2

Trying to print out specific times of logs based on recommendation from this thread from super user. I am not sure why my patterns are not being matched by sed. I have the sample date and time I am using pasted here. If I use 

sed -n '/2014-03-27 07:00:00/ , /2014-03-27 11:25:00/p' log-file-name

I am expecting it to print all lines that matches between 7 am to 11 am . But I get zero matches. If I remove "-n", it prints the entire lines from 3 am to 16:14 as result. I tried tweaking the sed command above with single and double quotes and tried different spacing options. But the results are always "all or none" . Can somebody please explain why sed is not printing the lines for the hour window I am asking it to print?

Improve this question
1
  • 1
    Might be nice if you include a bit of the file you are trying to look at. One thought are you sure there is ONLY a single space between the date and time? Also are you sure it is a SPACE and not a TAB?
    – mdpc
    Commented Apr 13, 2014 at 6:24

3 Answers 3

Reset to default
1

You're trying to use sed with the start, stop pattern feature.

So if a line matching your first (start) pattern is found, output will be returned until a line matching the second (stop) pattern is found.

If the start line isn't exactly present in your file you will get no results.

Removing the -n flag from your options means that all will be printed, even if they don't match your pattern. Using sed with -n '/.../p' will make it behave like grep.

I found a useful tutorial here

For your case, you might consider a pattern something like:

\d{4}-\d{2}-\d{2} ((0[7-9])|(1[0-1])):\d{2}:\d{2},\d{3}

The above would match all times from 07:00 to 11:59
some explanations:
\d{4} = match 4 digits (year, eg. 2014)
(0[7-9]) = match 07 - 09
| = OR
(1[0-1]) = match 10 -11

Improve this answer
1
  • That was it. It was indeed the start and stop pattern not being in log file I was searching for. I was banging my head against the desk, because this used to work for me in the past and all of sudden it stopped working. All thanks for the link to that wonderful tutorial. That is one of the best tutorials I have seen. Unfortunately I cannot give you any upvotes because I don't have 15 reputation on this site :(.
    – user2476714
    Commented Apr 16, 2014 at 3:12
0

Unix is awesome at doing small things, don't make them too long. This takes the awk from the linked post and adds a date pipe.

This finds all dates at the start of the line with 2014-03-27, takes that output and finds all times with hours (second field) grater or equal to 7 and less than 11. 

grep ^2014-03-27 log-file | awk -F'[: ]' '$2 >= 7 && $2 < 11 { print }'
Improve this answer
2
  • Thanks . This almost works for me. But I have one problem left. How do I use it if I need to time in a more granular manner. For eg: from 7:30 to 8:30 am . I figured out how to do it if it is in the same hour for eg: "grep ^2014-02-20 log-file-name | awk -F'[: ]' '$2 >= 7 && $2 < 8 && $3 >=35 && $3 < 45 { print }' " seem to work. But I am not sure how do it for filter that crosses hourly boundaries like 7:30 am to 8:30 am
    – user2476714
    Commented Apr 16, 2014 at 3:20
  • I'ld do it with a logic breakup. Line 1, hour that fills to end. Line 2, middle hours. Line 3, hour that goes to a minute. so 7:35 - 10-25 grep ^2014-02-20 log-file-name | awk -F'[: ]' '$2 = 7 && $3 >=35 { print }' " grep ^2014-02-20 log-file-name | awk -F'[: ]' '$2 >= 8 && $2 < 10 { print }' grep ^2014-02-20 log-file-name | awk -F'[: ]' ' $2 = 10 && $3 < 25 { print }' Yes, it's not tiny but it is readable and logically clean. If you want tiny go with Scrutinizer's answer.
    – Michael Tomkins
    Commented Apr 16, 2014 at 23:35
0

It will be complicated using regex. Perhaps something like this will do:

awk '$1 FS $2>=s{p=1} $1 FS $2>e{exit}p' s="2014-03-27 07:00:00" e="2014-03-27 11:25:00" file

Explanation:

awk '
  $1 FS $2>=s{     # `$1 FS $2` is the string the consists of field 1, a space, 
                   # and field 2. If it is larger or equal (string comparison) 
                   # to the variable s, then: 
    p=1            # set a variable p to 1
  }
  $1 FS $2>e{      # if the string $1 FS $2 is larger than variable e, then
    exit           # exit the script ( stop processing the file )
  }
  p                # if variable p is equal to 1 then print the record (line)
' s="2014-03-27 07:00:00" e="2014-03-27 11:25:00" file    
                   # line above: set variables p and s and specify file name

$1 FS $2 is the string the consists of field 1, a space, and field 2. If it is larger or equal (string comparison) to the variable s then set a variable p to 1

Improve this answer
2
  • This would have been the most easiest way of doing it. But unfortunately it is not giving me any hits. I Just get the prompt string back. I try to spot the problem myself and see if I can correct it , but honestly I don't know what "$2>=s{p=1}" means.
    – user2476714
    Commented Apr 16, 2014 at 2:54
  • @user2476714 : Added and explanation. Hope it helps..
    – Scrutinizer
    Commented Apr 16, 2014 at 5:54

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .