2

I have a log file, which has data in the following format

[1361991081] SERVICE NOTIFICATION: qreda;qa-hadoop1;CPU Load;CRITICAL;notify-service-by-email;CRITICAL - load average: 18.29, 18.14, 18.10
[1361991371] SERVICE NOTIFICATION: qreda;CRITICAL-SERVICES_FOR_LAST_24_HOURS;qa-hadoop1:Critical Services;CRITICAL;notify-service-by-email;CPU Load,Memory,
[1361994681] SERVICE NOTIFICATION: qreda;qa-hadoop1;CPU Load;CRITICAL;notify-service-by-email;CRITICAL - load average: 18.02, 18.06, 18.11
[1361994971] SERVICE NOTIFICATION: qreda;CRITICAL-SERVICES_FOR_LAST_24_HOURS;qa-hadoop1:Critical Services;CRITICAL;notify-service-by-email;CPU Load,Memory,

I contains all the data for the past 7 days.I want to grep this file to show the logs for yesterday. Here date is showing as timestamp. I am using the following command

cat /usr/local/nagios/var/nagios.log |grep qa-hadoop1|grep CRITICAL|grep NOTIFICATION | awk -F, '{ if ($1>"[1361989800]" && $1<"[1362076199]") print }'

where 1361989800 is the calculated timestamp value for Thu Feb 28 00:00:00 IST 2013

and 1362076199 is the calculated timestamp value for Thu Feb 28 23:59:59 IST 2013.

This works well but the problem is how do i pass 1361989800 and 1362076199 as arguments??

fedorqui
  • 275,237
  • 103
  • 548
  • 598
user1682877
  • 33
  • 2
  • 5

3 Answers3

2

You only need awk for this.

awk -va=1361989800 -vb=1362076199 '{gsub(/[][]/,"")}/qa-hadoop1|CRITICAL|NOTIFICATION/&&$1>a&&$1<b' file

The -v options allows you to pass in variables. Also by using gsub to remove the brackets for integer comparison on the first fields (space separated not comma that is).

Notes:

grep reads files so you don't need to cat file | grep 'pattern' just grep 'pattern' file also you can use alternation like egrep 'qa-hadoop1|CRITICAL|NOTIFICATION' file so you don't need to pipe to grep three times.

A more awkish version of awk -F, '{ if ($1>"[1361989800]" && $1<"[1362076199]") print }' is awk -F, '$1>"[1361989800]" && $1<"[1362076199]"' you don't need the if construct and the default block in awk is print.

Chris Seymour
  • 83,387
  • 30
  • 160
  • 202
1

Here is one way using command line parameter assignment:

grep qa-hadoop1 input | grep CRITICAL| grep NOTIFICATION | \
  awk -F, -v b=1361989800 -v e=1362076199 \
    '{ if ( $1 > "["b"]" && $1<"["e"]") print }'
perreal
  • 94,503
  • 21
  • 155
  • 181
0

apart from your cat|grep|grep|grep|awk, I would ask, why you set comma , as FS of awk, and later compare $1 with timestamp? $1 is from beginning till the first comma, which is not correct.

The FS should be space, if you want to compare date like in your if statements.

it may work if you remove -F, from your awk line part. try it.

simpler, you could take [ or ] as FS.

Kent
  • 189,393
  • 32
  • 233
  • 301