awk = “Aho Weiberger and Kernighan” 三个作者的姓的第一个字母
awk 是 Linux 下的一个命令,同时也是一种语言解析引擎
awk 具备完整的编程特性。比如执行命令,网络请求等
精通 awk,是一个 Linux 工作者的必备技能
语法:awk ‘pattern{action}’
awk pattern语法
- awk 理论上可以代替 grep
- awk ‘pattern{action}’ ,默认以空格分隔 大括号外代表正则,大括号内代表动作,多个动作可以写多个大括号,但必须在一个‘’内
常用内置变量
FS 设置输入域分隔符,等价于命令行 -F选项 NF 浏览记录的域的个数(列数) NR 已读的记录数(行数)
ARGC 命令行参数个数
OFS 输出域分隔符
ORS 输出记录分隔符
RS 控制记录分隔符
ARGV 命令行参数排列
ENVIRON 支持队列中系统环境变量的使用
FILENAME awk浏览的文件名
FNR 浏览文件的记录数
awk ‘BBEGIN{}END{}’ 开始和结束
awk ‘/Running/’ 正则匹配
awk ‘/aa/,/bb/’ 区间选择
awk ‘$2~/xxx/’ 字段匹配,这里指从第2个字段开始匹配包含xxx内容的行
awk ’NR==2’ 取第二行
awk ’NR>1’ 去掉第一行
awk的字段数据处理
- -F 参数指定字段分隔符
- BEGIN{FS=‘_’} 也可以表示分隔符
$0 代表原来的行
$1 代表第一个字段
$N 代表第N个字段
$NF 代表最后一个字段一个例子
chenshifengdeMacBook-Pro:~ chenshifeng$ echo "111 222|333 444|555 666"|awk 'BEGIN{RS="|"}{print $0}' 111 222 333 444 555 666
下面以一个在nginx.log中查找返回状态码非200的请求响应数目的需求为例,演示awk的基础用法
有一份nginx.log文件,打开后内容格式如下:
220.181.108.111 - - [05/Dec/2018:00:11:42 +0000] "GET /topics/15225/show_wechat HTTP/1.1" 200 1684 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" 0.029 0.029 . 216.244.66.241 - - [05/Dec/2018:00:11:42 +0000] "GET /topics/10052/replies/85845/reply_suggest HTTP/1.1" 301 5 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com)" 0.016 0.016 . 216.244.66.241 - - [05/Dec/2018:00:11:42 +0000] "GET /topics/10040?order_by=created_at HTTP/1.1" 301 5 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com)" 0.002 0.002 . 216.244.66.241 - - [05/Dec/2018:00:11:42 +0000] "GET /topics/10043/replies/85544/reply_suggest HTTP/1.1" 301 5 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com)" 0.001 0.001 . 216.244.66.241 - - [05/Dec/2018:00:11:44 +0000] "GET /topics/10075/replies/89029/edit HTTP/1.1" 301 5 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com)" 0.001 0.001 . 216.244.66.241 - - [05/Dec/2018:00:11:44 +0000] "GET /topics/10075/replies/89631/edit HTTP/1.1" 301 5 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com)" 0.001 0.001 . 216.244.66.241 - - [05/Dec/2018:00:11:45 +0000] "GET /topics/10075?order_by=created_at HTTP/1.1" 301 5 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com)" 0.000 0.000 . 216.244.66.241 - - [05/Dec/2018:00:11:45 +0000] "GET /topics/10075?order_by=like HTTP/1.1" 301 5 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com)" 0.001 0.001 . 223.71.41.98 - - [05/Dec/2018:00:11:46 +0000] "GET /cable HTTP/1.1" 101 60749 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0" 2608.898 2608.898 . 113.87.161.17 - - [05/Dec/2018:00:11:39 +0000] "GET /cable HTTP/1.1" 101 3038 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36" 112.418 112.418 . 216.244.66.241 - - [05/Dec/2018:00:11:46 +0000] "GET /topics/10079/replies/119591/edit HTTP/1.1" 301 5 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com)" 0.001 0.001 . 216.244.66.241 - - [05/Dec/2018:00:11:46 +0000] "GET /topics/10089?locale=zh-TW HTTP/1.1" 301 5 "-" "Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com)" 0.002 0.002 .
观察log内容,可以发现,以空格为分隔符,状态码在第九个字段位置;这里我们用awk命令从第九个字段位置开始匹配非200的状态码并打印出来。命令:
chenshifengdeMacBook-Pro:~ chenshifeng$
301
301
301
301
301
301
301
301
......#剩余部分省略
再对取出的数据进行排序->去重->按数字的倒叙进行排列。命令:
awk '$9!~/200/{print $9}' nginx.log | sort | uniq -c | sort -nr
命令含义:
sort: 按从小到大进行排序
uniq -c :去重(相邻)
-nr: 按数字进行倒叙排序
-n:按数字进行排序
结果展示:
chenshifengdeMacBook-Pro:~ chenshifeng$ awk '$9!~/200/{print $9}' nginx.log | sort | uniq -c | sort -nr 433 101 304 301 266 404 152 302 7 401 5 304 2 499 2 422 1 500
再结合 awk ‘BBEGIN{}END{}’ 命令,以统计当前用户数目的例子来展示命令用法
使用 cat /etc/passwd 命令来查看本机用户,我们需要提取出用户名称并加上数字序号显示出来,达到这种效果:
1 nobody2 root
3 daemon
4 _uucp
5 _taskgated
6 _networkd
7 _installassistant
8 _lp
9 _postfix
......
用户信息:
chenshifengdeMacBook-Pro:~ chenshifeng$ cat /etc/passwd ## # User Database # # Note that this file is consulted directly only when the system is running # in single-user mode. At other times this information is provided by # Open Directory. # # See the opendirectoryd(8) man page for additional information about # Open Directory. ## nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false root:*:0:0:System Administrator:/var/root:/bin/sh daemon:*:1:1:System Services:/var/root:/usr/bin/false _uucp:*:4:4:Unix to Unix Copy Protocol:/var/spool/uucp:/usr/sbin/uucico _taskgated:*:13:13:Task Gate Daemon:/var/empty:/usr/bin/false _networkd:*:24:24:Network Services:/var/networkd:/usr/bin/false _installassistant:*:25:25:Install Assistant:/var/empty:/usr/bin/false _lp:*:26:26:Printing Services:/var/spool/cups:/usr/bin/false _postfix:*:27:27:Postfix Mail Server:/var/spool/postfix:/usr/bin/false _scsd:*:31:31:Service Configuration Service:/var/empty:/usr/bin/false _ces:*:32:32:Certificate Enrollment Service:/var/empty:/usr/bin/false _appstore:*:33:33:Mac App Store Service:/var/db/appstore:/usr/bin/false _mcxalr:*:54:54:MCX AppLaunch:/var/empty:/usr/bin/false _appleevents:*:55:55:AppleEvents Daemon:/var/empty:/usr/bin/false _geod:*:56:56:Geo Services Daemon:/var/db/geod:/usr/bin/false _devdocs:*:59:59:Developer Documentation:/var/empty:/usr/bin/false......省略
思路:
* 利用sed删除前10行注释
* 利用awk将取出第一列用户及行数;
* 注意:cat /etc/passwd打印出的结果中,最上方的注释需要处理跳过chenshifengdeMacBook-Pro:~ chenshifeng$ sed '1,10d' /etc/passwd| awk -F ':' '{print NR,$1}' 1 nobody 2 root 3 daemon 4 _uucp 5 _taskgated 6 _networkd 7 _installassistant 8 _lp 9 _postfix 10 _scsd 11 _ces 12 _appstore 13 _mcxalr 14 _appleevents .......
有如下文件,该文件为微信朋友圈页面文件
<node index="0" text="随风" resource-id="com.tencent.mm:id/e3x" class="android.widget.TextView" package="com.tencent.mm" content-desc="" checkable="false" checked="false" clickable="false" enabled="true" focusable="false" focused="false" scrollable="false" long-clickable="false" password="false" selected="false" bounds="[166,743][1040,805]" /></node> <node index="1" text="哈哈哈哈哈哈" resource-id="com.tencent.mm:id/b_e" class="android.widget.LinearLayout" package="com.tencent.mm" content-desc="" checkable="false" checked="false" clickable="true" enabled="true" focusable="true" focused="false" scrollable="false" long-clickable="false" password="false" selected="false" bounds="[166,813][1048,867]">
提取用户名和所发的朋友圈
$ demo='<node index="0" text="随风" resource-id="com.tencent.mm:id/e3x" class="android.widget.TextView" package="com.tencent.mm" content-desc="" checkable="false" checked="false" clickable="false" enabled="true" focusable="false" focused="false" scrollable="false" long-clickable="false" password="false" selected="false" bounds="[166,743][1040,805]" /></node> > <node index="1" text="哈哈哈哈哈哈" resource-id="com.tencent.mm:id/b_e" class="android.widget.LinearLayout" package="com.tencent.mm" content-desc="" checkable="false" checked="false" clickable="true" enabled="true" focusable="true" focused="false" scrollable="false" long-clickable="false" password="false" selected="false" bounds="[166,813][1048,867]">' $ echo $demo|sed 's#><#>|<#g' |awk 'BEGIN{RS="|"}{print $0}' |awk -F" 'BEGIN{OFS=" "}/e3x/{name=$4}/b_e/{msg=$4;print name,"|",msg}' 随风 | 哈哈哈哈哈哈