0

I want to parse a linux application log file and extract lines that match a field(EXPIRYTIME:20140612230000) only when that field value is greater than a specific date(20140612). This is a sample entry below;

[DATE: Fri Jun 06 00:00:05 UTC 2014] [MSISDN: 000000000000] [SPID: 0000000000000]      [SERVICEID: 00000000000] [PRODUCTID:0000000000000]  [UPDATETYPE: 3] [UPDATETIME: 0000000000000] [EXPIRYTIME: 20140612230000] [serviceAvailability:0] [durationOfSuspendPeriod:10] [channelID:2] [microbillingFlag:0] [packagePriceType:2]    [status:0] [transactionID:000000000000]

Any suggestions will be appreciated. Thanks.

Improve this question
2
  • Do the seconds matter? Commented Jun 6, 2014 at 14:46
  • Nevermind, the seconds do matter. Good luck. Commented Jun 6, 2014 at 14:56

3 Answers 3

Reset to default
2 
awk -F'EXPIRYTIME:\\s*' -v d="20140612" '{s=$2;sub(/\].*/,"",s)}1*s>d*10^6' log

you can pass shell variable to d, but it should be in yyyyMMdd format, since it will be multiplied by 1000000 later.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I need to review awk, badly! I'm going to try your solution and mine.
@Kent Please what would be the solution if I wanted to compare just the date part of the EXPIRYTIME:20140612 without the 230000? Thanks.
@ace i dont have pc rightnow, but you need play a number game. or take it as str, remove time part
1

Here's a simpler solution that's even a tiny bit faster than @Kent's solution, presumably because fewer regexes are involved:

awk -v d='20140612' '$20"" > d' logfile
  • d='20140612' passes in the cut-off date (after which log entries should be matched)
  • $20, using awk's standard field separators, is the value of the EXPIRYTIME field including the terminating ], e.g. 20140612230000]
  • $20"" > d performs lexical comparison against the date passed in; note that the concatenation with "" - to force lexical comparison - is not strictly necessary here ($20 > d would do), because awk interprets field $20 as a string anyway, due to the field ending in ]. If at least one operand is considered a string, lexical comparison is performed.

Since all dates in the log entries seemingly have fixed width and a format that results in the same ordering for both numerical and lexical sorting, there is no need for number conversions.

Note, however that treating 20140612 as a string and using lexical comparison means that value 20140612000000 will also match - i.e., midnight of the cutoff date will be included. This could easily be fixed, however.

Improve this answer

Comments

1

In an ideal world...

awk '$20 > 20140612000000' logfile | grep 'EXPIRYTIME: 20140612230000'
Improve this answer

2 Comments

Please explain your answer in your answer, not via comments. If you know your answer to be broken but still want to leave it, put a big disclaimer at the top. Your grep command results from a misunderstanding, I think: filtering the log file based on date range is sufficient; 20140612230000 is just a value from a sample log entry. Your awk command actually does work, even though your number is too large (should be 20140612000000) - it is in fact the very ] at the end of the field that makes it work: it cause awk to perform lexical comparison.
@mklement0 You have a strange way of being helpful. :-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.