Hello folks, In this article, We will see how to filter log entries based on the date range. Generally, You can check log files using the cat command but, there is a large number of entries in system log files, It is hard to check through the cat command. We can filter log files on date range using commands like journalctl, grep, sed and awk. We will be discussing all of them in detail below:
Filter Log Entries Based on Date Range
Let’s now look at filtering log entries based on the date-range using multiple different methods.
1. journalctl
Journalctl command is used to query the system journal. Using this command along with some parameters will show us the log file entries by date range. Open a terminal by pressing Ctrl+Alt+T and execute the following command:
journalctl
If we use journalctl without parameters, It will show all the entries from starting. To check the entries from last two days, Execute the following command:
journalctl --since "2 days ago"
--since and --until option is used to specify the starting and ending date respectively. If you want to check entries for a specific date range, Execute the following command:
journalctl --since "yyyy-mm-dd hh:mm" --until "yyyy-mm-dd hh:mm"
journalctl --since "2022-02-18" --until "2022-02-21 04:00"
2. awk command
Awk is a very powerful command used for data manipulation, text retrieval and processing. To filter log entries by date, Execute the following command:
sudo awk -vDate=`date -d’now-2 hours’ +[%d/%b/%Y:%H:%M:%S` ‘ { if ($4 > Date) print Date FS $4}’ /home/sid/.cache/protonvpn/logs/protonvpn.log
-v is used to assign value to variables, For Example as shown below, Date and Date2 are the two variables which indicate the two date ranges. To filter log entries for a specified date range, Execute the following command:
sudo awk -vDate=`date -d 'YYYY-MM-DD' +[%d/%b/%Y:%H:%M:%S` -vDate2='date -d 'YYYY-MM-DD' +[%d/%b/%Y:%H:%M:%S' ' { if ($4 > Date && $4 < Date2) print $0}' <file_name.log>
sudo awk -vDate=`date -d '2022-02-17' +[%d/%b/%Y:%H:%M:%S` -vDate2='date -d'2022-02-26' +[%d/%b/%Y:%H:%M:%S' ' { if ($4 > Date && $4 < Date2) print $0}' /home/sid/.cache/protonvpn/logs/protonvpn.log
3. grep command
grep is a popular and most commonly used command to print lines based on patterns. -E is used to interpret patterns as regular expressions. Execute the following command to filter log entries by date:
sudo grep -E "pattern" <file_name.log>
sudo grep -E "2022-02-19" protonvpn.log
To filter log entries for specified date range, Execute the following command:
sudo grep -E "pattern1 | pattern2" <file_name.log>
sudo grep -E "2022-02-19 | 2022-02-21" protonvpn.log
4. sed command
sed is another command similar to grep command but more efficient. It is used to filter and transform text. Let’s see how to filter log entries using sed command. Execute the following command to get entries between specified dates:
sed -n '/pattern1/,/pattern2/p' <file_name.log>
sudo sed -n '/2022-02-19/,/2022-02-21/p' protonvpn.log
To know more about these commands, You can refer to the official manpages.To open a manpage, Open a terminal and enter man followed by the command name, For example,
man sed
Conclusion
So, We discussed how to filter log entries based on a particular date/time or between dates. We discussed many commands, all are easy to use, even for beginners. I hope it works for you. Thank you for reading!