search for the matched pattern by tracing back from the line

Hi,

I want to grep the line which has 'data11'.then from that line, i need to trace back and find out the immediate line which has the same timestamp of that grepped line.
for eg:
log file:

[22/Jan/2008:19:37:00-20401-59-2] Process - data
[22/Jan/2008:19:37:00-20401-59-2] Process - datavalue - 2345
[22/Mar/2008:19:37:00-20401-63-2] Process - data
[01/Jul/2008:19:37:00-20401-63-2] Process - data
[22/Jul/2008:19:37:00-20401-63-2] Process - data
[22/Jan/2008:19:37:00-20401-59-2] Process - data11

so here ,first i will grep for 'data11' and i will get the line number as 6.Then from the line6 ,i have to trace back and find out the immediate line which has the same timestamp.here it is [22/Jan/2008:19:37:00-20401-59-2].so the result line is 2.How to get this using grep?

1. find your desired timestamp
2. find all the lines contain that timestamp
3. get the second last one

temp=`cat file | grep data11 | nawk '{sub(/\[/,"",$1);sub(/\]/,"",$1);print $1}'`
cat a | grep $temp > file.t
tail -2 file.t | head -1

You can avoid the use of temporary files, Useless Use of Cat, and Useless Use of Grep | Awk:

grep `nawk '/data11/{sub ...}' file` a | tail -2 | head -1

For extra points, modify the awk script so it prints out a sed script which does the right thing.

cleaner to do this:

#  awk '/data11/{print c[$1]};{c[$1]=$0}' file1
[22/Jan/2008:19:37:00-20401-59-2] Process - datavalue - 2345

otherwise you're making assumptions that there are only two lines with that timestamp....

I am doing some grep operation and some other operations and finding this lineno.From this line I want to go back and find the immediate matched line with that timestamp.

My code is like this.

for i in $(grep -n data11 file.txt|cut -d: -f1)
do
sed -n "${i},${i}p" logfile.txt|cut -d" " -f5 >> msg.txt
sed -n "${i},${i}p" logfile.txt|cut -d: -f1 >> msg.txt
sed -n "${i},${i}p" logfile.txt|cut -d: -f2,3 >> msg.txt
done

In this after do,i need to get that matched lineno.

Can anyone tell me How I can get the result?

Doesn't tytalus' solution work for you? If you want it to just print the line number of the first match with the same time stamp, that's a trivial modification.

awk '/data11/{print c[$1];}{c[$1] = NR }' logfile.txt

I'm still wondering, do you want both the matching line and the first one with the same time stamp, or just the first one?

Assuming the latter (or actually, either way), it's probably simpler if you add the desired output formatting directly to the awk script.

awk '/data11/{print c[$1];}
    {split ($0, t, ":"); c[$1]=$5 " " t[1] " " t[2] ":" t[3] }' logfile.txt >>msg.txt

With the sample data you posted, the data value from $5 is just a dash, so I imagine you really wanted $6 (and then the cut -f5 in your original code should be cut -f6, correspondingly).

hi, actually,my need is like,in the given file i have to find the line which has the keyword "Not authenticated by System" and
"authenticated by System".and i have to get the corresponding names which here is 'sharmila' and 'shivu'.
If it is not authenticated i have to make the status as 'Failure' otherwise as 'Success'.
So here In case of 'Not authenticated i can read the name'sharmila' from the same line.But in case of 'authenticated' i have to trace back the line which has the same timestamp.it may be in anyline.here is my code.

for i in $(grep -n "authenticated by System" logfile.txt|cut -d: -f1)
do
sed -n "${i},${i}p" logfile.txt| /usr/xpg4/bin/grep -q "NOT authenticated by System"
if [ $? -eq 0 ]
then
sed -n "${i},${i}p" logfile.txt|cut -d" " -f5 | sed '1s/^.//' | sed '$s/.$//' >> msg.txt
echo "Failure" >> msg.txt

else
sed -n "${i},${i}p" logfile.txt| /usr/xpg4/bin/grep -q "getCredentials"
if [ $? -eq 0 ]
then
sed -n "${i},${i}p" logfile.txt|cut -d" " -f4 >> msg.txt
echo "Success" >> msg.txt
fi

fi
done

so my need is in the else part how i can get that particular mathched line.
As i am new to unix ,i dont know how i can do this using awk.
Can anyone tell me ,whether in the given code i can get that line or how i can apply the awk here.

logfile:
--------
[22/Jul/2008:19:35:45-20401-23-1] getCredentials - sharmila
[22/Jul/2008:19:35:45-20401-23-2] DoLogin - Setting variables
[22/Jul/2008:19:35:45-20401-23-1] DoLogin - data authenticated by System.
[22/Aug/2008:29:37:14-20401-56-1] DoLogin - User 'sharmila' was NOT authenticated by System.
[12/Jan/2008:19:35:45-20401-23-1] getCredentials - shivu
[22/Jul/2008:19:35:45-20401-23-2] DoLogin - Setting varaibles for all
[22/Jul/2008:19:35:45-20401-23-1] DoLogin - User authenticated by System
[22/Aug/2008:29:37:14-20401-56-1] DoLogin - User 'shivu' was NOT authenticated by System.

thanks

nawk '/NOT authenticated by system/ { who=$5; gsub(/'"'"'/, "", who); print who, "Failure"; next }
/authenticated by system/ { print user, "Success"; next; }
/getCredentials/ { user=$4 }' logfile.txt >>msg.txt

I'm not sure if I captured your requirements correctly, but this should hopefully at least help you get going.