运行日志日期格式更改不起作用

时间:2018-10-12 09:33:08

标签: bash shell awk grep

我的日志格式:

INFO  2018-10-12T09:17:24,530 (EventThread /dev/ttyS1) [T11.java][log:248] - [11:11:11]  [RHAZCLPassthroughMessage]
INFO  2018-10-12T09:17:24,532 (TXTHREAD/dev/ttyS1) [T11.java][log:248] - [00:00:00]:   [RHAStatusResponse]
WARN  2018-10-12T09:17:24,536 (EventThread /dev/ttyS1) [T12.java][handlePassthrough:278] - RHAZCLPassthroughMessage SN:30 
INFO  2018-10-12T09:17:24,709 (EventThread /dev/ttyS1) [T11.java][log:248]  [RHAZCLPassthroughMessage]
INFO  2018-10-12T09:17:24,711 (TXTHREAD/dev/ttyS1) [T11.java][log:248] - [00:00:00]:  [RHAStatusResponse]
WARN  2018-10-12T09:17:24,718 (EventThread /dev/ttyS1) [T12.java][handlePassthrough:278] - RHAZCLPassthroughMessage SN:30 
INFO  2018-10-12T09:17:25,991 (OkHttp https://fhk.com/...) [APICallback.java][onResponse:90] - Code: 204, Service: collector-staging

我的脚本获取过去一个小时的日志

date1=$(date -d"now 1 hour ago" "+%FT%T"000"") date2=$(date -d"now 1 hour ago" "+%d") awk -v Date1="$date1" -v Date2="$date2" '{ if ($2 > Date1 && $2 >= Date2) print $2}' /var/log/log.log

但是这里所有的日志都被打印了吗?脚本有什么问题吗? 因此,这里我只需要记录一个小时以上。

1 个答案:

答案 0 :(得分:0)

使用内部strftime和systime函数(仅GNU版本)

awk 'BEGIN{ 
      # 1 hour before last hour
      BefHr = 1
      Lower=strftime( "%Y-%m-%dT%H:%M:%S", systime()-((BefHr + 1)*3600) - 1)
      Upper=strftime( "%Y-%m-%dT%H:%M:%S", systime()- (BefHr*3600) + 1)
      }
   $2 > Lower && $2 < Upper
   ' /var/log/log.log