Shell Script – Extracting Queries from Log Files Excluding Banned Lines

shellshell-script

I have a log file that looks something like the following:

query1 startQuery
query1 do something
query1 do something else
query2 startQuery
query1 do something banned
query2 do something
query3 startQuery
query2 endQuery 1000
query3 something else to do
query1 endQuery 2003
query3 do something
query4 startQuery
query4 endQuery 100
query3 endQuery 1434

I am finding the longest running queries:

> grep "endQuery" logfile | awk '{print $3 " " $1}' | sort -nr | head -n 3
2003 query1
1434 query3
1000 query2

However, there are certain operations known to be long, and I want to find the longest running queries that do not include these operations. For example, I want to find the longest running queries that do not, in any of their log lines, include the word "banned".

In this example it would output:

1434 query3
1000 query2
100 query4

In reality these log files are large and contain a lot of queries.

Best Answer

First, note that you don't need the call to grep, by the way: it can be seamlessly integrated into the awk call.

<logfile awk '/endQuery/ {print $3 " " $1}'

You can filter out the banned queries at the awk stage. Store ongoing queries in an array, remove them if they're banned, and only print out the non-banned ones.

<logfile awk '
    $2 == "startQuery" {q[$1]=1}        # store the names of active queries
    q[$1] && /banned/ {delete q[$1]}    # delete banned queries
    $2 == "endQuery" {
        if (q[$1]) print $3, $1;        # only report non-banned queries
        delete q[$1];
    }
' | sort -nr | head -n 3

Related Solutions

Shell – What killed tty main process suddenly

It depends on, what type of stress test you are doing. When the kernel doesn't have enough resources to continue, random process are killed. This happens only on realy high loads, for example when you don't have a pagefile and all your memory is used in some processes.

Shell – cleaning output of a script so it’s descending, gives package names and cleanly exists

Starting with

for source in $(dpkg-query --show -f '${source:Package}\n' | sort -u); do bts select source:${source} tag:patch; done

sorting the output involves another use of sort, to sort the overall output numerically in reverse order:

for source in $(dpkg-query --show -f '${source:Package}\n' | sort -u); do bts select source:${source} tag:patch; done \
| sort -n -r

To display the (source) package name along with the bug number, the simplest option is to add ${source} (the source package) in the right place, processing bts's output each time it's run:

for source in $(dpkg-query --show -f '${source:Package}\n' | sort -u)
do bts select source:${source} tag:patch | sed "s/^/${source} /g"
done

This outputs lines of the form

linux 845422

so we need to change the final sort to sort on the second field:

for source in $(dpkg-query --show -f '${source:Package}\n' | sort -u)
do bts select source:${source} tag:patch | sed "s/^/${source} /g"
done | sort -k2,2n -r

On a single line that's

for source in $(dpkg-query --show -f '${source:Package}\n' | sort -u); do bts select source:${source} tag:patch | sed "s/^/${source} /g"; done | sort -k2,2n -r

Best Answer

Related Solutions

Shell – What killed tty main process suddenly

Shell – cleaning output of a script so it’s descending, gives package names and cleanly exists

Related Question