awk 日期到日志文件中的纪元并打印其他列
awk date to epoch in log file and print other columns also
我有一个日志文件,我需要在其中输出日期和一些状态代码。我也在用 ||作为分隔符并从数据中删除不需要的符号。这是它的样子:
cat logfile.log | awk 'BEGIN { FS = "\|\|" } { gsub("/","-") sub(":", " ") gsub("\[", "") gsub("\+0000]", "")}; { print }' | uniq -c
这输出:
22 25-Jan-2016 01:53:52 85.10.210.199
1 25-Jan-2016 01:53:52 66.249.93.77
18 25-Jan-2016 01:53:52 85.10.210.199
1 25-Jan-2016 01:53:52 88.232.191.231
在此之后我需要将时间转换为纪元并仍然打印列 $1 和 $3
我想达到:
22 1453686832 85.10.210.199
1 1453686832 66.249.93.77
18 1453686832 85.10.210.199
1 1453686832 88.232.191.231
我可以将日期转换为纪元,但我丢失了其他列。我怎样才能让它们也随着时间的推移而变化?
这是我的原始日志文件:
[] || || || || [] || http || 40080 || 176.237.167.102 || [] || [-] || [0.072] || 176.237.167.102 || - || - || [25/Jan/2016:06:30:26 +0000] || "POST /checknewmsg HTTP/1.1" || 200 || 265 || 895 || "http://google.com/post” || "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36" || "-" || [TR]
由于您有点不愿意在您的问题中提供请求的信息,如果这就是您正在寻找的信息,请使用 GNU awk for mktime():
$ cat tst.awk
BEGIN { FS="\s*[|][|]\s*" }
{
split(,a,/[][\/: ]/)
a[3] = (match("JanFebMarAprMayJunJulAugSepOctNovDec",a[3])+2)/3
secs = mktime(a[4]" "a[3]" "a[2]" "a[5]" "a[6]" "a[7])
cnt[secs OFS ]++
}
END {
for (key in cnt) {
print cnt[key], key
}
}
$ cat file
[] || || || || [] || http || 40080 || 176.237.167.102 || [] || [-] || [0.072] || 176.237.167.102 || - || - || [25/Jan/2016:06:30:26 +0000] || "POST /checknewmsg HTTP/1.1" || 200 || 265 || 895 || "http://google.com/post” || "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36" || "-" || [TR]
$ awk -f tst.awk file
1 1453725026 176.237.167.102
我有一个日志文件,我需要在其中输出日期和一些状态代码。我也在用 ||作为分隔符并从数据中删除不需要的符号。这是它的样子:
cat logfile.log | awk 'BEGIN { FS = "\|\|" } { gsub("/","-") sub(":", " ") gsub("\[", "") gsub("\+0000]", "")}; { print }' | uniq -c
这输出:
22 25-Jan-2016 01:53:52 85.10.210.199
1 25-Jan-2016 01:53:52 66.249.93.77
18 25-Jan-2016 01:53:52 85.10.210.199
1 25-Jan-2016 01:53:52 88.232.191.231
在此之后我需要将时间转换为纪元并仍然打印列 $1 和 $3
我想达到:
22 1453686832 85.10.210.199
1 1453686832 66.249.93.77
18 1453686832 85.10.210.199
1 1453686832 88.232.191.231
我可以将日期转换为纪元,但我丢失了其他列。我怎样才能让它们也随着时间的推移而变化?
这是我的原始日志文件:
[] || || || || [] || http || 40080 || 176.237.167.102 || [] || [-] || [0.072] || 176.237.167.102 || - || - || [25/Jan/2016:06:30:26 +0000] || "POST /checknewmsg HTTP/1.1" || 200 || 265 || 895 || "http://google.com/post” || "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36" || "-" || [TR]
由于您有点不愿意在您的问题中提供请求的信息,如果这就是您正在寻找的信息,请使用 GNU awk for mktime():
$ cat tst.awk
BEGIN { FS="\s*[|][|]\s*" }
{
split(,a,/[][\/: ]/)
a[3] = (match("JanFebMarAprMayJunJulAugSepOctNovDec",a[3])+2)/3
secs = mktime(a[4]" "a[3]" "a[2]" "a[5]" "a[6]" "a[7])
cnt[secs OFS ]++
}
END {
for (key in cnt) {
print cnt[key], key
}
}
$ cat file
[] || || || || [] || http || 40080 || 176.237.167.102 || [] || [-] || [0.072] || 176.237.167.102 || - || - || [25/Jan/2016:06:30:26 +0000] || "POST /checknewmsg HTTP/1.1" || 200 || 265 || 895 || "http://google.com/post” || "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36" || "-" || [TR]
$ awk -f tst.awk file
1 1453725026 176.237.167.102