awk related question

SkySmart · April 2, 2012, 1:41pm

awk "/^<Mar 31, 2012 [1-12]:[0-59] /,0" /app/blah.log

can someone please help me figure out why the above command isn't pulling anything out from the log?

basically, i want it to pull out all records, from the very first line that starts with the date "Mar 31, 2012" and that also has a time immediately following the date, to the end of the log file.

i tried to specify "[1-12]:[0-59]" to represent the range of timestamps, but frankly, that simply isn't doing the trick.

any ideas?

Corona688 · April 2, 2012, 1:47pm

[] brackets don't match ranges of numbers, they match ranges of characters.

If the line starts with 'Mar', it certainly doesn't start with <.

I have no idea what the ",0" is for, there.

I'm only guessing since you didn't post any of the data you wanted matched, but:

/^Mar 31, 2012 (0[1-9]|1[0-2]):[0-5][0-9]/

Please post a sample of your input data.

SkySmart · April 2, 2012, 2:00pm

corona688:

brackets don't match ranges of numbers, they match ranges of characters.

If the line starts with 'Mar', it certainly doesn't start with <.

I have no idea what the ",0" is for, there.

I'm only guessing since you didn't post any of the data you wanted matched, but:
/^Mar 31, 2012 (0[1-9]|1[0-2]):[0-5][0-9]/
Please post a sample of your input data.

sample line in log file:

<Mar 31, 2012 6:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>

Corona688 · April 2, 2012, 2:11pm

Hmm, I can probably adapt the solution from this thread. Too bad it doesn't use 24hr time. Working on it.

Corona688 · April 2, 2012, 2:41pm

If you can get a date into YYYY MM DD HH MM SS order with 24-hour time, and month+day+hour+minute+second as two digits with leading zeroes, then they compare alphabetically. Since < = > compare alphabetically, this is very convenient!

So that is what I do -- reorder the dates into something that can be easily compared, then compare it.

$ cat drange.awk

BEGIN { split("Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec", M);
        # Store them as MON["<Jan"]=1
        for(X in M) MON["<"M[X]]=X;     }

{ CMP="" }

MON[$1] {
        # Convert 12-hour time into 24-hour time
        split($4, T, ":");
        if(($5 == "AM") && (T[1]=="12")) T[1]=0;
        else if($5 == "PM")
        {
                T[1] %= 12;
                T[1] += 12;
        }

        # Reorder date into alphabetically-sortable YYYY MM DD HH MM SS
        CMP=sprintf("%04d %02d %02d %02d:%02d:%02d", $3,
                MON[$1], $2, T[1], T[2], T[3]);
}

CMP && (CMP>=START)

$ cat data

<Mar 31, 2012 12:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 1:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 2:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 3:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 4:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 5:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 6:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 7:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 8:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 9:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 10:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 11:40:40 AM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 12:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 1:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 2:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 3:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 4:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 5:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 6:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 7:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 8:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 9:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 10:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 11:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>

$ awk -v START="2012 03 31 18:40:40" -f drange.awk data

<Mar 31, 2012 6:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 7:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 8:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 9:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 10:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>
<Mar 31, 2012 11:40:40 PM UTC> <Warning> <Socket> <BEA-00670450> <Socket 211 internal data record unavailable (probable closure due idle timeout), event received 17>

$

You could easily enough add a FINISH variable too, to check if CMP is less than or equal to it, to only select a range in time instead of the whole file.