Processing a log file based on date/time input and the date/time on the log file

primp · March 15, 2008, 4:21pm

Hi,

I'm trying to accomplish the following and would like some suggestions or possible bash script examples that may work

I have a directory that has a list of log files that's periodically dumped from a script that is crontab that are rotated 4 generations. There will be a time stamp that is associated when the file is created.

application.log.1
application.log.2
application.log.3
application.log.4
application.log.5

I have another script that will take an input of date/time, I'm not sure which is the easiest format to compare, from the short look around it sounds like epoch is the easiest/fastest.

I would like to take that format whichever it is, and basically subtract 5minutes which is a poll period thats been defined and then use that date/time to compare with the logs that are rotated and basically process the log that closely matches the "currentInputDateTime" where it can not be larger than "currentInputDateTime" but less than/equal to the current time, I assume this might be a "ls -tr | awk '{print $6 $7}' to get the date/time and somehow convert those to epoch.

I was wondering if this was something that has been encountered before so the wheel does not have to be re-invented.

Thanks in advance

Franklin52 · March 15, 2008, 5:19pm

Here you can probably find something useful:

http://www.unix.com/answers-frequently-asked-questions/13785-yesterdays-date-date-arithmetic.html

Regards

primp · March 16, 2008, 2:42am

I was taking a look at those links and I saw that you could pass in a parameter such as the following:

date -d "2008-03-15 11:40" --date="5 minutes ago" +%F==%I:%M

Though the output was:

2008-03-15==09:30

I was expecting to get back 11:35 for the time, is there something I'm missing to take a date format and subtract 5minutes from that time and convert it to epoch time to compare with other epoch values?

Franklin52 · March 16, 2008, 7:50am

It should be something like:

date --date "2008-03-15 11:40 5 min ago" +%F==%I:%M

But what is the reason for using this format "+%F==%I:%M"?
You can get the epoch time of 5 minutes ago with:

date --date "2008-03-15 11:40 5 min ago" +%s

Regards

primp · March 16, 2008, 11:23am

Thank you, I was going down that route of using the "5 minutes ago" but didn't realize it was support to be part of the input string, that was where I got confused on and I did not couldn't find an example online or was not reading the man pages correctly. I'll try what you've provided with my script to see if I can get this working