我试图从日志文件中获得最后5分钟,其中时间格式如下:
2021-08-10 16:05:00,007 ERROR [com.] Cought an Exception (el) Index: 1, Size: 0
2021-08-10 16:05:00,018 ERROR [com.] Cought an Exception (el) Index: 2, Size: 0
2021-08-10 16:10:00,005 ERROR [com.] Cought an Exception (el) Index: 2, Size: 0
2021-08-10 16:15:00,002 ERROR [com.] Cought an Exception (el) Index: 1, Size: 0
2021-08-10 16:15:00,014 ERROR [com.] Cought an Exception (el) Index: 2, Size: 0
2021-08-10 16:50:00,008 ERROR [com.] Cought an Exception (el) Index: 2, Size: 0
我已经尝试了下面的sed命令,它正在另一种格式上工作,但是当我运行这个时,我没有得到任何返回。
sed -n "/^$(date --date='5 minutes ago' '+%Y-%m-%d %H:%M')/,$p" logfile
尝试了许多不同的命令,但无法找到一个适合此时间格式的2021-08-10 16:50:00,008
任何人的帮助都非常感谢。
现在我也在尝试awk,但它得到一些随机的行,不是在最后几分钟,但在日志文件的某个地方:(我只想得到最后的X分钟)
awk -v dt="$(date '+%Y-%m-%d %T,%3N' -d '-30 minutes')" '$1 " " $2 > dt' logfile
Raw Trap [OID=.2.6.1.4.1.5.1.2.4...
Raw Trap [OID=.2.6.1.4.1.5.1.2.4...
Raw Trap [OID=.2.6.1.4.1.5.1.2.14...
Raw Trap [OID=.2.6.1.4.1.5.1.2.14,...
Raw Trap [OID=.2.6.1.4.1.5.1.2.14...
Raw Trap [OID=.2.6.1.4.1.5.1.2.14...
Raw Trap [OID=.2.6.1.4.1.5.1.2.14,...
Raw Trap [OID=.2.6.1.4.1.5.1.2.14,....
2021-08-11 14:00:00,010 ERROR [com.] Cought an IOException (el) Index: 2, Size: 0
2021-08-11 14:05:00,010 ERROR [com.] Cought an IOException (el) Index: 2, Size: 0`
从日志文件中输入更多信息:
2021-08-06 14:24:16,137 INFO [com.] Invoking Rule: (class path...)
Raw Trap [OID=.1.3.6.1.2.14, Sender=v, VarBind OID=.1.3.6.3, VarBind Value=0] --> Clean Trap [........
2021-08-06 14:24:16,137 INFO [com.] InstanceStr=null
2021-08-06 14:24:16,137 INFO [com.] site_InstanceStr=null
2021-08-06 14:24:16,141 INFO [com.] deleting raw trap com.RawTrapid: 7291, oid: .1.3.6.1.4, time: 2021/08/06 14:2...
2021-08-07 00:30:12,495 INFO [com.] Exporting with user Admin
2021-08-07 00:30:12,511 INFO [com.] preparing for bundle export; retrieving all parameters with bundle id matching:
2021-08-07 00:31:07,538 INFO [com.] Exporting with user Admin
2021-08-07 00:31:07,538 INFO [com.] preparing for bundle export; retrieving all parameters with bundle id matching:
2021-08-07 00:31:07,573 INFO [com.] parameters retrieved: 1001
2021-08-07 00:31:07,573 INFO [com.] creating temp bundle export directory in: /var/tmp/_export2021/fullversion
2021-08-07 00:31:07,914 INFO [com.] Deleting temp dir: /var/tmp/_export_Sat_Aug_07_00_31_07_CEST_2021
2021-08-07 04:00:00,115 ERROR [com.] Partition maintenance failed: exit code=1, output: ERROR 1507 (HY000) at line 26: Error in list of partitions to DROP
您可以在shell中计算所需格式的日期,并将其作为参数传递给awk进行比较:
awk -v dt="$(date '+%Y-%m-%d %T' -d '-5 minutes')" -F, '$1 > dt' file.log
如果你想包含毫秒部分,那么使用:
awk -v dt="$(date '+%Y-%m-%d %T,%3N' -d '-5 minutes')" '($1 " " $2) > dt' file
PS:这需要gnu-date.