Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Access log field - using awk to pull date/time

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Access log field - using awk to pull date/time
# 1  
Old 06-28-2012
Access log field - using awk to pull date/time
hey guys.

the following line is a line taken from apache's access_log

Code:
10.10.10.10 - jdoe [28/Jun/2012:14:24:15 +0000] "GET /images/down.gif HTTP/1.1" 304

I'm concerned about the field that has the date and time in it.

if assuming the delimiter in the file is a space, then the fourth field will always have the date and time in it.

however, it is my understanding that the date and time may not always be in the fourth field. depending on the other fields, the date and time may be in random fields.

so my question is, what kind of awk scripting can i use to find the field that has the date/time in it and pull that out?

something better than this:

Code:
echo '10.10.10.10 - jdoe [28/Jun/2012:14:24:15 +0000] "GET /images/down.gif HTTP/1.1" 304' | awk -F" " '{print $4}'

# 2  
Old 06-28-2012
The field delimiter is a regular expression, so you you could try...
Code:
$ echo '10.10.10.10 - jdoe [28/Jun/2012:14:24:15 +0000] "GET /images/down.gif HTTP/1.1" 304' | awk -F '[][]' '{print $2}'
28/Jun/2012:14:24:15 +0000

$

This User Gave Thanks to Ygor For This Post:
SkySmart
# 3  
Old 06-28-2012
Quote:
Originally Posted by Ygor
The field delimiter is a regular expression, so you you could try...
Code:
$ echo '10.10.10.10 - jdoe [28/Jun/2012:14:24:15 +0000] "GET /images/down.gif HTTP/1.1" 304' | awk -F '[][]' '{print $2}'
28/Jun/2012:14:24:15 +0000

$


this works PERFECTLY!

just one other question.

when i run it, i get:

Code:
28/Jun/2012:14:24:15 +0000

how can i modify the awk to only get the first field?

i dont want to have to invoke multiple awks like this:

Code:
echo '10.10.10.10 - jdoe [28/Jun/2012:14:24:15 +0000] "GET /images/down.gif HTTP/1.1" 304' | awk -F '[][]' '{print $2}' | awk '{print $1}'

# 4  
Old 06-28-2012
Code:
echo '10.10.10.10 - jdoe [28/Jun/2012:14:24:15 +0000] "GET /images/down.gif HTTP/1.1" 304'|awk -F'[][]' '{print (a[split($2,a,/ */)-1])}'

This User Gave Thanks to elixir_sinari For This Post:
SkySmart
# 5  
Old 06-28-2012
Quote:
Originally Posted by elixir_sinari
Code:
echo '10.10.10.10 - jdoe [28/Jun/2012:14:24:15 +0000] "GET /images/down.gif HTTP/1.1" 304'|awk -F'[][]' '{print (a[split($2,a,/ */)-1])}'


works PERFECTLY!!

final question, i promise.

when i run your command, i get:

Code:
28/Jun/2012:14:24:15

now i want to chop off the last 3 characters:

Code:
28/Jun/2012:14:24

is it possible?
# 6  
Old 06-28-2012
Code:
echo '10.10.10.10 - jdoe [28/Jun/2012:14:24:15 +0000] "GET /images/down.gif HTTP/1.1" 304'|awk -F'[][]' '{sub(/:[^:]*$/,"",$2);print $2}'

This User Gave Thanks to elixir_sinari For This Post:
SkySmart
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

awk script to find time difference between HTTP PUT and HTTP DELETE requests in access.log

Hi, I'm trying to write a script to determine the time gap between HTTP PUT and HTTP DELETE requests in the HTTP Servers access log. Normally client will do HTTP PUT to push content e.g. file_1.txt and 21 seconds later it will do HTTP DELETE, but sometimes the time varies causing some issues... (3 Replies)
Discussion started by: Juha
3 Replies

2. HP-UX

HP/UX command to pull file name/date based on date

HI, Can anyone tell me how to pull the date and file name separated by a space using the find command or any other command. I want to look through several directories and based on a date timeframe (find -mtime -7), output the file name (without the path) and the date(in format mmddyyyy) to a... (2 Replies)
Discussion started by: lnemitz
2 Replies

3. Shell Programming and Scripting

Command to pull date

I have one file with below entry. There are multiple entries, but for sample I used just three lines. my requirment is to create a script by which it will pull only those entries which modification time is greater than 2 weeks (or 15 days). if I run script today, it will compare date from today... (4 Replies)
Discussion started by: anshu ranjan
4 Replies

4. UNIX for Dummies Questions & Answers

Does 'grep' update a file's access date/time?

I've got a job that finds and removes trace files based upon an access time of more than seven days (I've also tried a modify date). find TABC* -atime +7 -exec rm + find TABC* -mtime +7 -exec rm + Whether I use -atime or -mtime, the process seems to work sporadically. Sometimes it removes... (6 Replies)
Discussion started by: Scottie1954
6 Replies

5. Shell Programming and Scripting

awk help reformatting badly formatted time field

I need help reformatting an input file with spaces in the time field (4th field). I want the field to look like “hh:mm” with appropriate embedded zeros, but instead it has “h :m “ if the hour and/or minute are single character. I'm pretty new to scripting and this is beyond me. Any help would... (4 Replies)
Discussion started by: lisep
4 Replies

6. UNIX for Dummies Questions & Answers

Converting string date time to unix time in AWK

I'd like to convert a date string in the form of sun aug 19 09:03:10 EDT 2012, to unixtime timestamp using awk. I tried This is how each line of the file looks like, different date and time in this format Sun Aug 19 08:33:45 EDT 2012, user1(108.6.217.236) all: test on the 17th ... (2 Replies)
Discussion started by: bkkid
2 Replies

7. Shell Programming and Scripting

Need script to pull multiple field from log file

I am hoping to get some help with a script to pull certain fields from a log file. User update (xx6xxx P) rpt (yy6yyy B) 2010/01/20 21:36:01.298 Remote client forward start streamid 85af 2010/01/20 21:36:01.307 rpt2 (ZZ6ZZZ G) rpt1 (YY6YYY B) urcall (CQCQCQ ) mycall (W1AW) user... (5 Replies)
Discussion started by: TedSD
5 Replies

8. UNIX for Dummies Questions & Answers

Need to pull Yesterdays Date...

I tried this and it works for the most part, but if the date is 20090301, it displays 20090300. YESTERDAY=$((`date +%Y%m%d` -1)) (2 Replies)
Discussion started by: cards0622
2 Replies

9. Shell Programming and Scripting

Split the access.log based on date

I am trying to get the content of Apache access.log file for the current date for viewing purposes. I can get it with the following sed command sed -n '/09\/Oct\/2008/,/09\/Oct\/2008/p' access.log | less now I want to enhance it such that it will automatically take current date instead of... (4 Replies)
Discussion started by: ysprathap
4 Replies

10. Shell Programming and Scripting

Processing a log file based on date/time input and the date/time on the log file

Hi, I'm trying to accomplish the following and would like some suggestions or possible bash script examples that may work I have a directory that has a list of log files that's periodically dumped from a script that is crontab that are rotated 4 generations. There will be a time stamp that is... (4 Replies)
Discussion started by: primp
4 Replies
Login or Register to Ask a Question