptop battery information, including amp draw, amp-hours left, and more. It’s aptly named ‘battery’, and you can download it here.
I suggest you put battery in a directory under your home directory, say something called ‘scripts’. Head into ‘terminal’ to start the dirty work.
Here’s an example output line from ‘battery short’:
G4:~ kord$ ./scripts/battery short
2007-10-07 18:34:27 1 _________i__ 11.232V -1.454A 2.788Ah of 4.720Ah (59.1%) of 4.400Ah (107.3%) 13 cycles
The line of underscores with an ‘i’ in it are the battery flags set. ‘i’ means my battery is installed. Duh. Other flags include whether the lid is closed, the battery is on fire, or it’s just on the charger. See the battery.rtf file for more information on the flags. I have a G4 laptop, but just got my battery replaced for free! Only 13 cycles on it so far!
Splunk eats logfiles, so you’ll need to get a logfile rolling on your battery output. I’m going to assume you know how to use vi (text editor) do the rest of this work.
You’ll need to set up a cronjob to create the logfile and continue logging to it every so often. Switch to root and create a logfile for battery in /var/log:
G4:~ kord$ su
Password:
G4:/Users/kord root# cd /var/log
G4:/var/log root# touch battery.log
G4:/var/log root# chown kord battery.log
G4:/var/log root# ls -la battery.log
-rw-r--r-- 1 kord wheel 0 Oct 7 18:45 battery.log
G4:/var/log root# exit
G4:~ kord$
Now use ‘crontab -e’ and put in a line that looks something like the second line of this:
G4:~ kord$ crontab -l
* * * * * /Users/kord/scripts/battery short >> /var/log/battery.log
That will cause the battery script to run once a minute and append it to the battery.log file in the log directory. After a few minutes tail the logfile with ‘tail /var/log/battery.log’ and make sure you’ve got data in there. Also, I’ve edited my own crontab, but you could elect to do it as root (thus skipping the chown step above).
Obviously you will need Splunk installed to chart the battery usage out of the logfiles. If you haven’t installed it already, there’s a free version up on the website you can download. Follow the instructions for installing it on OSX.
Assuming that you installed Splunk in in ‘/Applications/splunk/’ you can do the following to start it:
G4:~ root# cd /Applications/splunk
G4:/Applications/splunk root# export SPLUNK_HOME='/Applications/splunk/'
G4:/Applications/splunk root# ./bin/splunk start
Now you’ll need to download my addon for Splunk, which is basically a bundle of configuration files. For reference, I also put the battery script in the tar file, along with an example crontab file. To get the bundle in the right place, start by un-taring it:
G4:~ kord$ tar xvfz battery.tar.gz
battery/
battery/addon.conf
battery/bin/
battery/bin/battery
battery/bin/battery.rtf
battery/bin/crontab.example
battery/props.conf
battery/screenshot.jpg
battery/transforms.conf
Now move it to the correct location in Splunk’s directory:
G4:~ kord$ su
Password:
G4:/Users/kord root# mv battery /Applications/splunk/etc/bundles/
And restart Splunk now:
G4:/Users/kord root# /Applications/splunk/bin/splunk restart
We’ll spend the rest of our time in a browser, using Splunk’s kick-ass web interface.
If you left the default port alone, you should be able to fire up Firefox and hit http://localhost:8000 and see the initial login screen (or not if you are using the free version). I’ll leave the particulars of getting to the initial search interface on Splunk to you.
Add the battery.log file to the list of files Splunk monitors. Click on ‘admin’, then click on the ‘data inputs’ tab. Click on the ‘Add input’ link to the right of ‘Files & Directories’ at the bottom. Leave the data access to ‘tail’ and give the full path to the logfile – ‘/var/log/battery.log’ in my example above. Host can be constant, DNS name doesn’t matter, and set the source type pulldown to ‘_battery’. Remember, this sourcetype won’t be in the list until you install the battery bundle.
Click on ‘add’ to add the source type. Go get a cup of coffee while Splunk eats this and other files on your computer and builds the index.
Back from the caffeine, you should now click on the ‘splunk>’ logo at the top left. Type in the following in the search bar, sans the quotes: ‘source::/var/log/battery.log’. Click on the ‘fields’ pulldown on the left and check a few extracted fields, such as battery_ah_remaining, battery_draw, battery_percent, and battery_volts. Click on ‘fields’ again to close and reload with the extracted fields showing.
You should get something that looks like this:
If you have about an hour’s or so data logged, try entering ‘source::/var/log/battery.log | timechart avg(battery_draw)’ in the search box at the top to generate a report for the last 60 minutes.
Here’s what my amp draw looks like for the last 3 hours:
The move ‘up’ in the graph halfway through is actually a drop in amps drawn on the battery when I restarted Firefox. The cause? Firefox had a Flash game running in another tab, and it had eventually heated up the processor enough to kick on the fans!
Here’s another one, showing the evidence of me having a newer battery installed – almost five hours of continuous usage after 4PM, with only a few screen sleeps:
It’s interesting how the laptop charges at a rate almost the same as it discharges. It preserves battery life doing it that way, especially with the new lithium-polymer batteries.
See what else you can dig up about your battery. Try charting with some of the flags that are set – like how often the charger is on the laptop, or what the draw rate is if you have the screen clamshell closed.