0
Log file:

<l:event dateTime="2014-02-12 08:05:37.950"..........
<l:event dateTime="2014-02-12 08:08:77.980"..........
.
.
.
<l:event dateTime="2014-02-12 10:25:39.550"..........

I want to count the number lines between 08:00 to 10:30, how to get it. ? Note: Log file may or may not have the entry with exact time of 08:00 or 10:30

sam
  • 101
  • 2
  • 13
  • 2
    Ok, I'll bite... So what have you tried thus far? – djf Feb 15 '16 at 12:50
  • 1
    Possible duplicate of [Find entries in log file within \[timespan\] (eg. the last hour)](http://stackoverflow.com/questions/7706095/find-entries-in-log-file-within-timespan-eg-the-last-hour) – tripleee Jun 20 '16 at 11:22

1 Answers1

0

You could use perl (not a perl guru by any stretch, so may be more complex than necessary)

perl -n -e 'BEGIN {$cnt=0} END { print $cnt."\n"} /dateTime="\d{4}-\d{2}-\d{2} (\d{2}:\d{2}:\d{2})/ && $1 ge "08:00:00" && $1 lt "10:00:00" && $cnt++' < log.txt

...or for readability;

perl -n                  -- runs the script for each line in the input file

BEGIN { $cnt=0 }         -- start by setting $cnt to 0
END { print $cnt."\n"}   -- when all is done, print $cnt
/dateTime="\d{4}-\d{2}-\d{2} (\d{2}:\d{2}:\d{2})/
                         -- match for time format, keeping the time in the group
$1 ge "08:00:00"         -- check if the time is greater or equal to 08:00:00
$1 lt "10:30:00"         -- check if time is less than 10:30:00 
$cnt++                   -- if all matches are ok, increase cnt

EDIT from the comments;

/dateTime="\d{4}-\d{2}-\d{2} (\d{2}:\d{2}:\d{2})/

...basically is a regex that matches the rows with the datetime field format you're giving (4 digits + - + 2 digits + - + ...) and extracts the time part (the parenthesized part) into $1 for comparison with the limits. It should work for any time span within a single day, so 10:25-10:35 should work just fine.

Joachim Isaksson
  • 176,943
  • 25
  • 281
  • 294
  • Hmmm... as far as I have understood OP wants to count the number of lines **between** two time periods. Lines between two time periods - as fas as we know - can contain everything. To implement this count you have to remember your state to count/skip rows depending if you are between 08:00-10:30 or not. – mauro Feb 15 '16 at 14:00
  • @mauro I agree that it could be read that way too. We'll see what the OP has to say about it before I change the logic since I'm not sure whether in that case to count the lines in an interval from 10:25:00 to 10:35:00 for example. – Joachim Isaksson Feb 15 '16 at 14:03
  • Thanks for your reply. I have modified the command little to count the lines which is having eventType="BEGIN" and it worked. Below is the updated command: perl -n -e 'BEGIN {$cnt=0} END { print $cnt."\n"} /dateTime="\d{4}-\d{2}-\d{2} (\d{2}:\d{2}:\d{2})/ && $1 ge "01:00:00" && $1 lt "14:00:00" && /eventType="BEGIN"/ && $cnt++' log.txt ** Can you explain the logic behind: /dateTime="\d{4}-\d{2}-\d{2} (\d{2}:\d{2}:\d{2})/ ** and also will this work for time interval between 10:25:00 to 10:35:00. – sam Feb 17 '16 at 04:56
  • HI Team, can you please update on my previous comment. – sam Feb 19 '16 at 10:13
  • @sam No team here, just me ;-) Either way, added some info to the answer about what (I think) you're asking. – Joachim Isaksson Feb 19 '16 at 10:20