Grep inside all files created within date range

Asked
Active3 hr before
Viewed126 times

7 Answers

filesinside
90%

find doesn't seem to have options where you can specify specific dates for timestamp comparison (at least the version on my laptop doesn't - there may be other versions and/or other tools that perform similarly), so you'll have to use the number of days. So, as of 2012/06/05, you want to find files newer than 9 days but older than 6 days:, 1 Can someone please explain how specifying -mtime twice is used to specify a range? Specifically, why a negative number for the first occurence, and a positive number for the second? Either I don't understand it, or it's not working on Ubuntu 14.04.3 LTS. It's not discussed in the man page that I'm seeing. – battey Aug 19 '16 at 16:40 , Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers ,This is a little different from Banthar's solution, but it will work with versions of find that don't support -newermt and it shows how to use the xargs command, which is a very useful tool.

You can use the find command to locate files "of a certain age". This will find all files modified between 5 and 10 days ago:

 find / directory - type f - mtime - 10 - mtime + 5

To then search those files for a string:

 find / directory - type f - mtime - 10 - mtime + 5 - print0 |
    xargs - 0 grep - l expression

When you provide multiple expressions to find, they are ANDed together. E.g., if you ask for:

find. - name foo - size + 10 k

...find will only return files that are both (a) named foo and (b) larger than 10 kbytes. Similarly, if you specify:

find. - mtime - 10 - mtime + 5

For example, on my system it is currently:

$ date
Fri Aug 19 12: 55: 21 EDT 2016

I have the following files:

$ ls - l
total 0
   -
   rw - rw - r--.1 lars lars 0 Aug 15 00: 00 file1 -
   rw - rw - r--.1 lars lars 0 Aug 10 00: 00 file2 -
   rw - rw - r--.1 lars lars 0 Aug 5 00: 00 file3

If I ask for "files modified more than 5 days ago (-mtime +5) I get:

$ find. - mtime + 5
   . / file3
   . / file2

But if I ask for "files modified more than 5 days ago but less than 10 days ago" (-mtime +5 -mtime -10), I get:

$ find. - mtime + 5 - mtime - 10
   . / file2
load more v
88%

I need to look for files in a RANGE of times on a specific date. Say between 11:20pm and 11:30pm on 3rd November. – Steve Dec 1 '13 at 2:42 ,find -ctime +5 → more than 5 days ago, changes on file itself,find -atime -30 → last accessed less than 30 days ago ,and so on, get each result and grep each file individually for the specific keyword I'm looking for, but I'd like to be able to do a wider search for all files created within a time range and then grep each of them for the keyword.

Some of the fine things find (on GNU/Linux) can do for you:

find
load more v
72%

One disadvantage of -ctime is you have to calculate the number of days since the file was created, but you can figure that out by running,We need to list a file that contains a particular string and which is created on a particular date. We can execute the below command for this,,The above command will list the files created on Oct 6 and which contain the string 'test'. Refer to the below screenshot,,Please be sure to answer the question. Provide details and share your research!

One way to approach this is to set up timestamp files to bracket the dates you're looking for:

touch - t 201902210000 / tmp / start - time
touch - t 201902212359.59 / tmp / end - time

... and then ask find for files that are newer than the start-time but not newer than the end-time:

find. - type f - newer / tmp / start - time!-newer / tmp / end - time

Putting it all together:

touch - t 201902210000 / tmp / start - time
touch - t 201902212359.59 / tmp / end - time
find. - type f - newer / tmp / start - time!-newer / tmp / end - time - name '*.xml' - exec grep JMS111 / dev / null {} +
   rm / tmp / start - time / tmp / end - time
load more v
65%

This could be done all in an awk command but the steps may make it easier to follow. Within awk the NR variable is the current line number, and since no action was specified after the pattern (NR>=1234 && NR<=5678) the default action is to print the lines that in that range.,All the other current answers rely on the fact that the log file entries are sorted chronologically or the fact that the date range can be matched easily with regular expressions. If you want a more generic solution, we need to do some more programming.,which will print all lines from the first line with 2016-07-13 up to and including the first line with 2016-07-19. But that assumes you have only one line with 2016-07-19 (it will not print the next line). If there are multiple lines use the next date instead and use d to delete the output from it,You could do it in steps. Find the number of the first line matching your starting pattern. Find the number of the last line matching your ending pattern. Then extract the test between these two lines. This can be done as follows.

With grep if you know the number of lines you want you can use context option -A to print lines after the pattern

grep - A 3 2016 - 07 - 13 file

with sed you can use the dates to delimit like this

sed - n '/2016-07-13/,/2016-07-19/p'
file

which will print all lines from the first line with 2016-07-13 up to and including the first line with 2016-07-19. But that assumes you have only one line with 2016-07-19 (it will not print the next line). If there are multiple lines use the next date instead and use d to delete the output from it

sed - n '/2016-07-13/,/2016-07-20/{/2016-07-20/d; p}'
file
load more v
75%

If you need a specific date range many days ago, than consider using the find command. In this example find files modified between Jan/1/2007 and Jan/1/2008, in /data/images directory:,Gnu find as various command line option to list files by a modification and access date/time stamp. ,It was very useful, thank you very much. Be careful when you remove files with the files that contain spaces and special characters.,Linux / Unix: Find Files Modified On Specific Date

ls - l
ls - lt
ls - ltu
ls - lt / etc / | more
load more v
40%

You can use the find to search for files of a certain age. This will find all files modified between 5 and 10 days ago:,To then search for these files for a string:,If I ask for "files modified more than 5 days ago ( -mtime +5 ), I get:,But if I ask for "files modified more than 5 days ago but less than 10 days ago" ( -mtime +5 -mtime -10 ), I get:

You can use the find to search for files of a certain age. This will find all files modified between 5 and 10 days ago:

  find / directory - type f - mtime - 10 - mtime + 5

To then search for these files for a string:

  find / directory - type f - mtime - 10 - mtime + 5 - print0 | xargs - 0 grep - l expression

When you provide multiple expressions in find , they are combined together. For example, if you request:

 find. - name foo - size + 10 k

... find will only return files that are both (a) named foo and (b) greater than 10 kilobytes. Similarly, if you specify:

 find. - mtime - 10 - mtime + 5

For example, on my system currently:

 $ date Fri Aug 19 12: 55: 21 EDT 2016

I have the following files:

 $ ls - l total 0 - rw - rw - r--.1 lars lars 0 Aug 15 00: 00 file1 - rw - rw - r--.1 lars lars 0 Aug 10 00: 00 file2 - rw - rw - r--.1 lars lars 0 Aug 5 00: 00 file3

If I ask for "files modified more than 5 days ago ( -mtime +5 ), I get:

 $ find. - mtime + 5. / file3. / file2

But if I ask for "files modified more than 5 days ago but less than 10 days ago" ( -mtime +5 -mtime -10 ), I get:

 $ find. - mtime + 5 - mtime - 10. / file2
load more v
22%

cd /
   var / spool / processes - snapshot

ls - lrct |
   while read LINE
do

   awk - v min = 2000 - v max = 2359 '
NR == 1 {
   split($4, a, ":");
   h = a[1] a[2];
   y = $2 FS $3 FS a[1]
   ":"
   a[2]
}
/^Uid: / {
   if (h >= min && h <= max) print FILENAME, $0, y
}
' $LINE
done

Other "files-inside" queries related to "Grep inside all files created within date range"