Problems extracting time-specific records

[Carter Bullard]

Hey Andrew,
   Well, it doesn't seem to be a time argument parsing
problem, since 01/07 and 01/07-01/08 returned the same
results.

   Is there any chance that you could share argus.log.1 & 2
for debugging purposes?  If there is a problem, this could
be a good use of ranonymize().

Carter



> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu 
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of 
> Andrew Pollock
> Sent: Tuesday, January 07, 2003 6:07 PM
> To: Carter Bullard
> Cc: argus-info at lists.andrew.cmu.edu
> Subject: Re: Problems extracting time-specific records
> 
> 
> On Tue, Jan 07, 2003 at 08:40:12AM -0500, Carter Bullard wrote:
> > Hey Andrew,
> >    Well it definitely seems that its not returning
> > what you expect it to.  One way to test is to see what
> > an explicit range for the whole day would return.
> > 
> >    ra -w - -r argus.log.1 -t 01/06-01/07 | racount
> > 
> > If we get a discrepancy, then we may have a bug.
> 
> Houston, we've got a problem...
> 
> ra -r argus.log.1 argus.log.2 -w 2003-01-07 -t 01/07
> ra -r argus.log.1 -F /tmp/ra.conf | grep "07-01-03" | wc -l
> 1991324
> ra -r argus.log.2 -F /tmp/ra.conf | grep "07-01-03" | wc -l
> 349732
> racount -r 2003-01-07
> racount    records       
>     sum     350320       
> ra -r argus.log.1 argus.log.2 -w - -t 01/07-01/08 | racount
> racount    records       
>     sum     350320       
> 
> You can see that it's only selecting a handful of records 
> from argus.log.2 
> for some reason, which is going to mean that my logs don't 
> contain a full 
> 24 hours worth of traffic and I'm undercharging my clients. 
> Better than 
> overcharging I guess.
> 
> Andrew
>