linux - Find number of occurrences of keyword in log file within last minute -


for purposes of publishing metrics aws cloudwatch information of number of occurrences of keyword (eg., error, exception) within last minute (from current system time) in application logs.

following commands have tried far based on answers related thread ( filter log file entries based on date range):

awk -vdate=`date -d'now-1 minutes' +["%y-%m-%d %h:%m:%s"` '($1 fs $2) > date {print $3}' application.log | grep "error" | uniq -c  awk -vdate=`date -d'now-1 minutes' +["%y-%m-%d %h:%m:%s"` '{if ($1 > date) {print $3}}' application.log | grep "error" | uniq -c  awk -vdate=`date -d'now-1 minutes' +["%y-%m-%d %h:%m:%s"` '{if ($1 == $date) {print $3}}' application.log | grep "error" | uniq -c

but error when try this:

awk: cmd. line:1: 13:06:17 awk: cmd. line:1:   ^ syntax error

following format of log file:

2016-02-05 12:10:48,761 [info] org.xxx 2016-02-05 12:10:48,761 [info] org.xxx 2016-02-05 12:10:48,763 [info] org.xxx 2016-02-05 12:10:48,763 [info] org.xxx 2016-02-05 12:10:48,763 [error] org.xxx 2016-02-05 12:10:48,763 [info] org.xxx 2016-02-05 12:10:48,764 [info] ffrom org.xxx 2016-02-05 12:10:48,773 [warn] org.xxx 2016-02-05 12:10:48,777 [info] org.xxx 2016-02-05 12:10:48,778 [info] org.xxx

stuck on quite while. help!

you're using deprecated backticks , not quoting date output. instead:

awk -vdate="$(date -d'now-1 minutes' +"%y-%m-%d %h:%m:%s")" '($1 fs $2) > date { if ($3~/error/) print $3}' file

note don't need pipe grep , not having space between -v , date script gawk-specific , if it's gawk-specific don't need external call date since gawk has it's own builtin time functions (hint: begin{date=strftime("%y-%m-%d %h:%m:%s",systime()-60)}).

you don't need uniq -c without seeing real input , expected output (doing uniq -c given input wouldn't make sense vs wc -l) i'm not going guess more.

oh heck, here's whole script in gawk:

$ cat tst.awk begin {     #date = strftime("%y-%m-%d %h:%m:%s",systime()-60)     date = "2016-02-05 12:10:48" } ($1" "$2) > date {     if ($3 ~ /error/) {         cnt[$3]++     } } end {     (err in cnt) {         print err, cnt[err]     } } $ $ awk -f tst.awk file [error] 1

i assume in reality have various flavors of "error" , that's why want count of each. uncomment strftime line , delete hard-coded timestamp line run on real data.


Comments

Post a Comment

Popular posts from this blog

sublimetext3 - what keyboard shortcut is to comment/uncomment for this script tag in sublime -

Image
i have script tag in code, keyboard shortcut comment/uncomment script tag in sublime. after selecting script open , close tag. <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> i pressing ctrl + shift + / , getting this /*<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script>*/ also pressed ctrl + / , got this // <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> // </script> instead of <!-- <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> --> script open , close tag in 2 lines not in 1 line , not have spaces too. for mac,high light lines want comment. hold 'command , / ' commented. for windows: high line or select lines ,then hold ctrl + / if not work: ...
Read more

java - No use of nillable="0" in SOAP Webservice -

i have received xsd 3rd party supplier generated java based system; used create soap endpoint receive data transfers. xsd not make use of nillable attribute defined within w3c/xsd namespace, example: <xs:complextype name="customer"> <xs:sequence> <xs:element minoccurs="1" maxoccurs="1" name="id" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="titleid" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="firstname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="familyname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="previousname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" nam...
Read more

ubuntu - Laravel 5.2 quickstart guide gives Not Found Error -

edit: think problem due not setting apache properly, these 2 links helped me. solution: http://laravel.io/forum/06-11-2014-not-found-but-route-exists https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts end edit i'm following laravel 5.2 quickstart guide. https://laravel.com/docs/5.2/quickstart i'm running ubuntu 14.04.2 the website runs initially, when click on add task button run 404 not found error. as per guide run following commands setup complete quickstart project. git clone https://github.com/laravel/quickstart-basic quickstart cd quickstart composer install php artisan migrate additionally run following commands because i'm on ubuntu server: sudo chown -r www-data.www-data quickstart sudo chmod -r 755 quickstart sudo chmod 777 quickstart/storage the routes.php file looks like: <?php use app\task; use illuminate\http\request; route::group(['middleware' => ['web']]...
Read more