LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-17-2013, 06:18 AM   #1
kiwiman
LQ Newbie
 
Registered: Apr 2013
Posts: 2

Rep: Reputation: Disabled
Using grep


Hi,

I am new to linux and have a log file in var/log and want to grep out times between 09:00 and 17:30 as I am not interesting in any servers running between that time. Can someone please help?
 
Old 04-17-2013, 06:34 AM   #2
eggshell
LQ Newbie
 
Registered: Jan 2012
Posts: 11

Rep: Reputation: Disabled
You can use multiple grep commands to simulate the AND operator and do something like the following:

grep -E 09:00 /var/log | grep -E 17:30
 
Old 04-17-2013, 06:52 AM   #3
Zzipo
LQ Newbie
 
Registered: Mar 2013
Posts: 28

Rep: Reputation: Disabled
Because you don't show the type/format of the log file, I suppose that is like everything.log. Also, you don't say if the day is important, my script will take everyday possible. Also, if there is some "format" like XX:XX:XX it will be analyzed (other than the normal).

Here is my test file:
Code:
Apr 13 08:59:59 localhost systemd[1]: Mounted Huge Pages File System.
Apr 14 09:00:00 localhost systemd[1]: Mounted Debug File System.
Apr 14 11:00:00 localhost systemd[1]: Mounted POSIX Message Queue File System.
Apr 14 17:30:00 localhost systemd[1]: Mounted Configuration File System.
Apr 15 17:30:01 localhost systemd[1]: Starting Local File Systems (Pre).
And here my code:
Code:
for i in "`cat ~/test.txt`"; do echo "$i" | grep -vE "(09:[0-9]{2}:[0-9]{2}|1[0-6]:[0-9]{2}:[0-9]{2}|17:([0-2][0-9]|30:00))"; done
If you want to restrict the day, just insert the number in format DD before the REGEXP, leaving a blank space with the first '('

Result:
Code:
Apr 13 08:59:59 localhost systemd[1]: Mounted Huge Pages File System.
Apr 15 17:30:01 localhost systemd[1]: Starting Local File Systems (Pre).
Regards.
 
Old 04-17-2013, 07:23 AM   #4
kiwiman
LQ Newbie
 
Registered: Apr 2013
Posts: 2

Original Poster
Rep: Reputation: Disabled
Smile

Thats exactly what I needed Zzipo, thanks
 
Old 04-17-2013, 07:30 AM   #5
konsolebox
Senior Member
 
Registered: Oct 2005
Distribution: Gentoo, Slackware, LFS
Posts: 2,248
Blog Entries: 8

Rep: Reputation: 235Reputation: 235Reputation: 235
For 09:00 to 17:30 we could have an expression like this:
Code:
grep -E '((09|1[0-6]):[0-5]{2}|17:([0-2][0-9]|30))'
For 09:00:00 to 17:30:00, we could add an extension for the seconds which is ":[0-5]{2}":
Code:
grep -E '((09|1[0-6]):[0-5]{2}|17:([0-2][0-9]|30)):[0-5]{2}'
For /var/log/messages we could be more specific by including the day on the left:
Code:
grep -E '[0-9] ((09|1[0-6]):[0-5]{2}|17:([0-2][0-9]|30)):[0-5]{2}' /var/log/messages
@Zzipo I referred a bit from your post and it helped me create the solution quickly.

I noticed that it would include < 9:00:
Quote:
Originally Posted by Zzipo View Post
Code:
Apr 13 08:59:59 localhost systemd[1]: Mounted Huge Pages File System.
Edit 1: Oh looks like I didn't read well. Turns out that you had to grep it out.
Edit 2: Proper form for for same purpose should have been:
Code:
grep -E '^.{7}(((09|1[0-6]):[0-5][0-9]|17:[0-2][0-9]):[0-5][0-9]|17:30:00)'

Last edited by konsolebox; 04-17-2013 at 09:57 AM.
 
Old 04-17-2013, 07:45 AM   #6
konsolebox
Senior Member
 
Registered: Oct 2005
Distribution: Gentoo, Slackware, LFS
Posts: 2,248
Blog Entries: 8

Rep: Reputation: 235Reputation: 235Reputation: 235
This is my revised solution for that:
Code:
grep -E '^.{7}(((0[0-8]|1[89]|2[0-3]):[0-5][0-9]|17:(3[1-9]|[45][0-9])):[0-5][0-9]|17:30:(0[1-9]|[1-5][0-9]))' /var/log/messages
And would work even with a string with same questionable pattern on the other end:
Code:
Mar 30 07:19:45 - kernel: [    0.000000] Linux version - (-@-) (gcc version 4.7.2) ) #1 SMP Wed Mar 27 14:38:57 - 2013
And would really only include lines that are valid, and also exclude bogus ones which doesn't have a time pattern.

Last edited by konsolebox; 04-17-2013 at 09:56 AM.
 
Old 04-17-2013, 09:27 AM   #7
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 9,369

Rep: Reputation: 2753Reputation: 2753Reputation: 2753Reputation: 2753Reputation: 2753Reputation: 2753Reputation: 2753Reputation: 2753Reputation: 2753Reputation: 2753Reputation: 2753
oh yes, I'm a bit late, so just a comment:
Code:
for i in "`cat <filename>`"; do echo "$i" | <grep command>; done
# is an elegant way to eat up all the resources without any advantage - instead of
<grep command> <filename>
 
Old 04-17-2013, 12:24 PM   #8
Zzipo
LQ Newbie
 
Registered: Mar 2013
Posts: 28

Rep: Reputation: Disabled
Quote:
Originally Posted by pan64 View Post
oh yes, I'm a bit late, so just a comment:
Code:
for i in "`cat <filename>`"; do echo "$i" | <grep command>; done
# is an elegant way to eat up all the resources without any advantage - instead of
<grep command> <filename>
Yep it is true, but I because I was first testing with cat filename | grep sth... and was not possible in that way, but I forgot to use directly grep without piping.

Quote:
Originally Posted by kiwiman
Thanks..
Your welcome. That was my "good action of the day in the forum"
 
Old 04-18-2013, 03:30 PM   #9
David the H.
Bash Guru
 
Registered: Jun 2004
Location: Osaka, Japan
Distribution: Debian sid + kde 3.5 & 4.4
Posts: 6,823

Rep: Reputation: 1959Reputation: 1959Reputation: 1959Reputation: 1959Reputation: 1959Reputation: 1959Reputation: 1959Reputation: 1959Reputation: 1959Reputation: 1959Reputation: 1959
You may want to consider using something more dedicated towards parsing logfiles specifically. I'm certain there are perl modules available for this, for example. You could probably set up something with gnu awk's time functions too.

Another poster here once gave me this link to some date processing utilities he wrote, including dgrep, which was made for doing just this:

http://www.fresse.org/dateutils/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating an alias in ksh that uses grep and includes 'grep -v grep' doug248 Linux - Newbie 2 08-05-2012 02:07 PM
grep has no effect - does not grep anything in this for loopa LinuxChiq Linux - Newbie 2 12-01-2011 09:03 PM
[SOLVED] Grep -p for Linux, Trying to grep a paragraph. ohijames Linux - Newbie 5 07-22-2010 02:09 PM
Trying to understand pipes - Can't pipe output from tail -f to grep then grep again lostjohnny Linux - Newbie 15 03-12-2009 10:31 PM
ps -ef|grep -v root|grep apache<<result maelstrombob Linux - Newbie 1 09-24-2003 11:38 AM


All times are GMT -5. The time now is 04:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration