Using Search::Dict on log files

First perlmonks post. If you have very large log files or slow disk, or both... As long as the log file is ordered by datetime, you can use Search::Dict's binary search to find entries for datetimes. (this code has not been extensively tested)

#! perl -W
use strict;
use warnings;
# Yes, I know it's big and slow, room for improvment here
use Date::Manip;
use Search::Dict;

# The log file must be ordered by date for this to work.
# Use it like this:
#   search_log /var/log/httpd/access_log "2008052205:32:43"
# or
#   search_log /var/log/httpd/access_log "2008052205:32:4"
#   search_log /var/log/httpd/access_log "2008052205:32:"
#   search_log /var/log/httpd/access_log "2008052205:32"
#   search_log /var/log/httpd/access_log "2008052205:3"

my $file        = shift or die 'no file';
my $search_date = shift or die 'no search date in YYYYMMDDHH::MM::SS f
+ormat';

open my $fh,'<',$file or die $!;

sub get_date{
    my($line) = @_;
    my($d) = $line=~/\[(.*)\]/mxo or die "Can't find [date] in line: $
+line";
    return ParseDate($d) or die "Can't parse date: $d";
}

my $pos = look $fh,$search_date,{
    xfrm=>*get_date,
};

if(-1 == $pos){
    die "Error looking for '$search_date' in file '$file': $!\n";
}

while(my $line=<$fh>){
    if(get_date($line) =~m/$search_date/mxo){
        print $line;
    } else {
        last;
    }
}
[download]

Comment on Using Search::Dict on log files Download Code

Replies are listed 'Best First'.
Re: Using Search::Dict on log files by stigpje (Novice) on May 22, 2008 at 11:42 UTC
Some resources on Search::Dict: tests, MacPerl thread, mentioned in an article. Some more related resources: Re: Binary searching with Perl., Binary Searches on Sorted Text Files that pointed me to File::SortedSeek (version 0.012 and below suffers from bug RT#36160). Watch out of the bug above (use version 0.013 or above). Using File::SortedSeek: `perl -e 'use File::SortedSeek qw{:all};use Date::Manip;my $file=shift; +my $sdate=shift;sub get_date{my($d) = $_[0]=~/\[(.)\]/;return ParseD +ate($d);};open BIG,$file;alphabetic(BIG,$sdate,\&get_date);while(my +$l=<BIG>){if(get_date($l)=~m/$sdate/){print $l}else{last}}' /var/log/ +httpd/access_log 2008052100:05:05` [download] YAR! Mark Jason Dominus' slides from a now free class: lightweight-db slide 22, licensed under a Creative Commons Attribution-Noncommercial-ShareAlike 3.0 License.	[reply] [d/l]

Replies are listed 'Best First'.

Re: Using Search::Dict on log files
by stigpje (Novice) on May 22, 2008 at 11:42 UTC

Re: Binary searching with Perl.

Binary Searches on Sorted Text Files

File::SortedSeek

RT#36160

perl -e 'use File::SortedSeek qw{:all};use Date::Manip;my $file=shift;
+my $sdate=shift;sub get_date{my($d) = $_[0]=~/\[(.*)\]/;return ParseD
+ate($d);};open BIG,$file;alphabetic(*BIG,$sdate,\&get_date);while(my 
+$l=<BIG>){if(get_date($l)=~m/$sdate/){print $l}else{last}}' /var/log/
+httpd/access_log 2008052100:05:05
[download]

class

lightweight-db slide 22

licensed under a Creative Commons Attribution-Noncommercial-ShareAlike 3.0 License.

[reply]
[d/l]