I'm looking for a way to only look through the last 10 mins of a WebLogic log file that has line formatting like this.
####<Sep 21, 2018 1:56:20 PM EDT> <Notice> <Stdout>
I want to grep for a specific string and if it fails wait 60 seconds and try again. This would be for RHEL 7, and I'm open to using sed, awk, etc.
Since you're using RHEL 7 WebLogic is probably using systemd now. Which means you can take advantage of journalctl and the --since option.
From this article https://www.qualogy.com/techblog/oracle/introducing-weblogic-to-systemd# it looks like you'll use either wls_nodemanager or wls_adminserver or both. To view both use:
journalctl -u wls_nodemanager -u wls_adminserver --since "10min ago"
If you were to relax the requirement of the last 10 minutes, and use GNU coreutils and grep, this is pretty easy:
tail -f -s 60 -n +0 file.txt | grep -m 1 pattern
Tail the entire file by starting on line zero (-n +0), poll it every -s seconds, and grep stops after -m matches.
For a one-off interactive search, I wouldn't bother date parsing, and would at first manually change the starting line with the tail -n. Date parsing could be by writing a script in your favorite script language with a decent module for that (Python, Perl).
Finally, if you want a search engine for your logs, look to implment event management systems like Graylog, ELK, Splunk, Log Insight, LogRhythm etc.
