在awk中应用多个正则表达式

时间:2012-10-24 13:58:11

标签: linux awk

我有一个大日志文件。我必须逐个应用多个正则表达式,在打印每个正则表达式的输出之前我需要打印一些文本。

例如。

应用正则表达式后,我应该得到这样的输出:

Text 1

Output of first regex
....


Text 2 

Output of second regex
....

Text 3

Output of third regex
....

其中Text 1,Text 2和Text 3是我插入的文本。我们可以使用AWK实现这一目标。

修改

我正在添加部分示例日志文件。

[1351059075] SERVICE ALERT: server1:Email;CRITICAL;HARD;3;Connection refused
[1351059898] SERVICE ALERT: server1:Email;CRITICAL;HARD;3;Connection refused
[1351073883] SERVICE ALERT: server2:History ;CRITICAL;HARD;3;HTTP CRITICAL 
[1351073886] SERVICE ALERT: server2:History ;CRITICAL;HARD;3;HTTP CRITICAL
[1351088949] SERVICE ALERT: server3:PSU ;CRITICAL;HARD;3;Connection refused

现在我要将所有EmailHistoryPSU分开,以便我的输出看起来像这样:

Email:

[1351059075] SERVICE ALERT: server1:Email;CRITICAL;HARD;3;Connection refused
[1351059898] SERVICE ALERT: server1:Email;CRITICAL;HARD;3;Connection refused

History:

[1351073883] SERVICE ALERT: server2:History ;CRITICAL;HARD;3;HTTP CRITICAL 
[1351073886] SERVICE ALERT: server2:History ;CRITICAL;HARD;3;HTTP CRITICAL

PSU:

[1351088949] SERVICE ALERT: server3:PSU ;CRITICAL;HARD;3;Connection refused 

我写了一个简单的awk脚本:

awk 'BEGIN {print "Email:\n\n"} /SERVICE ALERT: .*Email.*CRITICAL;HARD/ {print $0}' logfilename

我不知道如何在同一个awk脚本中包含多个正则表达式,以便以所需的方式进行打印。

2 个答案:

答案 0 :(得分:3)

你要求做的是微不足道的(只需添加更多/ RE / {action}行),但你首先使用RE的方法是错误的。您需要做的就是:

$ cat file
[1351059075] SERVICE ALERT: server1:Email;CRITICAL;HARD;3;Connection refused
[1351059898] SERVICE ALERT: server1:Email;CRITICAL;HARD;3;Connection refused
[1351073883] SERVICE ALERT: server2:History ;CRITICAL;HARD;3;HTTP CRITICAL
[1351073886] SERVICE ALERT: server2:History ;CRITICAL;HARD;3;HTTP CRITICAL
[1351088949] SERVICE ALERT: server3:PSU ;CRITICAL;HARD;3;Connection refused

$ cat tst.awk
BEGIN{ FS = "[:;]" }
{ out[$3] = out[$3] $0 ORS }
END { for (type in out) print type ORS out[type] }

$ awk -f tst.awk file
Email
[1351059075] SERVICE ALERT: server1:Email;CRITICAL;HARD;3;Connection refused
[1351059898] SERVICE ALERT: server1:Email;CRITICAL;HARD;3;Connection refused

PSU
[1351088949] SERVICE ALERT: server3:PSU ;CRITICAL;HARD;3;Connection refused

History
[1351073883] SERVICE ALERT: server2:History ;CRITICAL;HARD;3;HTTP CRITICAL
[1351073886] SERVICE ALERT: server2:History ;CRITICAL;HARD;3;HTTP CRITICAL

答案 1 :(得分:1)

尝试以下命令(在varios行中是一行分割):

awk '
    BEGIN { 
        FS = "[:;]"; 
    } 
    {
        if ( $3 in keys ) {
            printf "%s\n", $0;
        }
        else {
            printf "%s%s:\n\n%s\n", (length( keys ) > 0) ? "\n" : "", $3, $0;
        }

        keys[ $3 ] = 1;
    }
' infile

产量:

Email:

[1351059075] SERVICE ALERT: server1:Email;CRITICAL;HARD;3;Connection refused
[1351059898] SERVICE ALERT: server1:Email;CRITICAL;HARD;3;Connection refused

History :

[1351073883] SERVICE ALERT: server2:History ;CRITICAL;HARD;3;HTTP CRITICAL 
[1351073886] SERVICE ALERT: server2:History ;CRITICAL;HARD;3;HTTP CRITICAL

PSU :

[1351088949] SERVICE ALERT: server3:PSU ;CRITICAL;HARD;3;Connection refused