0

Here is what my log file look like 

[BCDID::16 T::LIVE_ANALYZER GCDID::16] {"t":"20:50:05","k":"7322","h":"178","s":-53.134575556764}
[BCDID::16 T::LIVE_ANALYZER GCDID::16] {"t":"20:50:06","k":"2115","h":"178","s":-53.134575556764}
[BCDID::16 T::LIVE_ANALYZER GCDID::16] {"t":"20:50:07","k":"1511","h":"178","s":-53.134575556764}

There are multiple log files with similar entries and they are updated every second.

here "t" : "20:50:05" is Time.

What I want to do is, get all logs between specific time from all files from the end of the files.

I tried with tail files*.log | grep -e "20:50:07 | 20:50:05" but it does not return anything.

How do I get get all log entries between given time, starting from the end of file from all logs files?

codeforester
  • 39,467
  • 16
  • 112
  • 140
karmicdice
  • 1,063
  • 9
  • 38

1 Answers1

0

If you're looking for a range for records, and the format of the lines is consistent, the easiest way is probably to isolate the time field, strip out the colons, and leverage the power of arithmetic operators.

A one-liner awk solution, for example:

tail files*.log | awk -v from="205006" -v to="205007" -F"\"" '{ timeasint=$4; gsub(":","",timeasint); if (timeasint >= from && timeasint <= to) print $0 }'

would get you:

[BCDID::16 T::LIVE_ANALYZER GCDID::16] {"t":"20:50:06","k":"2115","h":"178","s":-53.134575556764}
[BCDID::16 T::LIVE_ANALYZER GCDID::16] {"t":"20:50:07","k":"1511","h":"178","s":-53.134575556764}

Of course you couldn't span across midnight (i.e., 25:59:59 - 00:00:01), but for that you'd need dates as well as times in your log anyway.

If you had dates, my suggestion would be converting them to epoch stamps (using date -d "string" or some other suitable method) and comparing the epoch stamps as integers.

Jef
  • 1,128
  • 9
  • 11