Find time difference based on logfile

Srinivas_Gadi · February 22, 2015, 4:00pm

Hi All,

Firstly thank you for the forum members I need to find time difference b'w two rows of timestamp using awk/shell.

Here is the logfile:

cat business_file
start:skdjh:22:06:2010:10:30:22
sdfnskjoeirg
wregn'wergnoeirnfqoeitgherg
end:siifneworigo:22:06:2010:10:45:34
start:srsdneriieroi:24:06:2010:11:00:45
dfglkndfogn
sdgsdfgdfhdfg
end:erfqefegoieg:24:06:2010:11:46:34
oeirgoeirg\
start:sdjfhsldf:25:07:2010:12:55:43
wrgnweoigwerg
ewgjw]egpojwepr
etwasdf
gwdsdfsdf
fgpwj]pgojwth
wtr
wtwrt
end:dgnoeingwoit:25:07:2010:01:42:12

===========
The above logfile is kind of api file, and there are some rows start with "start" and "end",and the corresponding row's column 3rd to end of the row is timestamp (take delimiter as ":" ) we have to find the time difference between start and end time consecutive rows

Hope I am clear with the question,please let me know if you need more explanation.

Thx Srinivas

Don_Cragun · February 23, 2015, 3:35am

Are we to assume that by consecutive rows, you mean a row starting with start and the next row starting with end ignoring all of the lines between them that do not start with start or end ? Or are the only lines to be considered from your input file:

end:siifneworigo:22:06:2010:10:45:34
start:srsdneriieroi:24:06:2010:11:00:45

since these are the only consecutive lines that start with start and end ?

And, based on the data you've shown us, can we assume that all time stamps to be compared occur on the same date and the last three fields on the start and end lines are hours, minutes, and seconds from a 12-hour clock with no indication of AM/PM? Or, do some of your samples end before they start?

With the sample input you provided, what output are you hoping to get?

Srinivas_Gadi · February 24, 2015, 9:24am

Hi Don,

Its my bad,
Yes you have to consider the two consecutive start and end rows treated as one block.

cat business_file
start:skdjh:22:06:2010:10:30:22
end:siifneworigo:22:06:2010:10:45:34

start:srsdneriieroi:24:06:2010:11:00:45
end:erfqefegoieg:24:06:2010:11:46:34

start:sdjfhsldf:25:07:2010:12:55:43
end:dgnoeingwoit:25:07:2010:13:42:1

I just filtered out the logfile having the rows start and end.
And the date formate is 24hrs , apologies for not being clear.

the sample output is

912 sec 
6909 sec
2789 sec

Thanks
Srini

Don_Cragun · February 25, 2015, 3:43am

I don't know how you get 6909 seconds (1 hour, 55 minutes, 9 seconds) difference for the second time difference for your sample input (11:46:34 - 11:00:45), but the following brute force awk script seems to perform the desired calculations:

#!/bin/ksh
awk -F ':' -v debug=$# '
$1 == "start" {
	hs = $(NF - 2) + 0
	ms = $(NF - 1) + 0
	ss = $NF + 0
	if(debug) printf("$0=%s\n", $0)
}
$1 == "end" {
	he = $(NF - 2) + 0
	me = $(NF - 1) + 0
	se = $NF + 0
	if(se < ss) {
		me--
		se += 60
	}
	if(me < ms) {
		he--
		me += 60
	}
	if(he < hs) he += 24
	diff = (he - hs) * 3600 + (me - ms) * 60 + se - ss
	if(debug) printf("$0=%s\n", $0)
	if(debug) printf("%02d:%02d:%02d - %02d:%02d:%02d = %d\n",
			he, me, se, hs, ms, ss, diff)
	printf("%d sec\n", diff)
}' business_file

If business_file contains:

end:dgnoeingwoit:25:07:2010:13:42:12
start:1second:across:midnight:23:59:59
end:1second:across:midnight:00:00:00
start:1second:after:midnight:00:00:00
end:1second:after:midnight:00:00:01
start:full:day:00:00:00
end:full:day:23:59:59

it produces the output:

912 sec
2749 sec
2789 sec
1 sec
1 sec
86399 sec

if you invoke that script with no arguments, and adds debugging information as follows:

$0=start:skdjh:22:06:2010:10:30:22
$0=end:siifneworigo:22:06:2010:10:45:34
10:45:34 - 10:30:22 = 912
912 sec
$0=start:srsdneriieroi:24:06:2010:11:00:45
$0=end:erfqefegoieg:24:06:2010:11:46:34
11:45:94 - 11:00:45 = 2749
2749 sec
$0=start:sdjfhsldf:25:07:2010:12:55:43
$0=end:dgnoeingwoit:25:07:2010:13:42:12
12:101:72 - 12:55:43 = 2789
2789 sec
$0=start:1second:across:midnight:23:59:59
$0=end:1second:across:midnight:00:00:00
23:59:60 - 23:59:59 = 1
1 sec
$0=start:1second:after:midnight:00:00:00
$0=end:1second:after:midnight:00:00:01
00:00:01 - 00:00:00 = 1
1 sec
$0=start:full:day:00:00:00
$0=end:full:day:23:59:59
23:59:59 - 00:00:00 = 86399
86399 sec

if invoked with one or more arguments.

This was written and tested using the Korn shell, but it will work just as well with any shell that use basic Bourne shell syntax (such as ash , bash , dash , ksh , and sh ).

This script will happily ignore any lines in your input file that do not start with "start:" or "end:", so you don't need to filter your input with grep .

If you want to try this on a Solaris/SunOS system, change awk to /usr/xpg4/bin/awk or nawk .