HI All,
I have a log file where the logs will be in the format as given below:
2011-05-25 02:32:51 INFO PROCESS STARTING
2011-05-25 02:32:52 INFO PROCESS STARTED
.
.
.
I want to retrieve only the logs which are less than 5 mins older than current time using grep command....
Any help would be appreciated....
well it's not a exact solution, but this one will print entries from file based on last time entry in the log. Hope this will work for you:
sed -n "/`cut -c1-16 m|uniq|tail -5|head -1`/,/`cut -c1-16 m|tail -1`/p" m
here m is the filename
A quick search on the site throws up:
wherein you may find what you require 
... just an example, the code is not very strict and may sometimes display more than what it is supposed to, but it may still give some idea :
The XX and YY offset (**) may need to be adjusted depending on the format of your date
**see : cut -cXX and substr(...,YY,...)
Note that the tr translation may also need to be adjusted to your needs depending on which column you want to shift (minute? hours? other ?) as well as the interval (5 min? 7min ? 10min?)...
Here an example for the last 5 min (not exactly in fact... more 4 min than 5 but you get the idea)
[ctsgnb@shell ~/sand]$ cat tst
Jul 19 18:15:23 ........
Jul 19 18:15:28 ........
Jul 19 18:17:11 ........
Jul 19 18:19:11 ........
Jul 19 18:20:23 ........
Jul 19 18:25:28 ........
Jul 19 18:26:11 ........
Jul 19 18:27:11 ........
Jul 19 18:28:23 ........
Jul 19 18:29:28 ........
Jul 19 18:30:11 ........
Jul 19 18:34:11 ........
Jul 19 18:40:23 ........
Jul 19 18:41:28 ........
Jul 19 18:42:11 ........
Jul 19 18:43:11 ........
[ctsgnb@shell ~/sand]$ date ; m=$(date | cut -c16 | tr '0123456789' '5678901234') ; echo $m
Thu May 26 08:23:22 MDT 2011
8
[ctsgnb@shell ~/sand]$ tail -r tst | awk -v M="$m" 'substr($0,12,1)==M{print;x=1}!x' | tail -r
Jul 19 18:28:23 ........
Jul 19 18:29:28 ........
Jul 19 18:30:11 ........
Jul 19 18:34:11 ........
Jul 19 18:40:23 ........
Jul 19 18:41:28 ........
Jul 19 18:42:11 ........
Jul 19 18:43:11 ........
[ctsgnb@shell ~/sand]$
---------- Post updated at 04:52 PM ---------- Previous update was at 04:38 PM ----------
A very little improvement :
m=$(date | cut -c16 | tr '0123456789' '4567890123')
tail -r tst | awk -v M="$m" 'substr($0,12,1)==M{x=1}!x' | tail -r
so that if there are more than 1 consecutive entry that have ((current_minute) - (5min)), they are all displayed instead of just the first one
[ctsgnb@shell ~/sand]$ cat tst
Jul 19 18:15:23 ........
Jul 19 18:15:28 ........
Jul 19 18:17:11 ........
Jul 19 18:19:11 ........
Jul 19 18:20:23 ........
Jul 19 18:25:28 ........
Jul 19 18:26:11 ........
Jul 19 18:27:11 ........
Jul 19 18:28:23 ........
Jul 19 18:29:28 ........
Jul 19 18:30:11 ........
Jul 19 18:34:11 ........
Jul 19 18:40:23 ........
Jul 19 18:40:23 ........
Jul 19 18:41:28 ........
Jul 19 18:42:11 ........
Jul 19 18:42:11 ........
Jul 19 18:43:11 ........
[ctsgnb@shell ~/sand]$ date ; m=$(date | cut -c16 | tr '0123456789' '4567890123') ; echo $m
Thu May 26 08:47:56 MDT 2011
1
[ctsgnb@shell ~/sand]$ tail -r tst | awk -v M="$m" 'substr($0,12,1)==M{x=1}!x' | tail -r
Jul 19 18:42:11 ........
Jul 19 18:42:11 ........
Jul 19 18:43:11 ........
[ctsgnb@shell ~/sand]$