我有一个日志文件,我需要输出DATE和一些状态代码。我也在使用||作为分隔符并从数据中删除不需要的符号。这是它的样子:
cat logfile.log | awk 'BEGIN { FS = "\\|\\|" } { gsub("/","-") sub(":", " ") gsub("\\[", "") gsub("\\+0000]", "")}; { print $15 $12 }' | uniq -c
输出:
22 25-Jan-2016 01:53:52 85.10.210.199
1 25-Jan-2016 01:53:52 66.249.93.77
18 25-Jan-2016 01:53:52 85.10.210.199
1 25-Jan-2016 01:53:52 88.232.191.231
在此之后我需要将时间转换为纪元并仍然打印列$ 1和$ 3
我想要实现:
22 1453686832 85.10.210.199
1 1453686832 66.249.93.77
18 1453686832 85.10.210.199
1 1453686832 88.232.191.231
我可以将日期转换为纪元,但我会丢失其他列。我如何保持它们与变换的时间?
这是我的RAW日志文件:
[] || || || || [] || http || 40080 || 176.237.167.102 || [] || [-] || [0.072] || 176.237.167.102 || - || - || [25/Jan/2016:06:30:26 +0000] || "POST /checknewmsg HTTP/1.1" || 200 || 265 || 895 || "http://google.com/post” || "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36" || "-" || [TR]
答案 0 :(得分:0)
由于您不愿意在您的问题中提供所请求的信息,因此,如果您正在查找或不使用mktime()的GNU awk,请发送idk:
$ cat tst.awk
BEGIN { FS="\\s*[|][|]\\s*" }
{
split($15,a,/[][\/: ]/)
a[3] = (match("JanFebMarAprMayJunJulAugSepOctNovDec",a[3])+2)/3
secs = mktime(a[4]" "a[3]" "a[2]" "a[5]" "a[6]" "a[7])
cnt[secs OFS $12]++
}
END {
for (key in cnt) {
print cnt[key], key
}
}
$ cat file
[] || || || || [] || http || 40080 || 176.237.167.102 || [] || [-] || [0.072] || 176.237.167.102 || - || - || [25/Jan/2016:06:30:26 +0000] || "POST /checknewmsg HTTP/1.1" || 200 || 265 || 895 || "http://google.com/post” || "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36" || "-" || [TR]
$ awk -f tst.awk file
1 1453725026 176.237.167.102