We help IT Professionals succeed at work.

awk command single

gudii9
gudii9 asked
on
10 Comments
1 Solution
180 Views
Last Modified: 2019-01-10
zgrep 'MobileDevice' xyz_1.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'

zgrep 'MobileDevice' xyz_2.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'

zgrep 'MobileDevice' xyz_3.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'

i am using above 3 separate greps one after other on 3 types of jvm files

how to combine them as one

zgrep 'MobileDevice' xyz_?.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'
i tried above which did not work
i tried below that also did not work


zgrep 'MobileDevice' xyz_*.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'
please advise
Comment
Watch Question

View Solution Only

nociSoftware Engineer
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Both those command should work...
Did you verify parts of the commands...

zgrep 'MobileDevice' xyz_1.log.20181121.gz|grep 'USER123'  >t.1
zgrep 'MobileDevice' xyz_2.log.20181121.gz|grep 'USER123' >>t.1
zgrep 'MobileDevice' xyz_3.log.20181121.gz|grep 'USER123' >>t.1
sort <t.1 >t.2
zgrep 'MobileDevice' xyz_3.log.20181121.gz|grep 'USER123' | sort >t.3
diff t.2 t.3     # should be the same output...

Open in new window


btw why not compare $1 == "2018-Nov-21" ?
or even: use  zgrep "^2018-Nov-21 " in stead of awk.
arnold
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
For such pattern crunchers, I'd use perl.

In your situation Presumably I by now know the pattern of interest over time, I would either process the data when it is saved into the log file, presumably the data is being added by syslog/rsyslog.
The other is process the log prior to compression during the log file  rotation on the first role.

If properly setup, the processing could be modified to add additional entries, pattern.
Then your automated process has the number of rotation log file count to recapture.

This way the data you are after most of the time would already been processed and made available.

If you store the extracted in a db, it will be searchable and easily accessible.

If this is a regulated entity, you could set the archival, retention policy of the extracted data.
gudii9

Author

Commented:
Both those command should work...
not working.

all files in same directory though
gudii9

Author

Commented:
any sample commands like this in any link or resource or book?
arnold
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Lookup logrotate.conf
Postrotate after the rotation perform the following action/s.
 
Look at passing data from syslog/rsyslog.

You are not including info in your setup nor on what your end goal is.

Your question is always, I have two pieces of wood, and these nails.

In such a limited set of info, the answers you get are similarly limited.
simon3270
CERTIFIED EXPERT

Commented:
If you have multiple files as arguments to zgrep (same for grep), it puts the filename at the beginnign of each line, and that is messing up your awk looking for the date.

Two ways to avoid this - either combine all of the files into one:

zcat xyz_?.log.20181121.gz | grep MobileDevice | grep USER123  etc....

Open in new window


Or suppress the adding of the filename

  
zgrep -h MobileData xyz_?.log.20181121.gz

Open in new window


There are other improvements you can make: compare the date against 2018-Nov-21 rather than a range, put all of the greps into one statement (assuming that they are always in the same order), and do the grep as part of an awk script, but getting it to work in the first place is more important!
gudii9

Author

Commented:
zgrep -h MobileData xyz_?.log.20181121.gz

what is -h option means
i have both non zip files
nociSoftware Engineer
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
From the man page:

      -h, --no-filename
              Suppress  the  prefixing  of  file names on output.  This is the
              default when there is only one file (or only standard input)  to
              search.

See: https://linux.die.net/man/1/grep

zgrep uses "zcat" before grep..., zcat can read non-compressed files as well.
If no file is  specified,  then  the
       standard input is decompressed if necessary and fed to grep.  Otherwise
       the given files are uncompressed if necessary and fed to grep.
See: https://linux.die.net/man/1/zgrep
gudii9

Author

Commented:
grep 'search' xyz_?.log.20181121

above fetched results from both
xyz_1.log.20181121
and
xyz_2.log.20181121

similarly
 grep 'search' xyz_*.log.20181121

above fetched results from both
xyz_1.log.20181121
and
xyz_2.log.20181121

when to use * when to use ?

please advise
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.

View Solution