Quote:
Originally Posted by bigearsbilly
but what is the -0700 bit?
|
It's the numeric representation of the timezone, ±HHMM compared to UTC.
If you ignore the effect of the timezone on the time stamps, then
Code:
awk -v since="timestamp" '($1 >= since)' log-file
should also work. You could use
Code:
since="$(awk -v since="$since" '($1 >= since) { printf("%s\n", $0) > "/dev/stderr" ; if ($1 > max) max = $1 } END { printf("%s\n", max) }' log-file)"
to output all new entries in
log-file to standard error, while also updating the timestamp. If
since is initially empty, it will output the entire log file.
Note the
>= . It means all entries matching the final timestamp in the last round will be included in the next round, but that is intentional: that way you don't lose an error message that happens in the same millisecond but AFTER you have last read the log file. If you don't want the repeats, and are willing to risk missing an error message if it happens at the same millisecond, then you can use
> instead for the comparison.
If you don't want to miss anything, but don't want any repeats either, you need a timestamp and a counter or a hash list (a single
since variable, but with two or more words in it separated by whitespace); the counter specifying the number of log lines output for that timestamp, or each hash matching an already output log line at that timestamp. (The latter works more reliably when the log files are rotated.) The awk script gets progressively more complicated, and I'd personally just live with the initial duplicate log line(s).