I have an apache access log with the below format and I'm trying to use the awk command to filter out the requests by the last 15 minutes. It works fine when there are entries but returns everything when there are none found in the last 15 minutes.

awk -vDate=`date -d'now-15 minute'  [%d/%b/%Y:%H:%M:%S` ' { if ($4 > Date) print $9}' access.log

Access log format

10.185.248.71 - - [09/Jan/2015:19:12:06  0000] 808840 "GET /inventoryService/inventory/purchaseItem?userId=20253471&itemId=23434300 HTTP/1.1" 500 17 "-" "Apache-HttpClient/4.2.6 (java 1.5)"

CodePudding user response：

It's not possible to compare date directly in bash or in awk... but you can compare dates transformed into integers...

#! /bin/bash

BEFORE=$(date -d 'now-15 minute'  "%Y%m%d%H%M%S")

awk \
    -v before="${BEFORE}" \
    '
    function toComparableDate (date) {
        # 000000000111111111122
        # 123456789012345678901
        # [09/Jan/2015:19:12:06
        return substr(date,9,4) hMonth[substr(date,5,3)] substr(date,2,2) substr(date,14,2) substr(date,17,2) substr(date,20,2)
    }
    BEGIN {
        hMonth["Jan"] = "01"
        hMonth["Feb"] = "02"
        hMonth["Mar"] = "03"
        hMonth["Apr"] = "04"
        hMonth["May"] = "05"
        hMonth["Jun"] = "06"
        hMonth["Jul"] = "07"
        hMonth["Aug"] = "08"
        hMonth["Oct"] = "09"
        hMonth["Sep"] = "10"
        hMonth["Nov"] = "11"
        hMonth["Dec"] = "12"
    }
    toComparableDate($4) > before {
        print $8
    }
    ' \
    "$1"

Executed like that:

./apachelogs.sh access.log