Linux 查询指定时间段的日志

Others 2021-11-28 15:36:35 views: null

常用三种情况:

sed -n '/abc/p'   表示输出 包含abc的行
sed -n '/abc\|def/p'  表示输出 包含abc包含def的行
sed -n '/abc/,/def/p' 表示输出 包含abc到包含def之间的行

新建测试日志 vi app.log

2021-10-10 00:10:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215142923827
2021-10-10 00:11:00.000 [task1] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223142653718
2021-10-10 00:12:00.000 [task2] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201214183611872
2021-10-10 00:13:00.000 [task3] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201218101513707
2021-10-10 00:13:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201214101311716
2021-10-10 00:14:00.000 [task4] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215150655917
2021-10-10 00:15:00.000 [task5] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215151217484
2021-10-10 00:16:00.000 [task6] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215150258897
2021-10-10 00:17:00.000 [task7] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215120141721
2021-10-10 00:18:00.000 [task8] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223143606597
2021-10-10 00:18:00.000 [task9] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223143606597
2021-10-10 00:19:00.000 (task9) INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 {task9} INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 +task9+ INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 *task9* INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 |task9| INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559

1、查询2021-10-10 00:13这个时间点的日志

[root@oradb ~]# sed -n '/2021-10-10 00:13/p' app.log
2021-10-10 00:13:00.000 [task3] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201218101513707
2021-10-10 00:13:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201214101311716

2、查询2021-10-10 00:13这个时间点并且包含 task3 的日志,这里用到正则 .* 表示任意字符有0个或多个

[root@oradb ~]# sed -n '/2021-10-10 00:13.*task3/p' app.log
2021-10-10 00:13:00.000 [task3] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201218101513707

这里还有一种方式  {/task3/p} 将前面一个条件的查询结果,再做一次子查询筛选

[root@oradb ~]# sed -n '/2021-10-10 00:13/{/task3/p}' app.log
2021-10-10 00:13:00.000 [task3] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201218101513707

3、查询2021-10-10 00:10 和 2021-10-10 00:13 两个时间点的日志,这里用到正则 | 表示或的意思,注意|为特殊字符需要转义 \|

[root@oradb ~]# sed -n '/2021-10-10 00:11\|2021-10-10 00:13/p' app.log
2021-10-10 00:11:00.000 [task1] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223142653718
2021-10-10 00:13:00.000 [task3] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201218101513707
2021-10-10 00:13:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201214101311716

4、查询2021-10-11 00:11 到 2021-10-10 00:15之间的日志

[root@oradb ~]# sed -n '/2021-10-10 00:11/,/2021-10-10 00:16/p' app.log
2021-10-10 00:11:00.000 [task1] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223142653718
2021-10-10 00:12:00.000 [task2] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201214183611872
2021-10-10 00:13:00.000 [task3] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201218101513707
2021-10-10 00:13:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201214101311716
2021-10-10 00:14:00.000 [task4] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215150655917
2021-10-10 00:15:00.000 [task5] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215151217484
2021-10-10 00:16:00.000 [task6] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215150258897

注意:

p表示,满足前面的条件就打印输出
!p表示,满足前面的条件就不打印输出

1、[ ] 需要匹配的时候,需要转义

[root@oradb ~]# sed -n '/\[task0\]/p' app.log
2021-10-10 00:10:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215142923827
2021-10-10 00:13:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201214101311716

做为特殊符号时不需要转义

[root@oradb ~]# sed -n '/[z]/p' app.log
[root@oradb ~]#

2、( ) 需要匹配的时候,不要转义

[root@oradb ~]# sed -n '/(task9)/p' app.log
2021-10-10 00:19:00.000 (task9) INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559

 ( ) 和 | 用来做为特殊符时要转义

[root@oradb ~]# sed -n '/\(task0\|task9\)/p' app.log
2021-10-10 00:10:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215142923827
2021-10-10 00:13:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201214101311716
2021-10-10 00:18:00.000 [task9] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223143606597
2021-10-10 00:19:00.000 (task9) INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 {task9} INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 +task9+ INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 *task9* INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559

 | 需要匹配的时候,不要转义

[root@oradb ~]# sed -n '/|task9|/p' app.log
2021-10-10 00:19:00.000 |task9| INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559

3、{ } 需要匹配的时候,不要转义

[root@oradb ~]# sed -n '/{task9}/p' app.log
2021-10-10 00:19:00.000 {task9} INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559

 做为特殊符号时需要转义

[root@oradb ~]# sed -n '/4\{3\}/p' app.log
2021-10-10 00:19:00.000 (task9) INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 {task9} INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 +task9+ INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 *task9* INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 |task9| INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559

3、* 需要匹配的时候,不要转义

[root@oradb ~]# sed -n '/*task9*/p' app.log
2021-10-10 00:19:00.000 *task9* INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559

作为特殊符表示0次或多次 ,也不需要转义

[root@oradb ~]# sed -n '/\(15\)*/p' app.log
2021-10-10 00:10:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215142923827
2021-10-10 00:11:00.000 [task1] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223142653718
2021-10-10 00:12:00.000 [task2] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201214183611872
2021-10-10 00:13:00.000 [task3] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201218101513707
2021-10-10 00:13:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201214101311716
2021-10-10 00:14:00.000 [task4] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215150655917
2021-10-10 00:15:00.000 [task5] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215151217484
2021-10-10 00:16:00.000 [task6] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215150258897
2021-10-10 00:17:00.000 [task7] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215120141721
2021-10-10 00:18:00.000 [task8] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223143606597
2021-10-10 00:18:00.000 [task9] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223143606597
2021-10-10 00:19:00.000 (task9) INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 {task9} INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 +task9+ INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 *task9* INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559
2021-10-10 00:19:00.000 |task9| INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559

4、+ 需要匹配的时候,不要转义

[root@oradb ~]# sed -n '/+task9+/p' app.log
2021-10-10 00:19:00.000 +task9+ INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201223144406559

作为特殊符表示1次或多次 ,需要转义

[root@oradb ~]# sed -n '/\(15\)\+/p' app.log
2021-10-10 00:10:00.000 [task0] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215142923827
2021-10-10 00:13:00.000 [task3] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201218101513707
2021-10-10 00:14:00.000 [task4] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215150655917
2021-10-10 00:15:00.000 [task5] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215151217484
2021-10-10 00:16:00.000 [task6] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215150258897
2021-10-10 00:17:00.000 [task7] INFO  c.c.s.test.igr.timer.MyTimerTask - 任务ID:20201215120141721

总结:

1、* 不管作为普通符号或者特殊符号都不需要转义

2、[ ] 做为普通符号需要转义,作为特殊符号不需要转义

3、( ) { } | + 做为普通符号不需要转义,作为特殊符号需要转义

sed里单引号和双引号的区别:

  • 双引号里可以使用shell里的变量,单引号不能;
  • 单引号和双引号里都可以存放模式。

其他用法:

linux命令总结sed命令详解 - 琴酒网络 - 博客园

sed命令详解_阿鹏的笔记-CSDN博客

sed正则表达式 - gentleman_hai - 博客园

Guess you like

Origin blog.csdn.net/u014644574/article/details/120767041
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com