Can I extract the full command line from an atop 1.23 data file?

Edit. After checking the man page, looks like you can get the full command line with:

atop -r /var/log/atop.log -P PRG

Some general approach to extract data from compressed files:

I can extract data from the atop log files with:

xxd -p < /var/log/atop.log |
  fold -w4 |
  awk -v cmd='xxd -r -p | zlib-flate -uncompress | strings' '
    /789c/{if (x) close(cmd); x=1}; x {print | cmd}' |
  grep your-command

The idea being to detect the zlib header (starting with 789c) and pass that to zlib-flate -uncompress. Not guaranteed bulletproof and not the most efficient way to do it, but does the trick for me.

Alternatives to zlip-flate -uncompress (part of qpdf) include openssl zlib -d and pigz -zd.

In a newer version there is an interactive command - c that shows the command line of the process with their arguments.

To do this you would find the location of your atop logs (eg. /var/log/atop/atop_20191209) and supply that to atop using the -r switch like so: atop -r /var/log/atop/atop_20191209 then press t to advance the time. To rewind the time you can press Shift+t.