如何将日志文件所需字符串的部分写入新文件?

时间:2016-05-24 14:28:23

标签: logging awk sed grep

我需要在日志文件中搜索字符串,然后在字符串之前写入日志的整个部分,直到时间戳。有没有办法可以做到这一点?我发现基于时间戳或基于字符串而不是两者。

这是我日志的样子:

*05-24@08:38:31 TRACE (Server.java:854)     - svdctmpe -> 'EventReleased' (65) attributes:
        AttributeConnID [long] = 08b0028321e5d6fb
'IW_BundleUid' [str] = "e79d5c11-ce97-408a-a94b-da6c99036ee0"
'ecda_OBNum' [str] = "7278672448"
        AttributeCallID [int] = **47839738**
        AttributeCallType [int] = 3 [Outbound]
        AttributeCallUuid [str] = "00VR1R7O1SBJFB0ETLD698LAES005RVR"
05-24@08:38:41 TRACE (Server.java:854)     - svdctmpe -> 'EventReleased' (65) attributes:
        AttributeConnID [long] = 08b0028321e5d6fb
        AttributePropagatedCallType [int] = 3 [Outbound]
        AttributeUserData [bstr] = KVList:
'IW_CaseUid' [str] = "bd6d7141-1bc5-4b5e-ae53-6715ca72a3d0"
'IW_BundleUid' [str] = "e79d5c11-ce97-408a-a94b-da6c99036ee0"
'ecda_OBNum' [str] = "7278672448"
        AttributeCallID [int] = 47839739
        AttributeCallType [int] = 3 [Outbound]
        AttributeCallUuid [str] = "00VR1R7O1SBJFB0ETLD698LAES005RVR"
05-24@08:38:46 TRACE (Server.java:854)     - svdctmpe -> 'EventReleased' (65) attributes:
        AttributeConnID [long] = 08b0028321e5d6fb
        AttributePropagatedCallType [int] = 3 [Outbound]
        AttributeUserData [bstr] = KVList:
'IW_CaseUid' [str] = "bd6d7141-1bc5-4b5e-ae53-6715ca72a3d0"
'IW_BundleUid' [str] = "e79d5c11-ce97-408a-a94b-da6c99036ee0"
'ecda_OBNum' [str] = "7278672448"
        AttributeCallID [int] = 47839740
        AttributeCallType [int] = 3 [Outbound]
        AttributeCallUuid [str] = "00VR1R7O1SBJFB0ETLD698LAES005RVR"
05-24@08:38:51 TRACE (Server.java:854)     - svdctmpe -> 'EventReleased' (65) attributes:
        AttributeConnID [long] = 08b0028321e5d6fb
        AttributePropagatedCallType [int] = 3 [Outbound]
        AttributeUserData [bstr] = KVList:
'IW_CaseUid' [str] = "bd6d7141-1bc5-4b5e-ae53-6715ca72a3d0"
'IW_BundleUid' [str] = "e79d5c11-ce97-408a-a94b-da6c99036ee0"
'ecda_OBNum' [str] = "7278672448"
        AttributeCallID [int] = **47839738**
        AttributeCallType [int] = 3 [Outbound]
        AttributeCallUuid [str] = "00VR1R7O1SBJFB0ETLD698LAES005RVR"*

如果我搜索47839738我希望在登录新文件之前有47839738之前的任何内容,直到达到时间戳MM-DD @HH:MM:SS并继续搜索整个文件。在此示例中,所需的输出如下所示:

*05-24@08:38:31 TRACE (Server.java:854)     - svdctmpe -> 'EventReleased' (65) attributes:
        AttributeConnID [long] = 08b0028321e5d6fb
'IW_BundleUid' [str] = "e79d5c11-ce97-408a-a94b-da6c99036ee0"
'ecda_OBNum' [str] = "7278672448"
        AttributeCallID [int] = **47839738**
05-24@08:38:51 TRACE (Server.java:854)     - svdctmpe -> 'EventReleased' (65) attributes:
        AttributeConnID [long] = 08b0028321e5d6fb
        AttributePropagatedCallType [int] = 3 [Outbound]
        AttributeUserData [bstr] = KVList:
'IW_CaseUid' [str] = "bd6d7141-1bc5-4b5e-ae53-6715ca72a3d0"
'IW_BundleUid' [str] = "e79d5c11-ce97-408a-a94b-da6c99036ee0"
'ecda_OBNum' [str] = "7278672448"
        AttributeCallID [int] = **47839738***

2 个答案:

答案 0 :(得分:0)

试试这个

var=`grep -nr "47839738 " log.log | cut -d ":" -f 1`; head -n $var log.log  | grep "MM-DD@HH:MM:SS " -A $var
  1. 首先得到的行号是47839738

  2. 然后获取所有行 从开始到那一行

  3. 然后获取从日期到该的所有行     行

答案 1 :(得分:0)

我建议使用Regex(正则表达式)查找包含“47839738”的所有日志条目,这些条目由日期格式分隔(例如“05-24 @ 08:38”)。

这是java代码,其中input将您的日志文件作为字符串:

public class Main
{
    public static void main(String [] args)
    {
        String input = "";
        try
        {
            input = readFile("c:\\temp\\regex.txt", Charset.defaultCharset());
        }
        catch (IOException e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        //System.out.println(input);

        Pattern p = java.util.regex.Pattern.compile("(?:(?!(\\n\\d\\d-\\d\\d@\\d\\d:\\d\\d))[\\s\\S])*47839738()(?:(?!(\\d\\d-\\d\\d@\\d\\d:\\d\\d))[\\s\\S])*");
        Matcher m = p.matcher(input);
        while(m.find())
        {
            java.lang.System.out.println(m.group());
        }



    }

    static String readFile(String path, Charset encoding)  throws IOException 
    {
      byte[] encoded = Files.readAllBytes(Paths.get(path));
      return new String(encoded, encoding);
    }
}

每个m.group()将包含一个包含关键术语“47839738”的日志中的单独条目。

相关问题
最新问题