How to extract log data based on date

superHonda123 · August 12, 2010, 7:11am

Hi Gurus,

I've been having some problem in extracting the log data based on the current date and month.

As shown in the sample data below, how to extract the log info for Aug 11?

Sample data:

root     pts/ta       userpc Wed Aug 11 09:46 - 20:21  (10:35)
root     pts/ta       userpc Wed Aug 11 09:44 - 20:10  (10:34)
root     pts/ta       userpc Wed Aug 11 09:40 - 20:05  (10:32)
root     pts/tb       userpc Tue Aug   9 11:23 - 11:23  (00:00)
root     pts/tb       userpc Tue Aug   9 11:22 - 11:20  (00:00)
root     pts/ta       userpc Tue Aug   2 10:46 - 19:19  (08:33)
root     pts/ta       userpc Tue Aug   2 10:40 - 19:15  (08:33)
root     pts/ta       userpc Tue Jul    1 10:41 - 10:45  (00:04)
root     pts/ta       userpc Tue Jul    1 10:40 - 10:43  (00:04)

Sample output:

root     pts/ta       userpc Wed Aug 11 09:46 - 20:21  (10:35)
root     pts/ta       userpc Wed Aug 11 09:44 - 20:10  (10:34)
root     pts/ta       userpc Wed Aug 11 09:40 - 20:05  (10:32)

Would aprpeciate for any of your help and advice.

Thank you.

pravin27 · August 12, 2010, 7:25am

grep "Aug 11"  inputfile

gaithrit · August 12, 2010, 7:26am

If wanted to extract the data according to current date like "Aug 11" and test1 is the data file, the below command works.

bash-3.00$ cat test1
root     pts/ta       userpc Wed Aug 11 09:46 - 20:21  (10:35)
root     pts/ta       userpc Wed Aug 11 09:44 - 20:10  (10:34)
root     pts/ta       userpc Wed Aug 11 09:40 - 20:05  (10:32)
root     pts/tb       userpc Tue Aug   9 11:23 - 11:23  (00:00)
root     pts/tb       userpc Tue Aug   9 11:22 - 11:20  (00:00)
root     pts/ta       userpc Tue Aug   2 10:46 - 19:19  (08:33)
root     pts/ta       userpc Tue Aug   2 10:40 - 19:15  (08:33)
root     pts/ta       userpc Tue Jul    1 10:41 - 10:45  (00:04)
root     pts/ta       userpc Tue Jul    1 10:40 - 10:43  (00:04)

 
cat test1 | grep "`date +'%h %d'`"

superHonda123 · August 12, 2010, 7:37am

Hi gaithrit,

Thanks for your response.

I've tried your method and it seems to be working fine.

However, when there is a space in between the date and month, it's not working.

Sorry, I forgot to mention that I'm using HPUX B.11.23 ia64, the sample log data was extracted from "last -R".

Please kindly advice.

Thanks.

gaithrit · August 12, 2010, 7:54am

I am not clear, can you give the command you are running? Thanks.

pravin27 · August 12, 2010, 7:57am

Something like this,

 awk -v v1=`date +'%h'` -v v2=`date +'%d' | sed 's/^0//g'`  '{if($5==v1 && $6==v2) { print }}' infile

Klashxx · August 12, 2010, 8:20am

Based on your code:

 last -R|awk -v v1=`date +'%h'` -v v2=`date +'%d'`  '$5==v1 && $6==v2'

superHonda123 · August 12, 2010, 10:33am

Hi All,

Thanks a lot for all of your responses.

I've tested the script using AWK and it's working perfectly. GREAT.

Really appreciated for your help.

Cheers.

pravin27 · August 12, 2010, 12:11pm

I think Klash solution will not work in case of date "Aug 9". Because date '+%d' will give you result "09"

Klashxx · August 13, 2010, 7:07am

Try this:

awk -v T="09" 'BEGIN{if ( T == 9 ) {print "Yes"}}'

Check:
The AWK Manual - Conversion

Cheers

superHonda123 · August 13, 2010, 7:19am

Hi pravin27 / Klashxx,

Yes, you're right. I've overlook this issue.

When I checked my log file from "last -R", there is no zero if it's a single digit number.

For example:
root pts/tb userpc Tue Aug 9 11:23 - 11:23 (00:00)
root pts/tb userpc Tue Aug 9 11:22 - 11:20 (00:00)
root pts/ta userpc Tue Aug 2 10:46 - 19:19 (08:33)
root pts/ta userpc Tue Aug 2 10:40 - 19:15 (08:33)

This is the the problem when using "date '+%d'" as it will add an additional zero (0).

Is there a way to fix this issue?

Please kindly advice.

Thanks a lot.

Cheers.

Klashxx · August 13, 2010, 7:41am

outdated awk version?

No problem for me:

# cat kk
root pts/tb userpc Tue Aug 9 11:23 - 11:23 (00:00)
root pts/tb userpc Tue Aug 9 11:22 - 11:20 (00:00)
root pts/ta userpc Tue Aug 2 10:46 - 19:19 (08:33)
root pts/ta userpc Tue Aug 2 10:40 - 19:15 (08:33)

# awk -v v1=`date +'%h'` -v v2="09"  '$5==v1 && $6==v2' kk
root pts/tb userpc Tue Aug 9 11:23 - 11:23 (00:00)
root pts/tb userpc Tue Aug 9 11:22 - 11:20 (00:00)
# awk -v v1=`date +'%h'` -v v2="02"  '$5==v1 && $6==v2' kk
root pts/ta userpc Tue Aug 2 10:46 - 19:19 (08:33)
root pts/ta userpc Tue Aug 2 10:40 - 19:15 (08:33)

Regards

pravin27 · August 13, 2010, 8:57am

Hi,

This will work.

awk -v v1=`date +'%h'` -v v2=`date +'%d' | sed 's/^0//g'`  '{if($5==v1 && $6==v2) { print }}' infile

superHonda123 · August 13, 2010, 12:15pm

Hi Klashxx,

Thanks for your response.

When I tried your method with the same sample data, it produced the correct output.

# cat test123
root pts/tb userpc Tue Aug 9 11:23 - 11:23 (00:00)
root pts/tb userpc Tue Aug 9 11:22 - 11:20 (00:00)
root pts/ta userpc Tue Aug 2 10:46 - 19:19 (08:33)
root pts/ta userpc Tue Aug 2 10:40 - 19:15 (08:33)

# awk -v v1=`date +'%h'` -v v2="09"  '$5==v1 && $6==v2'  test123
root pts/tb userpc Tue Aug 9 11:23 - 11:23 (00:00)
root pts/tb userpc Tue Aug 9 11:22 - 11:20 (00:00)

# awk -v v1=`date +'%h'` -v v2="02"  '$5==v1 && $6==v2' test123
root pts/ta userpc Tue Aug 2 10:46 - 19:19 (08:33)
root pts/ta userpc Tue Aug 2 10:40 - 19:15 (08:33)

I think your method should be working fine as it's able to produce the correct output.

Just wondering what else could be the problem.

Maybe I should perform more testing?

Thanks.

Cheers.

---------- Post updated at 11:15 AM ---------- Previous update was at 11:12 AM ----------

Hi pravin27,

Thanks for your response.

I think your method should also be working fine as zero is eliminated by sed command.

I can not really tested it live now as the current date in my system does not have prefiz zero.

Thanks.

Cheers.