I have a requirement to write a shell script to search the logs in past 1 hour and extract some pattern from it and count it cumulatively to a file.
The problem which I'm facing here is - logs rotates on size basis, say if size of log reaches 5 MB then new log will be generated and all the entries will be written to this new log. Due to this log can rotate in 10 or 15 or 20 minutes.
So, in 1 hour there can be 2 or 3 or 4 logs that could have generated. So, I have to search the pattern on 2,3 or 4 logs as it may contain data for past 1 hr/ 1hr 10 min and so on...
How do I search the pattern occurance in past 1 hr from these logs?
Otherwise you cannot be precise about where in a log file to start your search. Example: Suppose a log file has a ctime of 65 minutes ago (ctime is as close as you can get to a create time for files in UNIX). The mtime (last time of write) is 45 minutes ago. So where in the file is 5 minutes into the log? You have to guess without some other guidance.
Please show sample log file entries and an example pattern. What OS and shell (bash, ksh, etc.)?
Because each log entry has a timestamp, exactly which files would need to be processed doesn't matter. Just loop through all of the logs, and check the timestamp of each record. If you need to minimize processing time, the top of your loop could check the first record in the file, and skip to the next file if that first record is more than X hours old.
Log file has time-stamp at the beginning of each line as "DD/MM/YY HH:MM:SS:SSS"
(SSS in last is the milliseconds)
And, OS - Solaris, shell - ksh
I'll have to set a cron which will run this script to check all the logs for the last hour and print that count in separate log file, where the count will get add cumulatively for each hour for the day.
What I think is if I take the system time and get the hour stored in a variable.
and then pass this hour variable in grep string to check the logs for 1 hour back data in logs.
for eg.
Suppose cron ran at 04:00, then script has to take the data for the time stamp 03-03:59 from all the logs(say to check from 15 logs in directory)
So,
HOUR=`date` (stored "27/04/12 04" in HOUR.. syntax not correct though )
Now,
I have to search logs for "27/04/12 03"
I stored "27/04/12 03" after calculation(modifying it from 04 to 03, not sure how to do this at the moment) in another variable (NEWHOUR)
Code:
for i in `ls`
do
grep $NEWHOUR $i | grep pattern | wc -l
done
Will that work??
Last edited by Franklin52; 04-28-2012 at 07:12 AM..
Reason: Please use code tags for data and code samples, thank you
Try it. If that doesn't work, debug the process. If that still doesn't work, google any error messages. If that still doesn't work, come back here and explain what happened.
The above process helps you to learn. People on forums are much more willing to help you after you've tried to help yourself first.
PS: this isn't any type of flame or slam - I'm just explaining the process
I'll definitely give a try .... but if you can tell me how to find files modified in last 1 hour, as I could not find any "find" command or any other way I can get the list of files.
Thanks...
Hi All,
need your help, i want count respon time max and average my nginx logs, based on hourly or minutes per api...
my nginx.log sample :
10.1.1.1 - - "POST /v2/api/find/outlet/ HTTP/1.1" 200 2667 "-" "okhttp/3.12.0" "118.215.153.47" 0.178 0.178 .
10.1.1.1 - - "POST... (4 Replies)
Guys -
Need your ideas on a section of code to finish something up. To make a long story short, I'm parsing a print output file that goes to pre-printed forms. I'm intercepting it, parsing it, formatting it, cutting it up into individual pages, grabbing the text I want in zones, building an... (3 Replies)
Hello,
I need to write one script which should search particular pattern like ABCD in log file name hello.txt only in current date logs.
in current directory i have so many past date logs but grep should be applied on current date logs.
on daily basis current date logs are in number 30 and... (2 Replies)
I am trying to search a file for a patterns ERR- in a file and return a count for each of the error reported
Input file is a free flowing file without any format
example of output
ERR-00001=5
....
ERR-01010=10
.....
ERR-99999=10 (4 Replies)
I have directory /test/logs which has multiple logs:
audit.log
audit.log.1
audit.log.2
audit.log.3
audit.log.4
audit.log.5
audit.log is current log file and audit.log.X are archive log files. I need to search within these log files and count word "error-5" logged within last 6 months... (4 Replies)
Hi,
I am trying to grep a particular string from the files of 2 different servers without copying and calculate the total count of its occurence on both files.
File structure is same on both servers and for reference as follows:
27-Aug-2010... (4 Replies)
I need to count the number of occurrences of a pattern, say 'key', between each occurrence of a different pattern, say 'lu'.
Here's a portion of the text I'm trying to parse:
lu S1234L_149_m1_vg.6, part-att 1, vdp-att 1 p-reserver IID 0xdb
registrations:
key 4156 4353 0000 0000
... (3 Replies)
(I'm aware log rotation is a common subject, but I tried searching and couldn't find an answer)
For some time now, I've been using the Logfile::Rotate module to rotate logs in a log-monitoring script. So far, I haven't experienced any problems, and it works great because I can use it in Linux... (1 Reply)
Hi,
I am using the below command to find out the mail logs which will grep the repeated message ids:
less /var/log/messages |awk '{print +$6}'| sort | uniq -c | sort -nr
OUTPUT:
506 1246382279
404 1246373467
303 1246383457
303 1246382268
300 1246379705
202... (7 Replies)
I've written a script to count the total size of SAN storage LUNs, and also display the LUN sizes.
From server to server, the LUNs sizes differ.
What I want to do is count the occurances as they occur and change.
These are the LUN sizes:
49.95
49.95
49.95
49.95
49.95
49.95
49.95
49.95... (2 Replies)
04-27-2012
)