Linux 在日期范围内创建的所有文件中使用 Grep
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10898154/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Grep inside all files created within date range
提问by Vijayendra Bapte
I am on the Ubuntu OS. I want to grep a word (say XYZ) inside all log files which are created within date range 28-may-2012 to 30-may-2012.
我在 Ubuntu 操作系统上。我想在日期范围 28-may-2012 到 30-may-2012 内创建的所有日志文件中 grep 一个单词(比如 XYZ)。
How do I do that?
我怎么做?
采纳答案by larsks
This is a little different from Banthar's solution, but it will work with versions of findthat don't support -newermtand it shows how to use the xargscommand, which is a very useful tool.
这与 Banthar 的解决方案略有不同,但它适用于find不支持的版本,-newermt并展示了如何使用该xargs命令,这是一个非常有用的工具。
You can use the findcommand to locate files "of a certain age". This will find all files modified between 5 and 10 days ago:
您可以使用该find命令来定位“特定年龄”的文件。这将找到 5 到 10 天前修改的所有文件:
find /directory -type f -mtime -10 -mtime +5
To then search those files for a string:
然后在这些文件中搜索字符串:
find /directory -type f -mtime -10 -mtime +5 -print0 |
xargs -0 grep -l expression
You can also use the -execswitch, but I find xargsmore readable (and it will often perform better, too, but possibly not in this case).
您也可以使用-execswitch,但我发现它xargs更具可读性(它通常也会表现得更好,但在这种情况下可能不会)。
(Note that the -0flag is there to let this command operate on files with embedded spaces, such as this is my filename.)
(请注意,该-0标志是为了让此命令对带有嵌入空格的文件进行操作,例如this is my filename.)
Update for question in comments
更新评论中的问题
When you provide multiple expressions to find, they are ANDed together. E.g., if you ask for:
当您向 提供多个表达式时find,它们会被 AND 运算在一起。例如,如果您要求:
find . -name foo -size +10k
...findwill only return files that are both (a) named fooand(b) larger than 10 kbytes. Similarly, if you specify:
...find将只返回 (a) 命名foo和(b) 大于 10 KB 的文件。同样,如果您指定:
find . -mtime -10 -mtime +5
...findwill only return files that are (a) newer than 10 days ago and(b) older than 5 days ago.
...find只会返回 (a) 比 10 天前新和(b) 比 5 天前早的文件。
For example, on my system it is currently:
例如,在我的系统上,它目前是:
$ date
Fri Aug 19 12:55:21 EDT 2016
I have the following files:
我有以下文件:
$ ls -l
total 0
-rw-rw-r--. 1 lars lars 0 Aug 15 00:00 file1
-rw-rw-r--. 1 lars lars 0 Aug 10 00:00 file2
-rw-rw-r--. 1 lars lars 0 Aug 5 00:00 file3
If I ask for "files modified more than 5 days ago (-mtime +5) I get:
如果我要求“文件修改时间超过 5 天(-mtime +5),我会得到:
$ find . -mtime +5
./file3
./file2
But if I ask for "files modified more than 5 days ago but less than 10 days ago" (-mtime +5 -mtime -10), I get:
但是,如果我要求“文件修改时间超过 5 天但不到 10 天”( -mtime +5 -mtime -10),我会得到:
$ find . -mtime +5 -mtime -10
./file2
回答by Piotr Praszmo
回答by twalberg
finddoesn't seem to have options where you can specify specific dates for timestamp comparison (at least the version on my laptop doesn't - there may be other versions and/or other tools that perform similarly), so you'll have to use the number of days. So, as of 2012/06/05, you want to find files newer than 9 days but older than 6 days:
find似乎没有可以为时间戳比较指定特定日期的选项(至少我的笔记本电脑上的版本没有 - 可能还有其他版本和/或其他执行类似的工具),因此您必须使用天数。因此,截至 2012 年 6 月 5 日,您希望查找更新时间超过 9 天但超过 6 天的文件:
find . -type f -ctime -9 -ctime +6 -print0 | xargs -0 grep XYZ
