我的日志格式:
INFO 2018-10-12T09:17:24,530 (EventThread /dev/ttyS1) [T11.java][log:248] - [11:11:11] [RHAZCLPassthroughMessage]
INFO 2018-10-12T09:17:24,532 (TXTHREAD/dev/ttyS1) [T11.java][log:248] - [00:00:00]: [RHAStatusResponse]
WARN 2018-10-12T09:17:24,536 (EventThread /dev/ttyS1) [T12.java][handlePassthrough:278] - RHAZCLPassthroughMessage SN:30
INFO 2018-10-12T09:17:24,709 (EventThread /dev/ttyS1) [T11.java][log:248] [RHAZCLPassthroughMessage]
INFO 2018-10-12T09:17:24,711 (TXTHREAD/dev/ttyS1) [T11.java][log:248] - [00:00:00]: [RHAStatusResponse]
WARN 2018-10-12T09:17:24,718 (EventThread /dev/ttyS1) [T12.java][handlePassthrough:278] - RHAZCLPassthroughMessage SN:30
INFO 2018-10-12T09:17:25,991 (OkHttp https://fhk.com/...) [APICallback.java][onResponse:90] - Code: 204, Service: collector-staging
我的脚本获取过去一个小时的日志
date1=$(date -d"now 1 hour ago" "+%FT%T"000"") date2=$(date -d"now 1 hour ago" "+%d") awk -v Date1="$date1" -v Date2="$date2" '{ if ($2 > Date1 && $2 >= Date2) print $2}' /var/log/log.log
但是这里所有的日志都被打印了吗?脚本有什么问题吗? 因此,这里我只需要记录一个小时以上。
答案 0 :(得分:0)
使用内部strftime和systime函数(仅GNU版本)
awk 'BEGIN{
# 1 hour before last hour
BefHr = 1
Lower=strftime( "%Y-%m-%dT%H:%M:%S", systime()-((BefHr + 1)*3600) - 1)
Upper=strftime( "%Y-%m-%dT%H:%M:%S", systime()- (BefHr*3600) + 1)
}
$2 > Lower && $2 < Upper
' /var/log/log.log