我有以下数据,按列IP,PORT和Bytes。我想根据类似IP和Port的总字节数。那么Port和IP's的总字节数是相同的,然后最终排序基于bytes和ports,所以最后我可以得到前10个谈话者port按bytes排序。
因此,对于端口80的顶级谈话者,下面的数据将是:
174.143.121.217 80 30722
109.108.151.126 80 25083
然后,5989端口的最高谈话者将是:
192.168.23.20 5989 26601
文件:
208.76.128.67 443 2975
204.154.110.99 80 1713
130.117.119.220 80 845
192.168.23.20 5989 26601
23.15.8.35 80 33944
64.69.6.116 443 5936
208.76.128.67 443 2309
66.129.120.117 80 1514
208.76.128.67 443 4143
109.108.151.126 80 3589
109.108.151.126 80 21494
174.143.121.217 80 30722
173.45.233.170 80 2218
66.235.155.28 80 4367
64.94.107.50 80 1236
76.13.114.90 80 534
答案 0 :(得分:1)
使用awk,sort和column -t表示一个很好的表格格式化输出:
awk '{a[$1" "$2]=a[$1" "$2]+$3}END{for(k in a) print k,a[k]}' file |
> sort -nk2 -rnk3 |
> column -t
192.168.23.20 5989 26601
208.76.128.67 443 9427
64.69.6.116 443 5936
23.15.8.35 80 33944
174.143.121.217 80 30722
109.108.151.126 80 25083
66.235.155.28 80 4367
173.45.233.170 80 2218
204.154.110.99 80 1713
66.129.120.117 80 1514
64.94.107.50 80 1236
130.117.119.220 80 845
76.13.114.90 80 534
修改:
要限制每个端口的前10个,您可以管道到awk 'c[$2]++<10'。演示(限制为前4名):
$ awk '{a[$1" "$2]=a[$1" "$2]+$3}END{for(k in a) print k,a[k]}' file |
> sort -nk2 -rnk3 |
> column -t |
> awk 'c[$2]++<4'
192.168.23.20 5989 26601
208.76.128.67 443 9427
64.69.6.116 443 5936
23.15.8.35 80 33944
174.143.121.217 80 30722
109.108.151.126 80 25083
66.235.155.28 80 4367