我试图找出一种逻辑,我们可以将时间和日期范围作为输入参数传递,然后针对日志文件运行它,如下所示,然后从空行之间的每个文本块中提取匹配模式:
以下是日志文件中的示例内容:
# 10/Oct/2017:11:14:12 -0400; conn=-1; op=59
dn: dc=capitalone,dc=com
changetype: modify
replace: ds-sync-state
ds-sync-state: 0000015b51d7bf33057e00000002
ds-sync-state: 0000015b53b701d30f0c00000003
ds-sync-state: 0000015b51d655e11a0c00000005
# 11/Oct/2017:10:40:29 -0400; conn=-1; op=44
dn: cn=schema
changetype: modify
replace: ds-sync-generation-id
ds-sync-generation-id: 8408
# 11/Oct/2017:10:40:30 -0400; conn=-1; op=59
dn: cn=admin data
changetype: modify
replace: ds-sync-state
ds-sync-state: 0000015b50e62ee409b700000002
ds-sync-state: 0000015b4a174d3f217500000002
ds-sync-state: 0000015b4ed4fcfb23a500000008
答案1
GNUawk解决方案:
lookup_by_daterange.awk脚本:
#!/usr/bin/awk -f
function get_ts(dt, ts){
gsub("/"," ",dt);
sub(":"," ", dt);
cmd="date -d \""dt"\" +%s";
while(cmd | getline t) ts=t;
close(cmd);
return ts
}
BEGIN {
from = get_ts(from); # `from` datetime
to = get_ts(to); # `to` datetime
}
/^# [0-9]{2}\//{
ts = get_ts($2);
if (ts >= from && ts <= to) {
f=1; n=NR+3
}
}
f && NR<=n {
print
}
NR==n {
print ""
}
用法:
awk -v from="11/Oct/2017:10:40:29" -v to="11/Oct/2017:10:41:00" -f lookup_by_daterange.awk logfile
输出:
# 11/Oct/2017:10:40:29 -0400; conn=-1; op=44
dn: cn=schema
changetype: modify
replace: ds-sync-generation-id
# 11/Oct/2017:10:40:30 -0400; conn=-1; op=59
dn: cn=admin data
changetype: modify
replace: ds-sync-state