-   Linux - General (
-   -   awk script to get minute changes (

GenericLinuxUser 02-08-2013 04:04 PM

awk script to get minute changes
I troubleshoot software and review text log files with time stamps and procedure calls. I am often in a position where it would be good (if not essential) to see when a procedure is taking a long time. I created an awk one-liner with egerp (as a learning exercise) that will scan for when a time increments by a minute and then output that line and the previous line from the last minute to a file. I applied this for the /var/log/messages here but naturally you can use this for any file with times (or numbers). For example, here I it went from 04 to 16, 16 to 39 and 39 to 43...

Feb 3 01:04:12 root nmbd[3686]: server01 42849003 (Citrix PS 4.5)
Feb 3 01:16:12 root xinetd[3504]: START: telnet pid=5273 from=

Feb 3 01:16:14 root xinetd[3504]: EXIT: telnet status=0 pid=2434 duration=1835(sec)
Feb 3 01:39:48 root ntpd[3522]: synchronized to LOCAL(0), stratum 10

Feb 3 01:39:48 root ntpd[3522]: synchronized to LOCAL(0), stratum 10
Feb 3 01:43:26 root xinetd[3504]: START: telnet pid=26276 from=

I have no questions, I've gotten help here before and thought I'd pay it forward a little. I was unable to find something like this using awk on the Internet (its hard to word the search however) so perhaps someone will find this useful. I'm also sure a supreme awk master could do better, all I know is it works for me. :) Cheers.


egrep '[0123456789][0123456789]:[0123456789][0123456789]:[0123456789][0123456789]' messages | awk '{if (FNR == 1){t=substr($0,11,2); u=$0;} else {if (substr($0,11,2) > t){print u "\n" $0 "\n"; t=substr($0,11,2); u=$0;} else {t=substr($0,11,2); u=$0;}}}' > minute-increments

Habitual 02-08-2013 05:10 PM

That rocks!

GenericLinuxUser 02-08-2013 09:41 PM

glad you like it Habitual

All times are GMT -5. The time now is 11:16 AM.