Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Need to Grep or awk a logfile for greater than value

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Need to Grep or awk a logfile for greater than value
# 1  
Old 11-20-2010
Need to Grep or awk a logfile for greater than value
Hello all

Hoping someone would be kind enough to suggest a solution to a problem i have, and see if maybe i can even do this without a script.

Essentially i have a very large log file, and within it each line had a value called TTMT, and it records a variable number in the following way, so if a message took 20 mseconds it would appear as TTMT {20} or 21 mseconds then TTMT {21}

There are thousands of entries of TTMT in this logfile and i am only concerned with timings above 20 mseconds, so would like to look only at message strings where the number is geater than 20, and append/write them to a seperate file.

I can do a grep 'TTMT {21}' friday.log |more to see each message where its 21 but i would like a way to see anything above 20 and snend to another log > above20.log

I believe i could use awk but can not see a way to do this correctly, is it possible to do the above using awk or/and grep? rather than having to create a script?

Any advice gratefully accepted Smilie
# 2  
Old 11-20-2010
It would help if you provide a sample input content. If the TTMT value is at a fixed column, that would be trivial with awk.
This User Gave Thanks to jlliagre For This Post:
1905
# 3  
Old 11-20-2010
Quote:
Originally Posted by jlliagre
It would help if you provide a sample input content. If the TTMT value is at a fixed column, that would be trivial with awk.
Hi, thanks for answer, so each message in the log is written like this, it has a timestamp and then each variable is within a { } Not sure if it has a certain fixed column though? is it a case of each { } = a column so i need to count them to see where TTMT comes? If so i counted and TTMT appears to be the 55th {}

Here is a example line, where it takes TTMT {21} - would like to see any entries like this where TTMT exceeds 20 (majority are below this number)

16:00:01:350528|0890-ATQU OrdClose Code {1 0003844534} OrdId {2} MsgCode {0} Msg {OK} R {0} T {3551349298} Act {chg} Code {10003844534} OrdId {2} T {35519298} S {on} Ed {1} Owner {CRET} Leg {doubl
e} ByRec {1} ByMid {0} ByBest {0} Mid {0.010000} IS {100.000000 100.000000} OS {100 100} Qshow {CRETA} QBid {102.410000 10.000 10.000} QAsk {102.650000 10.000 10.000} BBid {102.430000 15.000} BAsk {102.6300
00 17.500} MTrader {CREDM} MBid {102.410000 10.000 10.000} MAsk {102.640000 10.000 10.000} DelOnEdit {0} BySkew {0} ByFastSpread {0} Skew {0.000000} FastSpread {0.000000} StatusDetailLong {} ByBestType {1} Ch
eckJump {0} VOrdId {2} Fly {0} LinkId {} MLinkId {} ThClass {default} BackTrader {CRED} Refreshing {0} Component {} PriceComponent {} BestToCheck {0} BestTime {0} DiffTime {0} SubscrStatus {2} Attributes {0
0} TT {52} TTMKT {52} TTQ {0} TTSendQ {0} TTMT {21} TTNET {33} TTRecvQ {0}
# 4  
Old 11-20-2010
Assuming each line format is the same, you might use this:
Code:
awk '{ttmt=$125; gsub("[{}]","",ttmt); if(ttmt>20) printf("%s: %s\n",ttmt,$0);}' filename

PS: use nawk instead of awk if you happen to run Solaris.
This User Gave Thanks to jlliagre For This Post:
1905
# 5  
Old 11-20-2010
Quote:
Originally Posted by jlliagre
Assuming each line format is the same, you might use this:
Code:
awk '{ttmt=$125; gsub("[{}]","",ttmt); if(ttmt>20) printf("%s: %s\n",ttmt,$0);}' filename

PS: use nawk instead of awk if you happen to run Solaris.
Hey that is going to work i think, but its actually referencing TTsendQ which is the field before TTMT , how do i move that to TTMT? is it by altering ttmt=$125 to 127 for example?

I changed ttmt to ttmt=$127 and it worked perfect, is just showing the few ttmt above 20 now, many thanks jlliagre, your a star!

P.S using Suse Linux rather than Solaris, but this is more than enough, thanks again
Last edited by 1905; 11-20-2010 at 09:43 PM.. Reason: +got it working!! thanks
# 6  
Old 11-21-2010
Code:
grep -E 'TTMT {2[1-9]|TTMT {[3-9][0-9]|TTMT {[1-9][0-9][0-9]' input >above20.txt

Code:
[ctsgnb@shell ~/sand]$ cat input
whatever TTMT {20} whatever
whatever TTMT {20} whatever
whatever TTMT {25} whatever
whatever TTMT {20} whatever
whatever TTMT {23} whatever
whatever TTMT {20} whatever
whatever TTMT {21} whatever
whatever TTMT {24} whatever
whatever TTMT {25} whatever
whatever TTMT {26} whatever
whatever TTMT {20} whatever
whatever TTMT {30} whatever
whatever TTMT {12000} whatever
whatever TTMT {20} whatever
whatever TTMT {200} whatever
[ctsgnb@shell ~/sand]$ grep -E 'TTMT {2[1-9]|TTMT {[3-9][0-9]|TTMT {[1-9][0-9][0-9]' input
whatever TTMT {25} whatever
whatever TTMT {23} whatever
whatever TTMT {21} whatever
whatever TTMT {24} whatever
whatever TTMT {25} whatever
whatever TTMT {26} whatever
whatever TTMT {30} whatever
whatever TTMT {12000} whatever
whatever TTMT {200} whatever
[ctsgnb@shell ~/sand]$

Last edited by ctsgnb; 11-21-2010 at 05:57 AM..
# 7  
Old 11-21-2010
You do not have to hard code the position. Let AWK scan through all the fields
Code:
awk '
{
        for ( i=1 ; i<=NF ; ++i ) {
                if ( $i == "TTMT" ) {
                        j=i+1
                        gsub("[{}]", "", $j)
                        if ( $j > 20 ) {
                                print $i, $j
                        }
                }
        }
}' inputfile

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Grep the logfile for sysdate-1

Looking for help. I need help in the grep ( alternative) to filter out the a keyword from the logfile for a time period of sysdate -1. My logfile looks like: ####<Sep 7, 2014 3:46:55 PM PDT> <Warning> <Management> <hostname> <> < ExecuteThread: ####<Sep 15, 2014 2:51:05 AM PDT>... (1 Reply)
Discussion started by: jjoy
1 Replies

2. UNIX for Dummies Questions & Answers

Grep SQL output file for greater than number.

Hi, This is my first post. I have a korn shell script which outputs a select statment to a file. There is only one column and one row which contains a record count of the select statement. The select statement looks something like this: SELECT COUNT(some_field) AS "count_value" ... (2 Replies)
Discussion started by: MurdocUK
2 Replies

3. Shell Programming and Scripting

awk to get values greater than

data.txt August 09 17:16 2013 August 09 17:17 2013 August 09 17:19 2013 August 09 17:20 2013 August 09 17:21 2013 August 09 17:22 2013 August 09 17:23 2013 August 09 17:24 2013 to print from a point in this file, to the end of the file, i type: awk '/August 09 17:22/,0' data.txt. ... (1 Reply)
Discussion started by: SkySmart
1 Replies

4. UNIX for Dummies Questions & Answers

Grep lines with numbers greater than 2 digits at the end of the line

I'm trying to grep lines where the digits at the end of each line are greater than digits. Tried this but it will only allow me to specify 2 digits. Any ideas would greatly be appreciated. grep -i '\<\{3,4,5\}\>' file ---------- Post updated at 05:58 PM ---------- Previous update was at 05:41... (1 Reply)
Discussion started by: jimmyf
1 Replies

5. Shell Programming and Scripting

How to grep a pattern having value greater than 123 in a file?

Hi, I have a dynamically growing ascii file which has large data (both text and digits). I need to grep those lines having value greater than '123'. These numeric values may appear at anywhere in the line, hence I could not use awk to split to columns. So, please help me with the grep regular... (12 Replies)
Discussion started by: royalibrahim
12 Replies

6. Shell Programming and Scripting

grep /target greater than time period??

Hey guys, I'm fairly new at unix shell scripting and I have a quick question. Quick overview I devolped a script where I generate a file ..and I want to grep any time greater than 30 minutes. What i do is runa command to generates the below and puts it into a file: I run ./ggsci << endit... (4 Replies)
Discussion started by: nomiezvr4
4 Replies

7. Shell Programming and Scripting

Not able to grep a particular message in logfile.

Hi I am not able to grep a message in a log file - For ex - Notice < > "Server1" is in deploying state under "Stut" domain When i use gzcat logfile | grep -i " Notice < > "Server1" is in deploying state under "Stut" domain" It is not returning any value. Is it because of "Server1"... (1 Reply)
Discussion started by: honey26
1 Replies

8. Shell Programming and Scripting

grep for greater than 12 chars

Hi, is there any way in grep to grep for a certain number of characters? For example I have a list of customerIDs, I want to grep for all greater than 12 characters? (2 Replies)
Discussion started by: borderblaster
2 Replies

9. Shell Programming and Scripting

AWK greater than?

Sorry for such a basic question, but I have spent hours trying to work this out! I need an awk command (or similar) that will look at a text file and output to the screen if the 4th column of each line has a value greater than or equal to x. data.txt This is the 1 line This is the 2 line This... (6 Replies)
Discussion started by: dlam
6 Replies

10. Shell Programming and Scripting

AWK greater than 200

I need to grep out usernames with UID's greater than 200 out of the /etc/passwd file for a server migration. It is the third field however I am not sure to to accomplish this. I tried to search the forums but did not seem to find an answer (might have over looked it). Any help would be... (2 Replies)
Discussion started by: insania
2 Replies
Login or Register to Ask a Question