Extract the status code error in the 400,500 range of the apache access log by specifying the time range.

Since I want to specify in HH: MM: SS notation, use sed to make the time part independent. By the way, the port number at the end of the IP is also omitted. By specifying the start time and end time in HH: MM: SS, the status code will be changed within the specified time. It is possible to extract the line that is the error code.

qiita.rb


sed -r -e\ 's/(:[0-9]{4,5}|\/202[0-9]:)/ /'{,} /var/log/apache2/20200715/access_log | awk '"HH:MM:SS" <=$5&&$5<= "HH:MM:SS" {if($10>=400&&$10<=599)print $0}'

When I actually used it, it worked as expected, but it was quite troublesome to edit the time. So, is it possible to display one hour before the current time without bothering to edit it? As a result of thinking, I decided to use date and let awk define variables.

qiita.rb


sed -r -e\ 's/(:[0-9]{4,5}|\/202[0-9]:)/ /'{,} /var/log/apache2/20200715/access_log | awk -va=`date -d "60 minute ago" +%H:%M:%S` -vb=`date +%H:%M:%S` '{if($5>a&&$5<b&&$10>=400&&$10<=599)print $0}'

If you want to reduce the output to some extent, specify the part to print.

Recommended Posts

Extract the status code error in the 400,500 range of the apache access log by specifying the time range.
Extract the apache (combined_tsv) 400,500 series status code error by specifying the time range.
Access Github by specifying the SSH key in GitPython
The story of an error in PyOCR
Read the file by specifying the character code.
Sort the elements of the array by specifying the conditions
Specifying the range of ruby and python arrays
Read the output of subprocess.Popen in real time
Sort tuple list in Python by specifying the ascending / descending order of multiple keys
○○ Solving problems in the Department of Mathematics by optimization
Extract the element by deleting the tag contained in the string