Hi, I am new to linux and have a challenge while I am debugging my application logs n linux boxes.
our log file xxx.log will have different responses coming in its way while an user logs in. Each response might be of 2000 lines or more. Many users do login at a time and our log file goes big and big.
What command or script should I write to take last occurrence of particular response of one user. In the following example what should I do to take last occurrence of response2 of user1 ?
I am not interested in running less command and copy from the screen. could you guys suggest me with a command or script ?
Responses in logs are like below:
<response1>
1000 lines or more data
<userId>user1<userId1>
1000 lines or more data
</response1>
<response2>
1000 lines or more data
<userId>user1<userId1>
1000 lines or more data
</response2>
<response1>
1000 lines or more data
<userId>user2<userId1>
1000 lines or more data
</response1>
<response3>
1000 lines or more data
<userId>user1<userId1>
1000 lines or more data
</response3>
<response2>
1000 lines or more data
<userId>user2<userId1>
1000 lines or more data
</response2>
<response1>
1000 lines or more data
<userId>user3<userId1>
1000 lines or more data
</response1>
so on ...
I am working on Solaris.
awk --version is not working to get the version.
your awk code ran and given me some random one line output from the log, it has not given me the output that I required. This line is not part of the response also.
Thank You Scrutinizer !
First command is having syntax error.
Second command worked partially as it has not printed the complete response2 of user1 where it missed to have part of response below and also it printed some part of response1 of some other user on top ..
It has given me the output like below
some 100 lines from response1
<response2>
got till
<userId>user1</userId>
-- some lines from response2
-- missed most of the lines here ..
Scrutinizer's solutions are elegant and correct for the input you posted.
What syntax error are you getting from the first command? Awk should tell you where the syntax error is:
Notice the caret ('^') in the last line. It points to the position of syntax error.
Are your responses really separated by an empty line?
Can you please post a sample from your real input? (Use code tags).
Hi, I am searching for a response xml. As you might know xml tags ends with </.
My user tag starts with <user> and ends with </user> but not with <user>.
I believe, We need to use escape patterns for that. Anyway I am trying with
<userId>user1
as follows which is working without syntax error but couldnt give me the
the result that I wanted.
since your sample input contained <userId> tag but not <user> tag.
The reason why it's not giving you what you want on your real input is because from what i see now, the responses are not separated by empy lines, like you posted before. Try to pre-process the file by inserting an empty line before opening <response[0-9]*> tag and after closing tag:
sed -e 's/.*<response[0-9]*>.*/\n&/; s/<\/response[0-9]*>/&\n/' inputFile |
/usr/xpg4/bin/awk '/<user>user1<\/user>/&&/response2/{p=$0}END{print p}' RS=
I have used correct tags while I ran the commands. Yes I agree, I had given one time as userId and now I am using user. I had given a note on this in my previous post.
I tried to run with your sed command on my log, it still didnt give me any response.
Ohh.. How did I do that ? Yes Mirni it is typo error. My sincere apologies for inconvenience.
I modified my template log file with the correct tag .. But it is not replacing the empty lines where it is just displaying n before and after response tags .. Pasted the output below.. I think we should better use escape pattern for that as well ..
Log line response 1 user user1
Logs of some other user ... task done by user X
Logs of other user tasks done by user Y
log line user1 doing some task
n <response1>
<abc>
<ddd>asdfasd</ddd>
<ggg>4545</ggg>
</abc>
<abc>
<aaaa>4545</aaaa>
<ggg>0455</ggg>
</abc>
<abc>
<ffff>455445</ffff>
<ggg>0454545</ggg>
</abc>
<gggttrr>
<aaaa>
<rtyrry>
<weere>
<werfwe>serwe</werfwe>
<d>1</d>
</weere>
<sadaf>dddfdf</sadaf>
<user>user1</user>
</rtyrry>
</aaaa>
<werwe>werwe</werwe>
<werwew>fasdsadfa</werwew>
</gggttrr>
<dddd>
<wertty>sdfadfss</wertty>
</dddd>
<dddd>
<wertty>Paasdf</wertty>
</dddd>
<dddd>
<wertty>asdfasd</wertty>
</dddd>
</response1>n
n <response2>
<abc>
<ddd>asdfasd</ddd>
<ggg>4545</ggg>
</abc>
<abc>
<aaaa>4545</aaaa>
<ggg>0455</ggg>
</abc>
<abc>
<ffff>455445</ffff>
<ggg>0454545</ggg>
</abc>
<gggttrr>
<aaaa>
<rtyrry>
<weere>
<werfwe>serwe</werfwe>
<d>1</d>
</weere>
<sadaf>dddfdf</sadaf>
<user>user1</user>
</rtyrry>
</aaaa>
<werwe>werwe</werwe>
<werwew>fasdsadfa</werwew>
</gggttrr>
<dddd>
<wertty>sdfadfss</wertty>
</dddd>
<dddd>
<wertty>Paasdf</wertty>
</dddd>
<dddd>
<wertty>asdfasd</wertty>
</dddd>
</response2>n
Log line response 1 user user2
log line user2 doing some task
n <response1>
<abc>
<ddd>asdfasd</ddd>
<ggg>4545</ggg>
</abc>
<abc>
<aaaa>4545</aaaa>
<ggg>0455</ggg>
</abc>
<abc>
<ffff>455445</ffff>
<ggg>0454545</ggg>
</abc>
<gggttrr>
<aaaa>
<rtyrry>
<weere>
<werfwe>serwe</werfwe>
<d>1</d>
</weere>
<sadaf>dddfdf</sadaf>
<user>user2</user>
</rtyrry>
</aaaa>
<werwe>werwe</werwe>
<werwew>fasdsadfa</werwew>
</gggttrr>
<dddd>
<wertty>sdfadfss</wertty>
</dddd>
<dddd>
<wertty>Paasdf</wertty>
</dddd>
<dddd>
<wertty>asdfasd</wertty>
</dddd>
</response1>n
Log line response3 user user2
log line user1 doing some task
n <response3>
<abc>
<ddd>asdfasd</ddd>
<ggg>4545</ggg>
</abc>
<abc>
<aaaa>4545</aaaa>
<ggg>0455</ggg>
</abc>
<abc>
<ffff>455445</ffff>
<ggg>0454545</ggg>
</abc>
<gggttrr>
<aaaa>
<rtyrry>
<weere>
<werfwe>serwe</werfwe>
<d>1</d>
</weere>
<sadaf>dddfdf</sadaf>
<user>user1</user>
</rtyrry>
</aaaa>
<werwe>werwe</werwe>
<werwew>fasdsadfa</werwew>
</gggttrr>
<dddd>
<wertty>sdfadfss</wertty>
</dddd>
<dddd>
<wertty>Paasdf</wertty>
</dddd>
<dddd>
<wertty>asdfasd</wertty>
</dddd>
</response3>n
Log line response 2 user user2
log line user2 doing some task
n <response2>
<abc>
<ddd>asdfasd</ddd>
<ggg>4545</ggg>
</abc>
<abc>
<aaaa>4545</aaaa>
<ggg>0455</ggg>
</abc>
<abc>
<ffff>455445</ffff>
<ggg>0454545</ggg>
</abc>
<gggttrr>
<aaaa>
<rtyrry>
<weere>
<werfwe>serwe</werfwe>
<d>1</d>
</weere>
<sadaf>dddfdf</sadaf>
<user>user2</user>
</rtyrry>
</aaaa>
<werwe>werwe</werwe>
<werwew>fasdsadfa</werwew>
</gggttrr>
<dddd>
<wertty>sdfadfss</wertty>
</dddd>
<dddd>
<wertty>Paasdf</wertty>
</dddd>
<dddd>
<wertty>asdfasd</wertty>
</dddd>
</response2>n
Here is the modified log file
Log line response 1 user user1
Logs of some other user ... task done by user X
Logs of other user tasks done by user Y
log line user1 doing some task
<response1>
<abc>
<ddd>asdfasd</ddd>
<ggg>4545</ggg>
</abc>
<abc>
<aaaa>4545</aaaa>
<ggg>0455</ggg>
</abc>
<abc>
<ffff>455445</ffff>
<ggg>0454545</ggg>
</abc>
<gggttrr>
<aaaa>
<rtyrry>
<weere>
<werfwe>serwe</werfwe>
<d>1</d>
</weere>
<sadaf>dddfdf</sadaf>
<user>user1</user>
</rtyrry>
</aaaa>
<werwe>werwe</werwe>
<werwew>fasdsadfa</werwew>
</gggttrr>
<dddd>
<wertty>sdfadfss</wertty>
</dddd>
<dddd>
<wertty>Paasdf</wertty>
</dddd>
<dddd>
<wertty>asdfasd</wertty>
</dddd>
</response1>
<response2>
<abc>
<ddd>asdfasd</ddd>
<ggg>4545</ggg>
</abc>
<abc>
<aaaa>4545</aaaa>
<ggg>0455</ggg>
</abc>
<abc>
<ffff>455445</ffff>
<ggg>0454545</ggg>
</abc>
<gggttrr>
<aaaa>
<rtyrry>
<weere>
<werfwe>serwe</werfwe>
<d>1</d>
</weere>
<sadaf>dddfdf</sadaf>
<user>user1</user>
</rtyrry>
</aaaa>
<werwe>werwe</werwe>
<werwew>fasdsadfa</werwew>
</gggttrr>
<dddd>
<wertty>sdfadfss</wertty>
</dddd>
<dddd>
<wertty>Paasdf</wertty>
</dddd>
<dddd>
<wertty>asdfasd</wertty>
</dddd>
</response2>
Log line response 1 user user2
log line user2 doing some task
<response1>
<abc>
<ddd>asdfasd</ddd>
<ggg>4545</ggg>
</abc>
<abc>
<aaaa>4545</aaaa>
<ggg>0455</ggg>
</abc>
<abc>
<ffff>455445</ffff>
<ggg>0454545</ggg>
</abc>
<gggttrr>
<aaaa>
<rtyrry>
<weere>
<werfwe>serwe</werfwe>
<d>1</d>
</weere>
<sadaf>dddfdf</sadaf>
<user>user2</user>
</rtyrry>
</aaaa>
<werwe>werwe</werwe>
<werwew>fasdsadfa</werwew>
</gggttrr>
<dddd>
<wertty>sdfadfss</wertty>
</dddd>
<dddd>
<wertty>Paasdf</wertty>
</dddd>
<dddd>
<wertty>asdfasd</wertty>
</dddd>
</response1>
Log line response3 user user2
log line user1 doing some task
<response3>
<abc>
<ddd>asdfasd</ddd>
<ggg>4545</ggg>
</abc>
<abc>
<aaaa>4545</aaaa>
<ggg>0455</ggg>
</abc>
<abc>
<ffff>455445</ffff>
<ggg>0454545</ggg>
</abc>
<gggttrr>
<aaaa>
<rtyrry>
<weere>
<werfwe>serwe</werfwe>
<d>1</d>
</weere>
<sadaf>dddfdf</sadaf>
<user>user1</user>
</rtyrry>
</aaaa>
<werwe>werwe</werwe>
<werwew>fasdsadfa</werwew>
</gggttrr>
<dddd>
<wertty>sdfadfss</wertty>
</dddd>
<dddd>
<wertty>Paasdf</wertty>
</dddd>
<dddd>
<wertty>asdfasd</wertty>
</dddd>
</response3>
Log line response 2 user user2
log line user2 doing some task
<response2>
<abc>
<ddd>asdfasd</ddd>
<ggg>4545</ggg>
</abc>
<abc>
<aaaa>4545</aaaa>
<ggg>0455</ggg>
</abc>
<abc>
<ffff>455445</ffff>
<ggg>0454545</ggg>
</abc>
<gggttrr>
<aaaa>
<rtyrry>
<weere>
<werfwe>serwe</werfwe>
<d>1</d>
</weere>
<sadaf>dddfdf</sadaf>
<user>user2</user>
</rtyrry>
</aaaa>
<werwe>werwe</werwe>
<werwew>fasdsadfa</werwew>
</gggttrr>
<dddd>
<wertty>sdfadfss</wertty>
</dddd>
<dddd>
<wertty>Paasdf</wertty>
</dddd>
<dddd>
<wertty>asdfasd</wertty>
</dddd>
</response2>
Responses are big and There are too many responses for one user and too many same responses for different users say for example many users can have ListABCRes response and one user can have ListABCRes in the logs many times.
This is setting a variable 'resp' to have the value 'response2', and variable 'user' to a string 'user1'. Do not change the code inside the single quotes, just change the "response2" to what is your response actually named. If you are hunting a section
However, I don't see why you would be getting "record too long" error... the code is appending to an internal variable. Have you tried to preprocess the file with the sed command and then pipe it to awk as suggested before?
I am again noting that one user can have two or more ListABCResp in the logs, Logs can be big, Response can be big and Many users can have ListABCResp responses. Similarly other responses also.
I have no clue how to proceed. Hope you will help me again.
tar xvzf gawk-3.1.8.tar.gz
cd gawk-3.1.8
./configure
make
make install
If you don't have the privilege to install it system wide, just install it in a non-standard directory:
./configure --prefix=/path/to/MyDir
make && make install
---------- Post updated at 06:54 PM ---------- Previous update was at 06:34 PM ----------
Do you have perl?
r=response1 #substitute with the real name
u=user1 #substitute with the real name
sed -e '/.*<'$r'*>.*/ {x;p;x}' -e '/<\/'$r'*>/ {G}' logFile |
perl -ne '$/="\n\n"; if(/<'$r'/&&/<user>'$u'/){print;}'
Downloaded gawk-3.1.8.tar.gz
Extracted in windows machine as tar was not working for me.
uploaded the extracted gawk-3.1.8 folder to my directory in unix machine.
ran the command ./configure make make install
I am getting the following error while installing.
./configure make && make install
configure: WARNING: you should use --build, --host, --target
checking for a BSD-compatible install... ./install-sh -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... ./install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
checking whether make sets $(MAKE)... yes
checking for style of include used by make... GNU
checking for make-gcc... no
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/xpg4/bin/grep
checking for egrep... /usr/xpg4/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking for egrep... (cached) /usr/xpg4/bin/grep -E
checking for bison... no
checking for byacc... no
checking whether ln -s works... yes
checking for make-gcc... gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking dependency style of gcc... (cached) gcc3
checking how to run the C preprocessor... gcc -E
checking whether make sets $(MAKE)... (cached) yes
checking for special development options... no
checking for z/OS USS compilation... no
checking for strerror in -lcposix... no
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... 64
checking for AIX compilation hacks... no
checking for Linux/Alpha compilation hacks... no
checking for function prototypes... yes
checking for string.h... (cached) yes
checking whether NLS is requested... yes
checking for msgfmt... no
checking for gmsgfmt... :
checking for xgettext... no
checking for msgmerge... no
checking build system type... Invalid configuration `make': machine `make' not recognized
configure: error: /bin/bash ./config.sub make failed
I have perl installed. When I ran your suggested perl code by modifying like below, I am getting the following error.
r=ListABCResp #substitute with the real name
u=user1 #substitute with the real name
sed -e '/.*<'$r'*>.*/ {x;p;x}' -e '/<\/'$r'*>/ {G}' abc.log |
perl -ne '$/="\n\n"; if(/<'$r'/&&/<user>'$u'/){print;}'