1.结合 if else 条件判断的使用
[root@lab1 ~]# awk -F: '{if($3>=1000) print $1,$3}' /etc/passwd | head -5测试输出uid大于1000的相关信息。awk -F: '{if($3>=1000) {printf "Common user: %s\n",$1} else {printf "root or sysuser: %s\n",$1}}' /etc/passwd | head -5测试增加条件判断的输出。awk -F: '{if($NF=="/bin/bash") print $1}' /etc/passwd | head -5测试指定条件匹配的输出。awk '{if(NF>5) print $0}' /etc/fstab测试字符数量比较的输出。df -h查看设备信息。df -h | awk -F[%] '/^\/dev/{print $1}' | awk '{if($NF>=10) print $1}'将使用率大于10%的设备名称输出。
[root@lab1 ~]# awk -F: '{if($3>=1000) print $1,$3}' /etc/passwd | head -5
student 1000
user1 1001
user2 1002
user4 1004
user6 1006
[root@lab1 ~]# awk -F: '{if($3>=1000) {printf "Common user: %s\n",$1} else {printf "root or sysuser: %s\n",$1}}' /etc/passwd | head -5
root or sysuser: root
root or sysuser: bin
root or sysuser: daemon
root or sysuser: adm
root or sysuser: lp
[root@lab1 ~]# awk -F: '{if($NF=="/bin/bash") print $1}' /etc/passwd | head -5
root
student
user1
user2
user4
[root@lab1 ~]# awk '{if(NF>5) print $0}' /etc/fstab
# Created by anaconda on Wed Dec 5 07:16:07 2018
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
/dev/mapper/centos-root / xfs defaults 0 0
UUID=0ee0448e-a0b8-4ade-8236-620c46e00461 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@lab1 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 17G 1.9G 16G 12% /
devtmpfs 901M 0 901M 0% /dev
tmpfs 912M 0 912M 0% /dev/shm
tmpfs 912M 8.6M 904M 1% /run
tmpfs 912M 0 912M 0% /sys/fs/cgroup
/dev/sda1 1014M 143M 872M 15% /boot
tmpfs 183M 0 183M 0% /run/user/0
[root@lab1 ~]# df -h | awk -F[%] '/^\/dev/{print $1}' | awk '{if($NF>=10) print $1}'
/dev/mapper/centos-root
/dev/sda1
2.结合while循环的使用
awk '/^[[:space:]]*linux/{print}' /etc/grub2.cfg查看准备用于测试的行。awk '/^[[:space:]]*linux/{i=1;while(i<NF) {print $i,length($i); i++}}' /etc/grub2.cfg切片输出并统计字符数。awk '/^[[:space:]]*linux/{i=1;while(i<NF) {if(length($i)>=7) {print $i,length($i)}; i++}}' /etc/grub2.cfg结合if条件判断筛选出要求字符数的切片并输出。(这里while循环也可能1次都不执行,还有do while循环保证至少执行1次,不再这里进行详细演示)
[root@lab1 ~]# awk '/^[[:space:]]*linux/{print}' /etc/grub2.cfg
linux16 /vmlinuz-3.10.0-693.el7.x86_64 root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet LANG=en_US.UTF-8
linux16 /vmlinuz-0-rescue-142b0d8c668f4109b71e3ceff1ee2153 root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet
[root@lab1 ~]# awk '/^[[:space:]]*linux/{i=1;while(i<NF) {print $i,length($i); i++}}' /etc/grub2.cfg
linux16 7
/vmlinuz-3.10.0-693.el7.x86_64 30
root=/dev/mapper/centos-root 28
ro 2
crashkernel=auto 16
rd.lvm.lv=centos/root 21
rd.lvm.lv=centos/swap 21
rhgb 4
quiet 5
linux16 7
/vmlinuz-0-rescue-142b0d8c668f4109b71e3ceff1ee2153 50
root=/dev/mapper/centos-root 28
ro 2
crashkernel=auto 16
rd.lvm.lv=centos/root 21
rd.lvm.lv=centos/swap 21
rhgb 4
[root@lab1 ~]# awk '/^[[:space:]]*linux/{i=1;while(i<NF) {if(length($i)>=7) {print $i,length($i)}; i++}}' /etc/grub2.cfg
linux16 7
/vmlinuz-3.10.0-693.el7.x86_64 30
root=/dev/mapper/centos-root 28
crashkernel=auto 16
rd.lvm.lv=centos/root 21
rd.lvm.lv=centos/swap 21
linux16 7
/vmlinuz-0-rescue-142b0d8c668f4109b71e3ceff1ee2153 50
root=/dev/mapper/centos-root 28
crashkernel=auto 16
rd.lvm.lv=centos/root 21
rd.lvm.lv=centos/swap 21
3.结合 for 循环的使用
[root@lab1 ~]# awk '/^[[:space:]]*linux16/{for(i=1;i<NF;i++) {print $i,length($i)}}' /etc/grub2.cfg
linux16 7
/vmlinuz-3.10.0-693.el7.x86_64 30
root=/dev/mapper/centos-root 28
ro 2
crashkernel=auto 16
rd.lvm.lv=centos/root 21
rd.lvm.lv=centos/swap 21
rhgb 4
quiet 5
linux16 7
/vmlinuz-0-rescue-142b0d8c668f4109b71e3ceff1ee2153 50
root=/dev/mapper/centos-root 28
ro 2
crashkernel=auto 16
rd.lvm.lv=centos/root 21
rd.lvm.lv=centos/swap 21
rhgb 4
4.结合 next 的使用
awk -F: '{if($3%2!=0) next; print $1,$3}' /etc/passwd | head -5判断uid如果不是偶数直接进入下一行的处理,如果是偶数则输出第一个参数和第三个参数。(注意:continue用于在行间不同字段间的处理,next用于不同行间的处理)
[root@lab1 ~]# awk -F: '{if($3%2!=0) next; print $1,$3}' /etc/passwd | head -5
root 0
daemon 2
lp 4
shutdown 6
mail 8
5.关于数组的使用
awk 'BEGIN{weekdays["mon"]="Monday";weekdays["tue"]="Tuesday";print weekdays["mon"]}'给数组赋值并输出(注意:这里字符串需要使用双引号)。awk 'BEGIN{weekdays["mon"]="Monday";weekdays["tue"]="Tuesday";print weekdays["tue"]}'输出另一个值。awk 'BEGIN{weekdays["mon"]="Monday";weekdays["tue"]="Tuesday";for(i in weekdays) {print weekdays[i]}}'结合for循环对数组进行遍历(注意:这里i是对索引的遍历而不是对值的遍历)。awk 'BEGIN{weekdays["mon"]="Monday";weekdays["tue"]="Tuesday";for(i in weekdays) {print i}}'查看遍历值。
[root@lab1 ~]# awk 'BEGIN{weekdays["mon"]="Monday";weekdays["tue"]="Tuesday";print weekdays["mon"]}'
Monday
[root@lab1 ~]# awk 'BEGIN{weekdays["mon"]="Monday";weekdays["tue"]="Tuesday";print weekdays["tue"]}'
Tuesday
[root@lab1 ~]# awk 'BEGIN{weekdays["mon"]="Monday";weekdays["tue"]="Tuesday";for(i in weekdays) {print weekdays[i]}}'
Tuesday
Monday
[root@lab1 ~]# awk 'BEGIN{weekdays["mon"]="Monday";weekdays["tue"]="Tuesday";for(i in weekdays) {print i}}'
tue
mon
6.关于统计词频
netstat -tan查看测试的数据。netstat -tan | awk '/^tcp\>/{print}'进行切片测试。netstat -tan | awk '/^tcp\>/{state[$NF]++}END{for(i in state) { print i,state[i]}}'将需要统计的词频输出。netstat -tan确认数据已经更新(可以自己进行httpd访问等操作,这里比较简单不详细演示)。netstat -tan | awk '/^tcp\>/{state[$NF]++}END{for(i in state) { print i,state[i]}}'再次测试发现数据输出也进行了更新。tail /var/log/httpd/access_log查看测试数据。awk '{ip[$1]++}END{for(i in ip) {print i,ip[i]}}' /var/log/httpd/access_log对统计的词频进行输出。
[root@lab1 ~]# netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 52 172.20.0.131:22 172.20.0.1:58480 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
[root@lab1 ~]# netstat -tan | awk '/^tcp\>/{print}'
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 52 172.20.0.131:22 172.20.0.1:58480 ESTABLISHED
[root@lab1 ~]# netstat -tan | awk '/^tcp\>/{state[$NF]++}END{for(i in state) { print i,state[i]}}'
LISTEN 2
ESTABLISHED 1
[root@lab1 ~]# netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 52 172.20.0.131:22 172.20.0.1:58480 ESTABLISHED
tcp 0 0 172.20.0.131:35334 172.20.0.131:80 TIME_WAIT
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
[root@lab1 ~]# netstat -tan | awk '/^tcp\>/{state[$NF]++}END{for(i in state) { print i,state[i]}}'
LISTEN 2
ESTABLISHED 1
TIME_WAIT 1
[root@lab1 ~]# tail /var/log/httpd/access_log
172.20.0.131 - - [13/Jan/2019:05:26:10 -0500] "GET / HTTP/1.1" 403 4897 "-" "curl/7.29.0"
172.20.0.131 - - [13/Jan/2019:05:28:22 -0500] "GET / HTTP/1.1" 403 4897 "-" "curl/7.29.0"
172.20.0.131 - - [13/Jan/2019:05:28:33 -0500] "GET / HTTP/1.1" 403 4897 "-" "curl/7.29.0"
172.20.0.131 - - [13/Jan/2019:05:28:35 -0500] "GET / HTTP/1.1" 403 4897 "-" "curl/7.29.0"
172.20.0.131 - - [13/Jan/2019:05:28:36 -0500] "GET / HTTP/1.1" 403 4897 "-" "curl/7.29.0"
172.20.0.131 - - [13/Jan/2019:05:28:37 -0500] "GET / HTTP/1.1" 403 4897 "-" "curl/7.29.0"
[root@lab1 ~]# awk '{ip[$1]++}END{for(i in ip) {print i,ip[i]}}' /var/log/httpd/access_log
172.20.0.131 6
7.数组使用的实例
统计文件中每个文件系统类型出现的次数。
cat /etc/fstab查看测试的文件。awk '/^UUID/{fs[$3]++}END{for(i in fs) {print i,fs[i]}}' /etc/fstab针对UUID切片并输出。 awk '/^\/dev/{fs[$3]++}END{for(i in fs) {print i,fs[i]}}' /etc/fstab针对dev切片输出。
[root@lab1 ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Wed Dec 5 07:16:07 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=0ee0448e-a0b8-4ade-8236-620c46e00461 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@lab1 ~]# awk '/^UUID/{fs[$3]++}END{for(i in fs) {print i,fs[i]}}' /etc/fstab
xfs 1
[root@lab1 ~]# awk '/^\/dev/{fs[$3]++}END{for(i in fs) {print i,fs[i]}}' /etc/fstab
swap 1
xfs 1
统计文件中每个单词出现的频率
awk '{for(i=1;i<=NF;i++){count[$i]++}}END{for(i in count) {print i,count[i]}}' /etc/fstab还是针对刚才的文件,以空格为分隔符(默认分隔符,也可以自定义,前面讲过,这里对于更复杂的不在这里详细演示,这里只是对简单概念理解的演示)进行切片后输出。
[root@lab1 ~]# awk '{for(i=1;i<=NF;i++){count[$i]++}}END{for(i in count) {print i,count[i]}}' /etc/fstab
swap 2
fstab(5), 1
filesystems, 1
2018 1
07:16:07 1
on 1
/etc/fstab 1
5 1
/boot 1
UUID=0ee0448e-a0b8-4ade-8236-620c46e00461 1
more 1
mount(8) 1
pages 1
'/dev/disk' 1
/dev/mapper/centos-swap 1
blkid(8) 1
See 1
/dev/mapper/centos-root 1
for 1
and/or 1
Dec 1
anaconda 1
/ 1
findfs(8), 1
under 1
Created 1
0 6
info 1
Accessible 1
# 7
defaults 3
xfs 2
man 1
are 1
reference, 1
by 2
maintained 1
Wed 1
8.关于函数的使用
netstat -tan查看测试数据。netstat -tan | awk '/^tcp\>/{print $0}'切片测试。ab -c 100 -n 1000 http://172.20.0.131/index.html访问模拟测试。netstat -tan | awk '/^tcp\>/{print $0}'切片测试。netstat -tan | awk '/^tcp\>/{print $0}'切片测试。ab -c 100 -n 1000 http://172.20.0.131/index.html访问模拟测试(模拟更新)。netstat -tan | awk '/^tcp\>/{print $0}'切片测试(模拟更新)。netstat -tan | awk '/^tcp\>/{split($5,ip,":");print ip[1]}'切片输出。netstat -tan | awk '/^tcp\>/{split($5,ip,":");count[ip[1]]++}END{for (i in count) {print i,count[i]}}'频率统计输出(这里按行切片,对于每行的第5个切片,以冒号为分隔符再次进行切片,并将切片放入ip数组,然后取ip数组的第1个切片进行词频统计)。
[root@lab1 ~]# netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 52 172.20.0.131:22 172.20.0.1:58480 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
[root@lab1 ~]# netstat -tan | awk '/^tcp\>/{print $0}'
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 52 172.20.0.131:22 172.20.0.1:58480 ESTABLISHED
[root@lab1 ~]# ab -c 100 -n 1000 http://172.20.0.131/index.html
[root@lab1 ~]# netstat -tan | awk '/^tcp\>/{print $0}'
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 52 172.20.0.131:22 172.20.0.1:58480 ESTABLISHED
tcp 0 0 172.20.0.131:37346 172.20.0.131:80 TIME_WAIT
tcp 0 0 172.20.0.131:37348 172.20.0.131:80 TIME_WAIT
[root@lab1 ~]# ab -c 100 -n 1000 http://172.20.0.131/index.html
[root@lab1 ~]# netstat -tan | awk '/^tcp\>/{print $0}'
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 172.20.0.131:22 172.20.0.1:58480 ESTABLISHED
tcp 0 52 172.20.0.131:22 172.20.0.1:50769 ESTABLISHED
tcp 0 0 172.20.0.131:39350 172.20.0.131:80 TIME_WAIT
[root@lab1 ~]# netstat -tan | awk '/^tcp\>/{split($5,ip,":");print ip[1]}'
0.0.0.0
0.0.0.0
172.20.0.1
172.20.0.1
[root@lab1 ~]# netstat -tan | awk '/^tcp\>/{split($5,ip,":");count[ip[1]]++}END{for (i in count) {print i,count[i]}}'
0.0.0.0 2
172.20.0.1 2