Grep logs between two timestamps in Shell

Question

I am writing a script where I need to grep the logs exactly between two given timestamps . I don't want to use regex as it not full proof. Is there any other way through which I can achieve this ?

e.g: between time range 04:15:00 to 05:15:00

Log Format:

170.37.144.10 - - [17/Dec/2015:04:00:00 -0500] "GET /abc/def/ghi/xyz.jsp HTTP/1.1" 200 337 3440 0000FqZTmTG2yuMTJeny7hPDOvG
170.37.144.10 - - [17/Dec/2015:05:10:09 -0500] "POST /abc/def/ghi/xyz.jsp HTTP/1.1" 200 27 21124 0000FqZTmTG2yuMTJ

Andrea Corbellini · Accepted Answer

If you don't want to use regular expressions nor patterns for matching lines, then grep alone is not enough.

Here's a Bash+date solution:

# start and stop may be parameters of your script ("$1" and "$2"),
# here they are hardcoded for convenience.
start="17/Dec/2015 04:15:00 -0500"
stop="17/Dec/2015 05:15:00 -0500"

get_tstamp() {
    # '17/Dec/2015:05:10:09 -0500' -> '17/Dec/2015 05:10:09 -0500'
    datetime="${1/:/ }"
    # '17/Dec/2015 05:10:09 -0500' -> '17 Dec 2015 05:10:09 -0500'
    datetime="${datetime//// }"

    # datetime to unix timestamp
    date -d "$datetime" '+%s'
}

start=$(get_tstamp "$start")
stop=$(get_tstamp "$stop")

while read -r line
do
    datetime="${line%%:*}" # remove ':170.37.144.10 ...'
    tstamp="$(get_tstamp "$datetime")"

    # $tstamp now contains a number like 1450347009;
    # check if it is in range $start..$stop
    [[ "$tstamp" -ge "$start" && "$tstamp" -le "$stop" ]] && echo "$line"
done

Grep logs between two timestamps in Shell

Log Format:

Answers (2)

Related Questions