Command modification











up vote
2
down vote

favorite












I'm using the following command to get the highest number of requests per second in a log file and it works well. 



grep "2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1


Now I would like to also get the smallest requests per second and the amount of time the highest number stayed for. For example: let's say the results from the command was 2000 which is the highest requests per second inside the log file, I want to find out how long the 2000 requests lasted for? in another word: if the peak of 2000 happened, I'd like to find out how long it took before this went down.



Here's a portion of the log file:



#Start-Date: 2017-02-16 19:49:06

#Date: 2016-10-11 15:16:48

#Fields: date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action c

s-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes

 x-virus-id x-bluecoat-application-name x-bluecoat-application-operation

#Remark: 1412140034 "lofnetsg1" "192.168.13.14" "main"

2017-02-16 19:49:06 116154 10.5.13.149 - - - OBSERVED "Non-Viewable/Infrastructure" -  200 TCP_TUNNELED CONNECT - tcp u-amvx4npjuy.wc.yahoo

dns.net 443 / - - "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 660

3 1036 - "none" "none"

2017-02-16 19:49:06 1 10.2.29.41 - - - OBSERVED "Technology/Internet" -  304 TCP_HIT GET application/pkix-crl http www.microsoft.com 80 /pk

i/CRL/products/Microsoft%20Windows%20Hardware%20Compatibility%20PCA(1).crl - crl "Microsoft-CryptoAPI/6.1" 192.168.13.14 568 338 - "none" "

none"

2017-02-16 19:49:06 18 10.1.15.166 - - - OBSERVED "Content Servers" http://www.foxnews.com/  304 TCP_CLIENT_REFRESH GET text/javascript;cha

rset=UTF-8 http widget-cdn.rpxnow.com 80 /translations/share/en - - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Ge

cko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 487 417 - "none" "none"

2017-02-16 19:49:06 6677 172.16.121.69 - - - OBSERVED "Social Networking;Content Servers" -  200 TCP_TUNNELED CONNECT - tcp pbs.twimg.com 4

43 / - - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 10020

3 1241 - "Twitter" "none"

2017-02-16 19:49:06 1664 10.14.16.67 - - - OBSERVED "Informational;Health" -  200 TCP_TUNNELED CONNECT - tcp www.drugs.com 443 / - - "Mozil

la/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.13.14 6313 2281 - "none" "none"

2017-02-16 19:49:06 1095 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp as-sec.casalemedia.com 443 / -

- "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 1058 2818 -

"none" "none"

2017-02-16 19:49:06 24282 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp dt.adsafeprotected.com 443 / -

 - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 3687 3007 -

 "none" "none"

2017-02-16 19:49:06 1 10.2.29.41 - - - OBSERVED "Non-Viewable/Infrastructure" -  304 TCP_HIT GET application/pkix-crl http crl.microsoft.co

m 80 /pki/crl/products/MicrosoftTimeStampPCA.crl - crl "Microsoft-CryptoAPI/6.1" 192.168.13.14 500 304 - "none" "none"

2017-02-16 19:49:06 48 10.2.50.46 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp x.bidswitch.net 443 / - - "Mozilla/5

.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 39 219 - "none" "none"

2017-02-16 19:49:06 26855 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp ping.chartbeat.net 443 / - - "

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 699 2727 - "non

e" "none"

2017-02-16 19:49:06 22 10.2.10.172 - - - OBSERVED "Web Ads/Analytics" http://player.radio.com/listen/station/985-the-sports-hub  200 TCP_NC

_MISS GET application/javascript;%20charset=utf-8 http ib.adnxs.com 80 /ttj ?id=10203641&size=300x250&pagetype=ros&promo_sizes=&cb=14872745

46795 - "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 11458 3251 -

"none" "none"

2017-02-16 19:49:06 965 10.32.14.38 - - - OBSERVED "Technology/Internet" -  200 TCP_TUNNELED CONNECT - tcp clients4.google.com 443 / - - "C

hrome WIN 56.0.2924.87 (0e9a9a6f3676ae439b78cd9b3f62b4193c3ac7d5-refs/branch-heads/2924@{#895}) channel(stable)" 192.168.13.14 1455 3073 -

"none" "none"

2017-02-16 19:49:06 939 10.7.18.97 - - - OBSERVED "Health" http://cmri.in/cmri-doctors/  200 TCP_NC_MISS GET text/html;%20charset=UTF-8 htt

p cmri.in 80 /doctor/dr-mahesh-chowdhury/ - - "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.

13.14 7501 573 - "none" "none"





grep sort tail cut uniq







share|improve this question
























  • Please add a few sample lines of Logfile.log
    – MikeD
    Mar 2 '17 at 15:54










  • Please let me know if the answer worked for you or, if not, what remaining issues you are seeing. Thanks!
    – MikeD
    Mar 10 '17 at 23:53















up vote
2
down vote

favorite












I'm using the following command to get the highest number of requests per second in a log file and it works well. 



grep "2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1


Now I would like to also get the smallest requests per second and the amount of time the highest number stayed for. For example: let's say the results from the command was 2000 which is the highest requests per second inside the log file, I want to find out how long the 2000 requests lasted for? in another word: if the peak of 2000 happened, I'd like to find out how long it took before this went down.



Here's a portion of the log file:



#Start-Date: 2017-02-16 19:49:06

#Date: 2016-10-11 15:16:48

#Fields: date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action c

s-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes

 x-virus-id x-bluecoat-application-name x-bluecoat-application-operation

#Remark: 1412140034 "lofnetsg1" "192.168.13.14" "main"

2017-02-16 19:49:06 116154 10.5.13.149 - - - OBSERVED "Non-Viewable/Infrastructure" -  200 TCP_TUNNELED CONNECT - tcp u-amvx4npjuy.wc.yahoo

dns.net 443 / - - "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 660

3 1036 - "none" "none"

2017-02-16 19:49:06 1 10.2.29.41 - - - OBSERVED "Technology/Internet" -  304 TCP_HIT GET application/pkix-crl http www.microsoft.com 80 /pk

i/CRL/products/Microsoft%20Windows%20Hardware%20Compatibility%20PCA(1).crl - crl "Microsoft-CryptoAPI/6.1" 192.168.13.14 568 338 - "none" "

none"

2017-02-16 19:49:06 18 10.1.15.166 - - - OBSERVED "Content Servers" http://www.foxnews.com/  304 TCP_CLIENT_REFRESH GET text/javascript;cha

rset=UTF-8 http widget-cdn.rpxnow.com 80 /translations/share/en - - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Ge

cko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 487 417 - "none" "none"

2017-02-16 19:49:06 6677 172.16.121.69 - - - OBSERVED "Social Networking;Content Servers" -  200 TCP_TUNNELED CONNECT - tcp pbs.twimg.com 4

43 / - - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 10020

3 1241 - "Twitter" "none"

2017-02-16 19:49:06 1664 10.14.16.67 - - - OBSERVED "Informational;Health" -  200 TCP_TUNNELED CONNECT - tcp www.drugs.com 443 / - - "Mozil

la/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.13.14 6313 2281 - "none" "none"

2017-02-16 19:49:06 1095 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp as-sec.casalemedia.com 443 / -

- "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 1058 2818 -

"none" "none"

2017-02-16 19:49:06 24282 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp dt.adsafeprotected.com 443 / -

 - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 3687 3007 -

 "none" "none"

2017-02-16 19:49:06 1 10.2.29.41 - - - OBSERVED "Non-Viewable/Infrastructure" -  304 TCP_HIT GET application/pkix-crl http crl.microsoft.co

m 80 /pki/crl/products/MicrosoftTimeStampPCA.crl - crl "Microsoft-CryptoAPI/6.1" 192.168.13.14 500 304 - "none" "none"

2017-02-16 19:49:06 48 10.2.50.46 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp x.bidswitch.net 443 / - - "Mozilla/5

.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 39 219 - "none" "none"

2017-02-16 19:49:06 26855 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp ping.chartbeat.net 443 / - - "

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 699 2727 - "non

e" "none"

2017-02-16 19:49:06 22 10.2.10.172 - - - OBSERVED "Web Ads/Analytics" http://player.radio.com/listen/station/985-the-sports-hub  200 TCP_NC

_MISS GET application/javascript;%20charset=utf-8 http ib.adnxs.com 80 /ttj ?id=10203641&size=300x250&pagetype=ros&promo_sizes=&cb=14872745

46795 - "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 11458 3251 -

"none" "none"

2017-02-16 19:49:06 965 10.32.14.38 - - - OBSERVED "Technology/Internet" -  200 TCP_TUNNELED CONNECT - tcp clients4.google.com 443 / - - "C

hrome WIN 56.0.2924.87 (0e9a9a6f3676ae439b78cd9b3f62b4193c3ac7d5-refs/branch-heads/2924@{#895}) channel(stable)" 192.168.13.14 1455 3073 -

"none" "none"

2017-02-16 19:49:06 939 10.7.18.97 - - - OBSERVED "Health" http://cmri.in/cmri-doctors/  200 TCP_NC_MISS GET text/html;%20charset=UTF-8 htt

p cmri.in 80 /doctor/dr-mahesh-chowdhury/ - - "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.

13.14 7501 573 - "none" "none"





grep sort tail cut uniq







share|improve this question
























  • Please add a few sample lines of Logfile.log
    – MikeD
    Mar 2 '17 at 15:54










  • Please let me know if the answer worked for you or, if not, what remaining issues you are seeing. Thanks!
    – MikeD
    Mar 10 '17 at 23:53













up vote
2
down vote

favorite









up vote
2
down vote

favorite











I'm using the following command to get the highest number of requests per second in a log file and it works well. 



grep "2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1


Now I would like to also get the smallest requests per second and the amount of time the highest number stayed for. For example: let's say the results from the command was 2000 which is the highest requests per second inside the log file, I want to find out how long the 2000 requests lasted for? in another word: if the peak of 2000 happened, I'd like to find out how long it took before this went down.



Here's a portion of the log file:



#Start-Date: 2017-02-16 19:49:06

#Date: 2016-10-11 15:16:48

#Fields: date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action c

s-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes

 x-virus-id x-bluecoat-application-name x-bluecoat-application-operation

#Remark: 1412140034 "lofnetsg1" "192.168.13.14" "main"

2017-02-16 19:49:06 116154 10.5.13.149 - - - OBSERVED "Non-Viewable/Infrastructure" -  200 TCP_TUNNELED CONNECT - tcp u-amvx4npjuy.wc.yahoo

dns.net 443 / - - "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 660

3 1036 - "none" "none"

2017-02-16 19:49:06 1 10.2.29.41 - - - OBSERVED "Technology/Internet" -  304 TCP_HIT GET application/pkix-crl http www.microsoft.com 80 /pk

i/CRL/products/Microsoft%20Windows%20Hardware%20Compatibility%20PCA(1).crl - crl "Microsoft-CryptoAPI/6.1" 192.168.13.14 568 338 - "none" "

none"

2017-02-16 19:49:06 18 10.1.15.166 - - - OBSERVED "Content Servers" http://www.foxnews.com/  304 TCP_CLIENT_REFRESH GET text/javascript;cha

rset=UTF-8 http widget-cdn.rpxnow.com 80 /translations/share/en - - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Ge

cko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 487 417 - "none" "none"

2017-02-16 19:49:06 6677 172.16.121.69 - - - OBSERVED "Social Networking;Content Servers" -  200 TCP_TUNNELED CONNECT - tcp pbs.twimg.com 4

43 / - - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 10020

3 1241 - "Twitter" "none"

2017-02-16 19:49:06 1664 10.14.16.67 - - - OBSERVED "Informational;Health" -  200 TCP_TUNNELED CONNECT - tcp www.drugs.com 443 / - - "Mozil

la/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.13.14 6313 2281 - "none" "none"

2017-02-16 19:49:06 1095 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp as-sec.casalemedia.com 443 / -

- "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 1058 2818 -

"none" "none"

2017-02-16 19:49:06 24282 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp dt.adsafeprotected.com 443 / -

 - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 3687 3007 -

 "none" "none"

2017-02-16 19:49:06 1 10.2.29.41 - - - OBSERVED "Non-Viewable/Infrastructure" -  304 TCP_HIT GET application/pkix-crl http crl.microsoft.co

m 80 /pki/crl/products/MicrosoftTimeStampPCA.crl - crl "Microsoft-CryptoAPI/6.1" 192.168.13.14 500 304 - "none" "none"

2017-02-16 19:49:06 48 10.2.50.46 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp x.bidswitch.net 443 / - - "Mozilla/5

.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 39 219 - "none" "none"

2017-02-16 19:49:06 26855 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp ping.chartbeat.net 443 / - - "

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 699 2727 - "non

e" "none"

2017-02-16 19:49:06 22 10.2.10.172 - - - OBSERVED "Web Ads/Analytics" http://player.radio.com/listen/station/985-the-sports-hub  200 TCP_NC

_MISS GET application/javascript;%20charset=utf-8 http ib.adnxs.com 80 /ttj ?id=10203641&size=300x250&pagetype=ros&promo_sizes=&cb=14872745

46795 - "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 11458 3251 -

"none" "none"

2017-02-16 19:49:06 965 10.32.14.38 - - - OBSERVED "Technology/Internet" -  200 TCP_TUNNELED CONNECT - tcp clients4.google.com 443 / - - "C

hrome WIN 56.0.2924.87 (0e9a9a6f3676ae439b78cd9b3f62b4193c3ac7d5-refs/branch-heads/2924@{#895}) channel(stable)" 192.168.13.14 1455 3073 -

"none" "none"

2017-02-16 19:49:06 939 10.7.18.97 - - - OBSERVED "Health" http://cmri.in/cmri-doctors/  200 TCP_NC_MISS GET text/html;%20charset=UTF-8 htt

p cmri.in 80 /doctor/dr-mahesh-chowdhury/ - - "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.

13.14 7501 573 - "none" "none"





grep sort tail cut uniq







share|improve this question















I'm using the following command to get the highest number of requests per second in a log file and it works well. 



grep "2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1


Now I would like to also get the smallest requests per second and the amount of time the highest number stayed for. For example: let's say the results from the command was 2000 which is the highest requests per second inside the log file, I want to find out how long the 2000 requests lasted for? in another word: if the peak of 2000 happened, I'd like to find out how long it took before this went down.



Here's a portion of the log file:



#Start-Date: 2017-02-16 19:49:06

#Date: 2016-10-11 15:16:48

#Fields: date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action c

s-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes

 x-virus-id x-bluecoat-application-name x-bluecoat-application-operation

#Remark: 1412140034 "lofnetsg1" "192.168.13.14" "main"

2017-02-16 19:49:06 116154 10.5.13.149 - - - OBSERVED "Non-Viewable/Infrastructure" -  200 TCP_TUNNELED CONNECT - tcp u-amvx4npjuy.wc.yahoo

dns.net 443 / - - "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 660

3 1036 - "none" "none"

2017-02-16 19:49:06 1 10.2.29.41 - - - OBSERVED "Technology/Internet" -  304 TCP_HIT GET application/pkix-crl http www.microsoft.com 80 /pk

i/CRL/products/Microsoft%20Windows%20Hardware%20Compatibility%20PCA(1).crl - crl "Microsoft-CryptoAPI/6.1" 192.168.13.14 568 338 - "none" "

none"

2017-02-16 19:49:06 18 10.1.15.166 - - - OBSERVED "Content Servers" http://www.foxnews.com/  304 TCP_CLIENT_REFRESH GET text/javascript;cha

rset=UTF-8 http widget-cdn.rpxnow.com 80 /translations/share/en - - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Ge

cko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 487 417 - "none" "none"

2017-02-16 19:49:06 6677 172.16.121.69 - - - OBSERVED "Social Networking;Content Servers" -  200 TCP_TUNNELED CONNECT - tcp pbs.twimg.com 4

43 / - - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 10020

3 1241 - "Twitter" "none"

2017-02-16 19:49:06 1664 10.14.16.67 - - - OBSERVED "Informational;Health" -  200 TCP_TUNNELED CONNECT - tcp www.drugs.com 443 / - - "Mozil

la/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.13.14 6313 2281 - "none" "none"

2017-02-16 19:49:06 1095 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp as-sec.casalemedia.com 443 / -

- "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 1058 2818 -

"none" "none"

2017-02-16 19:49:06 24282 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp dt.adsafeprotected.com 443 / -

 - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 3687 3007 -

 "none" "none"

2017-02-16 19:49:06 1 10.2.29.41 - - - OBSERVED "Non-Viewable/Infrastructure" -  304 TCP_HIT GET application/pkix-crl http crl.microsoft.co

m 80 /pki/crl/products/MicrosoftTimeStampPCA.crl - crl "Microsoft-CryptoAPI/6.1" 192.168.13.14 500 304 - "none" "none"

2017-02-16 19:49:06 48 10.2.50.46 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp x.bidswitch.net 443 / - - "Mozilla/5

.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 39 219 - "none" "none"

2017-02-16 19:49:06 26855 172.16.121.69 - - - OBSERVED "Web Ads/Analytics" -  200 TCP_TUNNELED CONNECT - tcp ping.chartbeat.net 443 / - - "

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 699 2727 - "non

e" "none"

2017-02-16 19:49:06 22 10.2.10.172 - - - OBSERVED "Web Ads/Analytics" http://player.radio.com/listen/station/985-the-sports-hub  200 TCP_NC

_MISS GET application/javascript;%20charset=utf-8 http ib.adnxs.com 80 /ttj ?id=10203641&size=300x250&pagetype=ros&promo_sizes=&cb=14872745

46795 - "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 192.168.13.14 11458 3251 -

"none" "none"

2017-02-16 19:49:06 965 10.32.14.38 - - - OBSERVED "Technology/Internet" -  200 TCP_TUNNELED CONNECT - tcp clients4.google.com 443 / - - "C

hrome WIN 56.0.2924.87 (0e9a9a6f3676ae439b78cd9b3f62b4193c3ac7d5-refs/branch-heads/2924@{#895}) channel(stable)" 192.168.13.14 1455 3073 -

"none" "none"

2017-02-16 19:49:06 939 10.7.18.97 - - - OBSERVED "Health" http://cmri.in/cmri-doctors/  200 TCP_NC_MISS GET text/html;%20charset=UTF-8 htt

p cmri.in 80 /doctor/dr-mahesh-chowdhury/ - - "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.

13.14 7501 573 - "none" "none"





grep sort tail cut uniq




grep sort tail cut uniq






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 25 at 23:42









Rui F Ribeiro

38.3k1477127




38.3k1477127










asked Mar 2 '17 at 0:06









Katkota

434




434












  • Please add a few sample lines of Logfile.log
    – MikeD
    Mar 2 '17 at 15:54










  • Please let me know if the answer worked for you or, if not, what remaining issues you are seeing. Thanks!
    – MikeD
    Mar 10 '17 at 23:53


















  • Please add a few sample lines of Logfile.log
    – MikeD
    Mar 2 '17 at 15:54










  • Please let me know if the answer worked for you or, if not, what remaining issues you are seeing. Thanks!
    – MikeD
    Mar 10 '17 at 23:53
















Please add a few sample lines of Logfile.log
– MikeD
Mar 2 '17 at 15:54




Please add a few sample lines of Logfile.log
– MikeD
Mar 2 '17 at 15:54












Please let me know if the answer worked for you or, if not, what remaining issues you are seeing. Thanks!
– MikeD
Mar 10 '17 at 23:53




Please let me know if the answer worked for you or, if not, what remaining issues you are seeing. Thanks!
– MikeD
Mar 10 '17 at 23:53










1 Answer
1






active

oldest

votes

















up vote
0
down vote













Here is one way obtain how long the most hits lasted:



Assign a variable, highest to your original command: *adding ^ in the grep pattern, restricts matches to dates at the beginning of a line. 



  highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1)


Again using your original command, up to uniq, redirect the full uniq count list to a tempfile



  grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile


Use grep to search for the highest number in the new tempfile using -A1 to get the first line after:



  grep -A1 "^$highest" tempfile | tail -n1


You may combine these into one line using semi-colons (;) like so:



  highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1);grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile;grep -A1 "^$highest" tempfile | tail -n1


If you need to do the date-time math for output of the actual time difference, you may capture the result so far to a variable nexttime 



  nexttime=$(highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1);grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile;grep -A1 "^$highest" tempfile | tail -n1)


and use this to calculate the difference:



  highest=$(echo $highest | cut -d' ' -f 3)              # get the time field (#3)

  nexttime=$(echo $nexttime | cut -d' ' -f 3)            # get the time field (#3)

  logStart=$(date -u -d "$highest" +"%s")                # convert to seconds

  logEnd=$(date -u -d "$nexttime" +"%s")                 # convert to seconds

  date -u -d "0 $logEnd sec - $logStart sec" +"%H:%M:%S" # display time difference


And, likewise, you may combine these statements with the others above, using semi-colons (;), or put it all in a script.






share|improve this answer























  • Thanks for the hint but how can i find out how long the high number lasted for?
    – Katkota
    Mar 2 '17 at 14:37










  • I have updated my answer based on your added log file sample.
    – MikeD
    Mar 3 '17 at 20:36










  • Thanks Mike for all the help. I will try it this week and let you know
    – Katkota
    Mar 5 '17 at 1:47











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f348519%2fcommand-modification%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote













Here is one way obtain how long the most hits lasted:



Assign a variable, highest to your original command: *adding ^ in the grep pattern, restricts matches to dates at the beginning of a line. 



  highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1)


Again using your original command, up to uniq, redirect the full uniq count list to a tempfile



  grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile


Use grep to search for the highest number in the new tempfile using -A1 to get the first line after:



  grep -A1 "^$highest" tempfile | tail -n1


You may combine these into one line using semi-colons (;) like so:



  highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1);grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile;grep -A1 "^$highest" tempfile | tail -n1


If you need to do the date-time math for output of the actual time difference, you may capture the result so far to a variable nexttime 



  nexttime=$(highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1);grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile;grep -A1 "^$highest" tempfile | tail -n1)


and use this to calculate the difference:



  highest=$(echo $highest | cut -d' ' -f 3)              # get the time field (#3)

  nexttime=$(echo $nexttime | cut -d' ' -f 3)            # get the time field (#3)

  logStart=$(date -u -d "$highest" +"%s")                # convert to seconds

  logEnd=$(date -u -d "$nexttime" +"%s")                 # convert to seconds

  date -u -d "0 $logEnd sec - $logStart sec" +"%H:%M:%S" # display time difference


And, likewise, you may combine these statements with the others above, using semi-colons (;), or put it all in a script.






share|improve this answer























  • Thanks for the hint but how can i find out how long the high number lasted for?
    – Katkota
    Mar 2 '17 at 14:37










  • I have updated my answer based on your added log file sample.
    – MikeD
    Mar 3 '17 at 20:36










  • Thanks Mike for all the help. I will try it this week and let you know
    – Katkota
    Mar 5 '17 at 1:47















up vote
0
down vote













Here is one way obtain how long the most hits lasted:



Assign a variable, highest to your original command: *adding ^ in the grep pattern, restricts matches to dates at the beginning of a line. 



  highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1)


Again using your original command, up to uniq, redirect the full uniq count list to a tempfile



  grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile


Use grep to search for the highest number in the new tempfile using -A1 to get the first line after:



  grep -A1 "^$highest" tempfile | tail -n1


You may combine these into one line using semi-colons (;) like so:



  highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1);grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile;grep -A1 "^$highest" tempfile | tail -n1


If you need to do the date-time math for output of the actual time difference, you may capture the result so far to a variable nexttime 



  nexttime=$(highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1);grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile;grep -A1 "^$highest" tempfile | tail -n1)


and use this to calculate the difference:



  highest=$(echo $highest | cut -d' ' -f 3)              # get the time field (#3)

  nexttime=$(echo $nexttime | cut -d' ' -f 3)            # get the time field (#3)

  logStart=$(date -u -d "$highest" +"%s")                # convert to seconds

  logEnd=$(date -u -d "$nexttime" +"%s")                 # convert to seconds

  date -u -d "0 $logEnd sec - $logStart sec" +"%H:%M:%S" # display time difference


And, likewise, you may combine these statements with the others above, using semi-colons (;), or put it all in a script.






share|improve this answer























  • Thanks for the hint but how can i find out how long the high number lasted for?
    – Katkota
    Mar 2 '17 at 14:37










  • I have updated my answer based on your added log file sample.
    – MikeD
    Mar 3 '17 at 20:36










  • Thanks Mike for all the help. I will try it this week and let you know
    – Katkota
    Mar 5 '17 at 1:47













up vote
0
down vote










up vote
0
down vote









Here is one way obtain how long the most hits lasted:



Assign a variable, highest to your original command: *adding ^ in the grep pattern, restricts matches to dates at the beginning of a line. 



  highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1)


Again using your original command, up to uniq, redirect the full uniq count list to a tempfile



  grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile


Use grep to search for the highest number in the new tempfile using -A1 to get the first line after:



  grep -A1 "^$highest" tempfile | tail -n1


You may combine these into one line using semi-colons (;) like so:



  highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1);grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile;grep -A1 "^$highest" tempfile | tail -n1


If you need to do the date-time math for output of the actual time difference, you may capture the result so far to a variable nexttime 



  nexttime=$(highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1);grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile;grep -A1 "^$highest" tempfile | tail -n1)


and use this to calculate the difference:



  highest=$(echo $highest | cut -d' ' -f 3)              # get the time field (#3)

  nexttime=$(echo $nexttime | cut -d' ' -f 3)            # get the time field (#3)

  logStart=$(date -u -d "$highest" +"%s")                # convert to seconds

  logEnd=$(date -u -d "$nexttime" +"%s")                 # convert to seconds

  date -u -d "0 $logEnd sec - $logStart sec" +"%H:%M:%S" # display time difference


And, likewise, you may combine these statements with the others above, using semi-colons (;), or put it all in a script.






share|improve this answer














Here is one way obtain how long the most hits lasted:



Assign a variable, highest to your original command: *adding ^ in the grep pattern, restricts matches to dates at the beginning of a line. 



  highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1)


Again using your original command, up to uniq, redirect the full uniq count list to a tempfile



  grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile


Use grep to search for the highest number in the new tempfile using -A1 to get the first line after:



  grep -A1 "^$highest" tempfile | tail -n1


You may combine these into one line using semi-colons (;) like so:



  highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1);grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile;grep -A1 "^$highest" tempfile | tail -n1


If you need to do the date-time math for output of the actual time difference, you may capture the result so far to a variable nexttime 



  nexttime=$(highest=$(grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c | sort -n | tail -n1);grep "^2017-02-22" "LogFile.log" | cut -c1-20 | uniq -c >tempfile;grep -A1 "^$highest" tempfile | tail -n1)


and use this to calculate the difference:



  highest=$(echo $highest | cut -d' ' -f 3)              # get the time field (#3)

  nexttime=$(echo $nexttime | cut -d' ' -f 3)            # get the time field (#3)

  logStart=$(date -u -d "$highest" +"%s")                # convert to seconds

  logEnd=$(date -u -d "$nexttime" +"%s")                 # convert to seconds

  date -u -d "0 $logEnd sec - $logStart sec" +"%H:%M:%S" # display time difference


And, likewise, you may combine these statements with the others above, using semi-colons (;), or put it all in a script.







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 3 '17 at 20:35

























answered Mar 2 '17 at 0:23









MikeD

598215




598215












  • Thanks for the hint but how can i find out how long the high number lasted for?
    – Katkota
    Mar 2 '17 at 14:37










  • I have updated my answer based on your added log file sample.
    – MikeD
    Mar 3 '17 at 20:36










  • Thanks Mike for all the help. I will try it this week and let you know
    – Katkota
    Mar 5 '17 at 1:47


















  • Thanks for the hint but how can i find out how long the high number lasted for?
    – Katkota
    Mar 2 '17 at 14:37










  • I have updated my answer based on your added log file sample.
    – MikeD
    Mar 3 '17 at 20:36










  • Thanks Mike for all the help. I will try it this week and let you know
    – Katkota
    Mar 5 '17 at 1:47
















Thanks for the hint but how can i find out how long the high number lasted for?
– Katkota
Mar 2 '17 at 14:37




Thanks for the hint but how can i find out how long the high number lasted for?
– Katkota
Mar 2 '17 at 14:37












I have updated my answer based on your added log file sample.
– MikeD
Mar 3 '17 at 20:36




I have updated my answer based on your added log file sample.
– MikeD
Mar 3 '17 at 20:36












Thanks Mike for all the help. I will try it this week and let you know
– Katkota
Mar 5 '17 at 1:47




Thanks Mike for all the help. I will try it this week and let you know
– Katkota
Mar 5 '17 at 1:47


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f348519%2fcommand-modification%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Morgemoulin

Image
Morgemoulin — miejscowość i gmina — Państwo   Francja Region Grand Est Departament Moza Okręg Verdun Kod INSEE 55357 Powierzchnia 6,82 km² Populacja  (1990) • liczba ludności 75 • gęstość 11 os./km² Kod pocztowy 55400 Położenie na mapie Francji Morgemoulin 49°14′N   5°35′E / 49,233333   5,583333 Portal Francja Morgemoulin – miejscowość i gmina we Francji, w regionie Grand Est, w departamencie Moza. Według danych na rok 1990 gminę zamieszkiwało 75 osób, a gęstość zaludnienia wynosiła 11 osób/km² (wśród 2335 gmin Lotaryngii Morgemoulin plasuje się na 970. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 848.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Verdun Abaucourt-Hautecourt • Aincreville • Ambly-sur-Meuse • Amel-sur-l'Étang • Ancemont • Arrancy-sur-Crusne • Aubréville • Autré...
Read more

Scott Moir

Image
Scott Moir Tessa Virtue i Scott Moir w 2016 r. Reprezentacja   Kanada Data i miejsce urodzenia 2 września 1987 London Wzrost 180 cm Konkurencja Pary taneczne Partner sportowy Tessa Virtue Trener Marie-France Dubreuil, Patrice Lauzon, Romain Haguenauer Poprzednio: Marina Zujewa, Oleg Epstein, Igor Szpilband, Johnny Johns, Carol Moir, Paul MacIntosh, Suzanne Killing Klub Montreal International School of Skating Poprzednio: Arctic Edge FSC Ilderton Skating Club Lokalizacja treningowa Montreal Poprzednio: Canton Kitchener Rekordy życiowe ISU przed sezonem 2018/2019 Nota łączna 206,07 Igrzyska Olimpijskie 2018 Taniec krótki 83,67 Igrzyska Olimpijskie 2018 Taniec dowolny 122,40 Igrzyska Olimpijskie 2018 Dorobek medalowy Reprezentacja   Kanada Igrzyska olimpijskie Złoto Vancouver 2010 pary taneczne Złoto Pjongczang 2018 pary taneczne Złoto Pjongczang 2018 drużynowo Srebro S...
Read more

Souastre

Image
Souastre — miejscowość i gmina — Herb Państwo   Francja Region Hauts-de-France Departament Pas-de-Calais Okręg Arras Kod INSEE 62800 Powierzchnia 7,18 km² Populacja  (1990) • liczba ludności 352 • gęstość 49 os./km² Kod pocztowy 62111 Położenie na mapie Francji Souastre 50°09′N   2°34′E / 50,150000   2,566667 Portal Francja Souastre – miejscowość i gmina we Francji, w regionie Hauts-de-France, w departamencie Pas-de-Calais. Według danych na rok 1990 gminę zamieszkiwały 352 osoby, a gęstość zaludnienia wynosiła 49 osób/km² (wśród 1549 gmin regionu Nord-Pas-de-Calais Souastre plasuje się na 887. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 507.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Arras Ablain-Saint-Nazaire Ablainzevelle Acheville Achicourt Achiet-le-Grand Achiet-le-Pe...
Read more