Last active
August 29, 2016 14:18
-
-
Save hortonew/46d32c1f7f93293a0bb7ebd1ab018ebb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Author: Erik Horton | |
| # usage1: ./GetSplunkFrozenDates.sh /path/to/frozen/directory/with/buckets/ | |
| # usage2: ./GetSplunkFrozenDates.sh /path/to/frozen/directory/with/buckets/ 2016-08-04 | |
| # output: db_bucket_name <start date> <end date> | |
| # | |
| # Use Case: Output date range for all Splunk buckets in a directory. Can specify a date, and it'll only output buckets that contain that date. | |
| FILES="$1"* | |
| DATE="$2" | |
| DATE_EPOCH=$(date --date="$DATE" "+%s") | |
| if [ ! -z "$DATE" ]; then echo "Date inside buckets: "$DATE; fi; | |
| for file in $FILES | |
| do | |
| # Extract start/end date of bucket and format into human readable time | |
| fn=${file##*/} | |
| start=$(echo $fn | awk -F_ '{ print $3 }') | |
| end=$(echo $fn | awk -F_ '{ print $2 }') | |
| entry=$(echo $fn | awk -F_ '{ printf "%s: %s - %s\n", $0, strftime("%F %T", $3), strftime("%F %T", $2)}') | |
| # If DATE is set via second parameter | |
| if [ ! -z "$DATE" ]; then | |
| # If the date falls in the range of the bucket | |
| if [ $start -le $DATE_EPOCH ] && [ $end -ge $DATE_EPOCH ]; then | |
| echo $entry | |
| fi | |
| else | |
| echo $entry | |
| fi | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment