Linux中的 awk查找日志中的相关记录

时间:2022-09-05 21:20:12

假设要在 api.log.201707201830 文件中,(此文件的多个字段数据以不可见字符^A(键盘上按下Ctrl+V+A)分隔),要输出第70个字段:
awk -F '^A' '{print $70}' api.log.201707201830

要判断第25个字段=9的数据,输出第70个字段:
awk -F '^A' '($25==9){print $70}' api.log.201707201830

如果判断的值是字符串,就要加双引号(此案例以\x01分隔)
awk -F '\x01' '($1=="a17cdca4daa7a92e473dc1a532da5aaf"){print $1}' yumiad_event.2017072016

如果是判断多个条件,用&&连接

awk -F '\x01' '($1=="a17cdca4daa7a92e473dc1a532da5aaf" && $14==10026 && $13==8){print $1,$2,$5,$14,$13}' yumiad_event.2017072016


对于没有固定分隔符的数据,可以使用grep:

如下案例表示在下面格式的很大的日志文件中查找 cornID=xyz 并且 adType=8 并且 providerID=10026:

mediation/report_partner.php           partnerID=10002&uuid=8b633a6e57060f841ffc35106472810a&cornID=a17cdca4daa7a92e473dc1a532da5aaf&versionID=-&channelID=-&deviceType=3&mac=9c%3A41%3A7c%3A76%3A44%3A20&deviceKey=356405052830313&time=1500537724706&os=android&netType=wifi&deviceNo=GT-N7108&language=zh_CN&longitude=-&latitude=-&planTime=1499323004&optimization=0&PLMN=46003&sdkver=160&rid=a8d3d425f883fce0e64bc25469890e84&androidID=75673d3aa19fb2ac&trans=abc%2Cdef%2Cghi&ad_list=%5B%7B%22clickArea%22%3A%7B%7D%2C%22result%22%3A%221%22%2C%22interfaceType%22%3A%22API%22%2C%22keyID%22%3A%22%22%2C%22action%22%3A%22request%22%2C%22pid%22%3A%2280cd137fd603fb5f0685020ae0092a9d%22%2C%22eventTime%22%3A%221500537724346%22%2C%22providerID%22%3A%2210026%22%2C%22adType%22%3A%222%22%7D%2C%7B%22clickArea%22%3A%7B%7D%2C%22result%22%3A%221%22%2C%22interfaceType%22%3A%22API%22%2C%22keyID%22%3A%22%22%2C%22action%22%3A%22response%22%2C%22pid%22%3A%2280cd137fd603fb5f0685020ae0092a9d%22%2C%22eventTime%22%3A%221500537724691%22%2C%22providerID%22%3A%2210026%22%2C%22adType%22%3A%222%22%7D%2C%7B%22clickArea%22%3A%7B%7D%2C%22result%22%3A%221%22%2C%22interfaceType%22%3A%22API%22%2C%22keyID%22%3A%22%22%2C%22action%22%3A%22exposure%22%2C%22pid%22%3A%2280cd137fd603fb5f0685020ae0092a9d%22%2C%22eventTime%22%3A%221500537724692%22%2C%22providerID%22%3A%2210026%22%2C%22adType%22%3A%222%22%7D%2C%7B%22clickArea%22%3A%7B%7D%2C%22result%22%3A%221%22%2C%22interfaceType%22%3A%22API%22%2C%22keyID%22%3A%22%22%2C%22action%22%3A%22round%22%2C%22pid%22%3A%2280cd137fd603fb5f0685020ae0092a9d%22%2C%22eventTime%22%3A%221500537724692%22%2C%22providerID%22%3A%2210026%22%2C%22adType%22%3A%222%22%7D%5D

查询命令:

cat api.2017072016.log | grep -i 'cornID=xyz' | grep -i 'adType=8' | grep -i 'providerID=10026'