2

如何从特定列日期和时间或仅日期列按 asc 或 desc 顺序重新排序文件。

{"hostname":"sg2","role":"epay","eventid":"ALERT_ORACLE","date":"02/08/2011","time":"01:30:00"},
{"hostname":"sg1","role":"pay","eventid":"ALERT_DF","date":"11/24/2010","time":"19:33:01"},
{"hostname":"sg3","role":"ipay","eventid":"ALERT_SMF","date":"12/11/2012","time":"02:30:00"},

通常使用“sort -gk(列号)”在这种情况下无法捕获日期和时间列或仅日期,可能需要一些分隔符字符串或相关。

预期的观点是:

{"hostname":"sg1","role":"pay","eventid":"ALERT_DF","date":"11/24/2010","time":"19:33:01"},
{"hostname":"sg2","role":"epay","eventid":"ALERT_ORACLE","date":"02/08/2011","time":"01:30:00"},
{"hostname":"sg3","role":"ipay","eventid":"ALERT_SMF","date":"12/11/2012","time":"02:30:00"},
4

2 回答 2

3

使用sortwith:作为分隔符并按列排序以5M进行日期比较:

$ sort -t: -k5M file
{"hostname":"sg1","role":"pay","eventid":"ALERT_DF","date":"11/24/2010","time":"19:33:01"},
{"hostname":"sg2","role":"epay","eventid":"ALERT_ORACLE","date":"02/08/2011","time":"01:30:00"},
{"hostname":"sg3","role":"ipay","eventid":"ALERT_SMF","date":"12/11/2012","time":"02:30:00"},

来源:按​​ bash 中的日期字段对日志进行排序

于 2013-06-27T09:25:42.817 回答
3

如果您选择了 ISO 日期格式 (YYYY-mm-dd),您的生活会更轻松,但是

sort_by_date() {
    awk -F \" '{
        split($16, date, "/")
        split($20, time, ":")
        timestamp = mktime(date[3]" "date[1]" "date[2]" "time[1]" "time[2]" "time[3])
        print timestamp "\t" $0
    }' "$1" |
    sort -k1,1n |
    cut -f2-
}
sort_by_date filename

对于下降,使用sort -k1,1nr

于 2013-06-27T10:20:09.473 回答