Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 08-26-2008, 10:38 AM   #1
Registered: Nov 2006
Posts: 188

Rep: Reputation: 30
Grep timestamps

I have a special logfile where the logs are in this format:

E200808010647170017R ^S02ZOFWDFRANZEN^Fv200000^^O
E200808010647170017F ^@02ZOFWDFRANZEN^FA17^FDPCGUI-DISP^^O

The 4th through the 9th numbers in the first part of the log are the time stamps yymmdd:


I want to grep a time stamp from a certain date to the present. So, let's say I want to only have an output from Aug 7th of 2008 until now. I've always used grep in searching for strings, but even after reading the man pages, I am not exactly clear on how to grep dates from a given date to the present time.

Anyone have any ideas?
Old 08-26-2008, 11:14 AM   #2
Senior Member
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 65
Columns 2-9 are the timestamp in YYYYMMDD format. The good thing about this format is that the collation order is also the numerical order, which is also the chronological order.

Grep is a little hopeless at this sort of matching, but it is trivial with a little Perl:
perl -ne 'if (/^.(\d{8})/) { print if ($1 ge "20080807"); }' logfile
Old 08-26-2008, 11:29 AM   #3
Registered: Mar 2008
Location: UK
Distribution: Fedora, Gentoo
Posts: 209

Rep: Reputation: 36
Grep won't do it directly, but you could try something like this (although it'd be better as a perl script):
#Run the script as: ./dategrep file startdate
lines=`wc -l $1 | awk '{print $1}'`
start=`grep -m 1 -n "$2" $1 | awk -F ':' '{print $1}'`
tail -n $numlines $1
It assumes the log file is sorted in ascending date order. Essentially it just gets the first occurrence of the start date and prints everything after that.The script is horrible, will fail on loads of occasions (like no log entry existing on the start date), but it might do the job. If not, then you'll have to come up with a better way. Most likely a dedicated perl script that properly computes dates etc.

Good luck.
Old 08-26-2008, 01:52 PM   #4
Registered: Mar 2008
Location: N. W. England
Distribution: Mandriva
Posts: 352

Rep: Reputation: 164Reputation: 164
This uses a bash parameter substitution, ${line:3:6}, to get the date from each line so it can be compared with $stamp.
while read line;do
  if [ ${line:3:6} -ge $stamp ];then echo "$line";fi
done < infile > outfile

Last edited by Kenhelm; 08-26-2008 at 04:20 PM. Reason: Added the quotes in "$line"


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trying to understand pipes - Can't pipe output from tail -f to grep then grep again lostjohnny Linux - Newbie 15 03-12-2009 11:31 PM
Checking Timestamps on RHEL4 ajatiti Linux - Enterprise 1 12-01-2007 06:55 AM
ps -ef|grep -v root|grep apache<<result maelstrombob Linux - Newbie 1 09-24-2003 12:38 PM
squid timestamps chamkila Linux - General 1 05-08-2003 09:59 AM
Timestamps Config Programming 2 04-22-2002 03:07 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:55 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration