使用awk验证日志文件中每一行的字段

时间:2019-05-14 11:00:46

标签: shell validation if-statement logging awk

我正在尝试逐行检查记录在日志文件中的文件。对于每一行,检查特定字段是否为空或字段的值是否错误。 并用错误信息打印行

#!/bin/bash
LOG=/log/output.log

x=false

    while read -r line; do


            if
              (echo $line | awk -F'|' '{if ($8=="") print "Application is empty"}') ||
              (echo $line | awk -F'|' '{if ($9=="") print "Http request method is empty"}') ||
              (echo $line | awk -F'|' '{if ($7=="") print "Operation is empty"}')
              (echo $line | awk -F'|' '{if ($13 !~ /0|1|2/) print "result(0,1,2) has a wrong value"}')

            then
                    echo $line
            fi

    done < "$LOG"

实际结果:

9f2b | EDR | V1 | 0 | V1 | 2019-05-14 | 7 |||| 2019-05-14T08:00:40.095Z | 1 | 0 | 14 | 19 ||| XXXXX |||||| ||||| 897 |||||||||| 5b8689707 |||||||

应用程序为空

9f2b | EDR | V1 | 0 | V1 | 2019-05-14 | 7 |||| 2019-05-14T08:00:40.095Z | 18 | 0 ||||| XXXXX |||||| ||| 1234 |||||||||| 5b868007 |||||||

应用程序为空

42e2 | EDR | V1 | 0 | V1 | 2019-05-14 | 7 |||| 2019-05-14T08:00:42.532Z | 22 | 0 ||||| XXXXX |||||| ||| 235 |||||||||| 3b6959ae |||||||||

应用程序为空

83ac | EDR | V1 | 0 | V1 | 2019-05-14 | 7 |||| 2019-05-14T08:00:42.758Z | 8 | 0 ||||| XXXXX ||||||| ||| 789 |||||||||| 5945548f |||||

预期结果:

应用程序为空

操作为空

Http请求方法为空

83ac | EDR | V1 | 0 | V1 | 2019-05-14 | 7 |||| 2019-05-14T08:00:42.758Z | 8 | 0 ||||| XXXXX ||||||| ||| 789 |||||||||| 5945548f |||||

1 个答案:

答案 0 :(得分:2)

awk读取文件的每一行,因此不需要使用echo进行while循环。只要做:

awk -F\| ' {b=1}
    $8=="" { print "Application is empty"; b=0 } 
    $9=="" { print "Http request method is empty"; b=0 }
    $7=="" { print "Operation is empty"; b=0 }
    $13 !~ /0|1|2/ {print "result(0,1,2) has a wrong value"; b=0 }
    b
' /log/output.log

该方法的主要问题是,用if评估的命令总是成功,因此您总是打印该行。要使awk失败,必须将退出语句添加到每个awk语句中。 (例如echo $line | awk -F'|' '$8=="" {print "Application is empty"; exit 1 }'

如果一行中出现多个条件失败,这将打印多条错误消息,如果添加退出语句并使||运算符短路,则不会显示该错误消息。

如果只想打印一条错误消息,则可以执行以下操作:

awk -F\| '
    $8=="" { print "Application is empty"; next } 
    $9=="" { print "Http request method is empty"; next }
    $7=="" { print "Operation is empty"; next }
    $13 !~ /0|1|2/ {print "result(0,1,2) has a wrong value"; next }
' /log/output.log

或者,如果您要打印多条错误消息,但全部打印在一行上,则可以执行以下操作:

awk -F\| ' {s=""}
    $8=="" { printf "Application is empty"; s="; " } 
    $9=="" { printf "%sHttp request method is empty", s; s="; " }
    $7=="" { printf "%sOperation is empty", s; s="; " }
    $13 !~ /0|1|2/ {printf "%sresult(0,1,2) has a wrong value", s; s="; " }
    s { print ""}
    !s
' /log/output.log
相关问题
最新问题