0

いくつかのイベントを追跡するために、ソケット サーバーの大きなログ ファイルを分析しています。シェル スクリプトを使用して、特定の時間 (1 つは特定の時間の前、もう 1 つは特定の時間の後) の最新の 2 つのメッセージ ログを取得する際に問題があります。この場合、使用できるのはログ ファイルの日時の値だけです。

 e.g. triggering time: 2013-10-31 07:29:45.311
    think I have an event from another log at 2013-10-31 07:29:45.311 and need to filter 
the most recent message log one is before above time and other one is after from below sample log. 

    given time = 2013-10-31 07:29:45.311
    then triggered times for most recent log messages should be 
    1) before the given time: message at 2013-10-31 07:29:34.415
    2) after the given time: message at 2013-10-31 07:30:34.473

シェルスクリプトを使用してこれを行うことは可能ですか?

Sample log:

    2013-10-31 07:23:33.931 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:24:35.273 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:25:33.973 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:26:34.111 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:27:34.151 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:28:34.273 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:29:34.415 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:30:34.473 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:31:34.595 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:32:34.616 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:33:35.673 INFO  - TTT153|Receive|0000131|....
4

1 に答える 1

1

実行するのは少し複雑ですが、日付をエポック時間に変換することで実行できます。

value="2013-10-31 07:29:45.311"
awk '
    {
    split($1,a,"-")
    split($2,b,"[:.]")
    t1=mktime(a[1] " " a[2] " " a[3] " " b[1] " " b[2] " " b[3]) "." b[4]
    split(v,c,"[- :.]")
    t2=mktime(c[1] " " c[2] " " c[3] " " c[4] " " c[5] " " c[6]) "." c[7]   
    }
    t1>t2 {print  l "\n" $0;exit}
    {l=$0}
    ' v="$value" logfile

2013-10-31 07:29:34.415 INFO - TTT153|Receive|0000131|....
2013-10-31 07:30:34.473 INFO - TTT153|Receive|0000131|....

変数に保存する

res=$(awk '
    {
    split($1,a,"-")
    split($2,b,"[:.]")
    t1=mktime(a[1] " " a[2] " " a[3] " " b[1] " " b[2] " " b[3]) "." b[4]
    split(v,c,"[- :.]")
    t2=mktime(c[1] " " c[2] " " c[3] " " c[4] " " c[5] " " c[6]) "." c[7]   
    }
    t1>t2 {print  l "\n" $0;exit}
    {l=$0}
    ' v="$value" logfile)

echo "$res"
2013-10-31 07:29:34.415 INFO - TTT153|Receive|0000131|....
2013-10-31 07:30:34.473 INFO - TTT153|Receive|0000131|....
于 2013-10-31T06:59:14.537 に答える