awk command single
zgrep 'MobileDevice' xyz_1.log.20181121.gz|grep
zgrep 'MobileDevice' xyz_2.log.20181121.gz|grep
zgrep 'MobileDevice' xyz_3.log.20181121.gz|grep
i am using above 3 separate greps one after other on 3 types of jvm files
how to combine them as one
zgrep 'MobileDevice' xyz_?.log.20181121.gz|grep
i tried above which did not work
i tried below that also did not work
zgrep 'MobileDevice' xyz_*.log.20181121.gz|grep
please advise
zgrep 'MobileDevice' xyz_2.log.20181121.gz|grep
zgrep 'MobileDevice' xyz_3.log.20181121.gz|grep
i am using above 3 separate greps one after other on 3 types of jvm files
how to combine them as one
zgrep 'MobileDevice' xyz_?.log.20181121.gz|grep
i tried above which did not work
i tried below that also did not work
zgrep 'MobileDevice' xyz_*.log.20181121.gz|grep
please advise
Last Comment
For such pattern crunchers, I'd use perl.
In your situation Presumably I by now know the pattern of interest over time, I would either process the data when it is saved into the log file, presumably the data is being added by syslog/rsyslog.
The other is process the log prior to compression during the log file rotation on the first role.
If properly setup, the processing could be modified to add additional entries, pattern.
Then your automated process has the number of rotation log file count to recapture.
This way the data you are after most of the time would already been processed and made available.
If you store the extracted in a db, it will be searchable and easily accessible.
If this is a regulated entity, you could set the archival, retention policy of the extracted data.
In your situation Presumably I by now know the pattern of interest over time, I would either process the data when it is saved into the log file, presumably the data is being added by syslog/rsyslog.
The other is process the log prior to compression during the log file rotation on the first role.
If properly setup, the processing could be modified to add additional entries, pattern.
Then your automated process has the number of rotation log file count to recapture.
This way the data you are after most of the time would already been processed and made available.
If you store the extracted in a db, it will be searchable and easily accessible.
If this is a regulated entity, you could set the archival, retention policy of the extracted data.
ASKER
Both those command should work...not working.
all files in same directory though
ASKER
any sample commands like this in any link or resource or book?
Lookup logrotate.conf
Postrotate after the rotation perform the following action/s.
Look at passing data from syslog/rsyslog.
You are not including info in your setup nor on what your end goal is.
Your question is always, I have two pieces of wood, and these nails.
In such a limited set of info, the answers you get are similarly limited.
Postrotate after the rotation perform the following action/s.
Look at passing data from syslog/rsyslog.
You are not including info in your setup nor on what your end goal is.
Your question is always, I have two pieces of wood, and these nails.
In such a limited set of info, the answers you get are similarly limited.
If you have multiple files as arguments to zgrep (same for grep), it puts the filename at the beginnign of each line, and that is messing up your awk looking for the date.
Two ways to avoid this - either combine all of the files into one:
Or suppress the adding of the filename
There are other improvements you can make: compare the date against 2018-Nov-21 rather than a range, put all of the greps into one statement (assuming that they are always in the same order), and do the grep as part of an awk script, but getting it to work in the first place is more important!
Two ways to avoid this - either combine all of the files into one:
zcat xyz_?.log.20181121.gz | grep MobileDevice | grep USER123 etc....
Or suppress the adding of the filename
zgrep -h MobileData xyz_?.log.20181121.gz
There are other improvements you can make: compare the date against 2018-Nov-21 rather than a range, put all of the greps into one statement (assuming that they are always in the same order), and do the grep as part of an awk script, but getting it to work in the first place is more important!
ASKER
zgrep -h MobileData xyz_?.log.20181121.gz
what is -h option means
i have both non zip files
what is -h option means
i have both non zip files
From the man page:
See: https://linux.die.net/man/1/grep
zgrep uses "zcat" before grep..., zcat can read non-compressed files as well.
-h, --no-filename
Suppress the prefixing of file names on output. This is the
default when there is only one file (or only standard input) to
search.
See: https://linux.die.net/man/1/grep
zgrep uses "zcat" before grep..., zcat can read non-compressed files as well.
If no file is specified, then theSee: https://linux.die.net/man/1/zgrep
standard input is decompressed if necessary and fed to grep. Otherwise
the given files are uncompressed if necessary and fed to grep.
ASKER
grep 'search' xyz_?.log.20181121
above fetched results from both
xyz_1.log.20181121
and
xyz_2.log.20181121
similarly
grep 'search' xyz_*.log.20181121
above fetched results from both
xyz_1.log.20181121
and
xyz_2.log.20181121
when to use * when to use ?
please advise
above fetched results from both
xyz_1.log.20181121
and
xyz_2.log.20181121
similarly
grep 'search' xyz_*.log.20181121
above fetched results from both
xyz_1.log.20181121
and
xyz_2.log.20181121
when to use * when to use ?
please advise
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Linux
Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.
71K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Did you verify parts of the commands...
Open in new window
btw why not compare $1 == "2018-Nov-21" ?
or even: use zgrep "^2018-Nov-21 " in stead of awk.