Selecting latest entry in the log file

simpsa27 · July 17, 2017, 4:55am

Hi there

I am trying to write a script where I will need to look for a specific word in the log file and I am aware this can be done by grep for example.

As there will be multiple entries for this I want to grep the last one to enter the log... how would I go about this - would I have to use tail?

I have attached an example below:

7/17/17 09:15:55.990 AM BST [INFO] [TimPollThreadPool.Thread1] [Manager.com.timestock.tess.services.tim.TimIo] File 'Wynyard_MTP_Primary-defect-15002793530000919233.xml' read, length=4231
7/17/17 09:15:56.005 AM BST [INFO] [TimPollThreadPool.Thread1] [Manager.com.timestock.tess.services.tim.TimIo] File 'Wynyard_MTP_Primary-login-15002793540000119307.xml-enc' read, length=1824
7/17/17 09:15:56.018 AM BST [INFO] [TimPollThreadPool.Thread1] [Manager.com.timestock.tess.services.tim.TimIo] File 'Wynyard_MTP_Primary-login-15002793540000121342.xml-enc' read, length=1056
7/17/17 09:15:56.024 AM BST [INFO] [TimPollThreadPool.Thread1] [Manager.com.timestock.tess.services.tim.TimIo] File 'Wynyard_MTP_Primary-login-15002793550000098410.xml-enc' read, length=1040
7/17/17 09:15:56.030 AM BST [INFO] [TimPollThreadPool.Thread1] [Manager.com.timestock.tess.services.tim.TimIo] File 'Wynyard_MTP_Primary-defect-15002793550000098410.xml' read, length=34131

As you can see their are multiple "login" & "defect" which is what I will need to be searching for how would I go about selecting the last or latest entry in the log file.

Thanks in advance

Alex

RavinderSingh13 · July 17, 2017, 5:49am

Hello simpsa27,

Could you please try following and let me know if this helps you.

grep "login" Input_file | tail -1

You could put any string there in place of login above, let me know if you have any queries on same.

Thanks,
R. Singh

simpsa27 · July 17, 2017, 5:58am

Hi Ravinder

Yes I did the below command:

grep Primary-login /opt/ca/APM/Introscope10.2.0.27/logs/IntroscopeEnterpriseManager.log | tail -1 | awk '{print $9}'

This brings back what I expected:

'Wynyard_MTP_Primary-login-15002849400000527358.xml-enc'

I now want to grep again so I just get 15002849400000527358 number but only the first 10 so it would be 1500284940 is that possible?

Cheers
Alex

RavinderSingh13 · July 17, 2017, 6:10am

Hello simpsa27,

Could you please try following and let me know if this helps you.

awk --re-interval '/Primary-login/{val=$9} END{match(val,/-[0-9]{10}/);print substr(val,RSTART+1,RLENGTH-1)}'   Input_file

Thanks,
R. Singh

simpsa27 · July 17, 2017, 6:26am

Thank you so much Ravinder!

That works just how I need it. Fantatsic.

Can I ask you to explain it so I can get a better understanding!

Cheers
Alex

RavinderSingh13 · July 17, 2017, 6:38am

Hello simpsa27,

Your Welcome, happy to help, could you please go through following and let me know if this helps you.

awk --re-interval '/Primary-login/{                                         ##using --re-interval for using extended regex here, searching for string "Primary-login" in a line.
                                        val=$9                              ##creating a variable named val whose value is 9th field of that line.
                                  }
                                  END{                                      ##END block here of awk.
                                        match(val,/-[0-9]{10}/);            ##using match functionality here where matching 10 continuous digits in variable val which starts from -.
                                        print substr(val,RSTART+1,RLENGTH-1)##now printing the sub string of variable val so printing it from RSTART+1 to RLENGTH-1. So here RSTART and RLENGTH are variables which will be SET when a match happens for a regex.
                                     }                                      ##where RSTART will be starting index point of regex and RLENGTH is the length of that regex match.
                  '   Input_file

Thanks,
R. Singh