从tomcat访问日志获取最大和最小时间

时间:2012-05-15 14:20:18

标签: regex sed awk

我有tomcat访问日志,如下所示:

247.134.70.3 - - [07/May/2012:17:53:58 +0000] 93 "POST /maker/www/jsp/pulse/Service.ajax HTTP/1.1" 200 2 -  "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)"
247.134.70.3 - - [07/May/2012:17:53:58 +0000] 140 "POST /maker/www/jsp/pulse/Service.ajax HTTP/1.1" 200 2 - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)"
... 
...

日期时间戳之后的数字表示服务器端处理时间ms。我需要特定请求的最大和平均时间,例如“POST /maker/www/jsp/pulse/Service.ajax”十分钟。这可能是使用sed,awk还是我需要更多逻辑的东西,例如蟒?

感谢。

2 个答案:

答案 0 :(得分:2)

awk -F '[ "]' '{requests[$8 $9] += $6; count[$8 $9]++; if ($6 > max[$8 $9]) {max[$8 $9] = $6}} END {for (request in requests) {print requests[request], count[request], requests[request] / count[request], max[request], request}}' inputfile

分开划分:

awk -F '[ "]' '{
    requests[$8 $9] += $6; 
    count[$8 $9]++; 
    if ($6 > max[$8 $9]) {
        max[$8 $9] = $6
    }
} 
END {
    for (request in requests) {
        print requests[request], count[request], requests[request] / count[request], max[request], request
    }
}' inputfile

答案 1 :(得分:1)

awk -F '[][ ]' -v start="07/May/2012:17:50:00" -v stop="07/May/2012:18:00:00" '
    start <= $5 && $5 < stop {
        split($0, arr, /"/)
        req = arr[2]
        count[req] += 1
        total[req] += $8
        if ($8 > max[req]) max[req] = $8
    }
    END {
        for (req in count) {
            print req
            print "  num entries: " count[req]
            print "  avg time: " total[req]/count[req]
            print "  max time: " max[req]
        }
    }
' logfile

鉴于你的小样本,这输出:

POST /maker/www/jsp/pulse/Service.ajax HTTP/1.1
  num entries: 2
  avg time: 116.5
  max time: 140