Quick awk question

SkySmart · January 5, 2015, 11:37pm

gawk 'BEGIN{count=0} /^Jan  5 04:33/,0 && /fail/ && /09x83377/ { count++ } END { print count }' /var/log/syslog

what is wrong with this code? i want to search the strings "fail" and "09x83377" from all entries. im grabbing all entries in the log starting from Jan 5 04:33 to the end of the file.

RavinderSingh13 · January 5, 2015, 11:46pm

skysmart:

gawk 'BEGIN{count=0} /^Jan  5 04:33/,0 && /fail/ && /09x83377/ { count++ } END { print count }' /var/log/syslog
what is wrong with this code? i want to search the strings "fail" and "09x83377" from all entries. im grabbing all entries in the log starting from Jan 5 04:33 to the end of the file.

Hello Skysmart,

Could you please let us know if these strings which you are searching for are in a single line or multiple lines(Which I think may bein single line only), also if you can provide us your os details with Input data it will be helpful for us to guide/advise.

EDIT: Seems you have added some information now , let's try the following command (Not tested though) for same and
let me know if this helps.

awk '/^Jan 5 04:33/{if($0 ~ /fail/ && $0 ~ /09x83377/){print $0}}' Input_file
OR
awk '/^Jan 5 04:33/{if($0 ~ /fail/ && $0 ~ /09x83377/){COUNT++}} END{print COUNT}' Input_file

NOTE: Make sure you are searching correct string Jan 5 04:33 with proper spaces in it.

Thanks,
R. Singh

Don_Cragun · January 6, 2015, 2:31am

Hi SkySmart,
The standards describe a pattern (in an awk command) as:

In the awk command:

/^Jan  5 04:33/,0 && /fail/ && /09x83377/ { count++ }

You have a range that is specified by the two expressions:
/^Jan 5 04:33/ and 0 && /fail/ && /09x83377/
The zero in the 2nd expression guarantees that that expression will evaluate to false for every line; so the range starts on the 1st line that matches the extended regular expression specified by the 1st expression and continues to the end of the input file(s). The standards don't provide any way to include both a range and another expression in the same pattern. (In other words, the meaning of:

( /^Jan  5 04:33/,0 ) && /fail/ && /09x83377/ { count++ }

is not defined to have any meaning in conforming awk utilities. Of course, gawk provides several extensions to the standards. But I don't know of any version of awk that supports this type of pattern as an extension to the standards.)

Hopefully, this explains what is wrong with your gawk script.

If what you want is to select and count the set of lines that contain both the string fail and the string 09x83377 on or after the 1st line that contains Jan 5 04:33 at the start of a line, Ravinder's suggestion should be enough for you to fix your problem. If that isn't what you want, please explain more clearly which lines you are trying to count. (And provide some sample input for us to use to test possible scripts.)

RudiC · January 6, 2015, 5:11am

Try (untested):

awk '/^Jan  5 04:33/ {C=1} C && /fail/ && /09x83377/ { count++ } END {print count}' file