Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

sed 2 hours in log

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting sed 2 hours in log
# 1  
Old 02-10-2013
sed 2 hours in log
Hi,

I want grep a log between two hours

Code:
cat server.log

Quote:
error jonas
aaaaaaaaaaaaaa
bbbbbbbbbbbbb
cccccccccccc
24/01/2013 09:10
sssssssssssssss
cccccccccccccc
nnnnnnnnnnnnn
24/01/2013 10:10
uuuuuuuuuuuuuuu
jjjjjjjjjjjjjj
llllllllllllll
mmmmmmmmmmmmm
24/01/2013 10:30
oooooooooooo
sssssssssssss
qqqqqqqqqqq
24/01/2013 10:45
vvvvvvvvv
sssssssss
wwwwwwwwww
Code:
sed -n "/24\/01\/2013 09:10/,/24\/01\/2013 10:45/p" server.log

24/01/2013 09:10
sssssssssssssss
cccccccccccccc
nnnnnnnnnnnnn
24/01/2013 10:10
uuuuuuuuuuuuuuu
jjjjjjjjjjjjjj
llllllllllllll
mmmmmmmmmmmmm
24/01/2013 10:30
oooooooooooo
sssssssssssss
qqqqqqqqqqq
24/01/2013 10:45


Here it's OK
but when the hour doesn't exist, it doesn't work

sed -n "/24\/01\/2013 09:11/,/24\/01\/2013 10:45/p" server.log

I would like when the begin hour doesn't exist, the script 'll take the first hour before else it'll take the begin of the log.

Idem with the end hour, if the hour doesn't exist, it 'll take the first hour after, else it'll take the end of the log.

For example

Code:
sed -n "/24\/01\/2013 09:05/,/24\/01\/2013 10:50/p" server.log

Code:
cat server.log

Quote:
aaaaaaaaaaaaaa
bbbbbbbbbbbbb
cccccccccccc
24/01/2013 09:10
sssssssssssssss
cccccccccccccc
nnnnnnnnnnnnn
24/01/2013 10:10
uuuuuuuuuuuuuuu
jjjjjjjjjjjjjj
llllllllllllll
mmmmmmmmmmmmm
24/01/2013 10:30
oooooooooooo
sssssssssssss
qqqqqqqqqqq
24/01/2013 10:45
vvvvvvvvv
sssssssss
wwwwwwwwww
Code:
sed -n "/24\/01\/2013 10:15/,/24\/01\/2013 10:35/p" server.log

Code:
cat server.log

Quote:
24/01/2013 10:10
uuuuuuuuuuuuuuu
jjjjjjjjjjjjjj
llllllllllllll
mmmmmmmmmmmmm
24/01/2013 10:30
Thank you for your help.
# 2  
Old 02-10-2013
Don't think sed is capable of doing this, this awk script (nawk if you on Solaris) should do what you ask (just change the S and E variables to match your range):

Code:
awk -F"[/ ]" -vS="24/01/2013 09:05" -vE="24/01/2013 10:50" '
function dcmp(b) {
  if($3>b[3])return  1;
  if($3<b[3])return -1;
  if($2>b[2])return  1;
  if($2<b[2])return -1;
  if($1>b[1])return  1;
  if($1<b[1])return -1;
  if($4>b[4])return  1;
  if($4<b[4])return -1;
  return 0;
}
BEGIN{split(S, ds, "[/ ]"); split(E, de, "[/ ]") }
/[0-9]{2}\/[0-1][0-9]\/[[0-9]{4}/ {
   if(s&&dcmp(de)>=0) exit
   if(!s&&dcmp(ds)<=0) {f=x;w=1}
   if(!s&&dcmp(ds)>=0) {printf "%s",f; f=x; s=1 }
}
!w&&!s {f=f $0 "\n"}
s' server.log

This User Gave Thanks to Chubler_XL For This Post:
MadeInGermany
# 3  
Old 02-11-2013
Amazing!
Your code works with Posix-compatible GNU awk and HP-UX awk.
Somehow Solaris nawk does not work (prints nothing),
and Solaris Posix /usr/xpg4/bin/awk wants correct arguments:
-v S="..." -v E="..."
# 4  
Old 02-11-2013
Quote:
Originally Posted by Chubler_XL
Don't think sed is capable of doing this, this awk script (nawk if you on Solaris) should do what you ask (just change the S and E variables to match your range):

Code:
awk -F"[/ ]" -vS="24/01/2013 09:05" -vE="24/01/2013 10:50" '
function dcmp(b) {
  if($3>b[3])return  1;
  if($3<b[3])return -1;
  if($2>b[2])return  1;
  if($2<b[2])return -1;
  if($1>b[1])return  1;
  if($1<b[1])return -1;
  if($4>b[4])return  1;
  if($4<b[4])return -1;
  return 0;
}
BEGIN{split(S, ds, "[/ ]"); split(E, de, "[/ ]") }
/[0-9]{2}\/[0-1][0-9]\/[[0-9]{4}/ {
   if(s&&dcmp(de)>=0) exit
   if(!s&&dcmp(ds)<=0) {f=x;w=1}
   if(!s&&dcmp(ds)>=0) {printf "%s",f; f=x; s=1 }
}
!w&&!s {f=f $0 "\n"}
s' server.log

Thanks a lot for your help.
I launch the script but there is no result or message ?
My shell is bash.
# 5  
Old 02-11-2013
Any sh-compatible shell will do it, because it does nothing than passing a multi-line 'string' to awk. But the awk version matters!
Surprisingly, Solaris nawk does not handle expr{dig,dig}.
Here comes a version that is understood by nawk and /usr/xpg4/bin/awk:
Code:
awk -F"[/ ]" -v S="24/01/2013 09:05" -v E="24/01/2013 10:50" '
function dcmp(b) {
  if($3>b[3])return  1;
  if($3<b[3])return -1;
  if($2>b[2])return  1;
  if($2<b[2])return -1;
  if($1>b[1])return  1;
  if($1<b[1])return -1;
  if($4>b[4])return  1;
  if($4<b[4])return -1;
  return 0;
}
BEGIN{split(S, ds, "[/ ]"); split(E, de, "[/ ]") }
/^[0-9][0-9]\/[0-1][0-9]\/[0-9][0-9][0-9][0-9] / {
   if(s&&dcmp(de)>=0) exit
   if(!s&&dcmp(ds)<=0) {f=x;w=1}
   if(!s&&dcmp(ds)>=0) {printf "%s",f; f=x; s=1 }
}
!w&&!s {f=f $0 "\n"}
s' server.log

This User Gave Thanks to MadeInGermany For This Post:
Chubler_XL
# 6  
Old 02-11-2013
Thanks a lot, it works.

But there is a little problem.

The result is

Quote:
24/01/2013 10:10
uuuuuuuuuuuuuuu
jjjjjjjjjjjjjj
llllllllllllll
mmmmmmmmmmmmm
The last line is missing

Quote:
24/01/2013 10:30
Code:
cat server.log

Code:
error jonas
aaaaaaaaaaaaaa
bbbbbbbbbbbbb
cccccccccccc
24/01/2013 09:10
sssssssssssssss
cccccccccccccc
nnnnnnnnnnnnn
24/01/2013 10:10
uuuuuuuuuuuuuuu
jjjjjjjjjjjjjj
llllllllllllll
mmmmmmmmmmmmm
24/01/2013 10:30
oooooooooooo
sssssssssssss
qqqqqqqqqqq
24/01/2013 10:45
vvvvvvvvv
sssssssss
wwwwwwwwww

Code:
awk -F"[/ ]" -v S="24/01/2013 10:10" -v E="24/01/2013 10:30" '
function dcmp(b) {
  if($3>b[3])return  1;
  if($3<b[3])return -1;
  if($2>b[2])return  1;
  if($2<b[2])return -1;
  if($1>b[1])return  1;
  if($1<b[1])return -1;
  if($4>b[4])return  1;
  if($4<b[4])return -1;
  return 0;
}
BEGIN{split(S, ds, "[/ ]"); split(E, de, "[/ ]") }
/^[0-9][0-9]\/[0-1][0-9]\/[0-9][0-9][0-9][0-9] / {
   if(s&&dcmp(de)>=0) exit
   if(!s&&dcmp(ds)<=0) {f=x;w=1}
   if(!s&&dcmp(ds)>=0) {printf "%s",f; f=x; s=1 }
}
!w&&!s {f=f $0 "\n"}
s' server.log

# 7  
Old 02-11-2013
Thanks for your Solaris corrections MadeInGermany, nice to know that {n,n} regs don't work with nawk.

I'm not quite sure what the requirement is around this last like, the following change
will include the final date line that matches/exceeds the Ending date/time

Replace:
Code:
if(s&&dcmp(de)>=0) exit

With:
Code:
if(s&&dcmp(de)>=0) {print; exit}

Last edited by Chubler_XL; 02-11-2013 at 04:47 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Parsing log file for last 2 hours

I want to parse a log file which i am grepping root user connection but is showing whole day and previous day detail as well. First i want to see last 2 hours log file then after that i want to search particular string. Lets suppose right now its 5:00PM, So i want to see the log of 3:00PM to... (6 Replies)
Discussion started by: learnbash
6 Replies

2. Shell Programming and Scripting

Log search and mail it if the log is updated before 24 hours from the current time

Hi , We have around 22 logs , each has different entries. I have to automate this using shell script. The ideas which am sharing is given below 1) We use only TAIL -100 <location and name of the log> Command to check the logs. 2) We want to check whether the log was updated before 24... (13 Replies)
Discussion started by: Kalaihari
13 Replies

3. Shell Programming and Scripting

Need help looking for missing hours.

I have a file that should cover a days worth of stats, at the beginning of each 15 minute report I have a unique header that looks like the below example. The "0000" and "0015" will change in the header line to show which 15 Minute interval the report is covering and of course from day to day the... (7 Replies)
Discussion started by: fsanchez
7 Replies

4. Shell Programming and Scripting

ps -ef |grep 24 hours

I need to grep PIDs older than 24 hours (1 day) or more. ps -ef |grep ??? Please advise. (10 Replies)
Discussion started by: Daniel Gate
10 Replies

5. AIX

cron off by 5 hours

stupid question im sure, but its frustrating My cron jobs are off by 5 hours. My system time is right but all of my cron jobs are running approximately 5 hours late. Any idea why? (4 Replies)
Discussion started by: mshilling
4 Replies

6. Shell Programming and Scripting

CurrentTime-4 hours

Hi, Good Afternoon! I am writing this script on "sh" and have Variables as below. #Time in hours ex: 09 JobTime=`echo $StartTime |awk '{print $2}'|cut -f1 -d':'` SystemHours=`date +%H` How can go 4 hours back for each variable in a day? Another Question? JobStat=`dsjob -report... (5 Replies)
Discussion started by: rajubollas
5 Replies

7. What is on Your Mind?

How Many hours on Computer?

How many hours you spend on Computer in a day??? (10 Replies)
Discussion started by: malcomex999
10 Replies

8. Shell Programming and Scripting

how to list files between last 6 hours to 3 hours

Hi Frens, I want to list some files from a directory, which contains "DONE" in their name, i am receiving files every minute. In this i want to list all the files which are newer than 6 hours but older than 3 hours, of current time i dont want my list to contain the latest files which are ... (4 Replies)
Discussion started by: Prat007
4 Replies

9. Shell Programming and Scripting

Last 24 hours of a log file

I'm looking to pull the last 24 hours of a log file. Here's what I've got so far: yesterday=$(TZ=$TZ+24 date +"%b %e %H:%M") today=$(date +"%b %e %H:%M") echo $yesterday $today grep -E "^$yesterday|^$today" /var/adm/syslog/syslog.log But that pulls everything from $yesterday from... (1 Reply)
Discussion started by: Bert
1 Replies

10. Shell Programming and Scripting

move log files over 12 hours old...

Hi, I know I can use touch and find's "! -newer" option to list files that are older than a specific time, but what is a good way to get a list of files that are over 12 hours old? The log pruner will run throughout the day, twice an hour. So I can't easily use a cronjob touch command to generate... (1 Reply)
Discussion started by: Thomas Pluck
1 Replies
Login or Register to Ask a Question