Extract Log Lines of Specific Dates from a Log File

koromicha
|
Last Updated:
|
grep, Linux Commands, SED
|
1 Comment

Good day folks. Today, we would like to discuss how to extract log lines of specific dates from a log file. If you are a guy that sifts through a thousand logs in between the lines looking for something, then this article will best suit you.

Extract Log Lines of Specific Dates from a Log File

In this guide, we are going to learn how to use tools such as grep, sed to extract log lines of specific dates. In order to do this, you need to open the log file and check the format of the date. For example, in my case, this is a sample log line from the log file we will using for demonstration.

Apr 5 08:02:13 amos ntpd[1805]: Soliciting pool server 192.168.206.2

Now that we know the format of the date, proceed to extract the log lines.

Using grep to Extract Log Lines

To begin with, let us see examples on how to use grep to extract log lines of specific dates from a log file. To extract events that happened four days ago from the current date;

grep "$(date -d '6 day ago' +'%b %d'| sed 's/0//')" test.log
...
 Apr 8 09:22:52 amos ntpd[1805]: Soliciting pool server 192.168.34.2
 Apr 8 09:22:54 amos ntpd[1805]: Soliciting pool server 192.168.71.138
 Apr 8 09:22:56 amos ntpd[1805]: Soliciting pool server 192.168.34.2
 Apr 8 09:22:58 amos ntpd[1805]: Soliciting pool server 192.168.71.138
 Apr 8 09:23:00 amos ntpd[1805]: Soliciting pool server 192.168.34.2
 Apr 8 09:23:52 amos ntpd[1805]: Soliciting pool server 192.168.71.138
 Apr 8 09:22:54 amos ntpd[1805]: Soliciting pool server 192.168.34.
...

As you can see above, the date command prints the date and removes the leading zero so that the format of the date matches the dates on the log file. If you have different date formats, you would definitely play around with the date command to get the your right format. For example, to get the logs for specific date and time based on the date format on the log file, for example, 8th April, 09:22;

grep "$(date -d '6 day ago' +'%b %d 09:22' | sed 's/0//')" test.log
...
 Apr 8 09:22:52 amos ntpd[1805]: Soliciting pool server 192.168.34.2
 Apr 8 09:22:54 amos ntpd[1805]: Soliciting pool server 192.168.71.138
 Apr 8 09:22:56 amos ntpd[1805]: Soliciting pool server 192.168.34.2
 Apr 8 09:22:58 amos ntpd[1805]: Soliciting pool server 192.168.71.138
...

To get the lines of specific date range, say from April 6th to April 7th;

grep -E "Apr 6|Apr 7" test.log
...
 Apr 6 09:12:14 amos ntpd[1805]: Soliciting pool server 192.168.206.2
 Apr 6 09:12:15 amos ntpd[1805]: Soliciting pool server 192.168.206.2
 ...
 Apr 7 07:22:52 amos ntpd[1805]: Soliciting pool server 192.168.71.138

Using sed to Extract Log Lines

Next, let us see how to use grep to extract log lines of specific dates on a log file. In our previous guide, we discussed how to delete lines matching a specific pattern in a file using SED. You can check it by following the link below;

Delete Lines Matching a Specific Pattern in a File using SED

To extract log lines of a specific date, say 6th April,

sed -n '/^Apr 6/p' test.log
 Apr 6 07:00:13 amos ntpd[1805]: Soliciting pool server 192.168.206.2
 Apr 6 07:00:19 amos ntpd[1805]: Soliciting pool server 192.168.206.2
..

To extract log lines of specific date ranges;

sed -n '/^Apr 7/,/^Apr 8/p' test.log
...
 Apr 7 06:10:32 amos ntpd[1805]: Soliciting pool server 192.168.71.138
 Apr 7 06:10:40 amos ntpd[1805]: Soliciting pool server 192.168.34.2
 Apr 7 06:10:45 amos ntpd[1805]: Soliciting pool server 192.168.71.138
...
 Apr 8 10:32:54 amos ntpd[1805]: Soliciting pool server 192.168.34.2

The above, as you can see prints all the lines from the specified first date up to including the only the first line of the specified last date. If there are more than one line of the last date specified in the range, then you need to include the next date after the specified last date in the range and delete the last line. For example, to print lines from April 7th to April 8th;

sed -n '/^Apr 7/,/^Apr 9/{/Apr 9/d; p}' test.log
...
 Apr 7 06:10:32 amos ntpd[1805]: Soliciting pool server 192.168.71.138
 Apr 7 06:10:40 amos ntpd[1805]: Soliciting pool server 192.168.34.2
 ...
 Apr 8 10:32:01 amos ntpd[1805]: Soliciting pool server 192.168.71.138
 Apr 8 10:32:10 amos ntpd[1805]: Soliciting pool server 192.168.34.2

Well, those are just but a few examples on how to extract log lines of specific dates from a log file using sed and grep commands. Drop your examples and suggestions in the comments below. Enjoy.

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Related Posts

Step-by-Step Guide: How to Install Helm on Kubernetes Cluster

Quick Way to Upgrade Debian 11 to Debian 12

Install Foxit PDF Reader on Ubuntu 20.04

Upgrade a Single package on Ubuntu

Install dhclient command on Oracle Linux

Install Sysdig System Visibility Tool on Ubuntu 22.04

1 thought on “Extract Log Lines of Specific Dates from a Log File”

Leave a Comment

© 2024 kifarunix.com

Home Advertise with us Privacy Policy