Reputation: 4572
Solaris Convert Get Last Hour of Logs by Comparing the Timestamps
I have a log that looks like this:
####<Sep 16, 2014 6:12:45 PM EST> <Notice> <StdErr> <myserver> <myinstance> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1410913515898> <BEA-000000> <at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)>
####<Sep 16, 2014 9:45:08 PM EST> <Notice> <StdErr> <myserver> <myinstance> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1410913515898> <BEA-000000> <at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)>
####<Sep 16, 2014 10:27:26 PM EST> <Notice> <StdErr> <myserver> <myinstance> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1410913515898> <BEA-000000> <at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)>
####<Sep 16, 2014 11:25:16 PM EST> <Notice> <StdErr> <myserver> <myinstance> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1410913515898> <BEA-000000> <at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)>
Let's say the time is currently 11:26 PM EST. I only want to get entries written in the last hour. I've previously used something like this:
nawk -F "<" -v MyDate=`TZ=MYT+6 date "+%b %d, %Y%l:%M:%S %Z"` ' {if ($2 > MyDate) print $2}'
but i'm getting the following error when attempting to run this:
nawk: syntax error at source line 1
context is
>>> 16, <<<
nawk: bailing out at source line 1
How can I list the entries that were written in the last hour using the Solaris tools (NOT GNU)?
Upvotes: 1
Views: 120
Answers (1)
Reputation: 37288
set -vx will set you free ;-)
When I execute
print -- "####<Sep 16, 2014 11:25:16 PM EST> <Notice> <StdErr> <myserver> " \
| awk -F "<" -v MyDate=`TZ=MYT+6 date "+%b %d, %Y%l:%M:%S %Z"` ' {if ($2 > MyDate) print $2}'
(I use ksh, and its print function is very handy, you can usually substitute echo for print in these sort of cases).
I get a very similar err msg
awk: syntax error at source line 1
context is
>>> <<<
awk: bailing out at source line 1
When I issue the set -vx, I can see what is going to be executed AND what is being substituted for environment variables. Which shows me
1>awk -F '<' -v MyDate=Sep 16, 2014Sep 16 19:59:59:12 MYT ' {if ($2 > MyDate) print $2}'
Notice how 'Sep 16' is repeated?
I can do man date on my system, or as that can be problematic, I try each of the % args that I don't recognize and quickly find that for my version of date,
date +%l
Sep 16 20:00
AND of course, the debug output shows me that I probably want to dbl-quote my input for the variable to awk, hence,
awk -F "<" -v MyDate="`TZ=MYT+6 date '+%b %d, %Y:%M:%S %Z'`" ' {if ($2 > MyDate) print $2}'
should definitely be closer. If you this doesn't fix it, then I'll set up a more detailed test.
Finally, I'd comment that I'm surprized that comparisons containing mixed format (Sep/MYT) date values work as you need, but I suppose translating Sep 16, 2014 11:25:16 PM EST into 201409162325165 is a bit of a headache.
P.S. Also using back-ticks for command substitution was branded as deprecated in the 'Kornshell programming language' published in 1995. Join the 90s and use $( ... cmd ...) command-substitution ;-)
IHTH
Upvotes: 1
Related Questions
- How to get the last X minutes of log messages
- How to get the last N minutes of log messages
- bash: How to compare two dates on Solaris without date -d option
- Getting difference in date in custom logger in linux
- extract log time from log file
- How to accurately grab logs in the past hour from a log file in BASH?
- convert standard timestampt to epoch format using awk/nawk on Solaris
- awk | Extract Log on the basis of Time
- Awk command print max min values from log
- Getting Syntax error while reading last 2 hrs logs using Awk command