打印所有变量值大于特定数字的行

时间:2018-12-29 15:34:15

标签: linux ubuntu unix

需要有关Unix命令的帮助:

我想从日志文件中列出/ grep所有etime大于5的“ abdc7dac-abdf-4088-ba87-ca5ee765f3eb”行:

日志摘录:

access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243079 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242947 op=2 msgID=3 result=0 nentries=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242945 op=2 msgID=3 result=0 nentries=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243083 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242989 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=2

所需的输出:

access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7

3 个答案:

答案 0 :(得分:0)

grep abdc7dac-abdf-4088-ba87-ca5ee765f3eb logfile |awk -F "etime=" '$2>5{print}' > modifiedlog.txt

示例输出:

auxilus@ubuntu:~$ cat logfile 
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 
msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243079 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242947 op=2 msgID=3 result=0 nentries=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242945 op=2 msgID=3 result=0 nentries=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243083 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242989 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=2

auxilus@ubuntu:~$ grep abdc7dac-abdf-4088-ba87-ca5ee765f3eb logfile |awk -F "etime=" '$2>5{print}'
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
auxilus@ubuntu:~$

更好的版本:

awk -F "etime=" '/abdc7dac-abdf-4088-ba87-ca5ee765f3eb/ {if ($2>5) {print}}' logfile

答案 1 :(得分:0)

您不希望以etime=结尾且行号介于0到5之间的行。
在其他行中,您只想查看带有abdc7dac-abdf-4088-ba87-ca5ee765f3eb的行。组合:

sed -n '/etime=[0-5]$/d;/abdc7dac-abdf-4088-ba87-ca5ee765f3eb/p' logfile

答案 2 :(得分:-1)

使用基本正则表达式的简单grep解决方案,该解决方案将处理具有值etime=或任何多位数6-9(例如etime=或{ {1}})将是:

etime=[6-9]

etime=[0-9][0-9][0-9]*用作输入会导致以下结果:

$ grep 'abdc7dac-abdf-4088-ba87-ca5ee765f3eb.*etime=\([6-9]\|[0-9][0-9][0-9]*\).*$' file

如果您的文件中还包含两位(或更多)数字file,那么也会被捕获,例如

$ grep 'abdc7dac-abdf-4088-ba87-ca5ee765f3eb.*etime=\([6-9]\|[0-9][0-9][0-9]*\).*$' file
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7

您可以调整数字范围以使匹配适合您的需求。