06-10-2013
Hi Don,
Thanks for putting all your questions, really appreciate your effort. Here is my response to your questions :
What exactly is the output you want (using CODE tags) when your input contains 3 searches that occur in an hour and show us sample data that we can use as a test that actually contains data that would cause a report to be generated?
# re : As mentioned initially, the output will lead to execution of an internal command ( add group) - no output as such, however we can print the addition within the log. Basically, the intent is to add heavy search users within a restricted group. We need to pull out those users who perform more than 3 searches.
What determines the 1 hour time range:
3 BIND entries with timestamps <= 1 hour apart where the corresponding RESULT entries include SRCH=Q?
3 RESULT entries with SRCH=Q with timestamps <= 1 hour?
3 RESULT entries with SRCH=Q where the sum of the differences between the corresponding BIND and RESULT timestamps is >= 1 hour?
something else?
# re : 1 hour scan is to limit less log scanning, that's all. You can drop the hour part as of now, I am really interested in getting the logic first for the main issue.
Note that none of the 1st three elements in the above list will trigger a report with any of the sample data you have given us! (However, C would be met if you wanted to report a user using more than one hour of search time in three or fewer searches if we used the data provided in your initial post in this thread.)
Are all timestamps in non-decreasing order?
Are all timestamps in increasing order?
Are all timestamps in the same timezone?
# re : Don't bother about timestamp etc. The data which I provided is enough to create the condition. An output for less than too search will not trigger the execution of add group command. All timestamp will be in increasing order, and will be in same timezone.
Do we have to worry about shifts to and from daylight savings time?
Are all timestamps in an input file from the same day? If not, will there ever be:"
days that have no RESULT entries with SRCH=Q?
days that have no entries at all?
a time difference between a BIND time and a RESULT time of more than 23:59:59?
If a user has more than one 1 hour time period with 3 SRCH=Q RESULT entries:
re : We do not care about shifts or daylight saving time. If there are any heavy users, they will eventually get captured during the multiple runs, we don't care if we miss a couple of them due to daylight saving, etc.
Should there only be 1 occurrence reported for the user?
re : No, see my response below.
Should there be 1 occurrence reported for every set of 3 SRCH=Q RESULT entries that occur within an hour even if some of the SRCH=Q RESULT entries were used in an earlier report?
re : Yes, there should only 1 occurrence reported for every set of 3 SRCH=Q, once the user is added to the group, the server will not receive further request due to user being added to restricted group.
Should there be 1 occurrence reported for every set of 3 SRCH=Q RESULT entries that occur within an hour but only if none of the SRCH=Q RESULT entries were used in an earlier report?
re : see my response above.
Will every RESULT entry have a corresponding BIND entry?
re : Yes.
Could the corresponding BIND appear in a different log file? If the corresponding BIND is not found, should some kind of diagnostic be printed? (If so, exactly what should the diagnostic be?)
re: If corresponding BIND does not appear, we will not count that search, and have to drop the search.
Can there be more than one search in progress for a given user at any time? (I.e., can there be two or more BIND entries before the RESULT entry shows up corresponding to the first BIND entry?
re: Ideally, there will be only one BIND search at any given point of time.
Will conn=xxx always be in the 3rd field in every line?
re : yes.
Will "BIND" and "RESULT" always appear in the 7th field in every input line? If so, will the 7th field on any line ever contain anything other than "BIND" or "RESULT"?
re : yes. As shown within the logs, all fiels locations are static.
On RESULT lines that contain "SRCH=Q", will that string always be the last field on the line?
re : Yes.
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Assume I have a text file as below:
me
con pi
ind ken
pras ur
me
con rome
ind kent
pras urs
pintu
con mys
ind pan
pras ki
con kit
ind sys
My requirement,
I need to search for "con rome" and if exists, then print 4th word from rome, i.e in above example, since "con rome"... (4 Replies)
Discussion started by: jaggesh
4 Replies
2. UNIX for Dummies Questions & Answers
I would like to do an ldap search which looks for entries which do not actually have a certain attribute. Not that the attribute is Null, but where the attribute does not exist.
Is this possible using ldapsearch? (3 Replies)
Discussion started by: dopple
3 Replies
3. Shell Programming and Scripting
Hi,
I have a requirement as below which needs to be done viz UNIX shell script
(1) I have to connect to an Oracle database
(2) Exexute "SELECT field_status from table 1" query on one of the tables.
(3) Based on the result that I get from point (2), I have to update another table in the... (6 Replies)
Discussion started by: balaeswari
6 Replies
4. UNIX for Dummies Questions & Answers
This issue has been causing me a headache all night....
I have a file, from a third party payment vendor, that contains an export of data including an order number (unique) and a payment value, amongst other data. I need to use the order numbers to integrate the database to check the order... (2 Replies)
Discussion started by: theref
2 Replies
5. Shell Programming and Scripting
Hi All,
I have a existing Ldap query which take a HOME as variable and gives the result where i grep for a particular line.
ldapsearch -h server_domain_name -p 389 -D "uid=user,ou=appadm,o=ent" -w PaB -b "ou=roles,o=ent" "cidx=$HOME" | grep -w "ent: xyz"
Now i have 330K Homes in a... (1 Reply)
Discussion started by: posner
1 Replies
6. Shell Programming and Scripting
Hi,
I need a shell script, which would search the result values from another files.
1)execute " select column1 from table_name" query on the table.
2)Based on the result, need to be grep from .wft files.
could please explain about this.Below is the way i am using.
#!/bin/sh... (4 Replies)
Discussion started by: Rami Reddy
4 Replies
7. Shell Programming and Scripting
Hi,
I wish to find the latest occurance of the below string in my log file.
Once found, I need to search the below string after the above string
and display this
Request 331489 has passed
or
Request 331489 has failed
I would like my query to be platform... (11 Replies)
Discussion started by: mohtashims
11 Replies
8. Programming
Just a little help if possible
I have a table with date data, I want to select dates that fall between today and 1 month ago, here's my query
SELECT id, stdate, DATE_SUB(CURDATE(), INTERVAL 1 month) as monthago, CURDATE() as today
FROM data_table
where (stdate between 'today' and 'monthago')... (4 Replies)
Discussion started by: barrydocks
4 Replies