1

我正在查看具有大量条目的访问日志,例如:

localhost_access_log.2012-05-07.txt:129.223.57.10 - - [07/May/2012:00:02:11 +0000] 2434 "POST /maker/www/jsp/opp/OpportunityForm.do HTTP/1.1" 302 - "https://dm2.myjones.com/maker/www/jsp/opp/Opportunity.jsp?screenDisplay={0}&forecastIcon={1}" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2; MS-RTC LM 8)"

日期时间戳后面的数字是执行时间,引号中的字符串是 URL。

我希望只是 sed,URL 和响应时间,并将它们的格式

URL, response time

例如

POST /maker/www/jsp/opp/OpportunityForm.do HTTP/1.1,  2434
4

2 回答 2

2

sed

sed 's/^[^]]\+\] \([[:digit:]]\+\) \("[^"]\+"\).*/\2,\1/' inputfile

珀尔:

perl -lne 'print "$2,$1" if /.*? (\d+) (".*?")/'
于 2012-05-14T16:48:28.463 回答
1

您可以awk像这样打印第 6、7、8 和 9 个条目:

awk '{print $7, $8, $9, ", " $6}' <access_log>

输出:"POST /maker/www/jsp/opp/OpportunityForm.do HTTP/1.1" , 2434

awk默认情况下按空格分隔字段。nth存储在$n. 所以在你的输入行中:

$7: "POST
$8: /maker/www/jsp/opp/OpportunityForm.do
$9: HTTP/1.1"
$6: 2434
于 2012-05-14T15:47:52.140 回答