我的日志有以下格式的错误:
2014-01-30 16:15:04:720 GMT [commandHandler-thread-3] ERROR com.example.Main 123-1234567-1234567 - Something bad happened.
java.lang.RuntimeException: Something bad happened.
at ...
Caused by: java.lang.RuntimeException: ...
at ...
at ...
... 13 more
Caused by: java.lang.RuntimeException: org.hibernate.exception.ConstraintViolationException: Could not execute JDBC batch update
at ...
at ...
... 18 more
Caused by: org.hibernate.exception.ConstraintViolationException: Could not execute JDBC batch update
at ...
at ...
... 19 more
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry '123-1234567-1234567-2014-01-31 06:52:11' for key 'PRIMARY'
at ...
at ...
... 32 more
2014-01-31 06:58:02:933 GMT ...
我想用grep,awk,sed等解析它并生成这样的东西:
<filename> 123-1234567-1234567 - Something bad happened: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry '123-1234567-1234567-2014-01-31 06:52:11' for key 'PRIMARY'
所以基本上,我想过滤所有ERROR行和该组中最后一个'由'引起的行(组由log4j日期分隔)。如果没有“由...引起”,我可以简单地使用
<filename> 123-1234567-1234567 - Something bad happened:
grep "commandHandler.*ERROR\|^\S*Caused by"
但我不想让'引起'的行不属于那个特殊的例外。
答案 0 :(得分:1)
这是我到目前为止,仍然需要删除“。”在“发生了”。并删除“引起:”。我必须尽快走,希望它能帮到目前为止。我不是AWK大师!
awk '{
{for (x=1;x<=NF;x++)
if ($x~"ERROR") {
f++
{if (c !~ f) print "<"file">",a,b}
a=$(x+2)" - "$(x+4)" "$(x+5)" "$(x+6)}
}
{
if (match($0,"Caused by:"))
b=$0
}
{c=f;file=FILENAME}}
END {
print "<"file">",a,b}' javalogs* | sed 1d
答案 1 :(得分:0)
解决:
awk '
BEGIN {
OFS = "\t";
}
function all_fields_from(start) {
value = "";
for (i = start; i <= NF; ++i) value = value $i (i == NF ? "" : " ");
return value;
}
{
if ($0 ~ /commandHandler.*ERROR/) {
id = $7;
error = all_fields_from(9);
cause = "";
} else if (($0 ~ /Caused by/) && (id != "")) {
cause = all_fields_from(3);
} else if ($0 ~ /^[0-9][0-9][0-9][0-9]/) {
if (id != "") {
print FILENAME, id, error, cause;
}
id = "";
}
}'
file