filtering the text using awk & sed according to the time stamp

[Mallikarjuna]

I have some requirement of filtering the logs according to the time stamp (indicated the log file in the example). This file is keep growing with time stamp. My requirement is to redirect the file to output file at regular intervals. I want the file to be generated only during that interval.



For example, let us say if I run the script at 14:00:00 hrs, I should see the data from 13:45 to 14:00 hrs only.

Similarly, If I run the script at 14:15:00 hrs, I want to see the data from 14:00:00 hrs to 14:00:15 hrs and so on.

I was told that awk and sed commands would help in achieving this. Please give me the solution for the above requirement.

Thanks in advance.


Input file:
==================================

Oct 14 13:46:59:Oct 14 13:47:00 DHCPCBP BROWSER[0000]: The browser was unable to
retrieve a list of servers from the browser master \\SCDEMO8 on the network Device\Nbf_{A3F66BC5-CD4C-466E-9F61-C0A804FF1361}. The data is the error code.

Oct 14 13:47:10:Oct 14 13:48:55 DHCPCBP BROWSER[0000]: The browser service has f
ailed to retrieve the backup list too many times on transport \Device\Nbf_{A3F
66BC5-CD4C-466E-9F61-C0A804FF1361}. The backup browser is stopping.

Oct 14 14:01:04:Oct 14 14:02:44 DHCPCBP Norton_AntiVirus[0000]: Scan start
ed on selected drives and folders and all extensions.

Oct 14 14:02:14:Oct 14 14:02:51 DHCPCBP Norton_AntiVirus[0000]: Scan could
not access path C:\System Volume Information

========================== end of input file =====

Expected Output:
===============

The output file has to be at 14:00:00 hrs is...
================================================

Oct 14 13:46:59:Oct 14 13:47:00 DHCPCBP BROWSER[0000]: The browser was unable to
retrieve a list of servers from the browser master \\SCDEMO8 on the network Device\Nbf_{A3F66BC5-CD4C-466E-9F61-C0A804FF1361}. The data is the error code.

Oct 14 13:47:10:Oct 14 13:48:55 DHCPCBP BROWSER[0000]: The browser service has f
ailed to retrieve the backup list too many times on transport \Device\Nbf_{A3F
66BC5-CD4C-466E-9F61-C0A804FF1361}. The backup browser is stopping.



The output file has to be at 14:15:00 hrs is...
==============================================

Oct 14 14:01:04:Oct 14 14:02:44 DHCPCBP Norton_AntiVirus[0000]: Scan start
ed on selected drives and folders and all extensions.

Oct 14 14:02:14:Oct 14 14:02:51 DHCPCBP Norton_AntiVirus[0000]: Scan could
not access path C:\System Volume Information

 

[marsd]

Here are some steps for you:
1. Generate the current time using either gawk's
strftime() function and parse it.
ex:
awk ' BEGIN {
cur = sprintf("%s", strftime())
cur = substr(cur,11,6) ; gsub(/:/,"",cur)
print cur
}'
or an other awks:
awk ' BEGIN {
"date +%T" | getline pre
gsub(/:/,"",pre) ; print substr(pre,1,4)
> }'

2. Parse your log entries
function timeentry(str, ltime) {
if (str ~ /[0-9]+:[0-9]+:[0-9]+:.*/) {
ltime = substr(str,8,6)
gsub(/:/,"",ltime)
return ltime
}
}

awk ' BEGIN {
"date +%T" | getline pre
gsub(/:/,"",pre) ; ctime = substr(pre,1,4)
}
{
t = timeentry($0)
if(t && (t - 15) < ctime && t <= ctime) {
print $0
}
}

The hard part here is finding where one entry starts and the other ends since the entries of various block lengths.
Even so, if you could rig something like:
getline ; if (length($0) > 1) {print } together, you'd
soon find that awk would read till eof....
I'm probably missing something here..

 

[marsd]

Stupid prize:
The conditions for matching should just be:
if (ctime - t) <= 15
I was never any good with math.

 

[jamisar]

compute start time [ see marsd way ]
read lines, if you found something like the timeformat
compare it with start:
if (it is >= start) set a printflag
if (it is >end-time ) quit the program
if( printflag set) print. vox clamantis in deserto.