用于解析的AWK命令

时间:2018-01-20 07:53:08

标签: awk

我必须解析运行命令时得到的表:

tshark -q -r  dump.pcap -Y http -z http,tree

表格如下:

=======================================================================================================================================

HTTP/Packet Counter:
Topic / Item            Count         Average       Min val       Max val       Rate (ms)     Percent       Burst rate    Burst start  
---------------------------------------------------------------------------------------------------------------------------------------
Total HTTP Packets      70                                                      0.0120        100%          0.0500        1.641        
 HTTP Request Packets   51                                                      0.0087        72.86%        0.0400        1.494        
  SEARCH                22                                                      0.0038        43.14%        0.0400        1.641        
  NOTIFY                22                                                      0.0038        43.14%        0.0200        1.104        
  GET                   5                                                       0.0009        9.80%         0.0100        1.109        
  POST                  2                                                       0.0003        3.92%         0.0100        3.577        
 HTTP Response Packets  19                                                      0.0032        27.14%        0.0300        4.908        
  2xx: Success          19                                                      0.0032        100.00%       0.0300        4.908        
   200 OK               19                                                      0.0032        100.00%       0.0300        4.908        
  ???: broken           0                                                       0.0000        0.00%         -             -            
  5xx: Server Error     0                                                       0.0000        0.00%         -             -            
  4xx: Client Error     0                                                       0.0000        0.00%         -             -            
  3xx: Redirection      0                                                       0.0000        0.00%         -             -            
  1xx: Informational    0                                                       0.0000        0.00%         -             -            
 Other HTTP Packets     0                                                       0.0000        0.00%         -             -            

---------------------------------------------------------------------------------------------------------------------------------------

我只想要几行的计数列,如Http Request Packets,Search,Notify,Http Response数据包。通过使用

之类的命令 
tshark -q -r  dump.pcap -Y http -z http,tree | awk '/SEARCH/ {print $2}'

我得到了所需的输出。我想知道是否有一种方法可以通过在一个命令中运行它来实现这一点。

2 个答案:

答案 0 :(得分:2)

如果您知道字段宽度,则可以使用substr(),如果您使用的是GNU awk,则可以设置 FIELDWIDTHS 

tshark -q -r  dump.pcap -Y http -z http,tree | awk '/HTTP Request Packets|SEARCH|NOTIFY|HTTP Response Packets/{
      print substr($0,1,24), substr($0,25,24)
    }'

O / P:

$  your_command | awk '/HTTP Request Packets|SEARCH|NOTIFY|HTTP Response Packets/{print substr($0,1,24), substr($0,25,24)}'
 HTTP Request Packets    51                      
  SEARCH                 22                      
  NOTIFY                 22                      
 HTTP Response Packets   19

答案 1 :(得分:0)

这是我能想到的最好的(使用gnu awk ):

yourcommand | gawk '
BEGIN {
    FIELDWIDTHS = "24 14"
}
/HTTP R|NOTIFY|GET|POST|SEARCH/ {
    gsub(" +$","",$2)
    print $2
}'

如果你没有gnu awk:

yourcommand | \
egrep 'HTTP R|NOTIFY|GET|POST|SEARCH' | \
cut -c 25-38 | \
awk '{ gsub("^ +",""); gsub(" +$",""); print }'

Bonus:这将在csv中输出行标题:

yourcommand | gawk '
BEGIN {
    FIELDWIDTHS = "24 14"
}
/HTTP R|NOTIFY|GET|POST|SEARCH/ {
    gsub("^ +","",$1)
    gsub(" +$","",$1)
    gsub(" +$","",$2)
    print $1 "," $2
}'
相关问题
最新问题