12

I have a unix log file(application.log), that has logs with timestamp at the starting. I need to search for a pattern "sent" in this log file greater than time 2014-03-20 14:05:54. 

2014-03-20 14:05:54,038 [NfxAgent....
2014-03-20 14:05:54,164 [NfxAgent....
2014-03-20 14:05:54,298 [NfxAgent....
2014-03-20 14:05:54,414 [NfxAgent....
2014-03-20 14:05:54,787 [NfxAgent....
ASANT
  • 411
  • 1
  • 6
  • 18
  • Possible duplicate of [Filter log file entries based on date range](https://stackoverflow.com/questions/7706095/filter-log-file-entries-based-on-date-range) – tripleee Oct 08 '18 at 05:27

2 Answers2

13

I added 2 more records to the test data to ensure this is really working:

2014-03-19 14:05:53,999 [NfxAgent....
2014-03-20 14:05:53,164 [NfxAgent....

But I don't think you can use grep for this. Here is an awk solution:

$ grep sent  grepTest_20140321.txt|  awk '$0 > "2014-03-20 14:05:54"' 
2014-03-20 14:05:54,038 [NfxAgent....
2014-03-20 14:05:54,164 [NfxAgent....
2014-03-20 14:05:54,298 [NfxAgent....
2014-03-20 14:05:54,414 [NfxAgent....
2014-03-20 14:05:54,787 [NfxAgent....

edit

"What if we need to specify the end time in the same format like 2014-03-21 10:04:14,018?"

And I've added 3 lines of test data to confirm the 2nd case:

2014-03-21 10:04:14,017 [NfxAgent....
2014-03-21 10:04:14,018 [NfxAgent....
2014-03-22 10:04:14,999 [NfxAgent....

Result shows one new record in the range you've specified.

 awk '$0 ~ "sent" && $0 > "2014-03-20 14:05:54" && $0 < "2014-03-21 10:04:14,018"'    grepTest_20140321.txt
2014-03-20 14:05:54,038 [NfxAgent....
2014-03-20 14:05:54,164 [NfxAgent....
2014-03-20 14:05:54,298 [NfxAgent....
2014-03-20 14:05:54,414 [NfxAgent....
2014-03-20 14:05:54,787 [NfxAgent....
2014-03-21 10:04:14,017 [NfxAgent....

IHTH

shellter
  • 36,525
  • 7
  • 83
  • 90
  • What if we need to specify the end time in the same format like 2014-03-21 10:04:14,018? – ASANT Mar 21 '14 at 17:45
  • 1
    +1 for `awk '$0 > "2014-03-20 14:05:54"'`, but you're missing the additional search for pattern "sent". – mklement0 Mar 21 '14 at 17:47
  • See edit for solution. To be exact, you'd change ,018 to 019 or user `<=` on the 2nd condtion. Good luck. – shellter Mar 21 '14 at 17:49
  • @mklement0 : I've updated my original answer for your case and +1 to you for your good eyes, missed that. But .... its not in the sample data. – shellter Mar 21 '14 at 17:50
  • @shellter: Thanks for the update; I also suggest integrating the search for `"sent"` directly into the `awk` program so that there's no need for a separate `grep` command (as in my answer). – mklement0 Mar 21 '14 at 17:57
  • @mklement0 : now the O.P. can pick and choose. Often, with command-line work, it is convenient to do a grep for the basic filtering and the layer on more stuff as needed. If doing a script, then your more efficient method is definitely the way to go. Good luck to all. – shellter Mar 21 '14 at 18:02
  • @shellter: Thanks; makes perfect sense. – mklement0 Mar 21 '14 at 18:37
4

Try:

sed -n '/^2014-03-20 14:05:54/,$ {/sent/p;}' file

Note: This assumes that there is at least 1 line in your log file that actually starts with 2014-03-20 14:05:54 and that it's OK to include matches from that second in time.

If the existence of such a line is not guaranteed, @shellter's awk approach is superior; to put it together:

awk '$0 > "2014-03-20 14:05:54" && $0 ~ "sent"' file
mklement0
  • 382,024
  • 64
  • 607
  • 775