I have an apache access log with the below format and I’m trying to use the awk command to filter out the requests by the last 15 minutes. It works fine when there are entries but returns everything when there are none found in the last 15 minutes.
awk -vDate=`date -d'now-15 minute' +[%d/%b/%Y:%H:%M:%S` ' { if ($4 > Date) print $9}' access.log
Access log format
10.185.248.71 - - [09/Jan/2015:19:12:06 +0000] 808840 "GET /inventoryService/inventory/purchaseItem?userId=20253471&itemId=23434300 HTTP/1.1" 500 17 "-" "Apache-HttpClient/4.2.6 (java 1.5)"
Advertisement
Answer
It’s not possible to compare date directly in bash or in awk… but you can compare dates transformed into integers…
#! /bin/bash
BEFORE=$(date -d 'now-15 minute' +"%Y%m%d%H%M%S")
awk
-v before="${BEFORE}"
'
function toComparableDate (date) {
# 000000000111111111122
# 123456789012345678901
# [09/Jan/2015:19:12:06
return substr(date,9,4) hMonth[substr(date,5,3)] substr(date,2,2) substr(date,14,2) substr(date,17,2) substr(date,20,2)
}
BEGIN {
hMonth["Jan"] = "01"
hMonth["Feb"] = "02"
hMonth["Mar"] = "03"
hMonth["Apr"] = "04"
hMonth["May"] = "05"
hMonth["Jun"] = "06"
hMonth["Jul"] = "07"
hMonth["Aug"] = "08"
hMonth["Oct"] = "09"
hMonth["Sep"] = "10"
hMonth["Nov"] = "11"
hMonth["Dec"] = "12"
}
toComparableDate($4) > before {
print $8
}
'
"$1"
Executed like that:
./apachelogs.sh access.log