How to find a range of time in a log file 1

[denis60]

Hi!
I'm trying to grep logs in a huge file between a certain period of time.
Ex:.

SFOY PM106 MAR09 02:44:25 3661 RTS LCM
SFOY AUDT106 MAR09 02:45:28 3664 INFO
SFOY * PM106 MAR09 02:58:23 3698 RTS
SFOY SWER MAR09 04:23:03 4108

Is it possible to grep(or else) logs between 02:44:26 to
02:59:01 in a one line command?

 

[xmb]

Doing date generation and variable matching in an automated way can be difficult, and not doing it properly will result in heavy slowdown.
Manually however it works halfway accurate out...

awk -v date='^02:[45]' '{
  if ($4 ~ /:/) num = $4; else num = $5
  if (num ~ date) print
}'

. Mac for productivity
.. Linux for developement
... Windows for solitaire

 

[futurelet]

# Print log entries between 02:44:26 & 02:59:01
{ original = $0
  sub(/[ \t]\*[ \t]/, " ")
  if ( $4 >= "02:44:26" && $4 <= "02:59:01" )
    print original
}

 

[xmb]

awk++

 

[PHV]

If your log file file is really fixed format as in your sample:
awk '{t=substr($0,24,8)if(t>="02:44:26" && t<="02:59:01")print}' /path/to/input > output

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244

 

[denis60]

I have to leave
I'll keep you in touch monday
Thanks for your help

 

[denis60]

Hi! everyone

Here my final script:
cat test|awk '{t=substr($0,24,8);if(t ~ /[0-2][0-9]:[0-5][0-9]:[0-5][0-9]/){if(t>="02:25:00" && t<="22:25:00")print}}'|grep -i -e '(PM|AUDT)' |awk '{u=substr($0,24,13);print u " " $0}'|sort|cut -c15-

1- I had to work with substr instead of fields
2- I checked to get the time pattern
3- If so i find the time in the range of logs
4- a grep is done to find data in the pipe result
5- a copy is done to put time and index in the beginning of line to sort by time
6- i cut the last pasted data to get my real log

Hope it can help

 

[xmb]

Simplification of your script/one liner:

awk -v t1=02:25:00 -v t2=22:25:00 '/PM|AUDT/ {
  t = substr($0,24,8); if (t !~ /[0-9]+:[0-9]+:[0-9]/) next
  if (t >= t1 && t <= t2) {
    u = substr($0,24,13)
    print u, $0
  }
}' [ | sort -n | cut -c15- ]

. Mac for productivity
.. Linux for developement
... Windows for solitaire