user2650277 user2650277 - 4 years ago 138
Linux Question

Get last 30 minutes from log file

I have a log file that contain logs as follows

1486307866.155 240207 68.146.231.80 TCP_MISS/200 790 CONNECT clients1.google.com:443 - DIRECT/172.217.6.238 -


1486307866.155
is the time in unix format with corresponds to
2017-02-05 07:17:46
(Format : Y-m-d H:i:s)

I need a unix command that give me the logs within last 30 minutes in the following format and discarding any details that i don't need.

2017-02-05 07:17:46|68.146.231.80|clients1.google.com:443

Answer Source

Using GNU date and GNU awk you can achieve what you want:

awk -v bt=$(date "+%s" -d "30 minutes ago") '$1 > bt {printf("%s|%s|%s\n", strftime("%F %T",$1), $3, $7)} ' yourfile

Explanation:

  • the date command date "+%s" -d "30 minutes ago" gets the timestamp from 30 minutes ago
  • the date command is replaced with its output via the command substitution feature $( ... )
  • the awk option -v passes that timestamp as variable named bt into the awk script
  • the script prints only those lines from the file having a value in column one ($1) larger than bt in your desired format
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download