Need to get all the records from a log file greater than timestamp supplied.

megh · April 20, 2013, 4:52am

I have a log file which has records with hung thread information/error
I need to find out hung thread from log file greater than timestamp supplied.

[4/19/13 0:49:32:250 EDT] 00000026 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 1" (00000027) has been active for 701879 milliseconds and may be hung.  There is/are 1 thread(s) in total in the server that may be hung.

[4/19/13 02:49:32:270 EDT] 00000026 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 0" (00000025) has been active for 703210 milliseconds .  There is/are 2 thread(s) in total in the server.
[4/19/13 03:49:32:250 EDT] 00000026 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 1" (00000027) has been active for 701879 milliseconds.  There is/are 1 thread(s) in total in the server .

[4/19/13 05:44:32:270 EDT] 00000026 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 0" (00000025) has been active for 703210 milliseconds and may be hung.  There is/are 2 thread(s) in total in the server that may be hung.
[4/19/13 05:41:32:250 EDT] 00000026 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 1" (00000027) has been active for 701879 milliseconds and may be hung.  There is/are 1 thread(s) in total in the server that may be .

[4/19/13 06:49:32:270 EDT] 00000026 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 0" (00000025) has been active for 703210 milliseconds and may be hung.  There is/are 2 thread(s) in total in the server that may be hung.

Scrutinizer · April 20, 2013, 5:32am

What format do you want to use for the timestamp? What have you tried?

megh · April 20, 2013, 12:53pm

Below is the date format of the timestamp to be passed as parameter.

4/19/13 02:49:32

hanson44 · April 20, 2013, 3:19pm

In overall terms:

- Using date command, convert timestamp_supplied to seconds_since_epoch.
- For each line in log file (while read):
  - Use cut or sed to get date_field.
  - Using date command, convert date_field to seconds_since_epoch.
  - Use test command to determine which seconds_since_epoch is larger.

Scrutinizer · April 20, 2013, 4:21pm

It could be done without the date command and epoch time. Try:

awk -F'[][]' -v t="4/19/13 02:49:32" '
  function ts(t,    T){
    split(t,T,/[\/ :]/)
    return sprintf("%02d%02d%02d%02d%02d%02d",T[3],T[1],T[2],T[4],T[5],T[6])
  }
  # If the line is not empty and the timestamp is greater than or equal to the reference timestamp
  NF && ts($2)>=ts(t)
' file

megh · April 22, 2013, 5:13am

It is giving a syntax error near line 1

---------- Post updated at 04:13 AM ---------- Previous update was at 03:49 AM ----------

I tried the below piece of code in ubuntu and it is working fine to fetch the timestamp,but in solaris 5.10 it is not working

line='[4/19/13 0:49:32:250 EDT] 00000026 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 1" (00000027) has been active for 701879 milliseconds and may be hung.  There is/are 1 thread(s) in total in the server that may be hung.

echo $line|awk -F"[/ \\\][]" '{print  $5}'

any suggestions

Scrutinizer · April 22, 2013, 2:13pm

On Solaris use /usr/xpg4/bin/awk rather than awk