How to search these events that meet the condition of "3 same contents(except time message) in 2 seconds", give me a idea, if possible, please.
our logs have timestamps in front. for example:
the original file:
"
Oct 31 2014 14:31:11 xiaowang ;Last diagnostic message repeated 14 times.
Oct 31 2014 14:34:11 xiaowang %%01INFO/4/SUPPRESS_DIAGLOG(D):CID=0x80600406;
Oct 31 2014 14:34:11:012 xiaowang %%01INFO/4/SUPPRESS_DIAGLOG(D):CID=0x80600406;
Oct 31 2014 14:34:12 xiaowang %%01INFO/4/SUPPRESS_DIAGLOG(D):CID=0x80600406;
Oct 31 2014 14:35:22 xiaowang %%01INFO/4/SUPPRESS_DIAGLOG(D):CID=0x80600406;
Oct 31 2014 14:34:32 xiaowang %%01RMBASE/6/PARTNER_FSM_TRANSFER(D):CID=80;
Oct 31 2014 14:34:56 xiaowang %%01DEBUG/4/DBG_TOP_PROC_MEM(D);
"
we hope to get these logs that have the same content(except the timestamps in front), but the time info in front may be different and the time interval is within 2 second. if we can find 3 logs that meet the frontal condition, we record it.
the expected result is:
"
Oct 31 2014 14:34:11 xiaowang %%01INFO/4/SUPPRESS_DIAGLOG(D):CID=0x80600406;
Oct 31 2014 14:34:11:012 xiaowang %%01INFO/4/SUPPRESS_DIAGLOG(D):CID=0x80600406;
Oct 31 2014 14:34:12 xiaowang %%01INFO/4/SUPPRESS_DIAGLOG(D):CID=0x80600406;
"
this question block me very long time, How, if at all possible, could this be accomplished?
attention: the time info format of logs may be different, for example: "Oct 31 2014 14:34:11" and "Oct 31 2014 14:34:11:012".
I want to 'transaction' and 'top' to deal with the problem, but I cannot devide a log item into two parts, one is timestamps in front and the other is log main content after the time info.
any advice?
... View more