提取日志数据 [英] Extract data from log

问题描述

我在格式的日志

##<01-Mar-2015 03:48:18 o'clock GMT> <info> 
##<01-Mar-2015 03:48:20 o'clock GMT> <info>
##<01-Mar-2015 03:48:30 o'clock GMT> <info>
##<01-Mar-2015 03:48:39 o'clock GMT> <info>

我写的shell脚本中的日志文件从最后记录的数据中提取的最后5分钟的数据，然后搜索字符串它。我是新来的shell脚本，我用grep命令，但没有用它。谁能帮我在这里。
我想下面的脚本

I got to write shell script to extract data of last 5 minutes from the last recorded data in the log file and then search a string in it.I am new to shell script , I used grep command but its of no use.Can anyone help me here. I tried the below script

#!/bin/bash

H=1  ## Hours
LOGFILE=/path/to/logfile.txt

X=$(( H * 60 * 60 )) ## Hours converted to seconds

function get_ts {
DATE="${1%%\]*}"; DATE="${DATE##*\[}"; DATE=${DATE/:/ };                 DATE=${DATE//\// }
TS=$(date -d "$DATE" '+%s')
}

get_ts "$(tail -n 1 "$LOGFILE")"
LAST=$TS

while read -r LINE; do
get_ts "$LINE"
(( (LAST - TS) <= X )) && echo "$LINE"
done < "$LOGFILE"

和上运行它得到下面的错误
get_ts：DATE = $ {日期/：/}：0403-011指定的替代无效此命令

and on running it get the below error get_ts: DATE=${DATE/:/ }: 0403-011 The specified substitution is not valid for this command.

推荐答案

我解析日期为纪元以来秒和比较，与系统时间：

I'd parse the date into seconds since epoch and compare that with the system time:

TZ=GMT awk -F '[#<> :-]+' 'BEGIN { split("Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec", mnames, ","); for(i = 1; i <= 12; ++i) m[mnames[i]] = i } mktime($4 " " m[$3] " " $2 " " $5 " " $6 " " $7) + 300 >= systime()' filename

的 -F'[＃＆LT;＆GT; ： - ] +'是分裂的日期为各个部分，使 $ 2 是天， $ 3 月 $ 4'/ code>年，等​​等。然后，code的工作原理如下：

The -F '[#<> :-]+' is to split the date into individual parts, so that $2 is the day, $3 the month, $4 the year, and so forth. Then the code works as follows:

BEGIN {
  # build a mapping from month name to number (to use in mktime)
  split("Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec", mnames, ",")
  for(i = 1; i <= 12; ++i) m[mnames[i]] = i
}

# build a numerically comparable timestamp from the split date, and
# select all lines whose timestamp is not more than 300 seconds behind
# the system time.
mktime($4 " " m[$3] " " $2 " " $5 " " $6 " " $7) + 300 >= systime()

在 TZ 环境变量设置为 GMT （用 TZ = GMT awk的调用之前）将 mktime 间preT时间戳为GMT

Setting the TZ environment variable to GMT (with TZ=GMT before the awk call) will make mktime interpret the time stamps as GMT.

这篇关于提取日志数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！