-1
我想提取與特定字符串匹配的日誌部分。如何提取與sed,awk,grep如果有匹配的日誌部分
我的日誌文件由一系列HTTP流量(請求/響應)組成。例如:
[2016-11-11 06:52:07.452] [jettyserver-391] 201939 * Server has received a request on thread jettyserver-391
201939 > PUT http://localhost
201939 > Accept: application/json
201939 > Accept-Encoding: gzip
201939 > Content-Type: application/json
201939 > Host: localhost
201939 > Transfer-Encoding: chunked
{
"att1": "WIFI",
"att2": true,
"att3": null,
"country": "CANADA",
"att5": null
}
[2016-11-11 06:52:07.555] [jettyserver-392] 201940 * Server has received a request on thread jettyserver-392
201940 > PUT http://localhost
201940 > Accept: application/json
201940 > Accept-Encoding: gzip
201940 > Content-Type: application/json
201940 > Host: localhost
201940 > Transfer-Encoding: chunked
{
"att1": "ETHERNET",
"att2": true,
"att3": null,
"country": "US",
"att5": null
}
[2016-11-11 06:52:07.557] [jettyserver-391] 201940 * Server responded with a response on thread jettyserver-391
201939 < 200
201939 < Content-Type: application/json
{
"id": 344134
}
[2016-11-11 06:52:07.557] [jettyserver-392] 201940 * Server responded with a response on thread jettyserver-392
201940 < 200
201940 < Content-Type: application/json
{
"id": 344135
}
如果我搜索 「以太網」,我期待着這樣的輸出:現在
[2016-11-11 06:52:07.555] [jettyserver-392] 201940 * Server has received a request on thread jettyserver-392
201940 > PUT http://localhost
201940 > Accept: application/json
201940 > Accept-Encoding: gzip
201940 > Content-Type: application/json
201940 > Host: localhost
201940 > Transfer-Encoding: chunked
{
"att1": "ETHERNET",
"att2": true,
"att3": null,
"country": "US",
"att5": null
}
,我試着用sed,我有半成功:
sed -n '/^\[/{x;/ETHERNET/{p;d}};/ETHERNET/H' test2
我有這樣的輸出...
[2016-11-11 06:52:07.555] [jettyserver-392] 201940 * Server has received a request on thread jettyserver-392
"att1": "ETHERNET",
在此先感謝您的幫助!
試'的awk -v RS = '/ ETHERNET /''..我覺得這是一個重複的 – Sundeep
@Sundeep謝謝,這就是答案。 – legege
你真的想在任何可以出現在記錄中的地方匹配正則表達式(例如'/ ETHERNET /'),或者當特定字段具有特定字符串值時(例如'att1 ==「ETHERNET」''),你真的只想匹配嗎? ? –