我有一个看起来像的 system.log 文件。
[2019-12-20 09:06:40] main.INFO: Update Product Attributes [] []
[2019-12-20 09:18:56] main.INFO: Customer Id: . Param: {"store":101,"search":"soap"} [] []
[2019-12-20 09:19:32] main.INFO: Update Product Attributes [] []
[2019-12-20 09:20:34] main.INFO: Customer Id: . Param: {"store":101,"search":"ea"} [] []
[2019-12-20 09:23:29] main.INFO: Customer Id: . Param: {"store":101,"search":"C2"} [] []
[2019-12-20 09:23:31] main.INFO: Update Product Attributes [] []
[2019-12-20 09:23:43] main.INFO: Customer Id: . Param: {"store":101,"search":"spaghetti"} [] []
[2019-12-20 09:24:06] main.INFO: Customer Id: . Param: {"store":101,"search":"Ea"} [] []
现在我想像这样拆分以获取日志中搜索的日期和值。
2019-12-20 "soap"
2019-12-20 "ea"
2019-12-20 "C2"
2019-12-20 "spaghetti"
2019-12-20 "Ea"
到目前为止,我已经尝试过这个:
awk -F '] main.INFO: Customer Id: . Param: {"store"' '{ if ( $2 ~ /search/ ) { print $1 $2} }' system.log
但是他们这样返回,它不能拆分到另一层。
[2019-12-20 10:08:04:101,"search":"ea"} [] []
[2019-12-20 10:08:35:101,"search":"ea"} [] []
您能否尝试使用 GNU 中显示的示例进行跟踪、编写和测试awk。
awk -v s1="\"" '
/Customer Id/{
match($0,/Param: {.*}/)
val=substr($0,RSTART,RLENGTH)
gsub(/.*:"|"}$/,"",val)
sub(/\[/,"",$1)
print $1,s1 val s1
val=""
}' Input_file
说明:为以上添加详细说明。
awk -v s1="\"" ' ##Starting awk program from here and setting variable s1 which has " value in it.
/Customer Id/{ ##Checking string Customer Id is present in current line then do following.
match($0,/Param: {.*}/) ##Using match to match regex Param: till } then do following.
val=substr($0,RSTART,RLENGTH) ##Creating val whose value is sub string of current line from RSTART to RLENGTH here.
gsub(/.*:"|"}$/,"",val) ##Globally substituting everything till :" and "} at last of val with NULL.
sub(/\[/,"",$1) ##Substituting [ in first column here.
print $1,s1 val s1 ##Printing first column s1 val and s1 here as per OP expected output.
val="" ##Nullifying val here.
}' Input_file ##Mentioning Input_file name here.
第二种解决方案:在此处再添加 1 个解决方案。
awk -v s1="\"" '
/Customer Id:/{
match($0,/\[[0-9]{4}-[0-9]{2}-[0-9]{2}/)
dat=substr($0,RSTART+1,RLENGTH-1)
match($0,/Param: {.*}/)
val=substr($0,RSTART,RLENGTH)
gsub(/.*:"|"}$/,"",val)
print dat,s1 val s1
dat=val=""
}
' Input_file
说明:为以上添加详细说明。
awk -v s1="\"" ' ##Starting awk program from here and setting s1 as value " here.
/Customer Id:/{ ##Searching string Customer Id: in current line here.
match($0,/\[[0-9]{4}-[0-9]{2}-[0-9]{2}/) ##Using match function of awk and using regex here for current line to get value of date here.
dat=substr($0,RSTART+1,RLENGTH-1) ##Creating dat variable and having sub string value in it for current line.
match($0,/Param: {.*}/) ##Using match to match regex Param: { till } here.
val=substr($0,RSTART,RLENGTH) ##Creating val which has sub string of previous used match function here.
gsub(/.*:"|"}$/,"",val) ##Globally substituting till :" OR "} in last of val here with NULL.
print dat,s1 val s1 ##Printing dat s1 val and s1 here.
dat=val="" ##Nullifying dat and val here to avoid conflict of variable values here.
}
' Input_file ##Mentioning Input_file name here.