awk 过滤掉 messages/rules 并显示合并消息的数量
awk filter out messages/rules and display number of merged messages
对于我工作的公司,我想过滤掉(实际上:2)日志文件中的某些消息。
这些消息仅供参考,在对 errors/faults 进行故障排除时并不是特别有用。
经过长时间的深思熟虑(我也发布了一个类似的问题,但是对于 Windows 它是 PS/BS(某种 "cow dung" ;))
我觉得AWK很适合这份工作,我已经制作了一个shell脚本。
但是,它不是 运行(预期)。
有人可以帮我 "filling in the blanks" 吗?
#!/bin/bash
## URL that could have been the answer (but not quite)
###To sort by what you WANT to see:
##e.g awk '/term to search/' dpkg.log
#if
# $var_show awk '/installed/' syslog/dpkg.log
# then
# printf('$var_show')
#fi
##Show what DONT want to see.
if
#$var_notshow awk /'what not to display'/ syslog/dpkg.log
$var_notshow awk /'Status Installed'/ dpkg.log
then
wc -1 > $var_notshow
#echo number of merged messages (of the same content): xxx merged messages #< is the amount
echo Messages of Status installed: $var_notshow were merged
fi
###!!Show the amount of rules (when the same rule/logged event) that were merged
## E.g. (multiple lines which state: "Status Installed: xxxxxxxxxxxxx" ) and display it as: "Messages of Status Installed: xxxx were merged. Totalling: # of messages (of Status Installed)" were merged.
### Finally, save it in a different file.
#Like: ?? how to do that?
所以,基本上我有两种方法可以做到这一点:过滤你想要的或你不想要的。可能 nicer/cleaner 开始过滤掉我不想要的消息。
是的,作为概念证明,我在测试机中使用了标准日志文件。
我可以将其转换为公司特定信息...
日志文件摘录:
11:56:31 status half-configured grep:amd64 3.1-2
11:56:32 status installed grep:amd64 3.1-2
11:56:32 configure debconf:all 1.5.66 <none>
11:56:32 status unpacked debconf:all 1.5.66
11:56:32 status unpacked debconf:all 1.5.66
11:56:32 status unpacked debconf:all 1.5.66
11:56:32 status half-configured debconf:all 1.5.66
11:56:32 status installed debconf:all 1.5.66
11:56:32 configure gzip:amd64 1.6-5ubuntu1 <none>
11:56:33 status half-configured util-linux:amd64 2.31.1-0.
11:56:34 status installed util-linux:amd64 2.31.1-0.4ubuntu3
11:56:34 configure libpam-modules-bin:amd64 1.1.8-3.6ubuntu2 <none>
11:56:34 status unpacked libpam-modules-bin:amd64 1.1.8-3.6ubuntu2
11:56:34 status half-configured libpam-modules-bin:amd64 1.1.8-3.6ubuntu2
11:56:34 status installed libpam-modules-bin:amd64 1.1.8-3.6ubuntu2
11:56:34 configure mount:amd64 2.31.1-0.4ubuntu3 <none>
11:56:34 status unpacked mount:amd64 2.31.1-0.4ubuntu3
11:56:34 status half-configured mount:amd64 2.31.1-0.4ubuntu3
11:56:34 status installed mount:amd64 2.31.1-0.4ubuntu3
11:56:34 configure procps:amd64 2:3.3.12-3ubuntu1 <none>
11:56:34 status unpacked procps:amd64 2:3.3.12-3ubuntu1
11:56:34 status unpacked procps:amd64 2:3.3.12-3ubuntu1
11:56:34 status unpacked procps:amd64 2:3.3.12-3ubuntu1
提前致谢:)
托马斯
显示所有有趣的行:
grep interesting file
显示除了不感兴趣的所有行:
grep -v "Status uninteresting" file
用 awk 计数:
awk '/uninteresting/{n++}END{print "uninteresting messages: "n}'
将命令输出重定向到新文件中:
grep interesting file | grep -v uninteresting > newFile
或附加到新文件:
grep interesting file | grep -v uninteresting >> newFile
一次做所有事情:
awk '/uninteresting/{u++;next}/interesting/{print}END{print "uninteresting lines: "u}'
this is interesting
uninteresting lines: 1
对于我工作的公司,我想过滤掉(实际上:2)日志文件中的某些消息。
这些消息仅供参考,在对 errors/faults 进行故障排除时并不是特别有用。
经过长时间的深思熟虑(我也发布了一个类似的问题,但是对于 Windows 它是 PS/BS(某种 "cow dung" ;))
我觉得AWK很适合这份工作,我已经制作了一个shell脚本。 但是,它不是 运行(预期)。 有人可以帮我 "filling in the blanks" 吗?
#!/bin/bash
## URL that could have been the answer (but not quite)
###To sort by what you WANT to see:
##e.g awk '/term to search/' dpkg.log
#if
# $var_show awk '/installed/' syslog/dpkg.log
# then
# printf('$var_show')
#fi
##Show what DONT want to see.
if
#$var_notshow awk /'what not to display'/ syslog/dpkg.log
$var_notshow awk /'Status Installed'/ dpkg.log
then
wc -1 > $var_notshow
#echo number of merged messages (of the same content): xxx merged messages #< is the amount
echo Messages of Status installed: $var_notshow were merged
fi
###!!Show the amount of rules (when the same rule/logged event) that were merged
## E.g. (multiple lines which state: "Status Installed: xxxxxxxxxxxxx" ) and display it as: "Messages of Status Installed: xxxx were merged. Totalling: # of messages (of Status Installed)" were merged.
### Finally, save it in a different file.
#Like: ?? how to do that?
所以,基本上我有两种方法可以做到这一点:过滤你想要的或你不想要的。可能 nicer/cleaner 开始过滤掉我不想要的消息。
是的,作为概念证明,我在测试机中使用了标准日志文件。 我可以将其转换为公司特定信息...
日志文件摘录:
11:56:31 status half-configured grep:amd64 3.1-2
11:56:32 status installed grep:amd64 3.1-2
11:56:32 configure debconf:all 1.5.66 <none>
11:56:32 status unpacked debconf:all 1.5.66
11:56:32 status unpacked debconf:all 1.5.66
11:56:32 status unpacked debconf:all 1.5.66
11:56:32 status half-configured debconf:all 1.5.66
11:56:32 status installed debconf:all 1.5.66
11:56:32 configure gzip:amd64 1.6-5ubuntu1 <none>
11:56:33 status half-configured util-linux:amd64 2.31.1-0.
11:56:34 status installed util-linux:amd64 2.31.1-0.4ubuntu3
11:56:34 configure libpam-modules-bin:amd64 1.1.8-3.6ubuntu2 <none>
11:56:34 status unpacked libpam-modules-bin:amd64 1.1.8-3.6ubuntu2
11:56:34 status half-configured libpam-modules-bin:amd64 1.1.8-3.6ubuntu2
11:56:34 status installed libpam-modules-bin:amd64 1.1.8-3.6ubuntu2
11:56:34 configure mount:amd64 2.31.1-0.4ubuntu3 <none>
11:56:34 status unpacked mount:amd64 2.31.1-0.4ubuntu3
11:56:34 status half-configured mount:amd64 2.31.1-0.4ubuntu3
11:56:34 status installed mount:amd64 2.31.1-0.4ubuntu3
11:56:34 configure procps:amd64 2:3.3.12-3ubuntu1 <none>
11:56:34 status unpacked procps:amd64 2:3.3.12-3ubuntu1
11:56:34 status unpacked procps:amd64 2:3.3.12-3ubuntu1
11:56:34 status unpacked procps:amd64 2:3.3.12-3ubuntu1
提前致谢:)
托马斯
显示所有有趣的行:
grep interesting file
显示除了不感兴趣的所有行:
grep -v "Status uninteresting" file
用 awk 计数:
awk '/uninteresting/{n++}END{print "uninteresting messages: "n}'
将命令输出重定向到新文件中:
grep interesting file | grep -v uninteresting > newFile
或附加到新文件:
grep interesting file | grep -v uninteresting >> newFile
一次做所有事情:
awk '/uninteresting/{u++;next}/interesting/{print}END{print "uninteresting lines: "u}'
this is interesting
uninteresting lines: 1