从Shell脚本（.ksh）中的日志文件中筛选与给定时间相比较的最近2个日志_Shell_Unix_Grep_Ksh_Unix Timestamp

从Shell脚本（.ksh）中的日志文件中筛选与给定时间相比较的最近2个日志

shell unix grep

从Shell脚本（.ksh）中的日志文件中筛选与给定时间相比较的最近2个日志,shell,unix,grep,ksh,unix-timestamp,Shell,Unix,Grep,Ksh,Unix Timestamp,我正在分析一个套接字服务器的大型日志文件，以跟踪一些事件。我在使用shell脚本获取给定时间（一个在给定时间之前，另一个在给定时间之后）的最近两个消息日志时遇到问题。在这种情况下，我只能使用日志文件的日期时间值 e.g. triggering time: 2013-10-31 07:29:45.311 think I have an event from another log at 2013-10-31 07:29:45.311 and need to filter the mos

我正在分析一个套接字服务器的大型日志文件，以跟踪一些事件。我在使用shell脚本获取给定时间（一个在给定时间之前，另一个在给定时间之后）的最近两个消息日志时遇到问题。在这种情况下，我只能使用日志文件的日期时间值

 e.g. triggering time: 2013-10-31 07:29:45.311
    think I have an event from another log at 2013-10-31 07:29:45.311 and need to filter 
the most recent message log one is before above time and other one is after from below sample log. 

    given time = 2013-10-31 07:29:45.311
    then triggered times for most recent log messages should be 
    1) before the given time: message at 2013-10-31 07:29:34.415
    2) after the given time: message at 2013-10-31 07:30:34.473

这可以使用shell脚本实现吗

Sample log:

    2013-10-31 07:23:33.931 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:24:35.273 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:25:33.973 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:26:34.111 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:27:34.151 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:28:34.273 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:29:34.415 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:30:34.473 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:31:34.595 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:32:34.616 INFO  - TTT153|Receive|0000131|....
    2013-10-31 07:33:35.673 INFO  - TTT153|Receive|0000131|....

这有点复杂，但可以通过将日期转换为纪元时间来完成

value="2013-10-31 07:29:45.311"
awk '
    {
    split($1,a,"-")
    split($2,b,"[:.]")
    t1=mktime(a[1] " " a[2] " " a[3] " " b[1] " " b[2] " " b[3]) "." b[4]
    split(v,c,"[- :.]")
    t2=mktime(c[1] " " c[2] " " c[3] " " c[4] " " c[5] " " c[6]) "." c[7]   
    }
    t1>t2 {print  l "\n" $0;exit}
    {l=$0}
    ' v="$value" logfile

2013-10-31 07:29:34.415 INFO - TTT153|Receive|0000131|....
2013-10-31 07:30:34.473 INFO - TTT153|Receive|0000131|....

将其保存到变量中

res=$(awk '
    {
    split($1,a,"-")
    split($2,b,"[:.]")
    t1=mktime(a[1] " " a[2] " " a[3] " " b[1] " " b[2] " " b[3]) "." b[4]
    split(v,c,"[- :.]")
    t2=mktime(c[1] " " c[2] " " c[3] " " c[4] " " c[5] " " c[6]) "." c[7]   
    }
    t1>t2 {print  l "\n" $0;exit}
    {l=$0}
    ' v="$value" logfile)

echo "$res"
2013-10-31 07:29:34.415 INFO - TTT153|Receive|0000131|....
2013-10-31 07:30:34.473 INFO - TTT153|Receive|0000131|....

有人否决了这个问题，请解释原因。我以前没有使用“awk”，我无法在我的脚本中形成此脚本部分。这是不是像下面这样

awk'{在整个代码行上方}'v=“$value”file

这里，“file”应该表示传递日志文件名。我说的对吗？是的

文件

是

日志文件

我更新了帖子，展示了如何将其存储到变量中。这是因为#/bin/ksh？（原因是

awk:Function mktime未定义

）我认为我的系统不支持mktime（）（我在HP Nonstop服务器上工作，无法安装程序，是否有其他选项可使用）如果您有

date

命令，您可以使用它在历元时间之间进行转换，然后比较值。