我对awk命令很新,正在学习。 我有以下要求。
样本日志(实际):
INFO 2018-03-07 04:06:39.253 [xyzxyzxyz] [abcdefgh] logstatemnt1 Connected successfully to client at 'xxx.x.x.x:x,xxx'
INFO 2018-03-07 04:06:39.254 [xyzxyzxyz] [abcdefgh] logstatemnt2 Connected successfully to client at 'xxx.x.x.x:x,xxx'
INFO 2018-03-07 04:06:39.255 [xyzxyzxyz] [abcdefgh] logstatemnt3 Connected successfully to client at 'xxx.x.x.x:x,xxx'
ERROR 2018-03-07 04:06:39.825 [xyzxyzxyz] [SocketConsole] No matching instances found. Compared the given criteria(s) '[XXXXXXXXXX]'
with instance id
com.xxx.xxx.xxxxxxxxx.client.abcdefghij: No matching instances found. Compared the given criteria(s) '[xxxxxxxxxxx]'
with instance id
at com.xxxx.xxxx.xxxxxxxx.core.impl.AppServicesManagerImpl.searchApps(xxxxxxxxxxxxx.java:205)
INFO 2018-03-07 04:06:41.253 [xyzxyzxyz] [abcdefgh] logstatemnt4 Connected successfully to client at 'xxx.x.x.x:x,xxx'
WARN 2018-03-07 04:06:42.825 [xyzxyzxyz] [SocketConsole] No matching instances found. Compared the given criteria(s) '[XXXXXXXXXX]'
with instance id
com.xxx.xxx.xxxxxxxxx.client.abcdefghij: No matching instances found. Compared the given criteria(s) '[xxxxxxxxxxx]'
with instance id
at com.xxxx.xxxx.xxxxxxxx.core.impl.AppServicesManagerImpl.searchApps(xxxxxxxxxxxxx.java:205)
预期:
INFO 2018-03-07 04:06:39.253 [xyzxyzxyz] [abcdefgh] logstatemnt1 Connected successfully to client at 'xxx.x.x.x:x,xxx'
INFO 2018-03-07 04:06:39.254 [xyzxyzxyz] [abcdefgh] logstatemnt2 Connected successfully to client at 'xxx.x.x.x:x,xxx'
INFO 2018-03-07 04:06:39.255 [xyzxyzxyz] [abcdefgh] logstatemnt3 Connected successfully to client at 'xxx.x.x.x:x,xxx'
ERROR 2018-03-07 04:06:39.825 [xyzxyzxyz] [SocketConsole] No matching instances found. Compared the given criteria(s) '[XXXXXXXXXX]' with instance idcom.xxx.xxx.xxxxxxxxx.client.abcdefghij: No matching instances found. Compared the given criteria(s) '[xxxxxxxxxxx]' with instance id at com.xxxx.xxxx.xxxxxxxx.core.impl.AppServicesManagerImpl.searchApps(xxxxxxxxxxxxx.java:205)
INFO 2018-03-07 04:06:41.253 [xyzxyzxyz] [abcdefgh] logstatemnt4 Connected successfully to client at 'xxx.x.x.x:x,xxx'
WARN 2018-03-07 04:06:42.825 [xyzxyzxyz] [SocketConsole] No matching instances found. Compared the given criteria(s) '[XXXXXXXXXX]' with instance idcom.xxx.xxx.xxxxxxxxx.client.abcdefghij: No matching instances found. Compared the given criteria(s) '[xxxxxxxxxxx]' with instance id at com.xxxx.xxxx.xxxxxxxx.core.impl.AppServicesManagerImpl.searchApps(xxxxxxxxxxxxx.java:205)
注意:每个日志语句后都没有额外的换行符 我使用下面的命令根据搜索文本和时间戳
搜索字符串awk '$0 ~ "No matching instances found" && $2 " " $3 > "2018-03-07 04:06:42.82" { print $0 }' /xxx/xxxx/xxxxxx-xxxxx/logs/file.log
如果日志语句打印在一行上,这样可以正常工作。但是对于包含异常作为新行的日志,它会在日志中提供搜索文本的所有实例
如果你能解释你为我的学习目的提供的解决方案,我将非常感激。
答案 0 :(得分:0)
awk救援!
预先发表评论。如果您的文件中没有额外的换行符,请不要使用
发布日志样本日志(实际):
然后添加免责声明。对于试图为您提供解决方案的人来说,这是非常耗时的。
如果您使用gawk支持多字符RS,则很容易。
$ awk -v RS='[A-Z]+ [0-9:.-]+' '
/No matching instances found/ && $2" "$3 > "2018-03-07 04:06:42.82"
{print rt $0} {rt=RT}' file
ERROR 2018-03-07 04:06:39.825 [xyzxyzxyz] [SocketConsole] No matching instances found. Compared the given criteria(s) '[XXXXXXXXXX]'
with instance id
com.xxx.xxx.xxxxxxxxx.client.abcdefghij: No matching instances found. Compared the given criteria(s) '[xxxxxxxxxxx]'
with instance id
at com.xxxx.xxxx.xxxxxxxx.core.impl.AppServicesManagerImpl.searchApps(xxxxxxxxxxxxx.java:205)
WARN 2018-03-07 04:06:42.825 [xyzxyzxyz] [SocketConsole] No matching instances found. Compared the given criteria(s) '[XXXXXXXXXX]'
with instance id
com.xxx.xxx.xxxxxxxxx.client.abcdefghij: No matching instances found. Compared the given criteria(s) '[xxxxxxxxxxx]'
with instance id
at com.xxxx.xxxx.xxxxxxxx.core.impl.AppServicesManagerImpl.searchApps(xxxxxxxxxxxxx.java:205)
这里需要将记录分隔符捕获到变量,因为通常它会标记记录的结尾,但我们将其视为记录的开头;所以我们要滞后一个。
答案 1 :(得分:0)
awk -v RS ='[AZ] + [0-9 - ] + [0-9:。] +''{split(rt,sDate,“”);} rt $ 0~“找不到匹配的实例“&& sDate [2]“”sDate [3]> “2018-03-07 04:06:42.82”{print rt $ 0} {rt = RT}'档案
RT将文本显示为“WARN 2018-03-07 04:06:42.825”。从“”拆分RT,然后使用日期和时间进行比较