From sosreport
Analyzes a sosreport archive to identify system issues, configuration problems, and failure causes across logs, resources, network, and system-config areas.
How this command is triggered — by the user, by Claude, or both
Slash command
/sosreport:analyze <path-to-sosreport> [--only <areas>] [--skip <areas>]The summary Claude sees in its command listing — used to decide when to auto-load this command
## Name sosreport:analyze ## Synopsis **Analysis Areas:** - **`logs`**: Analyze system and application logs (journald, syslog, dmesg, application logs) - Identifies errors, warnings, critical messages - Detects OOM killer events, kernel panics, segfaults - Counts and categorizes errors by severity - Provides timeline of critical events - **`resources`**: Analyze system resource usage (memory, CPU, disk, processes) - Memory usage, swap, and pressure indicators - CPU information and load averages - Disk usage and filesystem capacity - Top resource consumers and zombie pro...
sosreport:analyze
/sosreport:analyze <path-to-sosreport> [--only <areas>] [--skip <areas>]
Analysis Areas:
logs: Analyze system and application logs (journald, syslog, dmesg, application logs)
resources: Analyze system resource usage (memory, CPU, disk, processes)
network: Analyze network configuration and connectivity
system-config: Analyze system configuration (packages, services, security)
The sosreport:analyze command performs comprehensive analysis of a sosreport archive (from https://github.com/sosreport/sos) to identify system issues, configuration problems, and potential causes of failures. It examines system logs, resource usage, network configuration, installed packages, and other diagnostic data collected by sosreport.
By default, all analysis areas are executed. Use --only to run specific areas or --skip to exclude areas from analysis.
$1 (required): Path to the sosreport archive file (.tar.gz or .tar.xz) or extracted directory--only <areas> (optional): Comma-separated list of analysis areas to run. Valid areas: logs, resources, network, system-config. If not specified, all areas are analyzed.--skip <areas> (optional): Comma-separated list of analysis areas to skip. Valid areas: logs, resources, network, system-config. Cannot be used with --only.The sosreport analysis is organized into several specialized phases, each with detailed implementation guidance in separate skill documents. The command supports selective analysis through optional arguments.
Parse command-line arguments
--only flag and parse comma-separated areas--skip flag and parse comma-separated areas--only and --skip are not used togetherValidate analysis areas
logs, resources, network, system-configsystem for system-config)Determine which skills to run
--only specified: Run only the specified skills--skip specified: Run all skills except the specified onesExample argument parsing:
# Parse: /sosreport:analyze /path/sos.tar.gz --only logs,network
# Result: Run only logs-analysis and network-analysis skills
# Parse: /sosreport:analyze /path/sos.tar.gz --skip resources
# Result: Run logs, network, and system-config (skip resources)
# Parse: /sosreport:analyze /path/sos.tar.gz
# Result: Run all skills (comprehensive analysis)
Check if path exists
Extract archive if needed
.tar.gz or .tar.xz file:
.work/sosreport-analyze/{timestamp}/tar -xf <path> -C .work/sosreport-analyze/{timestamp}/sos_commands/, sos_logs/, etc.)Identify sosreport structure
sosreport-{hostname}-{date}/)sos_commands/, sos_logs/, sos_reports/Run condition: Only if logs area is selected (or no filters specified)
Detailed implementation: See plugins/sosreport/skills/logs-analysis/SKILL.md
Perform comprehensive log analysis including:
Key outputs:
Run condition: Only if resources area is selected (or no filters specified)
Detailed implementation: See plugins/sosreport/skills/resource-analysis/SKILL.md
Perform resource analysis including:
Key outputs:
Run condition: Only if network area is selected (or no filters specified)
Detailed implementation: See plugins/sosreport/skills/network-analysis/SKILL.md
Perform network analysis including:
Key outputs:
Run condition: Only if system-config area is selected (or no filters specified)
Detailed implementation: See plugins/sosreport/skills/system-config-analysis/SKILL.md
Perform system configuration analysis including:
Key outputs:
Create findings structure
Display summary in terminal
Format output
SOSREPORT ANALYSIS SUMMARY
==========================
System: {hostname}
Report Date: {date}
OS: {os_version}
Kernel: {kernel_version}
CRITICAL ISSUES (count)
-----------------------
- [Issue description with file reference]
HIGH PRIORITY (count)
---------------------
- [Issue description with file reference]
MEDIUM PRIORITY (count)
-----------------------
- [Issue description with file reference]
RESOURCE SUMMARY
----------------
- Memory: X GB used / Y GB total (Z% used)
- Disk: Most full filesystem at X%
- Load Average: X.XX, X.XX, X.XX
TOP ERRORS IN LOGS
------------------
1. [Error message] (count occurrences)
2. [Error message] (count occurrences)
FAILED SERVICES
---------------
- [service name]: [reason]
RECOMMENDATIONS
---------------
1. [Actionable recommendation]
2. [Actionable recommendation]
ANALYSIS LOCATION
-----------------
Extracted to: {extraction_path}
Interactive drill-down
Comprehensive analysis (default):
/sosreport:analyze /tmp/sosreport-server01-2024-01-15.tar.xz
Extracts archive to .work/sosreport-analyze/{timestamp}/ and performs comprehensive analysis using all skills (logs, resources, network, system-config).
Analyze only logs and network:
/sosreport:analyze /tmp/sosreport-server01-2024-01-15.tar.xz --only logs,network
Performs only log analysis and network analysis. Useful when investigating connectivity or service issues without needing full resource analysis.
Skip resource analysis:
/sosreport:analyze /tmp/sosreport.tar.gz --skip resources
Performs all analysis except resource analysis. Useful when you already know resource metrics and want to focus on configuration and logs.
Quick log-only analysis:
/sosreport:analyze /tmp/sosreport.tar.xz --only logs
Performs only log analysis. Fastest option for quickly identifying errors and critical events without analyzing configuration or resources.
Analyze extracted sosreport directory:
/sosreport:analyze /tmp/sosreport-server01-2024-01-15/
Analyzes an already extracted sosreport directory with comprehensive analysis.
Selective analysis on extracted directory:
/sosreport:analyze /tmp/sosreport-server01-2024-01-15/ --only system-config,network
Analyzes only system configuration and network from an already extracted directory.
Follow-up investigation:
User: /sosreport:analyze /tmp/sosreport.tar.gz --only logs
Agent: [Shows log analysis summary]
User: Can you now analyze the resources as well?
Agent: /sosreport:analyze /tmp/sosreport.tar.gz --only resources
Agent: [Shows resource analysis]
--only or --skip to run specific analysis areas for faster resultslogs, resources, network, system-configtar utility: Required for extracting compressed sosreports
which tarSufficient disk space: Extracted sosreports can be large
df -h .work/plugins/sosreport/skills/logs-analysis/SKILL.md - Detailed guidance for analyzing system and application logsplugins/sosreport/skills/resource-analysis/SKILL.md - Detailed guidance for analyzing memory, CPU, disk, and processesplugins/sosreport/skills/network-analysis/SKILL.md - Detailed guidance for analyzing network configuration and connectivityplugins/sosreport/skills/system-config-analysis/SKILL.md - Detailed guidance for analyzing packages, services, and security settingsnpx claudepluginhub bryan-cox/ai-helpers --plugin sosreport22plugins reuse this command
First indexed Jan 1, 2026
Showing the 6 earliest of 22 plugins
/analyzeAnalyzes a sosreport archive to identify system issues, configuration problems, and failure causes across logs, resources, network, and system-config areas.
/analyze-node-tuningAnalyzes kernel/sysctl tuning from a live OpenShift node or extracted sosreport, then produces actionable Node Tuning Operator recommendations in JSON or Markdown.
/investigatorDiagnoses bugs and incidents through root-cause analysis, gathering evidence before proposing any fix. Triggers on keywords like bug, debug, investigate, or incident.
/analyzeScans codebase for quality, security, performance, and architecture issues, generating severity-rated findings, actionable recommendations, and a summary report. Supports focused analysis on specific domains and custom depth/format.
/analyzeRuns a multi-dimensional repository health analysis measuring code complexity, git churn, and test coverage gaps, then produces a prioritized report with actionable recommendations.