syntax error

# awk 'BEGIN {min=9999999} $NF > max {max=$NF; maxline=$0}; $NF < min
{min=$NF; minline=$0} END {print max, maxline "\n" min, minline}'
access.log
3190709 192.168.1.200 - - [07/Jul/2008:15:53:38 +0000] "GET /700.xml
HTTP/1.0" 200 24634 3190709
193 192.168.1.200 - - [06/Jul/2008:21:25:40 +0000] "GET /audio/vm/
Numbers%20(0).wav HTTP/1.0" 304 - 193

# cat tt.awk
function cvttime(t, a) {
split(t,a,"[/:]")
match("JanFebMarAprMayJunJulAugSepOctNovDec",a[2])
a[2] = sprintf("%02d",(RSTART+2)/3)
return( mktime(a[3]" "a[2]" "a[1]" "a[4]" "a[5]" "a[6]) )
}
BEGIN { now=systime(); tgt=300; mintime=99999999 }
{ then=cvttime(gensub(/.*\[(.*)\].*/,"\\1","")) }
{ if ((now - then) < tgt) { $NF > maxtime {maxtime=$NF; maxline=$0};
$NF < mintime {mintime=$NF; minline=$0}; hits++; sumtime+=$NF;
th=then }
else {exit} }
END { print "sumtime="sumtime, "hits="hits, "maxtime="maxtime,
"mintime="mintime "\n" maxline "\n" minline "\n" }

# tac access.log | awk -f tt.awk
awk: tt.awk:9: { if ((now - then) < tgt) { $NF > maxtime {maxtime=$NF;
maxline=$0}; $NF < mintime {mintime=$NF; minline=$0}; hits++; sumtime+=
$NF; th=then }
awk: tt.awk:9: ^ syntax
error
awk: tt.awk:9: { if ((now - then) < tgt) { $NF > maxtime {maxtime=$NF;
maxline=$0}; $NF < mintime {mintime=$NF; minline=$0}; hits++; sumtime+=
$NF; th=then }
awk: tt.awk:
9:
^ syntax error

On Monday 7 July 2008 23:12, dnlchen@gmail.com wrote:

> { if ((now - then) < tgt) { $NF > maxtime {maxtime=$NF; maxline=$0};

What do you want to do if ((now - then) < tgt) ?
Awk patterns can not nest (if that is what you meant).

On Mon, 7 Jul 2008 14:12:19 -0700 (PDT), dnlchen@gmail.com wrote:

># awk 'BEGIN {min=9999999} $NF > max {max=$NF; maxline=$0}; $NF < min
>{min=$NF; minline=$0} END {print max, maxline "\n" min, minline}'
>access.log
>3190709 192.168.1.200 - - [07/Jul/2008:15:53:38 +0000] "GET /700.xml
>HTTP/1.0" 200 24634 3190709
>193 192.168.1.200 - - [06/Jul/2008:21:25:40 +0000] "GET /audio/vm/
>Numbers%20(0).wav HTTP/1.0" 304 - 193
>
># cat tt.awk
>function cvttime(t, a) {
> split(t,a,"[/:]")
> match("JanFebMarAprMayJunJulAugSepOctNovDec",a[2])
> a[2] = sprintf("%02d",(RSTART+2)/3)
> return( mktime(a[3]" "a[2]" "a[1]" "a[4]" "a[5]" "a[6]) )
>}
>BEGIN { now=systime(); tgt=300; mintime=99999999 }
>{ then=cvttime(gensub(/.*\[(.*)\].*/,"\\1","")) }
>{ if ((now - then) < tgt) { $NF > maxtime {maxtime=$NF; maxline=$0};
>$NF < mintime {mintime=$NF; minline=$0}; hits++; sumtime+=$NF;
>th=then }
> else {exit} }
>END { print "sumtime="sumtime, "hits="hits, "maxtime="maxtime,
>"mintime="mintime "\n" maxline "\n" minline "\n" }
>
># tac access.log | awk -f tt.awk
>awk: tt.awk:9: { if ((now - then) < tgt) { $NF > maxtime {maxtime=$NF;
>maxline=$0}; $NF < mintime {mintime=$NF; minline=$0}; hits++; sumtime+=
^-- delete this?
>$NF; th=then }
>awk: tt.awk:9: ^ syntax
>error
>awk: tt.awk:9: { if ((now - then) < tgt) { $NF > maxtime {maxtime=$NF;
>maxline=$0}; $NF < mintime {mintime=$NF; minline=$0}; hits++; sumtime+=
>$NF; th=then }
>awk: tt.awk:
>9:
>^ syntax error

--
http://bugsplatter.mine.nu/

On Jul 7, 2:32*pm, pk <p...@pk.invalid> wrote:
> On Monday 7 July 2008 23:12, dnlc...@gmail.com wrote:
>
> > { if ((now - then) < tgt) { $NF > maxtime {maxtime=$NF; maxline=$0};
>
> What do you want to do if ((now - then) < tgt) ?
> Awk patterns can not nest (if that is what you meant).

I want to get the maximum/minimum value of $NF and sum of $NF during a
5-minute window. I don't know AWK cannot nest.

So how can we do this?
192.168.1.200 - - [06/Jul/2008:04:31:23 +0000] "GET /audio/10366899/
profile-1215312947951.wav HTTP/1.0" 200 85982 256657
192.168.1.200 - - [08/Jul/2008:16:21:25 +0000] "GET /audio/10585860/
profile-1215130066958.wav HTTP/1.0" 304 - 263
192.168.1.200 - - [08/Jul/2008:16:21:34 +0000] "GET /audio/10585860/
profile-1215130066958.wav HTTP/1.0" 200 34526 129458
192.168.1.200 - - [08/Jul/2008:16:28:40 +0000] "GET /audio/10585860/
message-1215534459424.wav HTTP/1.0" 200 33486 128780
192.168.1.200 - - [08/Jul/2008:16:30:30 +0000] "GET /audio/10694537/
message-1215534569117.wav HTTP/1.0" 200 228606 386953
192.168.1.200 - - [08/Jul/2008:16:50:25 +0000] "GET /audio/10473072/
message-1215526286270.wav HTTP/1.0" 200 127086 322931

if $7 ~ "^/audio/[[:digit:]].*.wav" && $(NF-2) == 200; then
if time is within the 5-minute window; then
find the max/min $NF and their lines, and sum $NF and hits
if time is not within the 5-minute window; then print the above;

On Tuesday 8 July 2008 19:18, dnlchen@gmail.com wrote:

> On Jul 7, 2:32Â*pm, pk <p...@pk.invalid> wrote:
>> On Monday 7 July 2008 23:12, dnlc...@gmail.com wrote:
>>
>> > { if ((now - then) < tgt) { $NF > maxtime {maxtime=$NF; maxline=$0};
>>
>> What do you want to do if ((now - then) < tgt) ?
>> Awk patterns can not nest (if that is what you meant).
>
> I want to get the maximum/minimum value of $NF and sum of $NF during a
> 5-minute window. I don't know AWK cannot nest.
>
> So how can we do this?
> 192.168.1.200 - - [06/Jul/2008:04:31:23 +0000] "GET /audio/10366899/
> profile-1215312947951.wav HTTP/1.0" 200 85982 256657
> 192.168.1.200 - - [08/Jul/2008:16:21:25 +0000] "GET /audio/10585860/
> profile-1215130066958.wav HTTP/1.0" 304 - 263
> 192.168.1.200 - - [08/Jul/2008:16:21:34 +0000] "GET /audio/10585860/
> profile-1215130066958.wav HTTP/1.0" 200 34526 129458
> 192.168.1.200 - - [08/Jul/2008:16:28:40 +0000] "GET /audio/10585860/
> message-1215534459424.wav HTTP/1.0" 200 33486 128780
> 192.168.1.200 - - [08/Jul/2008:16:30:30 +0000] "GET /audio/10694537/
> message-1215534569117.wav HTTP/1.0" 200 228606 386953
> 192.168.1.200 - - [08/Jul/2008:16:50:25 +0000] "GET /audio/10473072/
> message-1215526286270.wav HTTP/1.0" 200 127086 322931

Is this an example input?

>
> if $7 ~ "^/audio/[[:digit:]].*.wav" && $(NF-2) == 200; then
> if time is within the 5-minute window; then
> find the max/min $NF and their lines, and sum $NF and hits
> if time is not within the 5-minute window; then print the above;

How do you specify the 5-minute window? Can it be assumed that it's somehow
provided as input to the awk program, perhaps in the form of a starting
time?

If my assumptions are correct, try this:


awk -v s="16:28" 'BEGIN {hs=substr(s,1,2);ms=substr(s,4,2);ms+=5;if(ms>=60
{ms-=60;hs++;};e=sprintf("%02d",hs) ":" sprintf("%02d",ms);min=9999999}

($7 ~ /^\/audio\/[[:digit:]]+\/.*.wav$/)&&($(NF-2)=="200") {
t=substr($4,14,5)
if ((t>=s)&&(t<=e)) {
if ($NF>max) max=$NF;
if ($NF<min) min=$NF;
tot+=$NF;
}
}
END {print "Maximum:",max,"Minimum:",min,"Total:",tot}' file

With your sample data, the above program prints:

Maximum: 386953 Minimum: 128780 Total: 515733

--
All the commands are tested with bash and GNU tools, so they may use
nonstandard features. I try to mention when something is nonstandard (if
I'm aware of that), but I may miss something. Corrections are welcome.