Awk
使用 AWK 組合兩個輸出
我有一個 bash 命令(在 macOS High Sierra 上):
sudo cat /private/var/log/system.log*| awk 'BEGIN {print "\n"} {print "Month\tDay\tTime\t\tSystemMessage"} /SHUTDOWN_TIME/{print $1,$2,$3,$8}'|sort -M|uniq|column -t輸出:
Month Day Time SystemMessage Mar 30 02:50:56 SHUTDOWN_TIME: Mar 30 13:13:28 SHUTDOWN_TIME: Apr 1 17:27:48 SHUTDOWN_TIME: Apr 1 23:59:37 SHUTDOWN_TIME: Apr 10 17:08:10 SHUTDOWN_TIME: Apr 10 22:59:13 SHUTDOWN_TIME: Apr 11 19:13:43 SHUTDOWN_TIME: Apr 2 16:33:50 SHUTDOWN_TIME: Apr 3 00:13:58 SHUTDOWN_TIME: Apr 3 16:54:22 SHUTDOWN_TIME: Apr 3 23:36:55 SHUTDOWN_TIME: Apr 4 17:00:40 SHUTDOWN_TIME: Apr 5 17:00:50 SHUTDOWN_TIME: Apr 8 17:41:18 SHUTDOWN_TIME: Apr 8 23:41:05 SHUTDOWN_TIME: Apr 9 17:19:33 SHUTDOWN_TIME: Apr 9 23:23:18 SHUTDOWN_TIME:雖然我有另一個 bash 命令設置為:
sudo cat /private/var/log/system.log*| awk 'BEGIN {print "\n"} {print "Month\tDay\tTime\t\tSystemMessage"} /BOOT_TIME/{print $1,$2,$3,$6}'|sort -M|uniq|column -t輸出:
Month Day Time SystemMessage Mar 30 12:37:12 BOOT_TIME Apr 1 10:09:12 BOOT_TIME Apr 1 21:45:41 BOOT_TIME Apr 10 09:38:12 BOOT_TIME Apr 10 19:53:06 BOOT_TIME Apr 11 12:02:02 BOOT_TIME Apr 12 09:33:21 BOOT_TIME Apr 2 10:19:19 BOOT_TIME Apr 2 22:54:34 BOOT_TIME Apr 3 09:56:02 BOOT_TIME Apr 3 21:09:25 BOOT_TIME Apr 4 10:00:42 BOOT_TIME Apr 5 10:09:17 BOOT_TIME Apr 8 09:47:02 BOOT_TIME Apr 8 21:21:34 BOOT_TIME Apr 9 09:34:50 BOOT_TIME Apr 9 21:16:49 BOOT_TIME將這兩個命令結合起來產生如下輸出的最佳方法是什麼:
Month Day Time SystemMessage Mar 30 12:37:12 BOOT_TIME Mar 30 02:50:56 SHUTDOWN_TIME第一個命令的輸出在每行末尾都有一個“:”,如何從輸出中刪除這些?
將輸出保存在 2 個文件中並使用以下命令來實現上述結果
cat file1 file2|sed '/Month/d'| sed "s/:$//g"| sed '1i Month Day Time SystemMessage' Month Day Time SystemMessage Mar 30 02:50:56 SHUTDOWN_TIME Mar 30 13:13:28 SHUTDOWN_TIME Apr 1 17:27:48 SHUTDOWN_TIME Apr 1 23:59:37 SHUTDOWN_TIME Apr 10 17:08:10 SHUTDOWN_TIME Apr 10 22:59:13 SHUTDOWN_TIME Apr 11 19:13:43 SHUTDOWN_TIME Apr 2 16:33:50 SHUTDOWN_TIME Apr 3 00:13:58 SHUTDOWN_TIME Apr 3 16:54:22 SHUTDOWN_TIME Apr 3 23:36:55 SHUTDOWN_TIME Apr 4 17:00:40 SHUTDOWN_TIME Apr 5 17:00:50 SHUTDOWN_TIME Apr 8 17:41:18 SHUTDOWN_TIME Apr 8 23:41:05 SHUTDOWN_TIME Apr 9 17:19:33 SHUTDOWN_TIME Apr 9 23:23:18 SHUTDOWN_TIME Mar 30 12:37:12 BOOT_TIME Apr 1 10:09:12 BOOT_TIME Apr 1 21:45:41 BOOT_TIME Apr 10 09:38:12 BOOT_TIME Apr 10 19:53:06 BOOT_TIME Apr 11 12:02:02 BOOT_TIME Apr 12 09:33:21 BOOT_TIME Apr 2 10:19:19 BOOT_TIME Apr 2 22:54:34 BOOT_TIME Apr 3 09:56:02 BOOT_TIME Apr 3 21:09:25 BOOT_TIME Apr 4 10:00:42 BOOT_TIME Apr 5 10:09:17 BOOT_TIME Apr 8 09:47:02 BOOT_TIME Apr 8 21:21:34 BOOT_TIME Apr 9 09:34:50 BOOT_TIME Apr 9 21:16:49 BOOT_TIME
您可能會執行以下操作來組合它們(未經測試,因為我無法訪問 macOS High Sierra 系統上的日誌,並且我的 Mojave 系統上的日誌消息根本不匹配):
cat /private/var/log/system.log | awk ' BEGIN { OFS="\t"; print "Month", "Day", "Time", "Message" } /SHUTDOWN_TIME/ { sub(":$","",$8); print $1, $2, $3, $8 } /BOOT_TIME/ { print $1, $2, $3, $6 }'刪除第 8 個欄位的
sub()尾隨:(如果存在)。請注意,我只列印一次標題,而您為每一行列印一次。排序也是不必要的,因為日誌文件可能已經按時間排序。
在我的 macOS Mojave 系統上,其他
system.log*文件是壓縮的,這意味著您不能使用cat將它們的內容髮送到awk. 你會zcat在這些上使用。作為系統上的管理員使用者,我也不必使用sudo閱讀日誌。