bash 如何在 Linux 中 grep 特定时间戳范围内的日志文件内容?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15154083/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to grep a log file content within a particular timestamp range in Linux?
提问by user1682877
I have a log file, which has data in the following format
我有一个日志文件,其中包含以下格式的数据
[1361991081] SERVICE NOTIFICATION: qreda;qa-hadoop1;CPU Load;CRITICAL;notify-service-by-email;CRITICAL - load average: 18.29, 18.14, 18.10
[1361991371] SERVICE NOTIFICATION: qreda;CRITICAL-SERVICES_FOR_LAST_24_HOURS;qa-hadoop1:Critical Services;CRITICAL;notify-service-by-email;CPU Load,Memory,
[1361994681] SERVICE NOTIFICATION: qreda;qa-hadoop1;CPU Load;CRITICAL;notify-service-by-email;CRITICAL - load average: 18.02, 18.06, 18.11
[1361994971] SERVICE NOTIFICATION: qreda;CRITICAL-SERVICES_FOR_LAST_24_HOURS;qa-hadoop1:Critical Services;CRITICAL;notify-service-by-email;CPU Load,Memory,
I contains all the data for the past 7 days.I want to grep this file to show the logs for yesterday. Here date is showing as timestamp. I am using the following command
我包含过去 7 天的所有数据。我想 grep 这个文件来显示昨天的日志。这里日期显示为时间戳。我正在使用以下命令
cat /usr/local/nagios/var/nagios.log |grep qa-hadoop1|grep CRITICAL|grep NOTIFICATION | awk -F, '{ if (>"[1361989800]" && <"[1362076199]") print }'
where 1361989800is the calculated timestamp value for Thu Feb 28 00:00:00 IST 2013
1361989800计算的时间戳值在哪里Thu Feb 28 00:00:00 IST 2013
and 1362076199is the calculated timestamp value for Thu Feb 28 23:59:59 IST 2013.
并且 1362076199是所计算的时间戳值Thu Feb 28 23:59:59 IST 2013。
This works well but the problem is how do i pass 1361989800and 1362076199as arguments??
这很好用,但问题是我如何传递1361989800和1362076199作为参数?
回答by Chris Seymour
You only need awkfor this.
你只需要awk这个。
awk -va=1361989800 -vb=1362076199 '{gsub(/[][]/,"")}/qa-hadoop1|CRITICAL|NOTIFICATION/&&>a&&<b' file
The -voptions allows you to pass in variables. Also by using gsubto remove the brackets for integer comparison on the first fields (space separated not comma that is).
这些-v选项允许您传入变量。还通过使用gsub删除第一个字段上的整数比较括号(空格分隔不是逗号)。
Notes:
笔记:
grepreads files so you don't need to cat file | grep 'pattern'just grep 'pattern' filealso you can use alternation like egrep 'qa-hadoop1|CRITICAL|NOTIFICATION' fileso you don't need to pipe to grepthree times.
grep所以你并不需要读取的文件cat file | grep 'pattern'只是grep 'pattern' file你也可以交替使用像egrep 'qa-hadoop1|CRITICAL|NOTIFICATION' file这样你就不需要管到grep三次。
A more awkishversion of awk -F, '{ if ($1>"[1361989800]" && $1<"[1362076199]") print }'is awk -F, '$1>"[1361989800]" && $1<"[1362076199]"'you don't need the ifconstruct and the default block in awkis print.
更多awkish版本awk -F, '{ if ($1>"[1361989800]" && $1<"[1362076199]") print }'是awk -F, '$1>"[1361989800]" && $1<"[1362076199]"'您不需要if构造,并且默认块awk是打印。
回答by perreal
Here is one way using command line parameter assignment:
这是使用命令行参数分配的一种方法:
grep qa-hadoop1 input | grep CRITICAL| grep NOTIFICATION | \
awk -F, -v b=1361989800 -v e=1362076199 \
'{ if ( > "["b"]" && <"["e"]") print }'
回答by Kent
apart from your cat|grep|grep|grep|awk, I would ask, why you set comma ,as FSof awk, and later compare $1 with timestamp? $1 is from beginning till the first comma, which is not correct.
除了您的cat|grep|grep|grep|awk,我会问,为什么您将逗号设置,为FSawk,然后将 $1 与时间戳进行比较?$1 是从开始到第一个逗号,这是不正确的。
The FSshould be space, if you want to compare date like in your ifstatements.
本FS应该是空间,如果你想比较日期就像在你if的语句。
it may work if you remove -F,from your awk line part. try it.
如果您-F,从 awk 行部分中删除它可能会起作用。尝试一下。
simpler, you could take [or ]as FS.
更简单,你可以把[或]作为FS。
