日志文件:
2014-05-29 07:37:57 [Thread-8] TRACE ClassImpl - logging message
2014-05-29 07:37:57 [Thread-7] TRACE ClassImpl - logging message
2014-05-29 07:37:58 [Thread-3] TRACE ClassImpl - logging message
2014-05-29 07:37:58 [Thread-5] TRACE ClassImpl - logging message
2014-05-29 07:37:58 [Thread-8] TRACE ClassImpl - logging message
2014-05-29 07:37:59 [Thread-7] TRACE ClassImpl - logging message
我想打印每秒的日志条目数,对于上面的日志文件:
2014-05-29 07:37:57 = 2
2014-05-29 07:37:58 = 3
2014-05-29 07:37:59 = 1
使用bash的简单方法太慢了:
for h in $(seq 0 7); do
for m in $(seq 1 60); do
for s in $(seq 1 60); do
echo -n "$h:$m:$s="; grep "$h:$m:$s" server.log|wc -l;
done;
done;
done
您可以忽略日期,因为我对时间最感兴趣。
time awk '{a[$1" "$2]++}END{for(i in a){print i" = "a[i]}}' server.log > /dev/null
real 0m0.475s
user 0m0.355s
sys 0m0.096s
mpa的Perl解决方案:
time perl -anE'$h{$_}++ or push @r,$_ for "@F[0,1]" }{say "$_ = $h{$_}" for@r' server.log > /dev/null
real 0m4.561s
user 0m4.235s
sys 0m0.120s
答案 0 :(得分:2)
AWK:
awk '{a[$1" "$2]++}END{for(i in a){print i" = "a[i]}}' your_file
的Perl:
perl -lane '$x{$F[0]." ".$F[1]}++;
END{print $_." = ".$x{$_} for(keys(%x))}' your_file
答案 1 :(得分:1)
perl -anE'$h{$_}++ or push @r,$_ for "@F[0,1]" }{say "$_ = $h{$_}" for@r' file
输出
2014-05-29 07:37:57 = 2
2014-05-29 07:37:58 = 3
2014-05-29 07:37:59 = 1
更快的版本
perl -nE'$ h {$ } ++或推@r,$ 代表/(\ S + \ s + \ S +)/} {说“$ _ = $ h {$ _}“for @ r'file
perl -nE'$h{$_}++ or push @r,$_ for substr($_,0,19)}{say "$_ = $h{$_}" for@r' file
答案 2 :(得分:0)
另一种方式:
cut -d' ' -f1,2 yourfile.log | uniq -c | awk '{ print $2,$3,"=",$1}'