Search for Multiple strings in a given date range and print the Group if they exists

UNIX for Beginners Q & A
1

Hi,

I am Searching for Multiple strings in a given date range and print the Group if they exists. the below is the format:

[2019/10/16 13:22:47.961][INFO ][ABCDDDDDDD]
-------------------------------------------------------------------------------------------------------------------------
ID: FIRST ID
MESSAGE: Event Message received.
-------------------------------------------------------------------------------------------------------------------------
CONTEXT: {
  "ID" : 1,
  "event" : "something",
  COMMON_TEXT: COMMON
    "valid" : true
}
*************************************************************************************************************************
[2019/10/16 13:23:00.816][INFO ][ABCDDDDDEEEEEEE]
-------------------------------------------------------------------------------------------------------------------------
ID: SECOND ID
MESSAGE: Event Message received.
-------------------------------------------------------------------------------------------------------------------------
CONTEXT: {
  "ID" : 1,
  "event" : "One More thing",
  COMMON_TEXT: COMMON
    "valid" : true
}
*************************************************************************************************************************
[2019/10/16 13:33:00.816][INFO ][ABCDDDDDEEFFFFFFFFFFFFFEEE]
-------------------------------------------------------------------------------------------------------------------------
ID: THIRD ID
MESSAGE: Event Message received.
-------------------------------------------------------------------------------------------------------------------------
CONTEXT: {
  "ID" : 1,
  "event" : "Second thing",
  COMMON_TEXT: COMMON
    "valid" : False
}
*************************************************************************************************************************

SED COMMAND

sed -n '/2019\/10\/23 12:2[0-2]/{:a;N;/2019\/10\/23 12:3[0-3]/!ba; /FIRST ID/p}'  logfile
  • This is working fine, but I wanted to give one more search criteria along with FIRST ID in the group (like something) and if both exists print the group otherwise skip the group.

AWK Command

awk 'substr($1,2,11)>="2019\/10\/23" && substr($1,2,11)<="2019\/10\/23" && substr($2,1,8)>="12:22:00" && substr($2,1,8)<="12:33:00"' logfile

I am getting only first line with the dates with this group.

I am not a unix expert, can someone please help on this.

2

Please be specific and clearly state the exact strings you wish to match; and also post your desired output exactly.

3

Thanks for your reply, I am interested in

  • - first and third block (in the date and time range)
  • - searching for the text � �First Id', �Something', �Third Id', �Second thing' �. And display that group of text like below
2019/10/16 13:22:47.961][INFO ][ABCDDDDDDD]
-------------------------------------------------------------------------------------------------------------------------
ID: FIRST ID
MESSAGE: Event Message received.
-------------------------------------------------------------------------------------------------------------------------
CONTEXT: {
  "ID" : 1,
  "event" : "something",
  COMMON_TEXT: COMMON
    "valid" : true
}
2019/10/16 13:33:00.816][INFO ][ABCDDDDDEEFFFFFFFFFFFFFEEE]
-------------------------------------------------------------------------------------------------------------------------
ID: THIRD ID
MESSAGE: Event Message received.
-------------------------------------------------------------------------------------------------------------------------
CONTEXT: {
  "ID" : 1,
  "event" : "Second thing",
  COMMON_TEXT: COMMON
    "valid" : False
}
4 
sed ':1;N;/\*/!b1;/FIRST\|THIRD/!d'  logfile

--- Post updated at 17:11 ---

sed -n '/2019\/10\/16/{:1;N;/}/!b1;/FIRST\|THIRD/p}'  logfile
1 Like
5

None of the dates nor even times in your data samples will match the regexes you posted. Assuming all records will be terminated by a } , try (with your sample data in post #1)

sed -n '/2019\/10\/16 13:[23][0-3]/{:a;N;/}/!ba; /\(FIRST\|THIRD\) ID/p}'  file

EDIT: Or

sed -n ' /2019\/10\/16 13:[23][0-3]/, /}/ H; /}/ {s/.*//; x; /\(FIRST\|THIRD\) ID/p; };'  file
1 Like
6

@nezabudka

Thanks for your reply. This helps me a lot. I wanted to try in a specific time period and date range because I may get duplicates rows for every 30 minutes. When I am trying in a date range and searching only for THIRD, first two blocks (SECOND ID and THIRD ID) are also printing. Here is my query. Can you check what is the mistake I am doing here.

sed -n '/2019\/10\/16 13:22:[4-5][1-9]/ {:a;N;/2019\/10\/16 13:33:[0-1][0-9]/!ba; /THIRD/p}'  logfile