我想使用AWK在Windows应用程序事件日志中搜索字符串。以下是日志摘录:
W 05-Nov-14 10:09:36 261 CA_OSC <I>Process ax_be has finished without having received an explicit termination request from the component manager </I>
Time: 5.11.2014, 10:09:36, Line: 1161, File: \MCom\src\OSS\compmgr\src/CaCompPCB.cpp, Process: CaGenericMain (2448)
E 05-Nov-14 10:09:36 17 AY_ISC An error was detected in a process that is monitored by State Manager.
Time: 5.11.2014, 10:09:36, Process: C:\AXM\Service\bin\Rep.exe_1976,
Text: (05.11.2014 10:09:36) IVS SET: CMonitorThread::ProcessTermination(AppBE,5452) A critical process has
W 05-Nov-14 10:09:37 261 CA_OSC <I>Process main_ui has finished without having received an explicit termination request from the component manager </I>
Time: 5.11.2014, 10:09:37, Line: 1161, File: \MCom\src\OSS\compmgr\src/CaCompPCB.cpp, Process: CaGenericMain (2448)
我想在事件日志中搜索一个字符串“ProcessTermination”,搜索输出应该如下:
E 05-Nov-14 10:09:36 17 AY_ISC An error was detected in a process that is monitored by State Manager.
Time: 5.11.2014, 10:09:36, Process: C:\AXM\Service\bin\Rep.exe_1976,
Text: (05.11.2014 10:09:36) IVS SET: CMonitorThread::ProcessTermination(AppBE,5452) A critical process has
即。找到匹配项时的日志和所有摘要行。 搜索字符串可以在日志行或任何摘要行中。 每行由新行字符分隔,此日志文件是.txt文件。
到目前为止,我尝试了以下命令:
awk -v RS="\n(E|I|W)" "/ProcessTermination/" XA135420_2014_11_05_AppEventLog.txt
但结果却缺少E | I | W.即。我得到了结果
05-Nov-14 10:09:36 17 AY_ISC An error was detected in a process that is monitored by State Manager.
Time: 5.11.2014, 10:09:36, Process: C:\AXM\Service\bin\Rep.exe_1976,
Text: (05.11.2014 10:09:36) IVS SET: CMonitorThread::ProcessTermination(AppBE,5452) A critical process has
有人可以帮我列出结果中的W | E | I(日志行的第一个字段)吗?
注意:我在Windows 7上使用GNU Awk 3.1.6。
答案 0 :(得分:0)
使用awk
将段落加载到内存中awk '/^[EIW]/{if( P ~ /ProcessTermination/)print P;P=""}{P=P"\n"$0}END{if( P ~ /ProcessTermination/)print P}' XA135420_2014_11_05_AppEventLog.txt
对于字段定义,您可以使用FPAT代替FS来定义字段内容而不是字段分隔符,但我不知道&#34; RPAT&# 34;
答案 1 :(得分:0)
通过像你一样设置RS,你将从记录中删除匹配RS的字符串并使你的脚本特定于gawk,这些都不是理想的。您可以通过保存每个RT值并在下一条记录之前打印它来解决问题:
$ awk -v RS='(^|\n)\\S' '/ProcessTermination/{print gensub(/^\n|\n$/,"","g",p$0)} {p=RT}' file
E 05-Nov-14 10:09:36 17 AY_ISC An error was detected in a process that is monitored by State Manager.
Time: 5.11.2014, 10:09:36, Process: C:\AXM\Service\bin\Rep.exe_1976,
Text: (05.11.2014 10:09:36) IVS SET: CMonitorThread::ProcessTermination(AppBE,5452) A critical process has
要删除自gensub()以换行符或文件开头启动以来每个RT以外的每个RS所需的$ cat tst.awk
/^[WEI]/ { check() }
{ buf = buf $0 RS }
END { check() }
function check() {
if ( index(buf,tgt) ) {
printf "%s", buf
}
buf = ""
}
$
$ awk -v tgt="ProcessTermination" -f tst.awk file
E 05-Nov-14 10:09:36 17 AY_ISC An error was detected in a process that is monitored by State Manager.
Time: 5.11.2014, 10:09:36, Process: C:\AXM\Service\bin\Rep.exe_1976,
Text: (05.11.2014 10:09:36) IVS SET: CMonitorThread::ProcessTermination(AppBE,5452) A critical process has
,并删除尾随newline,文件中的最后一条记录以此结束,因为它没有后续的RS匹配来吸收它自然结束的换行符。
更清晰,更简单的解决方案不使用RT并适用于任何awk:
index()如果您确实想要搜索字符串而不是正则表达式,请注意使用上面的/.../代替match()或<ul>
<li ng-repeat="message in messages">
Message data located at node /messages/{{ message.$id }}
Message text is {{ message.text }}
</li>
</ul>
。