我有大量的日志,例如:
Apr 15 06:24:52 11.250.30.X:53516 [15/Apr/2012:06:24:51.504] userA 200 "GET HTTP/1.1"
Apr 15 06:24:52 11.250.30.X:53516 [15/Apr/2012:06:24:51.504] userA 200 "GET HTTP/1.1"
Apr 15 06:24:52 11.250.30.X:53516 [15/Apr/2012:06:24:51.504] userB 200 "GET HTTP/1.1"
Apr 15 06:24:52 11.250.30.X:53516 [15/Apr/2012:06:24:51.504] userC 200 "GET HTTP/1.1"
Apr 15 06:24:52 11.250.30.X:53516 [15/Apr/2012:06:24:51.504] userC 200 "GET HTTP/1.1"
Apr 15 06:24:52 11.250.30.X:53516 [15/Apr/2012:06:24:51.504] userD 200 "GET HTTP/1.1"
这是 Bash shell 中解析日志的最快方法(每个用户的所有请求源 IP):
userA:
XXX.XXX.XXX.XXX(client's source IP, remove port number and uniq same IPs.)
XXX.XXX.XXX.XXX
...
userB:
XXX.XXX.XXX.XXX
XXX.XXX.XXX.XXX
XXX.XXX.XXX.XXX
...
userC:
...