案例一
需求:
对nginx的access.log日志分析,要求最近100次请求中状态值不是200的百分比。
日志格式如下:
192.168.123.6 - - [26/May/2015:23:44:21+0800] "GET /get_seller_info&format=json HTTP/1.1" 200 34679"-" "Dalvik/1.6.0 (Linux; U; Android 4.4.4; MX4 ProBuild/KTU84P)" "-" "3.562"
思路:
1、先处理文件,获取所有的状态值,然后取最后100行进行计算
awk -F" |HTTP/1." '{if($10 ~ /^[0-9]/)print $10}' access.log |tail -100|awk '{if($1!=200)S++}END{if(NR<100) print S*100/NR;else print S}''
2、先取文件最后100行,然后取状态值进行计算
tail -100 access.log |awk -F" |HTTP/1." '{if ($10 ~ /^[0-9]/) S[$10]++} END {if(NR<100)print(NR-S[200])/NR;else print (NR-S[200])}'
两种方法效率比较:
第二种方法效率更高
案例二
[gla@test]$ cat t.txt May 24 02:15:01 namenode dnsmasq[28432]: reading /etc/resolv.confMay 24 08:15:01 namenode dnsmasq[28432]: reading /etc/resolv.confMay 24 08:25:01 namenode dnsmasq[28432]: reading /etc/resolv.confMay 24 09:15:01 namenode dnsmasq[28432]: reading /etc/resolv.confMay 24 02:15:01 namenode dnsmasq[28432]: reading /etc/resolv.conf
要求取8点到9点之间的信息
[gla@test]$ awk -F" |:" '{if ($3>=8) if($3<=9) print $0}' t.txtMay 24 08:15:01 namenode dnsmasq[28432]: reading /etc/resolv.confMay 24 08:25:01 namenode dnsmasq[28432]: reading /etc/resolv.confMay 24 09:15:01 namenode dnsmasq[28432]: reading /etc/resolv.conf