OK - in order to identify lines where there are timestamps in the log-file you can use the following egrep command:
Bash:
egrep -n "[0-9]{4}-[0-9]{7,8}-[0-9]{3}-[0-9]{8}" /path/to/file
That will show you every line in the file containing a time-stamp.
That's working on the assumption that we're looking at:
4 digits for the time, a dash -, 7 or 8 digits for the date (there will be 8 digits in dates from oct to dec), a dash, 3 digits, another dash, and then another 8 digits.
If you're going to use that
egrep
command a lot - you could add a temporary alias to your terminal session by entering the following command:
Bash:
alias findts='egrep -n "[0-9]{4}-[0-9]{7,8}-[0-9]{3}-[0-9]{8}"'
NOTE: Alternatively, if you add the above line to your
.bashrc
- it will also be available in any subsequent terminal sessions you open.
And then you would use it like this:
I called the alias
findts
- as in "find time-stamp". But you can call the alias whatever you like - just don't go calling it firefox, or something else that is already in use! Ha ha!
Obviously, if you need to redirect the output from the above egrep command (or it's
findts
alias) to a separate file, so you have a file that indexes the time-stamps and their positions in the original log-file - you can do that quite simply too.
Just add
> /path/to/ts_index-file[/code] after [icode]/path/to/file
.
Then you can grep through your index file to find the line numbers of a specific time-stamp, if you do have any cross-referencing to do for this.
I'm a bit fuzzy on some of the details of what you're doing. It was a lot to take in.
Do you have your own log of events that you're cross referencing? Or have they given you some kind of list of events?
Anyway - once you have identified where the timestamps are in the log-file, you might want to look at a range of lines in the file to view some of the other details in that particular log entry.
A while ago, I created a trivial script that uses sed to display a range of lines in a file.
So this
might come in handy:
I have this saved in my personal bin directory (~/bin/) as
range
:
Bash:
#!/usr/bin/env bash
if [[ $# -ne 3 ]]; then
echo "USAGE: $0 {line-from} {line-to} {filename}"
exit 1
fi
if [[ ! -f $3 ]]; then
echo "File does not exist!"
exit 1
fi
# use sed to print a range of lines from a file
sed -n "$1,$2p" $3
Put that somewhere in your $PATH (again, I use my personal bin directory, so it's only available to me - not other users on my PC).
And run it like:
And it will show lines 5 to 10 of /path/to/file.
Notes:
Because
range
is a quick and dirty little tool I wrote for myself - I've done minimal parsing of parameters.
No validation is performed on the line-from and line-to parameters.
It's not remotely bullet-proof - I've just done the bare minimum to make it useful to me.
If I run it with no parameters, or the wrong number of parameters - the script gives me some usage information to jog my memory.
And if the file specified in parameter 3 to the script does not exist, it bombs out with an error!
So that
might come in handy for you. I typically only use it for viewing snippets of normal sized files. I don't deal with immense files too often.
When looking through a large file - In order to view 10 lines from e.g. line 5999997 to line 6000007, you'd have to run the range script like this:
Bash:
range 5999997 6000007 /path/to/file
Which is a lot of typing and a bit of a PITA when dealing with large line-numbers. So, it could be improved.
For example -
I have been thinking for a while that it would be nicer (and less typing) to be able to allow the second parameter to be something like +10.
e.g.
Code:
range 5999997 +10 /path/to/file
So if the second parameter starts with a +, it will be interpreted as a relative number of lines and will display that many lines from the start line.
If the second parameter is just a number it will be interpreted as a literal line number.
But unfortunately - I haven't got around to making that change yet! Sorry!
Anyway - those are a couple of initial tool ideas that
might help you to speed up the process of tracking down/identifying some of the entries you're looking for in these log-files.
WRT the edits:
If you have identified the time-stamp and you know what it should be:
e.g. From your earlier post
0514-9172020-052-24855345 and change it to
0514-9172020-052-24855500
Assuming that the time-stamps are unique - and that there aren't several entries with the same time-stamp - that should be a simple sed one-liner:
Bash:
sed -i 's/0514-9172020-052-24855345/0514-9172020-052-24855500/' /path/to/file
If you have identified several timestamps that need changing - it won't be pretty, but you can do multiple edits with a single pass of sed:
e.g.
Bash:
sed -i 's/0514-9172020-052-24855345/0514-9172020-052-24855500/;s/aaaa-aaaaaaa-aaa-aaaaaaaa/bbbb-bbbbbbb-bbb-bbbbbbbb/;s/i_think_you_get_the_idea/etc_etc_etc/;' /path/to/file
Something like that will reduce the number of times you run sed to edit the file. So the file will be overwritten less times. But you're looking at a
lot of potentially error prone typing, and/or copy-pasta!
But if the time-stamps are NOT unique to each entry - then it becomes even more complicated, because we need to look at the information in each entry and then determine from context which one/ones we need to edit.
It's baby-steps at the moment. And it might take some time. But we should hopefully be able to knock up some scripts that can at least take some of the pain out of perfoming this task. And if we're lucky, we might be able to semi-automate some of this process, if not completely automate it.
This does seem like a very labour intensive manual task. And they haven't exactly made this easy for you with their crappy log-format, or their buggy software writing out incorrect information.