Mixing
Display lines in last 10 minutes with specific pattern in logs
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I need to display lines with Error occurred in last 10 minutes of a log file.
Aug 26 10:50:42 Normal line.
Aug 26 10:51:23 Normal line.
Aug 26 10:55:33 Error line.
Aug 26 10:56:45 Normal line.
Aug 26 10:58:12 Error line.
Aug 26 11:02:31 Normal line.
Aug 26 11:03:32 Normal line.
Aug 26 11:04:11 Normal line.
Suppose above sample of log file. I want to display only following two lines
Aug 26 10:55:33 Error line.
Aug 26 10:58:12 Error line.
I am using AIX.
awk grep logs date aix
edited Aug 25 at 20:54
Jeff Schaller
32k849109
asked Aug 25 at 20:33
Hamas Rizwan
454
add a comment |Â
up vote
1
down vote
favorite
I need to display lines with Error occurred in last 10 minutes of a log file.
Aug 26 10:50:42 Normal line.
Aug 26 10:51:23 Normal line.
Aug 26 10:55:33 Error line.
Aug 26 10:56:45 Normal line.
Aug 26 10:58:12 Error line.
Aug 26 11:02:31 Normal line.
Aug 26 11:03:32 Normal line.
Aug 26 11:04:11 Normal line.
Suppose above sample of log file. I want to display only following two lines
Aug 26 10:55:33 Error line.
Aug 26 10:58:12 Error line.
I am using AIX.
awk grep logs date aix
edited Aug 25 at 20:54
Jeff Schaller
32k849109
asked Aug 25 at 20:33
Hamas Rizwan
454
Potential answerers note that AIX's stockdatecommand does not support arbitrary dates as input.
– Jeff Schaller
Aug 25 at 20:37
Is Perl available?
– Jeff Schaller
Aug 25 at 20:37
When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
– Jeff Schaller
Aug 25 at 20:39
Related only: unix.stackexchange.com/q/265951/117549
– Jeff Schaller
Aug 25 at 20:40
@JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
– Hamas Rizwan
Aug 25 at 20:41
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I need to display lines with Error occurred in last 10 minutes of a log file.
Aug 26 10:50:42 Normal line.
Aug 26 10:51:23 Normal line.
Aug 26 10:55:33 Error line.
Aug 26 10:56:45 Normal line.
Aug 26 10:58:12 Error line.
Aug 26 11:02:31 Normal line.
Aug 26 11:03:32 Normal line.
Aug 26 11:04:11 Normal line.
Suppose above sample of log file. I want to display only following two lines
Aug 26 10:55:33 Error line.
Aug 26 10:58:12 Error line.
I am using AIX.
awk grep logs date aix
edited Aug 25 at 20:54
Jeff Schaller
32k849109
asked Aug 25 at 20:33
Hamas Rizwan
454
I need to display lines with Error occurred in last 10 minutes of a log file.
Aug 26 10:50:42 Normal line.
Aug 26 10:51:23 Normal line.
Aug 26 10:55:33 Error line.
Aug 26 10:56:45 Normal line.
Aug 26 10:58:12 Error line.
Aug 26 11:02:31 Normal line.
Aug 26 11:03:32 Normal line.
Aug 26 11:04:11 Normal line.
Suppose above sample of log file. I want to display only following two lines
Aug 26 10:55:33 Error line.
Aug 26 10:58:12 Error line.
I am using AIX.
awk grep logs date aix
edited Aug 25 at 20:54
Jeff Schaller
32k849109
asked Aug 25 at 20:33
Hamas Rizwan
454
edited Aug 25 at 20:54
Jeff Schaller
32k849109
edited Aug 25 at 20:54
Jeff Schaller
32k849109
edited Aug 25 at 20:54
Jeff Schaller
32k849109
32k849109
asked Aug 25 at 20:33
Hamas Rizwan
454
asked Aug 25 at 20:33
Hamas Rizwan
454
asked Aug 25 at 20:33
Hamas Rizwan
454
454
Potential answerers note that AIX's stockdatecommand does not support arbitrary dates as input.
– Jeff Schaller
Aug 25 at 20:37
Is Perl available?
– Jeff Schaller
Aug 25 at 20:37
When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
– Jeff Schaller
Aug 25 at 20:39
Related only: unix.stackexchange.com/q/265951/117549
– Jeff Schaller
Aug 25 at 20:40
@JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
– Hamas Rizwan
Aug 25 at 20:41
add a comment |Â
Potential answerers note that AIX's stockdatecommand does not support arbitrary dates as input.
– Jeff Schaller
Aug 25 at 20:37
Is Perl available?
– Jeff Schaller
Aug 25 at 20:37
When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
– Jeff Schaller
Aug 25 at 20:39
Related only: unix.stackexchange.com/q/265951/117549
– Jeff Schaller
Aug 25 at 20:40
@JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
– Hamas Rizwan
Aug 25 at 20:41
Potential answerers note that AIX's stock
date command does not support arbitrary dates as input.– Jeff Schaller
Aug 25 at 20:37
Potential answerers note that AIX's stock
date command does not support arbitrary dates as input.– Jeff Schaller
Aug 25 at 20:37
Is Perl available?
– Jeff Schaller
Aug 25 at 20:37
Is Perl available?
– Jeff Schaller
Aug 25 at 20:37
When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
– Jeff Schaller
Aug 25 at 20:39
When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
– Jeff Schaller
Aug 25 at 20:39
Related only: unix.stackexchange.com/q/265951/117549
– Jeff Schaller
Aug 25 at 20:40
Related only: unix.stackexchange.com/q/265951/117549
– Jeff Schaller
Aug 25 at 20:40
@JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
– Hamas Rizwan
Aug 25 at 20:41
@JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
– Hamas Rizwan
Aug 25 at 20:41
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
2
down vote
With a hat tip to Stéphane Chazelas for their two answers here:
- https://unix.stackexchange.com/a/265953
- https://unix.stackexchange.com/a/140890
I propose a brute-force solution that loops over every possible timestamp entry for the past 10 minutes:
#!/bin/ksh93
for((i=0;i<=600;i++))
do
d=$(printf '%(%b %d %H:%M:%S)Tn' "$i seconds ago")
grep "^$d Error" logfile
done
It's brute-force because it calls grep (and printf, a built-in) 601 times. It requires a ksh93 that supports the printf %T option for printing (and formatting) arbitrary timestamps. It's easier than doing date math on your own, though, because of edge cases such as:
- day boundaries
- month boundaries
- possible daylight-savings changes
answered Aug 25 at 20:53
Jeff Schaller
32k849109
add a comment |Â
up vote
1
down vote
A possibility here, shamelessly ripping off @Jeff Schaller's solution. Single invocation of grep, so maybe a little faster.
#!/bin/ksh93
for((i=0;i<=600;i++))
do
d=$(printf '%s|%(%b %d %H:%M:%S)T' "$d" "$i seconds ago")
done
grep -E "^($d:1) Error" logfile
answered Aug 25 at 22:16
steve
12.9k22149
AIX grep does have -E.
– Jeff Schaller
Aug 25 at 22:50
1
Moving the Error string to the grep command would save some repetition.
– Jeff Schaller
Aug 25 at 22:51
add a comment |Â
up vote
0
down vote
Thanks for all your responses i did the required work with following command.
awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' logfile
where d1 and d2 were initialized above. Did the job for me.
Cheers.
answered Aug 26 at 16:58
Hamas Rizwan
454
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
With a hat tip to Stéphane Chazelas for their two answers here:
- https://unix.stackexchange.com/a/265953
- https://unix.stackexchange.com/a/140890
I propose a brute-force solution that loops over every possible timestamp entry for the past 10 minutes:
#!/bin/ksh93
for((i=0;i<=600;i++))
do
d=$(printf '%(%b %d %H:%M:%S)Tn' "$i seconds ago")
grep "^$d Error" logfile
done
It's brute-force because it calls grep (and printf, a built-in) 601 times. It requires a ksh93 that supports the printf %T option for printing (and formatting) arbitrary timestamps. It's easier than doing date math on your own, though, because of edge cases such as:
- day boundaries
- month boundaries
- possible daylight-savings changes
answered Aug 25 at 20:53
Jeff Schaller
32k849109
add a comment |Â
up vote
2
down vote
With a hat tip to Stéphane Chazelas for their two answers here:
- https://unix.stackexchange.com/a/265953
- https://unix.stackexchange.com/a/140890
I propose a brute-force solution that loops over every possible timestamp entry for the past 10 minutes:
#!/bin/ksh93
for((i=0;i<=600;i++))
do
d=$(printf '%(%b %d %H:%M:%S)Tn' "$i seconds ago")
grep "^$d Error" logfile
done
It's brute-force because it calls grep (and printf, a built-in) 601 times. It requires a ksh93 that supports the printf %T option for printing (and formatting) arbitrary timestamps. It's easier than doing date math on your own, though, because of edge cases such as:
- day boundaries
- month boundaries
- possible daylight-savings changes
answered Aug 25 at 20:53
Jeff Schaller
32k849109
add a comment |Â
up vote
2
down vote
up vote
2
down vote
With a hat tip to Stéphane Chazelas for their two answers here:
- https://unix.stackexchange.com/a/265953
- https://unix.stackexchange.com/a/140890
I propose a brute-force solution that loops over every possible timestamp entry for the past 10 minutes:
#!/bin/ksh93
for((i=0;i<=600;i++))
do
d=$(printf '%(%b %d %H:%M:%S)Tn' "$i seconds ago")
grep "^$d Error" logfile
done
It's brute-force because it calls grep (and printf, a built-in) 601 times. It requires a ksh93 that supports the printf %T option for printing (and formatting) arbitrary timestamps. It's easier than doing date math on your own, though, because of edge cases such as:
- day boundaries
- month boundaries
- possible daylight-savings changes
answered Aug 25 at 20:53
Jeff Schaller
32k849109
With a hat tip to Stéphane Chazelas for their two answers here:
- https://unix.stackexchange.com/a/265953
- https://unix.stackexchange.com/a/140890
I propose a brute-force solution that loops over every possible timestamp entry for the past 10 minutes:
#!/bin/ksh93
for((i=0;i<=600;i++))
do
d=$(printf '%(%b %d %H:%M:%S)Tn' "$i seconds ago")
grep "^$d Error" logfile
done
It's brute-force because it calls grep (and printf, a built-in) 601 times. It requires a ksh93 that supports the printf %T option for printing (and formatting) arbitrary timestamps. It's easier than doing date math on your own, though, because of edge cases such as:
- day boundaries
- month boundaries
- possible daylight-savings changes
answered Aug 25 at 20:53
Jeff Schaller
32k849109
answered Aug 25 at 20:53
Jeff Schaller
32k849109
answered Aug 25 at 20:53
Jeff Schaller
32k849109
answered Aug 25 at 20:53
Jeff Schaller
32k849109
32k849109
add a comment |Â
add a comment |Â
up vote
1
down vote
A possibility here, shamelessly ripping off @Jeff Schaller's solution. Single invocation of grep, so maybe a little faster.
#!/bin/ksh93
for((i=0;i<=600;i++))
do
d=$(printf '%s|%(%b %d %H:%M:%S)T' "$d" "$i seconds ago")
done
grep -E "^($d:1) Error" logfile
answered Aug 25 at 22:16
steve
12.9k22149
AIX grep does have -E.
– Jeff Schaller
Aug 25 at 22:50
1
Moving the Error string to the grep command would save some repetition.
– Jeff Schaller
Aug 25 at 22:51
add a comment |Â
up vote
1
down vote
A possibility here, shamelessly ripping off @Jeff Schaller's solution. Single invocation of grep, so maybe a little faster.
#!/bin/ksh93
for((i=0;i<=600;i++))
do
d=$(printf '%s|%(%b %d %H:%M:%S)T' "$d" "$i seconds ago")
done
grep -E "^($d:1) Error" logfile
answered Aug 25 at 22:16
steve
12.9k22149
AIX grep does have -E.
– Jeff Schaller
Aug 25 at 22:50
1
Moving the Error string to the grep command would save some repetition.
– Jeff Schaller
Aug 25 at 22:51
add a comment |Â
up vote
1
down vote
up vote
1
down vote
A possibility here, shamelessly ripping off @Jeff Schaller's solution. Single invocation of grep, so maybe a little faster.
#!/bin/ksh93
for((i=0;i<=600;i++))
do
d=$(printf '%s|%(%b %d %H:%M:%S)T' "$d" "$i seconds ago")
done
grep -E "^($d:1) Error" logfile
answered Aug 25 at 22:16
steve
12.9k22149
A possibility here, shamelessly ripping off @Jeff Schaller's solution. Single invocation of grep, so maybe a little faster.
#!/bin/ksh93
for((i=0;i<=600;i++))
do
d=$(printf '%s|%(%b %d %H:%M:%S)T' "$d" "$i seconds ago")
done
grep -E "^($d:1) Error" logfile
answered Aug 25 at 22:16
steve
12.9k22149
edited Aug 26 at 10:53
answered Aug 25 at 22:16
steve
12.9k22149
answered Aug 25 at 22:16
steve
12.9k22149
answered Aug 25 at 22:16
steve
12.9k22149
12.9k22149
AIX grep does have -E.
– Jeff Schaller
Aug 25 at 22:50
1
Moving the Error string to the grep command would save some repetition.
– Jeff Schaller
Aug 25 at 22:51
add a comment |Â
AIX grep does have -E.
– Jeff Schaller
Aug 25 at 22:50
1
Moving the Error string to the grep command would save some repetition.
– Jeff Schaller
Aug 25 at 22:51
AIX grep does have -E.
– Jeff Schaller
Aug 25 at 22:50
AIX grep does have -E.
– Jeff Schaller
Aug 25 at 22:50
1
1
Moving the Error string to the grep command would save some repetition.
– Jeff Schaller
Aug 25 at 22:51
Moving the Error string to the grep command would save some repetition.
– Jeff Schaller
Aug 25 at 22:51
add a comment |Â
up vote
0
down vote
Thanks for all your responses i did the required work with following command.
awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' logfile
where d1 and d2 were initialized above. Did the job for me.
Cheers.
answered Aug 26 at 16:58
Hamas Rizwan
454
add a comment |Â
up vote
0
down vote
Thanks for all your responses i did the required work with following command.
awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' logfile
where d1 and d2 were initialized above. Did the job for me.
Cheers.
answered Aug 26 at 16:58
Hamas Rizwan
454
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Thanks for all your responses i did the required work with following command.
awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' logfile
where d1 and d2 were initialized above. Did the job for me.
Cheers.
answered Aug 26 at 16:58
Hamas Rizwan
454
Thanks for all your responses i did the required work with following command.
awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' logfile
where d1 and d2 were initialized above. Did the job for me.
Cheers.
answered Aug 26 at 16:58
Hamas Rizwan
454
answered Aug 26 at 16:58
Hamas Rizwan
454
answered Aug 26 at 16:58
Hamas Rizwan
454
answered Aug 26 at 16:58
Hamas Rizwan
454
454
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f464842%2fdisplay-lines-in-last-10-minutes-with-specific-pattern-in-logs%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Potential answerers note that AIX's stock
datecommand does not support arbitrary dates as input.– Jeff Schaller
Aug 25 at 20:37
Is Perl available?
– Jeff Schaller
Aug 25 at 20:37
When you say "last 10 minutes of a log file" do you mean relative to the last datestamp in the file, or relative to the time you're running the command?
– Jeff Schaller
Aug 25 at 20:39
Related only: unix.stackexchange.com/q/265951/117549
– Jeff Schaller
Aug 25 at 20:40
@JeffSchaller I mean relative to the time im running the command. CURRENT SYSTEM TIME i mean.
– Hamas Rizwan
Aug 25 at 20:41