我正在尝试从日志文件中提取过去 24 小时的数据。我在尝试
awk -v d="$(date -d'24 hours ago' +'%Y-%m-%d %H:%M')" '$1" "$2>=d &&/ERROR/' data.log
如果日期是一行中的第一件事,那么这确实可以找到模式并且效果很好,例如
2016-03-06 1:59 ERROR --GOOD
2016-03-06 2:04 ERROR --GOOD
,但对其他人来说,它带来了每一行含有“”这个词的行错误“ 和忽略日期范围。
我的 data.log 文件如下所示:
ERROR [Thrift:28] 2016-03-04 01:26:07,949 CustomTThreadPoolServer.java:224 - Error occurred during processing of message. <br/>
ERROR [Thrift:24] 2016-03-04 01:26:07,952 CustomTThreadPoolServer.java:224 - Error occurred during processing of message.<br/>
ERROR [Thrift:9] 2016-03-04 01:26:07,958 CustomTThreadPoolServer.java:224 - Error occurred during processing of message.<br/>
ERROR [Thrift:3] 2016-03-04 01:26:07,961 CustomTThreadPoolServer.java:224 - Error occurred during processing of message.<br/>
ERROR [Thrift:7] 2016-03-05 01:26:07,966 CustomTThreadPoolServer.java:224 - Error occurred during processing of message.<br/>
ERROR [Thrift:30] 2016-03-06 01:26:07,979 CustomTThreadPoolServer.java:224 - Error occurred during processing of message.<br/>
ERROR [Thrift:29] 2016-03-06 01:26:07,989 CustomTThreadPoolServer.java:224 - Error occurred during processing of message.<br/>
ERROR [Thrift:31] 2016-03-06 01:26:07,991 CustomTThreadPoolServer.java:224 - Error occurred during processing of message.<br/>
如有帮助,将不胜感激。谢谢
答案1
您正在$1" "$2与日期进行比较,但$1containsERROR和$2contains[Thrift:31]等。尝试使用显而易见的方法$3" "$4。
当任何程序的行为不符合您的预期时,最好添加几个prints ,以便您可以看到变量的值,以确保它们是您认为应该是的。