Display lines in last 10 minutes with specific pattern in logs

Clash Royale CLAN TAG#URR8PPP

up vote
1
down vote

favorite

I need to display lines with Error occurred in last 10 minutes of a log file.

Aug 26 10:50:42 Normal line.
Aug 26 10:51:23 Normal line.
Aug 26 10:55:33 Error line.
Aug 26 10:56:45 Normal line.
Aug 26 10:58:12 Error line.
Aug 26 11:02:31 Normal line.
Aug 26 11:03:32 Normal line.
Aug 26 11:04:11 Normal line.

Suppose above sample of log file. I want to display only following two lines

Aug 26 10:55:33 Error line.
Aug 26 10:58:12 Error line.

I am using AIX.

awk grep logs date aix

share|improve this question

edited Aug 25 at 20:54

Jeff Schaller

32k849109

asked Aug 25 at 20:33

Hamas Rizwan

454

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Potential answerers note that AIX's stock date command does not support arbitrary dates as input.
  – Jeff Schaller
  Aug 25 at 20:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Is Perl available?
  – Jeff Schaller
  Aug 25 at 20:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
  – Jeff Schaller
  Aug 25 at 20:39
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Related only: unix.stackexchange.com/q/265951/117549
  – Jeff Schaller
  Aug 25 at 20:40
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
  – Hamas Rizwan
  Aug 25 at 20:41
  

  
  
  
  

add a comment | 

up vote
1
down vote

favorite

I need to display lines with Error occurred in last 10 minutes of a log file.

Aug 26 10:50:42 Normal line.
Aug 26 10:51:23 Normal line.
Aug 26 10:55:33 Error line.
Aug 26 10:56:45 Normal line.
Aug 26 10:58:12 Error line.
Aug 26 11:02:31 Normal line.
Aug 26 11:03:32 Normal line.
Aug 26 11:04:11 Normal line.

Suppose above sample of log file. I want to display only following two lines

Aug 26 10:55:33 Error line.
Aug 26 10:58:12 Error line.

I am using AIX.

awk grep logs date aix

share|improve this question

edited Aug 25 at 20:54

Jeff Schaller

32k849109

asked Aug 25 at 20:33

Hamas Rizwan

454

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Potential answerers note that AIX's stock date command does not support arbitrary dates as input.
  – Jeff Schaller
  Aug 25 at 20:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Is Perl available?
  – Jeff Schaller
  Aug 25 at 20:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
  – Jeff Schaller
  Aug 25 at 20:39
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Related only: unix.stackexchange.com/q/265951/117549
  – Jeff Schaller
  Aug 25 at 20:40
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
  – Hamas Rizwan
  Aug 25 at 20:41
  

  
  
  
  

add a comment | 

up vote
1
down vote

favorite

up vote
1
down vote

favorite

I need to display lines with Error occurred in last 10 minutes of a log file.

Aug 26 10:50:42 Normal line.
Aug 26 10:51:23 Normal line.
Aug 26 10:55:33 Error line.
Aug 26 10:56:45 Normal line.
Aug 26 10:58:12 Error line.
Aug 26 11:02:31 Normal line.
Aug 26 11:03:32 Normal line.
Aug 26 11:04:11 Normal line.

Suppose above sample of log file. I want to display only following two lines

Aug 26 10:55:33 Error line.
Aug 26 10:58:12 Error line.

I am using AIX.

awk grep logs date aix

share|improve this question

edited Aug 25 at 20:54

Jeff Schaller

32k849109

asked Aug 25 at 20:33

Hamas Rizwan

454

I need to display lines with Error occurred in last 10 minutes of a log file.

Aug 26 10:50:42 Normal line.
Aug 26 10:51:23 Normal line.
Aug 26 10:55:33 Error line.
Aug 26 10:56:45 Normal line.
Aug 26 10:58:12 Error line.
Aug 26 11:02:31 Normal line.
Aug 26 11:03:32 Normal line.
Aug 26 11:04:11 Normal line.

Suppose above sample of log file. I want to display only following two lines

Aug 26 10:55:33 Error line.
Aug 26 10:58:12 Error line.

I am using AIX.

awk grep logs date aix

share|improve this question

edited Aug 25 at 20:54

Jeff Schaller

32k849109

asked Aug 25 at 20:33

Hamas Rizwan

454

share|improve this question

share|improve this question

edited Aug 25 at 20:54

Jeff Schaller

32k849109

edited Aug 25 at 20:54

Jeff Schaller

32k849109

edited Aug 25 at 20:54

Jeff Schaller

32k849109

32k849109

asked Aug 25 at 20:33

Hamas Rizwan

454

asked Aug 25 at 20:33

Hamas Rizwan

454

asked Aug 25 at 20:33

Hamas Rizwan

454

454

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Potential answerers note that AIX's stock date command does not support arbitrary dates as input.
  – Jeff Schaller
  Aug 25 at 20:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Is Perl available?
  – Jeff Schaller
  Aug 25 at 20:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
  – Jeff Schaller
  Aug 25 at 20:39
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Related only: unix.stackexchange.com/q/265951/117549
  – Jeff Schaller
  Aug 25 at 20:40
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
  – Hamas Rizwan
  Aug 25 at 20:41
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Potential answerers note that AIX's stock date command does not support arbitrary dates as input.
  – Jeff Schaller
  Aug 25 at 20:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Is Perl available?
  – Jeff Schaller
  Aug 25 at 20:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
  – Jeff Schaller
  Aug 25 at 20:39
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Related only: unix.stackexchange.com/q/265951/117549
  – Jeff Schaller
  Aug 25 at 20:40
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
  – Hamas Rizwan
  Aug 25 at 20:41
  

  
  
  
  

Potential answerers note that AIX's stock date command does not support arbitrary dates as input.
– Jeff Schaller
Aug 25 at 20:37

Potential answerers note that AIX's stock date command does not support arbitrary dates as input.
– Jeff Schaller
Aug 25 at 20:37

Is Perl available?
– Jeff Schaller
Aug 25 at 20:37

Is Perl available?
– Jeff Schaller
Aug 25 at 20:37

When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
– Jeff Schaller
Aug 25 at 20:39

When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
– Jeff Schaller
Aug 25 at 20:39

Related only: unix.stackexchange.com/q/265951/117549
– Jeff Schaller
Aug 25 at 20:40

Related only: unix.stackexchange.com/q/265951/117549
– Jeff Schaller
Aug 25 at 20:40

@JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
– Hamas Rizwan
Aug 25 at 20:41

@JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
– Hamas Rizwan
Aug 25 at 20:41

add a comment | 

3 Answers
3

active

oldest

votes

up vote
2
down vote

With a hat tip to Stéphane Chazelas for their two answers here:

• https://unix.stackexchange.com/a/265953


• https://unix.stackexchange.com/a/140890

I propose a brute-force solution that loops over every possible timestamp entry for the past 10 minutes:

#!/bin/ksh93
for((i=0;i<=600;i++))
do
 d=$(printf '%(%b %d %H:%M:%S)Tn' "$i seconds ago")
 grep "^$d Error" logfile
done

It's brute-force because it calls grep (and printf, a built-in) 601 times. It requires a ksh93 that supports the printf %T option for printing (and formatting) arbitrary timestamps. It's easier than doing date math on your own, though, because of edge cases such as:

• day boundaries


• month boundaries


• possible daylight-savings changes

share|improve this answer

answered Aug 25 at 20:53

Jeff Schaller

32k849109

add a comment | 

up vote
1
down vote

A possibility here, shamelessly ripping off @Jeff Schaller's solution. Single invocation of grep, so maybe a little faster.

#!/bin/ksh93
for((i=0;i<=600;i++))
do
 d=$(printf '%s|%(%b %d %H:%M:%S)T' "$d" "$i seconds ago")
done
grep -E "^($d:1) Error" logfile

share|improve this answer

edited Aug 26 at 10:53

answered Aug 25 at 22:16

steve

12.9k22149

• 
  
  
  

  
  

  
  
  
  
  
  

  
  AIX grep does have -E.
  – Jeff Schaller
  Aug 25 at 22:50
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Moving the Error string to the grep command would save some repetition.
  – Jeff Schaller
  Aug 25 at 22:51
  
  

  
  
  
  

add a comment | 

up vote
0
down vote

Thanks for all your responses i did the required work with following command.

awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' logfile

where d1 and d2 were initialized above. Did the job for me.

Cheers.

share|improve this answer

answered Aug 26 at 16:58

Hamas Rizwan

454

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f464842%2fdisplay-lines-in-last-10-minutes-with-specific-pattern-in-logs%23new-answer', 'question_page');

);

Post as a guest

Name Email

3 Answers
3

active

oldest

votes

3 Answers
3

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
2
down vote

With a hat tip to Stéphane Chazelas for their two answers here:

• https://unix.stackexchange.com/a/265953


• https://unix.stackexchange.com/a/140890

I propose a brute-force solution that loops over every possible timestamp entry for the past 10 minutes:

#!/bin/ksh93
for((i=0;i<=600;i++))
do
 d=$(printf '%(%b %d %H:%M:%S)Tn' "$i seconds ago")
 grep "^$d Error" logfile
done

It's brute-force because it calls grep (and printf, a built-in) 601 times. It requires a ksh93 that supports the printf %T option for printing (and formatting) arbitrary timestamps. It's easier than doing date math on your own, though, because of edge cases such as:

• day boundaries


• month boundaries


• possible daylight-savings changes

share|improve this answer

answered Aug 25 at 20:53

Jeff Schaller

32k849109

add a comment | 

up vote
2
down vote

With a hat tip to Stéphane Chazelas for their two answers here:

• https://unix.stackexchange.com/a/265953


• https://unix.stackexchange.com/a/140890

I propose a brute-force solution that loops over every possible timestamp entry for the past 10 minutes:

#!/bin/ksh93
for((i=0;i<=600;i++))
do
 d=$(printf '%(%b %d %H:%M:%S)Tn' "$i seconds ago")
 grep "^$d Error" logfile
done

It's brute-force because it calls grep (and printf, a built-in) 601 times. It requires a ksh93 that supports the printf %T option for printing (and formatting) arbitrary timestamps. It's easier than doing date math on your own, though, because of edge cases such as:

• day boundaries


• month boundaries


• possible daylight-savings changes

share|improve this answer

answered Aug 25 at 20:53

Jeff Schaller

32k849109

add a comment | 

up vote
2
down vote

up vote
2
down vote

With a hat tip to Stéphane Chazelas for their two answers here:

• https://unix.stackexchange.com/a/265953


• https://unix.stackexchange.com/a/140890

I propose a brute-force solution that loops over every possible timestamp entry for the past 10 minutes:

#!/bin/ksh93
for((i=0;i<=600;i++))
do
 d=$(printf '%(%b %d %H:%M:%S)Tn' "$i seconds ago")
 grep "^$d Error" logfile
done

It's brute-force because it calls grep (and printf, a built-in) 601 times. It requires a ksh93 that supports the printf %T option for printing (and formatting) arbitrary timestamps. It's easier than doing date math on your own, though, because of edge cases such as:

• day boundaries


• month boundaries


• possible daylight-savings changes

share|improve this answer

answered Aug 25 at 20:53

Jeff Schaller

32k849109

With a hat tip to Stéphane Chazelas for their two answers here:

• https://unix.stackexchange.com/a/265953


• https://unix.stackexchange.com/a/140890

I propose a brute-force solution that loops over every possible timestamp entry for the past 10 minutes:

#!/bin/ksh93
for((i=0;i<=600;i++))
do
 d=$(printf '%(%b %d %H:%M:%S)Tn' "$i seconds ago")
 grep "^$d Error" logfile
done

It's brute-force because it calls grep (and printf, a built-in) 601 times. It requires a ksh93 that supports the printf %T option for printing (and formatting) arbitrary timestamps. It's easier than doing date math on your own, though, because of edge cases such as:

• day boundaries


• month boundaries


• possible daylight-savings changes

share|improve this answer

answered Aug 25 at 20:53

Jeff Schaller

32k849109

share|improve this answer

share|improve this answer

answered Aug 25 at 20:53

Jeff Schaller

32k849109

answered Aug 25 at 20:53

Jeff Schaller

32k849109

answered Aug 25 at 20:53

Jeff Schaller

32k849109

32k849109

add a comment | 

add a comment | 

up vote
1
down vote

A possibility here, shamelessly ripping off @Jeff Schaller's solution. Single invocation of grep, so maybe a little faster.

#!/bin/ksh93
for((i=0;i<=600;i++))
do
 d=$(printf '%s|%(%b %d %H:%M:%S)T' "$d" "$i seconds ago")
done
grep -E "^($d:1) Error" logfile

share|improve this answer

edited Aug 26 at 10:53

answered Aug 25 at 22:16

steve

12.9k22149

• 
  
  
  

  
  

  
  
  
  
  
  

  
  AIX grep does have -E.
  – Jeff Schaller
  Aug 25 at 22:50
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Moving the Error string to the grep command would save some repetition.
  – Jeff Schaller
  Aug 25 at 22:51
  
  

  
  
  
  

add a comment | 

up vote
1
down vote

A possibility here, shamelessly ripping off @Jeff Schaller's solution. Single invocation of grep, so maybe a little faster.

#!/bin/ksh93
for((i=0;i<=600;i++))
do
 d=$(printf '%s|%(%b %d %H:%M:%S)T' "$d" "$i seconds ago")
done
grep -E "^($d:1) Error" logfile

share|improve this answer

edited Aug 26 at 10:53

answered Aug 25 at 22:16

steve

12.9k22149

• 
  
  
  

  
  

  
  
  
  
  
  

  
  AIX grep does have -E.
  – Jeff Schaller
  Aug 25 at 22:50
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Moving the Error string to the grep command would save some repetition.
  – Jeff Schaller
  Aug 25 at 22:51
  
  

  
  
  
  

add a comment | 

up vote
1
down vote

up vote
1
down vote

A possibility here, shamelessly ripping off @Jeff Schaller's solution. Single invocation of grep, so maybe a little faster.

#!/bin/ksh93
for((i=0;i<=600;i++))
do
 d=$(printf '%s|%(%b %d %H:%M:%S)T' "$d" "$i seconds ago")
done
grep -E "^($d:1) Error" logfile

share|improve this answer

edited Aug 26 at 10:53

answered Aug 25 at 22:16

steve

12.9k22149

A possibility here, shamelessly ripping off @Jeff Schaller's solution. Single invocation of grep, so maybe a little faster.

#!/bin/ksh93
for((i=0;i<=600;i++))
do
 d=$(printf '%s|%(%b %d %H:%M:%S)T' "$d" "$i seconds ago")
done
grep -E "^($d:1) Error" logfile

share|improve this answer

edited Aug 26 at 10:53

answered Aug 25 at 22:16

steve

12.9k22149

share|improve this answer

share|improve this answer

edited Aug 26 at 10:53

edited Aug 26 at 10:53

edited Aug 26 at 10:53

answered Aug 25 at 22:16

steve

12.9k22149

answered Aug 25 at 22:16

steve

12.9k22149

answered Aug 25 at 22:16

steve

12.9k22149

12.9k22149

• 
  
  
  

  
  

  
  
  
  
  
  

  
  AIX grep does have -E.
  – Jeff Schaller
  Aug 25 at 22:50
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Moving the Error string to the grep command would save some repetition.
  – Jeff Schaller
  Aug 25 at 22:51
  
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  AIX grep does have -E.
  – Jeff Schaller
  Aug 25 at 22:50
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Moving the Error string to the grep command would save some repetition.
  – Jeff Schaller
  Aug 25 at 22:51
  
  

  
  
  
  

AIX grep does have -E.
– Jeff Schaller
Aug 25 at 22:50

AIX grep does have -E.
– Jeff Schaller
Aug 25 at 22:50

1

1

Moving the Error string to the grep command would save some repetition.
– Jeff Schaller
Aug 25 at 22:51

Moving the Error string to the grep command would save some repetition.
– Jeff Schaller
Aug 25 at 22:51

add a comment | 

up vote
0
down vote

Thanks for all your responses i did the required work with following command.

awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' logfile

where d1 and d2 were initialized above. Did the job for me.

Cheers.

share|improve this answer

answered Aug 26 at 16:58

Hamas Rizwan

454

add a comment | 

up vote
0
down vote

Thanks for all your responses i did the required work with following command.

awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' logfile

where d1 and d2 were initialized above. Did the job for me.

Cheers.

share|improve this answer

answered Aug 26 at 16:58

Hamas Rizwan

454

add a comment | 

up vote
0
down vote

up vote
0
down vote

Thanks for all your responses i did the required work with following command.

awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' logfile

where d1 and d2 were initialized above. Did the job for me.

Cheers.

share|improve this answer

answered Aug 26 at 16:58

Hamas Rizwan

454

Thanks for all your responses i did the required work with following command.

awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' logfile

where d1 and d2 were initialized above. Did the job for me.

Cheers.

share|improve this answer

answered Aug 26 at 16:58

Hamas Rizwan

454

share|improve this answer

share|improve this answer

answered Aug 26 at 16:58

Hamas Rizwan

454

answered Aug 26 at 16:58

Hamas Rizwan

454

answered Aug 26 at 16:58

Hamas Rizwan

454

454

add a comment | 

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f464842%2fdisplay-lines-in-last-10-minutes-with-specific-pattern-in-logs%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email