我想使用Grep在Windows应用程序事件日志中搜索字符串。 以下是日志摘录:
I 05-Nov-14 10:08:04 51033 AP_AN <I>1 images out of 1 are transferred to ABS_Dynamics for the job(297.0.0) at the rate of 0.09 images / sec. </I>
Time: 5.11.2014, 10:08:04, Line: 1068, File: \EdCom\src\ArcNet\ArcNet_server\src\ANBeServer/ANBeNetworkNodeJob_haz.cpp, Process: CGenericMain (7804)
W 05-Nov-14 10:08:53 14 AXY_ISC State Manager has detected a hung process.
Time: 5.11.2014, 10:08:53, Process: C:\AIOM\Service\bin\Rep.exe_1976,
Text: (05.11.2014 10:08:53) IV SET: CProcess::DeclareHung(AppUI_A,6228) Process appears to be hung. (null
W 05-Nov-14 10:08:53 17 AXY_ISC An error was detected in a process that is monitored by State Manager.
Time: 5.11.2014, 10:08:53, Process: C:\AIOM\Service\bin\Rep.exe_1976,
Text: (05.11.2014 10:08:53) IVS SET: CMonitorThread::ProcessFailing(PID:6228 TID:4264) Process AppUI_A is
我想在事件日志中搜索字符串“CProcess :: DeclareHung”,搜索输出应该如下:
W 05-Nov-14 10:08:53 14 AXY_ISC State Manager has detected a hung process.
Time: 5.11.2014, 10:08:53, Process: C:\AIOM\Service\bin\Rep.exe_1976,
Text: (05.11.2014 10:08:53) IV SET: CProcess::DeclareHung(AppUI_A,6228) Process appears to be hung. (null
即。日志和摘要行,包括搜索字符串。
每行由新行字符分隔,此日志文件是.txt文件。 我知道grep是一个基于行的搜索应用程序,但是,我已经读过使用珍珠正则表达式,我们可以使grep搜索多行。我是珍珠正则表达的新手,并且不知道如何做到这一点。
有人可以帮我用grep搜索吗?
编辑:我尝试了以下内容,但没有成功
grep -P "[W|E|I] \d\d-\w\w\w-\d\d.*[\s]*.*CProcess::DeclareHung.*[\s]*.*" XA2014_11_04_AppEventLog.txt
答案 0 :(得分:0)
假设您要检查标题中没有的内容,但在错误消息中,您可以说:
awk -v RS="\n(E|I|W)" '/CProcess/' file
遗憾的是你失去了E / I / W.如果您需要,请说awk -v RS="\n(E|I|W)" '/CProcess/ {print RT, $0}' file。
更基本的方法是在块中保留缓冲区并在找到匹配项时打印它:
awk '$1~/^(E|I|W)$/ {line=$0;next} {line=line ORS $0} /pattern/ {print line}' file
那是:
awk '$1~/^(E|I|W)$/ {line=$0;next} # if 1st file starts with E,I,W, initialize the
# variable line with the content of this line
# then, jump to the next line
{line=line ORS $0} # on the rest of cases, keep adding the following
# lines in the variable line
# ORS stands for new line normally
/pattern/ {print line}' # if the current line matches the given pattern
# print the stored variable `line`
file
打印匹配的类似逻辑,无论在文本中找到它的位置:
awk '{if ($1~/^(E|I|W)$/)
{
if (print_match) {
print line
print_match=0
}
line=$0
} else
line=line ORS $0
}
/An error/ {print_match=1}
END {if (print_match) print line}' file
请注意使用标志print_match来了解是否需要打印缓冲行。如果它是文件的最后一个块,也使用END来打印它。
使用&#34; CProcess&#34;进行测试对于您的样本:
awk -v RS="\n(E|I|W)" '/CProcess/' file
05-Nov-14 10:08:53 14 AXY_ISC State Manager has detected a hung process.
Time: 5.11.2014, 10:08:53, Process: C:\AIOM\Service\bin\Rep.exe_1976,
Text: (05.11.2014 10:08:53) IV SET: CProcess::DeclareHung(AppUI_A,6228) Process appears to be hung. (null
和
$ awk '$1~/^(E|I|W)$/ {line=$0;next} {line=line ORS $0} /CProcess/ {print line}' file
W 05-Nov-14 10:08:53 14 AXY_ISC State Manager has detected a hung process.
Time: 5.11.2014, 10:08:53, Process: C:\AIOM\Service\bin\Rep.exe_1976,
Text: (05.11.2014 10:08:53) IV SET: CProcess::DeclareHung(AppUI_A,6228) Process appears to be hung. (null