I was looking at this script which outputs the two lines which differs less than one sec.
#!/usr/bin/perl -w
use strict;
use warnings;
use Time::Local;
use constant SEC_MILIC => 1000;
my $file='infile';
## Open for reading argument file.
open my $fh, "<", $file or die "Cannot open file $file $!\n";
## Save previous values.
my ($time_prev, $reg_prev);
while ( <$fh> ) {
## Get Year/Month/Day/hour/minute/second/milisecond from input line.
/^\s*(\d{4})-(\d{2})-(\d{2})\s+(\d{2}):(\d{2}):(\d{2}),(\d{3})/;
## Get number of seconds form Epoch.
my $time = timelocal( $6, $5, $4, $3, $2 - 1, $1 );
## Update to miliseconds.
$time += $7 / SEC_MILIC;
## Cannot compare times in first line of file, save values and read next.
if ($. == 1) {
$time_prev = $time;
$reg_prev = $_;
next;
}
## Check difference less than a second and print both lines.
if ( 1 > abs($time - $time_prev) ) {
print "$reg_prev", "$_", "\n";
}
## Save current values to compare with next line.
$time_prev = $time;
$reg_prev = $_;
}
Which works ok if the logs are formatted like this.
2011-02-04 11:11:12,923 Message to msisdn: XXXXXXXXXXXX
2011-02-04 11:11:14,950 Message to msisdn: XXXXXXXXXXXX
2011-02-04 11:11:16,967 Message to msisdn: XXXXXXXXXXXX
2011-02-04 11:11:18,982 Message to msisdn: XXXXXXXXXXXX
2011-02-04 11:11:19,499 Message to msisdn: XXXXXXXXXXXX
---------- Post updated at 03:31 PM ---------- Previous update was at 03:27 PM ----------
Can you suggest how to adapt the script to parse another logs but formatted in different way?
Sep 30 21:08:00 error segfault 0x0002220ff blah blah blah
Sep 30 21:09:00 read this read that
Sep 30 21:10:00 done this done that
I would like to get an output when the time difference of two following lines is greater than 1hr in time.
If you have a look it would be much appreciated
Thanks