Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

extract information from a log file (last days)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting extract information from a log file (last days)
# 1  
Old 09-19-2011
extract information from a log file (last days)
I'm still new to bash script , I have a log file and I want to extract the items within the last 5 days . and also within the last 10 hours

the log file is like this : it has 14000 items started from march 2002 to january 2003

[31/Mar/2002:19:30:41
.
.
.
[01/Jan/2003:12:55:15
[01/Jan/2003:12:55:16
[01/Jan/2003:12:55:16
[01/Jan/2003:12:55:16
[01/Jan/2003:12:55:17
[01/Jan/2003:12:55:17
[01/Jan/2003:12:55:18
[01/Jan/2003:12:55:18
[01/Jan/2003:12:55:18
[01/Jan/2003:12:55:19
[01/Jan/2003:12:55:19
[01/Jan/2003:12:55:20
[01/Jan/2003:12:55:20
[01/Jan/2003:12:55:20
[01/Jan/2003:12:55:21

is it possible to write it like this :
Code:
awk '{print $4}' < *.log |uniq -c|sort -g|tail -10

but still its not what I want
Last edited by vbe; 09-19-2011 at 02:46 PM.. Reason: please use code tags where needed
matarsak
# 2  
Old 09-19-2011
I am not sure what are you trying to get at here...as Jan 2003 isnt even the last 5 years and you want the last 5 days Smilie
# 3  
Old 09-19-2011
I'm just practicing and I work on this log file as an example ! how the bash could shows the last x days of this log file ? the last X days that is available there not now !
matarsak
# 4  
Old 09-19-2011
Date math isn't trivial, many systems don't have easy ways to manipulate and compare dates from the shell. If you manipulate dates into YYYYMMDDHHMMSS order they can be compared alphabetically, but you can't do date arithmetic from that.

If you have GNU awk(usually found in Linux) this may be a starting point:

Code:
gawk -v EDATE="26/Oct/2002:21:02:19" 'BEGIN {
        # Set up arrays for name-to-monthnumber
        split("Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec", MON, "|");
        for(N=1; N<=12; N++) MNUM[MON[N]]=sprintf("%02d", N);

        # Split [DD/MON/YYYY:HH:MM:SS into DD MM YYYY HH MM SS stored in D[1]-D[6].
        split(EDATE, D, "[:/]");
        # Convert "YYYY MM DD HH MM SS" into epoch time, i.e. seconds since 1970
        EDATE=mktime(D[3] " " MNUM[D[2]] " " D[1] " " D[4] " " D[5] " " D[6]);
        # Starting date is 5 days earlier
        SDATE=EDATE-(60*60*24*5);
}

{
                # Need the \\[ in there to ignore the [ at the beginning of the line
                split($1, D, "[\\[:/]");
                DATE=mktime(D[4] " " MNUM[D[3]] " " D[2] " " D[5] " " D[6] " " D[7]);
                # Print the line if it falls in the correct range
                if((DATE >= SDATE) && (DATE <= EDATE)) print;
        }' < datafile

Try getting EDATE from the last lilne of the file, with tail -1
Last edited by Corona688; 09-19-2011 at 02:13 PM..
# 5  
Old 09-19-2011
Can you post a sample of the logfile showing the exact format of the date and time stamp entries.
# 6  
Old 09-19-2011
here the example of log file :
Code:
172.16.0.3 - - [31/Mar/2002:19:30:41 +0200]
127.0.0.1 - stefan [01/Apr/2002:12:17:23 +0200]
213.64.153.92 - - [26/Sep/2002:02:01:58 +0200]
213.97.240.226 - - [28/Sep/2002:03:50:58 +0200] 
213.64.214.124 - - [29/Sep/2002:09:56:04 +0200]
.......
213.46.27.204 - - [01/Jan/2003:12:55:21 +0100]

Last edited by Franklin52; 09-19-2011 at 02:47 PM.. Reason: Please use code tags for data and code samples, thank you
matarsak
# 7  
Old 09-19-2011
In that case:

Code:
gawk -v EDATE="26/Oct/2002:21:02:19" 'BEGIN {
        # Set up arrays for name-to-monthnumber
        split("Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec", MON, "|");
        for(N=1; N<=12; N++) MNUM[MON[N]]=sprintf("%02d", N);

        # Split [DD/MON/YYYY:HH:MM:SS into DD MM YYYY HH MM SS stored in D[1]-D[6].
        split(EDATE, D, "[:/]");
        # Convert "YYYY MM DD HH MM SS" into epoch time, i.e. seconds since 1970
        EDATE=mktime(D[3] " " MNUM[D[2]] " " D[1] " " D[4] " " D[5] " " D[6]);
        # Starting date is 5 days earlier
        SDATE=EDATE-(60*60*24*5);
}

{
                # Need the \\[ in there to ignore the [ at the beginning of the field
                split($(NF-1), D, "[\\[:/]");
                DATE=mktime(D[4] " " MNUM[D[3]] " " D[2] " " D[5] " " D[6] " " D[7]);
                # Print the line if it falls in the correct range
                if((DATE >= SDATE) && (DATE <= EDATE)) print;
        }' < datafile
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

sed / awk / grep to extract information from log

Hi all, I have a query that runs that outputs data in the following format - 01/09/12 11:43:40,ADMIN,4,77,Application Group Load: Name(TESTED) LoadId(5137-1-0-1XX-15343-15343) File(/dir/dir/File.T03.CI2.RYR.2012009.11433350806.ARD) InputSize(5344) OutputSize(1359) Rows(2) Time(1.9960)... (8 Replies)
Discussion started by: jeffs42885
8 Replies

2. Shell Programming and Scripting

Extract information from file

In a particular directory, there can be 1000 files like below. filename is job901.ksh #!/bin/ksh cront -x << EOJ submit file=$PRODPATH/scripts/genReport.sh maxdelay=30 &node=xnode01 tname=job901 &pfile1=/prod/mldata/data/test1.dat ... (17 Replies)
Discussion started by: vedanta
17 Replies

3. Shell Programming and Scripting

Extract information from file

Gents, If is possible please help. I have a big file (example attached) which contends exactly same value in column, but from column 2 to 6 these values are diff. I will like to compile for all records all columns like the example attached in .csv format (output.rar ).. The last column in the... (11 Replies)
Discussion started by: jiam912
11 Replies

4. Shell Programming and Scripting

Extract information from txt file

Hello! I need help :) I have a file like this: AA BC FG RF TT GH DD FF HH (a few number of rows and three columns) and I want to put the letters of each column in a variable step by step in order to give them as input in another script. So I would like to obtain: for the 1° loop:... (11 Replies)
Discussion started by: edekP
11 Replies

5. Shell Programming and Scripting

How to extract information from a file?

Hi, i have a file like this: <Iteration> <Iteration_iter-num>3</Iteration_iter-num> <Iteration_query-ID>lcl|3_0</Iteration_query-ID> <Iteration_query-def>G383C4U01EQA0A length=197</Iteration_query-def> <Iteration_query-len>197</Iteration_query-len> ... (9 Replies)
Discussion started by: the_simpsons
9 Replies

6. Shell Programming and Scripting

Extract various information from a log file

Hye ShamRock If you can help me with this difficult task for me then it will save my day Logs : ================================================================================================================== ... (4 Replies)
Discussion started by: SilvesterJ
4 Replies

7. Shell Programming and Scripting

Create shell script to extract unique information from one file to a new file.

Hi to all, I got this content/pattern from file http.log.20110808.gz mail1 httpd: Account Notice: close igchung@abc.com 2011/8/7 7:37:36 0:00:03 0 0 1 mail1 httpd: Account Information: login sastria9@abc.com proxy sid=gFp4DLm5HnU mail1 httpd: Account Notice: close sastria9@abc.com... (16 Replies)
Discussion started by: Mr_47
16 Replies

8. Shell Programming and Scripting

Extract information from Log file formatted

Good evening! Trying to make a shell script to parse log file and show only required information. log file has 44 fields and alot of lines, each columns separated by ":". log file is like: first_1:3:4:5:6:1:3:4:5:something:notinterested second_2:3:4:3:4:2 first_1:3:4:6:6:7:8 I am interested... (3 Replies)
Discussion started by: dummie55
3 Replies

9. Shell Programming and Scripting

extract and format information from a file

Hi, Following is sample portion of the file; <JDBCConnectionPool DriverName="oracle.jdbc.OracleDriver" MaxCapacity="10" Name="MyApp_DevPool" PasswordEncrypted="{3DES}7tXFH69Xg1c=" Properties="user=MYAPP_ADMIN" ShrinkingEnabled="false" ... (12 Replies)
Discussion started by: sujoy101
12 Replies

10. Shell Programming and Scripting

How to extract a piece of information from a huge file

Hello All, I need some assistance to extract a piece of information from a huge file. The file is like this one : database information ccccccccccccccccc ccccccccccccccccc ccccccccccccccccc ccccccccccccccccc os information cccccccccccccccccc cccccccccccccccccc... (2 Replies)
Discussion started by: Marcor
2 Replies
Login or Register to Ask a Question