解析unix日志文件

时间:2013-10-03 18:49:20

标签: perl unix sed awk

我正在尝试逐行读取特定字符串及其值的日志文件。

例如,我有一个如下所示的日志文件:

 ####<Sep 26, 2013 12:05:22 AM MDT> <Error> <comApp> <ap001> <Server12> <[ACTIVE]      ExecuteThread: '55' for queue:    'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <>    <>    <1380175522589> <000000> <<ERROR>Exception ID: 971 -  Rate with    ResParameters-> MAT: SJC GHT: FJC PUD: Fri Sep 27 09:00:00 MDT 2013>     
 ####<Sep 26, 2013 12:05:22 AM MDT> <Error> <comApp> <ap001> <Server12> <[ACTIVE] ExecuteThread: '55' for queue:    'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>    <1380175522593> <000000> <<ERROR>Exception ID: 971 -  Rate with    ResParameters-> MAT: SJC GHT: FJC PUD: Fri Sep 27 09:00:00 MDT 2013>     
 ####<Sep 26, 2013 12:05:22 AM MDT> <> <Error> <comApp> <ap001> <Server12> <[ACTIVE] ExecuteThread: '55' for queue:    'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>    <1380175522597> <000000> <<ERROR>Exception ID: 971 -  Rate with    ResParameters-> MAT: SJC GHT: FJC PUD: Fri Sep 27 09:00:00 MDT 2013>

我需要从已定义的字符串MAT:,GHT:,PUD:

中读取值

我想要的输出是:

SJC , FJC, Fri Sep 27 09:00:00 MDT 2013
DJA , SJC, Fri Sep 27 09:00:00 MDT 2013
FJC , KJC, Fri Sep 27 09:00:00 MDT 2013
JJC , SJC, Fri Sep 27 09:00:00 MDT 2013

3 个答案:

答案 0 :(得分:1)

使用sed

sed -r 's/.*MAT:\s*(\w+)\s+GHT:\s*(\w+)\s+PUD:\s*(.+)\s*>/\1, \2, \3/g' infile > outfile

可以在perl

中使用相同的搜索和替换 
perl -pe 's/.*MAT:\s*(\w+)\s+GHT:\s*(\w+)\s+PUD:\s*(.+)\s*>/\1, \2, \3/g' infile > outfile

测试您的样本数据:

$ cat infile 
 ####<Sep 26, 2013 12:05:22 AM MDT>  <<anonymous>> <>  MAT: SJC GHT: FJC PUD: Fri Sep 27 09:00:00 MDT 2013 > 
 ####<Sep 26, 2013 12:05:22 AM MDT>  <<anonymous>> <>  MAT: DJA GHT: SJC PUD: Fri Sep 27 09:00:00 MDT 2013 >
 ####<Sep 26, 2013 12:05:22 AM MDT>  <<anonymous>> <>  MAT: FJC GHT: KJC PUD: Fri Sep 27 09:00:00 MDT 2013 >
 ####<Sep 26, 2013 12:05:22 AM MDT>  <<anonymous>> <>  MAT: JJC GHT: SJC PUD: Fri Sep 27 09:00:00 MDT 2013 >

$ cat outfile 
SJC, FJC, Fri Sep 27 09:00:00 MDT 2013 
DJA, SJC, Fri Sep 27 09:00:00 MDT 2013
FJC, KJC, Fri Sep 27 09:00:00 MDT 2013
JJC, SJC, Fri Sep 27 09:00:00 MDT 2013

答案 1 :(得分:1)

因为你标记了Perl 

perl -ne 'if($_=~/MAT: (\S+) GHT: (\S+) PUD: (\S+ \S+ \d+ \d\d:\d\d:\d\d \S+ \d\d\d\d)/){ print "$1,$2,$3\n" ;}' test.txt

答案 2 :(得分:0)

perl -F'\W*(?:MAT|GHT|PUD):\W*' -lane'shift@F; s|>\s*$||for@F; print join", ",@F' file

输出

SJC, FJC, Fri Sep 27 09:00:00 MDT 2013
SJC, FJC, Fri Sep 27 09:00:00 MDT 2013
SJC, FJC, Fri Sep 27 09:00:00 MDT 2013
相关问题
最新问题