使用 awk 解析单个日志行
Parse single log line with awk
我正在尝试找到一种将单个 (apache) 日志行解析为块的方法。
我知道我可以更改 apache 配置来创建 json,但我相信这些 awk 知识会在将来帮助我。
所以我有这个:
127.0.1.1:80 187.207.66.53 - - [18/Jan/2021:18:28:22 +0100] "GET / HTTP/1.1" 200 2352 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
想改成这样:
127.0.1.1:80
187.207.66.53
-
-
[18/Jan/2021:18:28:22 +0100]
"GET / HTTP/1.1"
200
2352
[...]
基本上我认为我需要设置不同的字段分隔符,对吗?
-F '[<fieldSeparator1>|<fieldSeparator2> ]' '{
for (i = 1; i<= NF; i++)
print $i
}'
使用 GNU awk 和正则表达式。 仅使用您的示例进行测试。
awk '{=; print}' OFS='\n' FPAT='"[^"]*"|\[[^]]*]|[0-9:.]+|-' file
FPAT: A regular expression describing the contents of the fields in a record. When set, gawk parses the
input into fields, where the fields match the regular expression, instead of using the value of FS
as the field separator.
输出:
127.0.1.1:80
187.207.66.53
-
-
[18/Jan/2021:18:28:22 +0100]
"GET / HTTP/1.1"
200
2352
"-"
"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
参见:man awk 和 The Stack Overflow Regular Expressions FAQ
使用 GNU awk 匹配第三个参数():
$ awk '
match([=10=],/(\S+) (\S+) (\S+) (\S+) (\[[^]]*]) ("[^"]*") (\S+) (\S+) ("[^"]*") ("[^"]*")/,f) {
for (i=1; i in f; i++) {
print f[i]
}
}
' file
127.0.1.1:80
187.207.66.53
-
-
[18/Jan/2021:18:28:22 +0100]
"GET / HTTP/1.1"
200
2352
"-"
"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
我正在尝试找到一种将单个 (apache) 日志行解析为块的方法。 我知道我可以更改 apache 配置来创建 json,但我相信这些 awk 知识会在将来帮助我。
所以我有这个:
127.0.1.1:80 187.207.66.53 - - [18/Jan/2021:18:28:22 +0100] "GET / HTTP/1.1" 200 2352 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
想改成这样:
127.0.1.1:80
187.207.66.53
-
-
[18/Jan/2021:18:28:22 +0100]
"GET / HTTP/1.1"
200
2352
[...]
基本上我认为我需要设置不同的字段分隔符,对吗?
-F '[<fieldSeparator1>|<fieldSeparator2> ]' '{
for (i = 1; i<= NF; i++)
print $i
}'
使用 GNU awk 和正则表达式。 仅使用您的示例进行测试。
awk '{=; print}' OFS='\n' FPAT='"[^"]*"|\[[^]]*]|[0-9:.]+|-' file
FPAT: A regular expression describing the contents of the fields in a record. When set, gawk parses the input into fields, where the fields match the regular expression, instead of using the value of FS as the field separator.
输出:
127.0.1.1:80
187.207.66.53
-
-
[18/Jan/2021:18:28:22 +0100]
"GET / HTTP/1.1"
200
2352
"-"
"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
参见:man awk 和 The Stack Overflow Regular Expressions FAQ
使用 GNU awk 匹配第三个参数():
$ awk '
match([=10=],/(\S+) (\S+) (\S+) (\S+) (\[[^]]*]) ("[^"]*") (\S+) (\S+) ("[^"]*") ("[^"]*")/,f) {
for (i=1; i in f; i++) {
print f[i]
}
}
' file
127.0.1.1:80
187.207.66.53
-
-
[18/Jan/2021:18:28:22 +0100]
"GET / HTTP/1.1"
200
2352
"-"
"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"