uniq 先跳过 N characters/fields
uniq skip first N characters/fields
这是我的日志文件的内容
{"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:36","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:37","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:38","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
使用 bash,我想 grep 唯一行并将结果放入文本文件中。我想在检查唯一性时跳过时间戳字段,因为如您所见,除了时间戳之外,这四行是相同的。这是我目前所拥有的:
sudo grep "alert" /home/tsec/prototype/logs/elasticpot.log | uniq | tail -n 10 > /home/tsec/prototype/logs/extractedlogs/elasticpotresult.log
所以 csv 文件中的输出应该是:
{"timestamp":"2016-04-20T12:24:38","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
我必须将 unique 与 -f 标志一起使用,但不确定如何使用。感谢您的帮助!
sort -u -t, -k2,8 elasticpot.log
-u → 对于唯一
-t, → 逗号是分隔符
-k2,8 → key fields are 2 to 8 (Or -k2 → key fields are from 2 to end)
测试结果:
{"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
这是我的日志文件的内容
{"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:36","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:37","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:38","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
使用 bash,我想 grep 唯一行并将结果放入文本文件中。我想在检查唯一性时跳过时间戳字段,因为如您所见,除了时间戳之外,这四行是相同的。这是我目前所拥有的:
sudo grep "alert" /home/tsec/prototype/logs/elasticpot.log | uniq | tail -n 10 > /home/tsec/prototype/logs/extractedlogs/elasticpotresult.log
所以 csv 文件中的输出应该是:
{"timestamp":"2016-04-20T12:24:38","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
我必须将 unique 与 -f 标志一起使用,但不确定如何使用。感谢您的帮助!
sort -u -t, -k2,8 elasticpot.log
-u→ 对于唯一-t,→ 逗号是分隔符-k2,8→ key fields are 2 to 8 (Or-k2→ key fields are from 2 to end)
测试结果:
{"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$