awk分析nginx日志

awk命令格式：

awk 'pattern{action;action} pattern{action;action}' {filenames}

[url=http://www.math.utah.edu/docs/info/gawk_toc.html]awk完整文档[/url]
[url=http://www.chinaunix.net/old_jh/24/691456.html]使用示例[/url]
[url=http://www.math.utah.edu/docs/info/gawk_13.html]awk内置函数列表[/url]
[url=http://sebug.net/paper/books/awk/#id2875104]Awk学习笔记[/url]
[url=http://www.compileonline.com/execute_awk_online.php]awk脚本在线调试器[/url]
日志分析命令

awk 'BEGIN{len=0;tm=0} {len=length($NF);tm=substr($NF,2,len-2)+0} tm>0.5 {print NR " " $0 }' nginx.log

解释：
1、
BEGIN{len=0;tm=0}
在awk开始时，定义变量len和tm
len为字符串长度，tm为响应时间
BEGIN关键字，表示awk命令开时执行一次，不是每行一次，只仅一次。

2、{len=length($NF);tm=substr($NF,2,len-2)+0}

NF为当前行的字段数，awk读入的当前行时，使用空格分隔后的字段数

length()为awk的内置函数，取字符串长度
len=length($NF)表示将最后一个字段的长度，赋值给len

substr()为awk的内置函数，截串
substr($NF,2,len-2)为取字符串"0.0003"中的0.0003，去掉双引号
substr($NF,2,len-2)+0为将字符串0.0003，转为数字0.0003


3、tm>0.5 {print NR " " $0 }
tm>0.5 响应时间超过0.5秒 就打印NR当前行数和$0当前行

 awk  '/responseTime/ { 
 where=match($0,/"responseTime":[[:alnum:]]+/); 
 if(where>0){
 	spend=substr($0,RSTART,RLENGTH); 
 	len=length(spend);
 	where = index(spend,":"); 
 	spend=substr(spend,where+1,len);
 	spend=spend+0;
 	if(spend>10000)
 	print $0;
 	}
 }' \
 somelog.log

[quote]

5
down vote
favorite


I am trying to match a fixed number of digits using curly braces in awkbut I get no result.

# This outputs nothing
echo "123" | awk '/^[0-9]{3}$/ {print $1;}'

# This outputs 123
echo "123" | awk '/^[0-9]+$/ {print $1;}'

Do I need to do something specific to use curly braces?


Mac OS X awk (BSD awk) works with the first command shown:

$ echo "123" | /usr/bin/awk '/^[0-9]{3}$/ {print $1;}'
123
$

GNU awk does not. Adding backslashes doesn't help GNU awk. Using option --re-interval does, and so does using --posix.

$ echo "123" | /usr/gnu/bin/awk --re-interval '/^[0-9]{3}$/ {print $1;}'
123
$ echo "123" | /usr/gnu/bin/awk --posix '/^[0-9]{3}$/ {print $1;}'
123
$

(I'm not sure where mawk 1.3.3 dated 1996 comes from, but it is probably time to get an updated version of awk for your machine.)

[/quote]


[quote]
GNU Awk 3.1.5
Copyright (C) 1989, 1991-2005 Free Software Foundation.

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

[/quote]