HomePricingCommunityTeamsAboutStart Free TrialLog in
Avatar of gudii9
gudii9
Flag for United States of America asked on

awk command single

zgrep 'MobileDevice' xyz_1.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'

zgrep 'MobileDevice' xyz_2.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'

zgrep 'MobileDevice' xyz_3.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'

i am using above 3 separate greps one after other on 3 types of jvm files

how to combine them as one

zgrep 'MobileDevice' xyz_?.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'
i tried above which did not work
i tried below that also did not work


zgrep 'MobileDevice' xyz_*.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'
please advise
LinuxLinux NetworkingLinux OS DevUnix OSLinux Distributions
Avatar of undefined
Last Comment
simon3270
8/22/2022 - Mon
noci
Both those command should work...
Did you verify parts of the commands...

zgrep 'MobileDevice' xyz_1.log.20181121.gz|grep 'USER123'  >t.1
zgrep 'MobileDevice' xyz_2.log.20181121.gz|grep 'USER123' >>t.1
zgrep 'MobileDevice' xyz_3.log.20181121.gz|grep 'USER123' >>t.1
sort <t.1 >t.2
zgrep 'MobileDevice' xyz_3.log.20181121.gz|grep 'USER123' | sort >t.3
diff t.2 t.3     # should be the same output...

Open in new window


btw why not compare $1 == "2018-Nov-21" ?
or even: use  zgrep "^2018-Nov-21 " in stead of awk.
arnold
For such pattern crunchers, I'd use perl.

In your situation Presumably I by now know the pattern of interest over time, I would either process the data when it is saved into the log file, presumably the data is being added by syslog/rsyslog.
The other is process the log prior to compression during the log file  rotation on the first role.

If properly setup, the processing could be modified to add additional entries, pattern.
Then your automated process has the number of rotation log file count to recapture.

This way the data you are after most of the time would already been processed and made available.

If you store the extracted in a db, it will be searchable and easily accessible.

If this is a regulated entity, you could set the archival, retention policy of the extracted data.
gudii9
ASKER
Both those command should work...
not working.

all files in same directory though
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
gudii9
ASKER
any sample commands like this in any link or resource or book?
arnold
Lookup logrotate.conf
Postrotate after the rotation perform the following action/s.
 
Look at passing data from syslog/rsyslog.

You are not including info in your setup nor on what your end goal is.

Your question is always, I have two pieces of wood, and these nails.

In such a limited set of info, the answers you get are similarly limited.
simon3270
If you have multiple files as arguments to zgrep (same for grep), it puts the filename at the beginnign of each line, and that is messing up your awk looking for the date.

Two ways to avoid this - either combine all of the files into one:

zcat xyz_?.log.20181121.gz | grep MobileDevice | grep USER123  etc....

Open in new window


Or suppress the adding of the filename

  
zgrep -h MobileData xyz_?.log.20181121.gz

Open in new window


There are other improvements you can make: compare the date against 2018-Nov-21 rather than a range, put all of the greps into one statement (assuming that they are always in the same order), and do the grep as part of an awk script, but getting it to work in the first place is more important!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
gudii9
ASKER
zgrep -h MobileData xyz_?.log.20181121.gz

what is -h option means
i have both non zip files
noci
From the man page:

      -h, --no-filename
              Suppress  the  prefixing  of  file names on output.  This is the
              default when there is only one file (or only standard input)  to
              search.

See: https://linux.die.net/man/1/grep

zgrep uses "zcat" before grep..., zcat can read non-compressed files as well.
If no file is  specified,  then  the
       standard input is decompressed if necessary and fed to grep.  Otherwise
       the given files are uncompressed if necessary and fed to grep.
See: https://linux.die.net/man/1/zgrep
gudii9
ASKER
grep 'search' xyz_?.log.20181121

above fetched results from both
xyz_1.log.20181121
and
xyz_2.log.20181121

similarly
 grep 'search' xyz_*.log.20181121

above fetched results from both
xyz_1.log.20181121
and
xyz_2.log.20181121

when to use * when to use ?

please advise
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ASKER CERTIFIED SOLUTION
simon3270
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2022 Experts Exchange, LLC. All rights reserved. Covered by US Patent