CODEWITHSUNDEEP
awk
Learn_dba
Learn_dba

Reputation: 1

Print all lines greater than a timestamp in linux ( read log file)

Print all lines greater than a timestamp in linux ( read log file)

"awk -v d1="$(date --date="-10 min" "+<%_d/%m/%Y, %-I:%M")" -v d2="$(date "+<%_d/%m/%Y, %-I:%M")" '$0 > d1 && $0 < d2 || $0 ~ d2' logfile"

result

27/07/2022, 11:14:23,132 Õ GST Error
27/07/2022, 11:14:23,134 Õ GST Error
27/07/2022, 11:14:23,175 Õ GST Error
27/07/2022, 11:14:23,176 Õ GST Error

expected result

27/07/2022, 11:14:23,132 Õ GST Error
some text 
some text 
27/07/2022, 11:14:23,134 Õ GST Error
27/07/2022, 11:14:23,175 Õ GST Error
some text 
some text 
27/07/2022, 11:14:23,176 Õ GST Error

Upvotes: 0

Views: 388

Answers (2)

tshiono
tshiono

Reputation: 22012

Assuming the timestamps in the logfile are sorted in ascending order (older first, newer last), would you please try:

#!/bin/bash

awk -v d1="$(date --date="-10 min" "+%Y/%m/%d, %T,%3N")" '
    # rearrange the date string in "yyyy/mm/dd" order
    function rearrange(str,   a) {
        sub(/,$/, "", str)
        split(str, a, /\//)
        return sprintf("%s/%s/%s", a[3], a[2], a[1])
    }

    f {print; next}                     # if flag is set, print the line
    /^[0-9]{2}\/[0-9]{2}\/[0-9]{4}/ {   # looks like a timestamp line
        d = rearrange($1) ", " $2       # "d" is the rearranged timestamp
        if (d > d1) {                   # if the timestamp is newer than "d1"
            f = 1                       # set the flag
            print
        }
    }
' logfile
  • You need to rearrange the date field in yyyy/mm/dd order for string comparison. The function rearrange does it.
  • You need to pass the date string d1 only, because comparison with d2 (now) will be meaningless.
  • Once the flag f is set, no more comparisons are needed thereafter, as the lines below are assured to be newer.

[Edit]
Assuming the log is updated everyday and almost every seconds, would you please try the efficient version:

#!/bin/bash

awk -v d1="$(date --date="-10 min" "+%d/%m/%Y, %T,%3N")" '
    f {print; next}                     # if flag is set, print the line
    d1 ~ $1 {                           # the days match
        if ($1 " " $2 > d1) {           # the time is newer than d1
            f = 1                       # set the flag
            print
        }
    }
' logfile

Please note this version may fail if d1 is almost midnight such as 27/07/2022, 23:59:59.999 and no timestamps later than that on the same day are found.

Upvotes: 2

Ed Morton
Ed Morton

Reputation: 203324

To print all lines greater than a timestamp from 10 mins earlier from a log file formatted as you show would be this, using any POSIX awk:

$ awk -v tgtTime="$(date --date='-10 min' +'%Y%m%d%H%M%S')" '
    match($0,"^([0-9]{1,2}/){2}[0-9]{4}, ([0-9]{1,2}:){2}[0-9]{1,2},") {
        split(substr($0,1,RLENGTH),t,"[/, :]+")
        curTime = sprintf("%04d%02d%02d%02d%02d%02d",t[3],t[2],t[1],t[4],t[5],t[6])
    }
    curTime >= tgtTime
' file

Upvotes: 2

Related Questions