如何在最后几分钟内获取所有具有特定字符串值的日志 [英] How to get all the logs with certain string value in the last a few minutes

问题描述

我有一个应用程序使用自己的日志文件格式。现在我想在一定时间内获取诸如致命错误之类的某些字符串值的所有行日志。日志数据格式如下：

  Thread-28689296：Thu Aug 25 15:18:41 2016 [info]： abcd efddf 
 Thread-28689296：Thu Aug 25 15:19:01 2016 [info]：xvbdfdre dfdfd 
 Thread-28689296：Thu Aug 25 15:19:11 2016 [info]：致命错误
 Thread-28689296：Thu Aug 25 15:19:41 2016 [info]：dfdfdfd 
  

如果now是Aug 25 15:19:41 2016，我想在15:19:41和15:17:41之间找到在我的日志文件中有致命错误的行。所以当前时间应该是从日期开始，x分钟前应该是从x分钟前的日期，以从应用程序日志中找到某些错误消息。

如果我使用以下命令行：

  awk -v Date =$（date+％b％d％H：％M：％ S％Y）-v Date2 =$（date  -  date =2 
分钟前+％b％d％H：％M：％S％Y）'$ 5&日期&& $ 5 < Date2'log_file | 
 grep致命错误
  

条件中的变量$ 5实际上是获取值在我的样本日志数据中分钟17和19，但与日期值进行比较。所以这将不起作用。

如何将日志时间戳的时间值从$ 3到$ 7字段进行比较来比较当前时间的值。我不太熟悉shell脚本。

感谢您的建议和提前协助。

解决方案

可以你尝试这样：

 ＃！/ bin / sh 
 
 Date =$（date+ ％b％d％H：％M：％S％Y）
 Date2 =$（date --date =2分钟前+％b％d％H：％M：％S ％Y）
 
 first_line = $（grep -n$ Date2log_file | awk -F：'{print $ 1}'）
 
 last_line = $ （grep -n$ Datelog_file | awk -F：'{print $ 1}'）
 
 sed -n$ {first_line}，$ {last_line} plog_file | grep致命错误
  

I have an application using its own log file format. Now I want to get all the lines of logs with certain string values such as "Fatal error" within a certain period of time. The log data format is like the following:

Thread-28689296: Thu Aug 25 15:18:41 2016 [ info ]: abcd efddf 
Thread-28689296: Thu Aug 25 15:19:01 2016 [ info ]: xvbdfdre dfdfd 
Thread-28689296: Thu Aug 25 15:19:11 2016 [ info ]: Fatal error 
Thread-28689296: Thu Aug 25 15:19:41 2016 [ info ]: dfdfdfd

If "now" is Aug 25 15:19:41 2016, I want to find between 15:19:41 and 15:17:41 those lines that have "Fatal error" in my log file. So the current time should be from date and x minutes ago should be from "date x minutes ago" to find certain error messages from the application log.

If I use the following command line:

  awk -v Date="$(date "+%b %d %H:%M:%S %Y")" -v Date2="$(date -- date="2 
  minutes ago" "+%b %d %H:%M:%S %Y")" '$5 > Date && $5 < Date2' log_file | 
  grep "Fatal error"

the variable "$5" in the condition actually gets the value of minute "17" and "19" in my sample log data but it compares with a date value. So this won't work.

How can I construct the value of time in log timestamp from $3 to $7 fields to compare the value of current time. I m not so familiar with shell scripting.

Thanks for your advice and help in advance.

解决方案

Can you try this:

#!/bin/sh

  Date="$(date "+%b %d %H:%M:%S %Y")"
  Date2="$(date --date="2 minutes ago" "+%b %d %H:%M:%S %Y")"

  first_line=$(grep -n "$Date2" log_file | awk -F ":" '{print $1}')

  last_line=$(grep -n "$Date" log_file | awk -F ":" '{print $1}')

  sed -n "${first_line},${last_line}p" log_file | grep "Fatal error"

这篇关于如何在最后几分钟内获取所有具有特定字符串值的日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！