For Programmers: Free Programming Magazines  


Home > Archive > AWK > February 2005 > AWK script searching problem









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author AWK script searching problem
thelegendofzaku

2005-02-16, 5:03 pm

OK, it seems that I'm trying to create a script in AWK that basically looks for two fields in a user log file, but here's the catch: both of the matching fields have to be before a given date.
quote:
joel pts/0 static-70-18-11 174.ny325.east.verizon.net Jan 26 09:23 - 12:52 (03:29)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 26 00:21 - 00:42 (00:20)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 25 21:15 - 23:12 (01:57)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 24 23:14 - 23:19 (00:04)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 24 23:10 - 23:14 (00:04)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 23 18:55 - 00:33 (05:38)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 23 18:04 - 18:53 (00:48)
joel pts/0 10.52.0.76 Jan 20 11:25 - 17:40 (06:15)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 19 22:25 - 23:19 (00:53)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 18 23:21 - 23:24 (00:03)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 18 22:50 - 22:56 (00:05)
joel pts/0 10.52.0.76 Jan 18 17:01 - 17:23 (00:22)
joele pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 09 23:02 - 23:08 (00:06)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 09 22:32 - 22:46 (00:14)

As you can see, with the magic of piping the log file through Grep and fishing out the two required fields: "joel" and "pts/0", I have narrowed down the instances of them. However, as I stated before, I need to get the last five instances a.k.a. every entry before January 19. The problem is my syntax. You could say that I'm Unix illiterate at this point and only managed to slightly grasp the norms of this OS. Here's what I managed to start off with:
quote:
/joel pts\/0/{print}
As you can see, this gives me an parse error since I don't know how to find lines containing multiple fields in one search. Also, I really don't understand the logic in finding data with a condition, as in this case, finding all entries of both fields before January 19. What would I have to write so that I limit the lines of data that contain those two fields before the given date, and how do I handle fields that have special characters such as "pts/0" so that AWK doesn't complain at all? I hope I can get help on this, I would really appreciate it.
Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com