ARSDOC QUERY against the System Log Failing

[JJeffrey]

I have a request to dump about 30 days worth of 65 messages for a particular user id from the system log but I'm having a difficult time getting the query to run.

The query below runs fine BUT I get ALL the syslog entries, which on the production server would be MASSIVE.
[-f "System Log"] [-i "WHERE userid='ODUSER3' and msg_num='65'''] [-S 04/08/13 00:00:01,05/09/13 00:00:01] [-d /tmp][-o arssyslog.txt]

If I run the query like this

[-f "System Log"] [-i "WHERE userid='ODUSER3' and msg_num='65' and time_stamp between '04/08/13 00:00:01' and '05/09/13 00:00:01'"] [-S 04/08/13 00:00:01,05/09/13 00:00:01] [-d /tmp][-o arssyslog.txt

I get the following message in the log:
DB Error: [IBM][CLI Driver][DB2/LINUXX8664] SQL0420N  Invalid character found in a character string argument of the function "DECFLOAT".  SQLSTATE=22018  -- SQLSTATE=22018, SQLCODE=-420, File=arsdoc.c, Line=2617

Looking for some guidance here.

CMOD version 8.5.0.6
DB2 9.7
Platform Red Hat Linux

[Justin Derrick]

When using the 'where' clause, you need to use the internal date format, which, for the System Log, is measures in seconds from January 1st 1970.  You can use arsdate to convert from your date format into the 'number of seconds' format.

[Mike]

This is an example command from one of the system log scripts I use:

/usr/lpp/ars/bin/arsdoc query -h <servername> -u <username> -p <password> -v -o <output file location> -i "WHERE TIME_STAMP BETWEEN <start time> AND <end time> AND MSG_TEXT LIKE '%XYZ%' AND MSG_NUM = 65" -f 'System Log' -G 'System Log' -S '12/30/12,1/25/14'

So for your example, you'd want to use these arsdate values instead of the ones you have listed:

> /usr/lpp/ars/bin/arsdate -z "04/08/13 00:00:01"
04/08/13 00:00:01       ->      1365397201

> /usr/lpp/ars/bin/arsdate -z "05/09/13 00:00:01"
05/09/13 00:00:01       ->      1368075601

Hope that helps.