Hello Unix gurus,
My log file has entries in below format :

2009-01-19-01.19.24.816169+660 I8635A1158 LEVEL: Error
PID : 5873782 TID : 1 PROC : aaaa
APPHDL : 0-269
AUTHID : PDBCMPC
FUNCTION: bbbb
MESSAGE : Sending SIGKILL to the following process id
DATA #1 : signed integer, 4 bytes
13287492
CALLSTCK:

There are such heaps of entries in log file.....
I want a script which can give me result like...

"Sending SIGKILL to the following process id
13287492"

i.e. extract the message from log entry and the process id....

Should be OK

awk -F: '/^MESSAGE/{a=$NF;getline;getline;printf "\"%s\n%s\"\n",substr(a,2),$0}' log.file

awk -F: '/^MESSAGE/{a=$NF;getline;getline;printf "\"%s\n%s\"\n",substr(a,2),$0}' log.file

this will grep all statements infront of "MESSAGE"
I want to get ONLY which are "Sending SIGKILL to the following process id"

Then why don't you just change /^MESSAGE/ vs /Sending SIGKILL/?

Are your records actually separated by the = sign lines? And does every record have the same number of lines? Otherwise show us a sample file that reflects your actual data.

sed -n '/^[0-9][0-9]*$/{
	p
}
/^MESSAGE.*$/ {
	s/^MESSAGE : \(.*\)$/\1/
	p
}' a.txt

Hello All,

If I use command as :
awk -F: '/Sending SIGKILL/{a=$NF;getline;getline;printf "\"%s\n%s\"\n",substr(a,2),$0}' log.file

I get output as :
"Sending SIGKILL to the following process id
13287492"

But,
Want output as....
"Sending SIGKILL to the following process id 13287492"

i.e I dont want 13287492 on second line...

What should I do ? What modification in cmd ?

Hello Man,
From the below one liner remove the "\n"
Thats all u need to do......

awk -F: '/Sending SIGKILL/{a=$NF;getline;getline;printf "\"%s\n%s\"\n",substr(a,2),$0}' log.file

Thanks....

simple try this

awk -F: '/Sending SIGKILL/{a=$NF;getline;getline;printf "\"%s %s\"\n",substr(a,2),$0}'  filename

You get the answers base on your original post & original data sample.

Try to understand the solution's/logic and try to solve the problem by yourself

yeah, I was able to remove \n.

my log file has....

Sending a signal to clean up NOT THREADED FMP process:
DATA #2 : ABCO_PID, PD_TYPE_PID, 4 bytes
11649230

I want to have output as....
Sending a signal to clean up NOT THREADED FMP process: 11649230

I used....

awk -F: '/Sending a/{a=$NF;getline;getline;printf "\"%s %s\"\n",substr(a,2),$0}' log.file

but it is displaying...text "Sending a signal to clean up NOT THREADED FMP process: "

rather just displays...

" 13054022"
" 7020548"
" 9773224"

I'll try to be as clear as possible and hopefully you will get the idea

# cat file
============
Sending a signal to clean up NOT THREADED FMP process:
DATA #2 : ABCO_PID, PD_TYPE_PID, 4 bytes
11649230
============

# awk '                  # Start awk script
/Sending a signal/{      # Select/grep for lines that have "pattern"
x=$0                     # hold the line ( $0 ) on variable x
getline                  # get next line ... I don't care about
getline                  # get next line, that's what I want and ...
print x, $0              # now print the line on hold (x) and current line ( $0 ), we don't need printf(print format) now.
}                        # end awk script , see output.
' file

Output:

Sending a signal to clean up NOT THREADED FMP process: 11649230

PS: Use code tags when you post code or data sample.

Hi.

A non-awk solution. For modern grep, one can specify a trailing context, so we could ask for 3-line chunks, obtaining an intermediate result of:

1 (MESSAGE ...)
2 (extraneous line)
3 (some number)
4
5
6

We want to end up with:

1 3
4 6

So we need to delete lines 2, 5, 8 -- every third line beginning with 2. The is a special notation for this in GNU sed. From there, we can paste the pairs of lines together to combine them. (In some versions of grep, a "--" line is inserted that we need to eliminate.)

Here is a script that does that:

#!/usr/bin/env bash

# @(#) s1       Demonstrate a window match and extraction.

echo
set +o nounset
LC_ALL=C ; LANG=C ; export LC_ALL LANG
echo "Environment: LC_ALL = $LC_ALL, LANG = $LANG"
echo "(Versions displayed with local utility \"version\")"
version >/dev/null 2>&1 && version "=o" $(_eat $0 $1) grep sed paste
set -o nounset
echo

FILE=${1-data1}

echo " Data file $FILE:"
cat $FILE

echo
echo " Results:"
grep -A2 'Sending SIGKILL' $FILE |
tee t1 |
grep -v -e '^--$' |
tee t2 |
sed '2~3d' |
tee t3 |
paste  - -

exit 0

producing:

% ./s1

Environment: LC_ALL = C, LANG = C
(Versions displayed with local utility "version")
OS, ker|rel, machine: Linux, 2.6.11-x1, i686
Distribution        : Xandros Desktop 3.0.3 Business
GNU bash 2.05b.0
grep (GNU grep) 2.5.1
GNU sed version 4.1.2
paste (coreutils) 5.2.1

 Data file data1:
2009-01-19-01.19.24.816169+660 I8635A1158 LEVEL: Error
PID : 5873782 TID : 1 PROC : aaaa
APPHDL : 0-269
AUTHID : PDBCMPC
FUNCTION: bbbb
MESSAGE : Sending SIGKILL to the following process id
DATA #1 : signed integer, 4 bytes
13287492
CALLSTCK:

2009-01-19-01.19.24.816169+660 I8635A1158 LEVEL: Error
PID : 5873782 TID : 1 PROC : aaaa
APPHDL : 0-269
AUTHID : PDBCMPC
FUNCTION: bbbb
MESSAGE : Sending SIGKILL to the following process id
DATA #1 : signed integer, 4 bytes
99999999
CALLSTCK:

 Results:
MESSAGE : Sending SIGKILL to the following process id   13287492
MESSAGE : Sending SIGKILL to the following process id   99999999

I added an extra segment to the data to ensure correctness of the script. I also added tee commands in case you want to see the intermediate results. They can be removed for a production script ... cheers, drl