117.151.46.7 - - [16/Dec/2015:09:51:35 +0800] "GET /?from=login HTTP/1.1" 200 28814 "http://login.jiayuan.com/jump/?cb=jVVhbfGW1ygT3wEXtlnJ6M
V-dt9mWUkhCivguqzvCSDod1QsT7a5qxKzCGgAV4VlLmEw-6aXvPfyj7j5XsLUlkU8EYR9ALfdIagR*18OzRGk4GmyEvmQh67cuv3aWin8aPna8jwl621ldQ7tkbHObn9ubgROrIQWY-P
-UiKeI05ICGR84mwOU-U6O7M." "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko QQBrowser/9.2.5748.400" "stadate1=117301800"
 "" "PHPSESSID=b8f30f8a47cb1b2e979844dbc20badfc" "9.464"

如上是日志的格式

1:查找并显示所有状态码为 404 的请求            

awk '($9 ~ /404/)' access.log

2:统计所有状态码为 404 的请求                      

awk '($9 ~ /404/)' access.log | awk '{print $9,$7}'

3:统计出所有响应时间超过 3 秒的日志记录    

awk '($NF > 3){print $0}' access.log

4:查看某一个 IP(例如 202.106.19.100 )访问了哪些页面     

grep ^202.106.19.100 access.log | awk '{print $1,$7}'

5:列出响应时间超过 5 秒的请求                         

awk '($NF > 5){print $0}' access.log | awk -F\" '{print $2}' |sort -n| uniq -c|sort -nr|head -20

6:查看某个时间段 

sed -n '/2015:00:00:15/,/2015:00:01:15/'p access.log

7:cat access.log |awk '$7~/\/?from=login/'|awk -F"\"" '$(NF-1)>9' |more  查看大于9秒的请求

8:cat access.log |awk '$7~/\/?from=login/'|awk -F "\""  '$(NF-1)>= 1&&$(NF-1)<=5' |more 查看1到5秒的请求