LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 02-01-2012, 02:07 AM   #1
devUnix
Member
 
Registered: Oct 2010
Posts: 606

Rep: Reputation: 59
Checking Log Entries for Specific Time Duration


Hi Shell Script Gurus!


I have a log file. Each line starts with a date/time-stamp such as:

Code:
[30 Jan 2012 22:10:15,22] blah! blah
[30 Jan 2012 22:50:55,20] blah! blah
[30 Jan 2012 23:00:15,20] blah! blah
...
...
[31 Jan 2012 01:10:51,332] blah! blah
...
...
...
Let us specify date and Hours value only as our search criterion:

Code:
$ echo $ago
30 Jan 2012 22
Well, the following code would work, provided that it does find the date and the exact hour values at least once to start from and then would print out rest of the log entries (till now/current time):

Code:
$ cat data.log | awk -v whence="$ago" '{if($0 ~ whence){found=1;}if(found==1){print $0}}'
Suppose, the log file does not have an entry for the hours 22:xx:xx then the code would skip the newer entries as well.

What I want is if Hours 22 if not there but still it should check for newer entries, such as these ones:

Code:
[30 Jan 2012 23:00:15,20] blah! blah
...
...
[31 Jan 2012 01:10:51,332] blah! blah
The variable "ago" is assigned a value as shown below:

Code:
ago=`date "+%d %b %Y %H" -d "$1 hours ago"`

So that we can say:

Code:
script.sh 4
to mean search for log entries starting from 4 hours ago and on-wards / till the EOF.

Note: We are no interested in the Minutes:Seconds fields. Only Hours is important for a given date/time.

The above "date" command is very helpful if 4 hours ago it was yesterday's date. But if the Hours value is exactly not matched then the newer entries are skipped which is something undesirable (the "awk" command as given above).

Well, something similar to this scenario I have done before using "awk" but my head is not able to recall how.
 
Old 02-01-2012, 03:07 AM   #2
AnanthaP
Member
 
Registered: Jul 2004
Location: Chennai, India
Posts: 936

Rep: Reputation: 215Reputation: 215Reputation: 215
In awk, the selection criterion would become > the $ago value and you wouldn't need the found flag.

But be careful. As you define the problem, feb 01 (today) wouldn't select correctly.

So maybe you change "ago" to contain
Quote:
`date "+%Y %m %m %H" -d "$1 hours ago"`
and you would have to match this against the result of

$3 plus $2 transformed into 01, 02 .. 12 from Jan, Feb .. Dec plus $1 plus left($3,2).

I leave it to you work it out.

OK
 
Old 02-02-2012, 05:49 PM   #3
devUnix
Member
 
Registered: Oct 2010
Posts: 606

Original Poster
Rep: Reputation: 59
Quote:
Originally Posted by AnanthaP View Post
In awk, the selection criterion would become > the $ago value and you wouldn't need the found flag.

But be careful. As you define the problem, feb 01 (today) wouldn't select correctly.

So maybe you change "ago" to contain and you would have to match this against the result of

$3 plus $2 transformed into 01, 02 .. 12 from Jan, Feb .. Dec plus $1 plus left($3,2).

I leave it to you work it out.

OK

Well, I did not get your solution even though I read it twice or thrice.


If the date part would not be a problem then I would simply compare the Hours field and get the work done as I have done before. But in the present scenario the Date part is important when it changes from yesterday's to today's.

Last edited by devUnix; 02-02-2012 at 05:51 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How to use HandBrakeCli to encode video in a certain time duration? Hak5fan Linux - General 1 01-28-2012 05:13 PM
Time duration from one command to another niharikaananth Linux - Newbie 3 08-08-2011 05:40 AM
[SOLVED] How to run a program for a specific amount of time starting at a specific time? thiemster Linux - Newbie 12 05-18-2010 10:04 AM
a command or way to log time of iptables LOG entries? dividingbyzero Linux - Security 3 06-06-2008 02:23 AM
computing time duration tmaxx Linux - General 1 04-29-2008 09:37 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 07:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration