案例一
需求:
對nginx的access.log日誌分析,要求最近100次請求中狀態值不是200的百分比。
日誌格式如下:
192.168.123.6 - - [26/May/2015:23:44:21+0800] "GET /get_seller_info&format=json HTTP/1.1" 200 34679"-" "Dalvik/1.6.0 (Linux; U; Android 4.4.4; MX4 ProBuild/KTU84P)" "-" "3.562"
思路:
1、先處理文件,獲取所有的狀態值,然後取最後100行進行計算
awk -F" |HTTP/1." '{if($10 ~ /^[0-9]/)print $10}' access.log |tail -100|awk '{if($1!=200)S++}END{if(NR<100) print S*100/NR;else print S}''
2、先取文件最後100行,然後取狀態值進行計算
tail -100 access.log |awk -F" |HTTP/1." '{if ($10 ~ /^[0-9]/) S[$10]++} END {if(NR<100)print(NR-S[200])/NR;else print (NR-S[200])}'
兩種方法效率比較:
第二種方法效率更高
案例二
[gla@test]$ cat t.txt May 24 02:15:01 namenode dnsmasq[28432]: reading /etc/resolv.conf May 24 08:15:01 namenode dnsmasq[28432]: reading /etc/resolv.conf May 24 08:25:01 namenode dnsmasq[28432]: reading /etc/resolv.conf May 24 09:15:01 namenode dnsmasq[28432]: reading /etc/resolv.conf May 24 02:15:01 namenode dnsmasq[28432]: reading /etc/resolv.conf
要求取8點到9點之間的信息
[gla@test]$ awk -F" |:" '{if ($3>=8) if($3<=9) print $0}' t.txt May 24 08:15:01 namenode dnsmasq[28432]: reading /etc/resolv.conf May 24 08:25:01 namenode dnsmasq[28432]: reading /etc/resolv.conf May 24 09:15:01 namenode dnsmasq[28432]: reading /etc/resolv.conf