Checking Log Entries for Specific Time Duration
 

Hi Shell Script Gurus!


I have a log file. Each line starts with a date/time-stamp such as:

Let us specify date and Hours value only as our search criterion:

Well, the following code would work, provided that it does find the date and the exact hour values at least once to start from and then would print out rest of the log entries (till now/current time):

Suppose, the log file does not have an entry for the hours 22:xx:xx then the code would skip the newer entries as well.

What I want is if Hours 22 if not there but still it should check for newer entries, such as these ones:

The variable "ago" is assigned a value as shown below:


So that we can say:

to mean search for log entries starting from 4 hours ago and on-wards / till the EOF.

Note: We are no interested in the Minutes:Seconds fields. Only Hours is important for a given date/time.

The above "date" command is very helpful if 4 hours ago it was yesterday's date. But if the Hours value is exactly not matched then the newer entries are skipped which is something undesirable (the "awk" command as given above).

Well, something similar to this scenario I have done before using "awk" but my head is not able to recall how.:scratch:

In awk, the selection criterion would become > the $ago value and you wouldn't need the found flag.

But be careful. As you define the problem, feb 01 (today) wouldn't select correctly.

So maybe you change "ago" to contain and you would have to match this against the result of

$3 plus $2 transformed into 01, 02 .. 12 from Jan, Feb .. Dec plus $1 plus left($3,2).

I leave it to you work it out.

OK

Well, I did not get your solution even though I read it twice or thrice.


If the date part would not be a problem then I would simply compare the Hours field and get the work done as I have done before. But in the present scenario the Date part is important when it changes from yesterday's to today's.