Using AWK to print N lines up until the FIRST MATCH of a string and then exit

Posted on July 1, 2022 by dsg_admin

Often you are looking for a keyword within a log file but you need to print out X lines BEFORE the first match of a string, THEN exit the search.

There are many ways to skin a cat, and here are a few ways.

EXAMPLE 1:

In the following I am looking for 7 lines BEFORE the keyword phrase ‘Rolling back’

# cat logfile  | awk   'BEGIN{stopline=7} NR==1,/Rolling back/ {n=NR;l[n]=$0}END{last=n-stopline;for (i=last;i<=n;i++) {print l[i]}}'

Output:

2022-06-11 16:56:26 [pid 39154] LOG-THRIFTCLIENT-0002: [1] [tid 39154] Thrift transport exception type #1 (socket open() error: No route to host); failed to establish connection [addr=tt-peer-controller./port=9090].
Command killed: (signal 14) /usr/tintri/bin/fscmd -a 60 -h 'tt-peer-controller.' get-tuning-variable 'stasisDegradedModeTruncationTimeout'
Can't get 'stasisDegradedModeTruncationTimeout', error 142
Can't get timeouts, error 142
Upgrade completed; exit code 109
2022-06-11T16:57:22.166513-07:00 la-tintri01#b upgrade_pkg[30360]: Script /etc/sysconfig/tintri/post_upd/90-upgrade_fs exit code: 109
2022-06-11T16:57:22.167052-07:00 la-tintri01#b upgrade_pkg[30360]: Can not perform application upgrade, error 109
2022-06-11T16:57:22.167467-07:00 la-tintri01#b upgrade_pkg[30360]: Rolling back, state 9

EXAMPLE 2:

An easier way is to chain with tail; but who in the Linux world wants to do things the easy way right!?!?

#zcat logfile |awk 'NR==1,/Rolling back/' |tail -7

OUTPUT

2022-06-11 16:56:26 [pid 39154] LOG-THRIFTCLIENT-0002: [1] [tid 39154] Thrift transport exception type #1 (socket open() error: No route to host); failed to establish connection [addr=tt-peer-controller./port=9090].
Command killed: (signal 14) /usr/tintri/bin/fscmd -a 60 -h 'tt-peer-controller.' get-tuning-variable 'stasisDegradedModeTruncationTimeout'
Can't get 'stasisDegradedModeTruncationTimeout', error 142
Can't get timeouts, error 142
Upgrade completed; exit code 109
2022-06-11T16:57:22.166513-07:00 la-tintri01#b upgrade_pkg[30360]: Script /etc/sysconfig/tintri/post_upd/90-upgrade_fs exit code: 109
2022-06-11T16:57:22.167052-07:00 la-tintri01#b upgrade_pkg[30360]: Can not perform application upgrade, error 109
2022-06-11T16:57:22.167467-07:00 la-tintri01#b upgrade_pkg[30360]: Rolling back, state 9

EXAMPLE 3

Sometimes we need to search multiple files:

# awk   'NR==1,/Rolling back/' *.log |grep -H -B20 Rolling

Or for GZ files

# zcat logfile*.gz|awk 'NR==1,/Rolling back/'

OR

# awk 'NR==1,/Rolling back/' <(gzip -dc logfile*.gz)
This entry was posted in Command Line FU. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *