UNIX for Beginners Questions & Answers

Hi nezabudka,
I'm afraid the above code still doesn't work for anything that started with a[1]==12. If you start with 12 AM on a 12 hour clock you should end up with hour 00 on a 24 hour clock (the above code ends up with hour 12) and if you start with 12 PM on a 12 hour clock you should end up with hour 12 on a 24 hour clock (the above code ends up with hour 00).

If you don't like the code I suggested in post #9 or either of the suggestions I made in post #12 you could also try:

Code:

        $5 = (($7 == "PM") ? a[1] + 12 * (a[1] != 12) : (a[1] == 12) ? "00" : a[1]) ":" a[2] ":" a[3]

Hello,

Thanks to everyone for their efforts. Sorry, was away for few days and didn't get the time to look at the solutions provided.

I tried all scripts from this forum but none of the script worked. All the scripts fetching the lines for entire day instead of last 30 min. My requirement is to pull the lines for last 30 min only.

Script used (for e.g.) :

Code:

awk -F "<|>| |, |," -v d="$(LANG=C date -d -30minutes -u +"%Y%m%d%T")" '
BEGIN   { split("Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec", m2b)
        for(i = 1; i <= 12; i++)
        b2m[m2b[i]] = sprintf("%02d", i)
}
/^</    { line=$0
        if ( length($3) < 2 ) $3 = "0" $3
        split($5, a, ":" s)
        if ($5 == 24) $5 = "00"
        if ($7 == "PM") $5 = (a[1]+=12) ":" a[2] ":" a[3]
        $0 = $4 b2m[$2] $3 $5
        if ( d < $0 ) print line
}
' file_1.out

Code:

$ date   ############ current Date/time on Linux when I ran the script

Sat Mar  9 18:53:47 UTC 2019

Output from the above script:

Code:

<Mar 9, 2019, 1:02:39,176 AM UTC> <Error> <Coherence> <BEA-000000>

<Mar 9, 2019, 1:13:22,583 AM UTC> <Error> <Coherence> <BEA-000000>
<Mar 9, 2019, 1:47:08,198 AM UTC> <Error> <Coherence> <BEA-000000>
<Mar 9, 2019, 5:16:42,24 AM UTC> <Error> <Coherence> 

<Mar 9, 2019, 6:50:41,556 PM UTC> <Error> <Coherence> <BEA-000000>
<Mar 9, 2019, 6:56:45,132 PM UTC> <Error> <Coherence> <BEA-000000>

Please suggest as I need to pull last 30 min lines only whenever i execute this script not for the entire day.

Moderator's Comments:

Please use CODE tags as required by forum rules!

How about carefully reading, understanding, and heeding all the posts (and comments therein) offering help to you? The script you used was commented on and improved in a later post. You shouldn't expect turnkey solutions (although those are frequently delivered) but understand the proposals and experiment with them until they satisfy your needs.


Having said that, how about

Code:

$ paste -d'\t\b' <(date -f <(sed 's/^<\|>.*$//g; s/,//2' file) +"%F %T") file | awk -F"\t" -vTS="$(date -d'30 min ago' +'%F %T')" '($1 > TS) {sub ("^" $1 FS, ""); print}'
<Mar 9, 2019, 6:50:41,556 PM UTC> <Error> <Coherence> <BEA-000000>
<Mar 9, 2019, 6:56:45,132 PM UTC> <Error> <Coherence> <BEA-000000>

Hi RudiC,

Yes indeed, I have checked all posts before replying back and clearly mentioned that none of the <scripts> worked because I tried all of them. The previous post had just one of the example as don't want to bump over with all outcomes as they all produced the same outcome.

Intention here is to resolve the issue to get experts advise to get issue resolved as pulling data with dates are extremely difficult due to presence of >=2 date formats in log file.


Below script result into invalid date

Code:

$ paste -d'\t\b' <(date -f <(sed 's/^<\|>.*$//g; s/,//2' file) +"%F %T") file | awk -F"\t" -vTS="$(date -d'30 min ago' +'%F %T')" '($1 > TS) {sub ("^" $1 FS, ""); print}'

date: invalid date `2019-03-04T11:03:16.576+0000: 1392540.816: [GC [PSYoungGen: 934720K-'
date: invalid date `\tat java.lang.reflect.Method.invoke(Method.java:606)'

Hi rockstar,
I'm very happy that you had other important matters that kept you away from this thread for a few days after you had given us your assignment to work on in your absence. I'm very sorry that we were not able to give you code that worked in your unspecified environment. I apologize for not responding on this issue for the last four days, but I've also been busy doing other things.

We are here to help you learn how to write code to meet your needs on your own. We are not here to act as your unpaid programming staff and should not be expected to write code for you while you are away doing something else. If you're unwilling to answer questions, unwilling to show us the output each of the suggested responses produced on your system, and explain what was going wrong; then there is no reason for us to waste any time trying to help you learn how to do things like this on your own.

Just saying that a script doesn't work doesn't help anyone. I can easily state that some code that you have written doesn't work, but if I don't explain how it didn't work or why it didn't work none of us learns anything useful about the problem at hand.

Like I can tell you that using:

Code:

date -d @-5000 '%Y-%m-%d %H:%M:%S'

mimicking something you showed us in post #1 in this thread is wrong. But that doesn't help you learn how to fix it. The above code has absolutely nothing to do with what the time was half an hour ago. The above code asks the system to give you a time 5000 seconds before the UNIX Epoch (i.e. 5000 seconds before midnight on the morning of January 1, 1970 at 12:00:00 AM GMT). Something like:

Code:

date -d now-1800seconds '%Y-%m-%d %H:%M:%S'

would come a lot closer to giving you a timestamp that occurred 30 minutes ago (and in a format that could be used to directly compare two timestamps as strings to see if one was earlier or later than the other until we get to the year 10000).

Your repeated refusal to use CODE tags when presenting sample input, sample output, and code segments shows us that you don't want us to see the actual format of the data you are processing and makes it impossible for us to guess at how a real solution to your problem would need to be written. (The moderators have attempted to clean up your posts, but we have obviously guessed incorrectly on some of your formatting or one or more of the suggested solutions provided would likely have met your needs.)

Above you say that having >=2 date formats is a problem??? You originally said there were exactly two date formats and that one of those formats was to be completely ignored. That made things easy. If there are other date formats you haven't told us about, it becomes very clear why none of the suggested solutions had a chance of working in your environment.

The fact that the date format you have given us to work with can't be directly compared to other dates in that format between the hours of 11:30pm on one day and 1:00am on the next day nor between 11:30am and 1:00pm on the same day is a nuisance that requires the date format in your sample data to be converted to a different format for comparisons, but I thought most, if not all, of the suggestions you had been given had tried to do that (and when they didn't, follow-up comments provided ways to get around those problems).