awk |根据时间提取日志

时间:2015-06-09 09:45:12

标签: awk

我有以下格式的服务器日志,我想要awk,可以在两个日期之间提取日志。

日志格式

00:00:00,002 INFO [LOG.XXX] XXX
01:11:00,001 INFO [LOG.XXX] XXX
02:00:01,002 INFO [LOG.XXX] XXX
SOME JUNK
02:02:00,002 INFO [LOG.XXX] XXX
03:11:00,001 INFO [LOG.XXX] XXX
SOME JUNK
03:00:00,002 INFO [LOG.XXX] XXX
04:00:00,001 INFO [LOG.XXX] XXX
10:00:01,002 INFO [LOG.XXX] XXX
10:59:01,002 INFO [LOG.XXX] XXX
12:03:01,002 INFO [LOG.XXX] XXX

在这里,我想在时间:01到10之间获取日志


输出 
01:11:00,001 INFO [LOG.XXX] XXX
02:00:01,002 INFO [LOG.XXX] XXX
SOME JUNK
02:02:00,002 INFO [LOG.XXX] XXX
03:11:00,001 INFO [LOG.XXX] XXX
SOME JUNK
03:00:00,002 INFO [LOG.XXX] XXX
04:00:00,001 INFO [LOG.XXX] XXX
10:00:01,002 INFO [LOG.XXX] XXX
10:59:01,002 INFO [LOG.XXX] XXX

我尝试的选项
我可以用" -n"来打上时间戳。选项然后使用sed命令剪切这些行号。但问题是这个方法是我的日志文件是GB,这使得它非常慢,所以我希望awk能够达到这个目的。

2 个答案:

答案 0 :(得分:1)

你可以用awk

来做 
$ cat f | awk '/^01:11/,/^10:59/'
01:11:00,001 INFO [LOG.XXX] XXX
02:00:01,002 INFO [LOG.XXX] XXX
SOME JUNK
02:02:00,002 INFO [LOG.XXX] XXX
03:11:00,001 INFO [LOG.XXX] XXX
SOME JUNK
03:00:00,002 INFO [LOG.XXX] XXX
04:00:00,001 INFO [LOG.XXX] XXX
10:00:01,002 INFO [LOG.XXX] XXX
10:59:01,002 INFO [LOG.XXX] XXX

答案 1 :(得分:0)

您也可以尝试:

for i in `seq $start_time $end_time`; do #$start_time and $end_time are the starting and ending time of the log that you want.
    i=`printf %.2d $i`;
    awk "/^$i:..:../" file_name;
done

假设输入中的SOME JUNK也以一些时间戳开头。

相关问题
最新问题