Logparser计数组件

时间:2013-04-17 15:24:15

标签: parsing logparser

我有一个日常日志文件,它从PLC中转储出来并且示例文本是(它没有标题,只是原始数据):

5/29/2009 3:05:33 PM: PLC Requested Hand Scan
5/29/2009 3:05:40 PM: HH Label Data Retrieved: 078797312
5/29/2009 3:05:40 PM: PLC Requested Scale Weight
5/29/2009 3:05:40 PM: Scale Data Retrieved:    56.0
5/29/2009 3:05:40 PM: ProcessMOSData Loop: 1
5/29/2009 3:05:40 PM: About to read
5/29/2009 3:05:40 PM: Read: False
5/29/2009 3:05:40 PM: ProcessMOSData Loop: 2
5/29/2009 3:05:40 PM: About to read
5/29/2009 3:05:40 PM: Read: True
5/29/2009 3:05:40 PM: Found Bin02
5/29/2009 3:05:40 PM: ProcessMOSData Loop: 3
5/29/2009 3:05:40 PM: About to read
5/29/2009 3:05:40 PM: Read: False
5/29/2009 3:05:40 PM: ProcessMOSData Loop: 4
5/29/2009 3:05:40 PM: About to read
5/29/2009 3:05:40 PM: Read: False
5/29/2009 3:05:40 PM: ProcessMOSData Loop: 5
5/29/2009 3:05:40 PM: About to read
5/29/2009 3:05:41 PM: Read: False
5/29/2009 3:05:41 PM: ProcessMOSData Loop: 6
5/29/2009 3:05:41 PM: About to read
5/29/2009 3:05:41 PM: Read: False
5/29/2009 3:05:41 PM: ProcessMOSData Loop: 7
5/29/2009 3:05:41 PM: About to read
5/29/2009 3:05:41 PM: Read: False
5/29/2009 3:05:41 PM: ProcessMOSData Loop: 8
5/29/2009 3:05:41 PM: About to read
5/29/2009 3:05:41 PM: Read: False
5/29/2009 3:05:41 PM: ProcessMOSData Loop: 9
5/29/2009 3:05:41 PM: About to read
5/29/2009 3:05:41 PM: Read: False
5/29/2009 3:05:41 PM: Got all data
5/29/2009 3:05:41 PM: Wrote good label ack

我有15个“关键短语”,我想算一算。我有1150个文本文件,我可能会将它们组合成一个大文本文件,然后在初始读取后将它读取并转储到新表中。它可以输出到csv或sql,并不重要。最后一部分将只是监控过程变化的改进如何提高该领域的效率。

例如,其中一个关键短语是“PLC Requested Hand Scan”,因此在样本中它将具有5/29/2009 1次。我认为顶部的标题是关键短语,左侧的标题是不同的日期。看起来这可能是logparser可以做的事情,但如果没有标题,每行只是一个长字符串,我不知道如何开始。

1 个答案:

答案 0 :(得分:0)

是的,您可以使用LogParser解决此问题。 为了获得正确的查询,可以轻松安装LogParser Lizard,它是一个简单而免费的工具,可以在编码之前在Logparser上测试您的查询。

将Logparser输入设置为TEXTLINE输入格式。

在FROM子句中,您可以根据需要连接任意数量的文件,如下所示 FROM'filename','filename2','filename3'等等(都必须具有相同的结构)

这是一个logparser查询,可以帮助您启动

SELECT extract_token(Text,0,' ') AS Date,
       strcat(extract_token(extract_token(Text,1,' '),0,'PM: '),' PM') AS Time,
       extract_token(Text,1,'PM: ') AS MSG
FROM 'F:\test.txt'

此外,您可以通过msg进行分组

SELECT extract_token(Text,1,'PM: ') AS MSG
FROM 'F:\test.txt'
GROUP BY MSG
相关问题
最新问题