从命令行管理程序脚本 (.ksh) 中的日志文件中筛选与给定时间相比的最近 2 个日志

我正在分析套接字服务器的大型日志文件以跟踪一些事件。我在使用 shell 脚本获取给定时间（一个在给定时间之前，另一个在给定时间之后）的最新 2 个消息日志时遇到问题。在这种情况下，我唯一可以使用的是日志文件的日期时间值

 e.g. triggering time: 2013-10-31 07:29:45.311
    think I have an event from another log at 2013-10-31 07:29:45.311 and need to filter 
the most recent message log one is before above time and other one is after from below sample log. 
    given time = 2013-10-31 07:29:45.311
    then triggered times for most recent log messages should be 
    1) before the given time: message at 2013-10-31 07:29:34.415
    2) after the given time: message at 2013-10-31 07:30:34.473

可以使用 shell 脚本做到这一点吗？

Sample log:
    2013-10-31 07:23:33.931 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:24:35.273 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:25:33.973 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:26:34.111 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:27:34.151 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:28:34.273 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:29:34.415 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:30:34.473 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:31:34.595 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:32:34.616 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:33:35.673 INFO  - TTT153|Receive|0000131|....

它有些复杂，但可以通过将日期转换为纪元来完成。

value="2013-10-31 07:29:45.311"
awk '
    {
    split($1,a,"-")
    split($2,b,"[:.]")
    t1=mktime(a[1] " " a[2] " " a[3] " " b[1] " " b[2] " " b[3]) "." b[4]
    split(v,c,"[- :.]")
    t2=mktime(c[1] " " c[2] " " c[3] " " c[4] " " c[5] " " c[6]) "." c[7]   
    }
    t1>t2 {print  l "n" $0;exit}
    {l=$0}
    ' v="$value" logfile
2013-10-31 07:29:34.415 INFO - TTT153|Receive|0000131|....
2013-10-31 07:30:34.473 INFO - TTT153|Receive|0000131|....

将其保存到变量

res=$(awk '
    {
    split($1,a,"-")
    split($2,b,"[:.]")
    t1=mktime(a[1] " " a[2] " " a[3] " " b[1] " " b[2] " " b[3]) "." b[4]
    split(v,c,"[- :.]")
    t2=mktime(c[1] " " c[2] " " c[3] " " c[4] " " c[5] " " c[6]) "." c[7]   
    }
    t1>t2 {print  l "n" $0;exit}
    {l=$0}
    ' v="$value" logfile)
echo "$res"
2013-10-31 07:29:34.415 INFO - TTT153|Receive|0000131|....
2013-10-31 07:30:34.473 INFO - TTT153|Receive|0000131|....

相关内容

最新更新

热门标签：