使用awk为日志添加字段

今天在工作中遇到 要在nginx 日志中添加一个字段，记录在此以备日后查看

原日志 格式：

202.113.215.229 - - [16/Jun/2012:07:14:12 +0800] "GET http://test.english.com/_imgs/mail/ee2/EFSchools/V3/296x197/London_city_EE.jpg HTTP/1.1" 304 270 "http://memberscn.englishtown.com/community/home/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; KB974489)" TCP_IMS_HIT:NONE

60.21.141.104 - - [17/Jun/2012:00:04:43 +0800] "GET http://www.huiping.com/haoyoudaot.html HTTP/1.1" 200 50596  "-" 3 "-" TCP_MEM_HIT:NONE

需要在原日志 流量字段“270”后添加一个字段

我使用awk 进行判断 请看命令：

cat test.log| awk '{split($0,str,"]");split(str[2],s," ");if(s[6] ~ "\"http"){gsub(/\"http/,"3 \"http",$0);print}else if (s[6] ~ "\"-"){gsub(/\"-/,"3 \"-",$0);print}else{print $0}}' > filename.log

添加后日志格式
202.113.215.229 - - [16/Jun/2012:07:14:12 +0800] "GET  http://test.english.com/_imgs/mail/ee2/EFSchools/V3/296x197/London_city_EE.jpg  HTTP/1.1" 304 270 3 "http://memberscn.englishtown.com/community/home/"  "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  KB974489)" TCP_IMS_HIT:NONE

60.21.141.104 - - [17/Jun/2012:00:04:43 +0800] "GET  http://www.huiping.com/haoyoudaot.html HTTP/1.1" 200 50596 3 "-" 3 "-"  TCP_MEM_HIT:NONE

转载于:https://blog.51cto.com/hobbylinux/902719