堆栈内存溢出
  简体   繁体   English

使用命令行按 key=value 字段对日志文件进行排序

[英]Sort log file by a key=value field using command line

 原文  2018-09-12 06:43:26       linux/ bash/ sorting

问题描述

I have some gigabytes of logs and I'm trying to track worst execution times of a given method, So I used grep to filter the lines that matters我有几 GB 的日志,我正在尝试跟踪给定方法的最差执行时间,所以我使用 grep 来过滤重要的行

$ grep "m=a" /var/log/syslog* 
Sep 12 05:14:00 host1[716]: 2018-09-12 05:14:00.076 [MessageBroker-2] INF 1 com.acme m=a h_status=success, h_time=51, msg=some message
Sep 11 20:00:00 host1[716]: 2018-09-11 20:00:00.389 [MessageBroker-2] INF 1 com.acme m=a h_status=success, h_time=54, msg=some message
Sep 12 04:42:00 host1[716]: 2018-09-12 04:42:00.682 [MessageBroker-2] INF 1 com.acme m=a h_status=success, h_time=77, msg=some message
Sep 12 05:15:02 host1[716]: 2018-09-12 05:15:02.536 [Test worker    ] INF 2 com.acme m=a h_status=success, h_time=8, msg=some message

Now I want to sort this file in a desc order to get lines with the highest h_time field values.现在我想以降序对这个文件进行排序,以获得具有最高h_time字段值的行。 I tried to do that using sort but I have no success because I'm not getting how to extract h_time field value.我尝试使用 sort 来做到这一点,但没有成功,因为我不知道如何提取 h_time 字段值。

I searched how to use custom separators to identify custom fields using sort and foundthis and this anwser, no success.我搜索了如何使用自定义分隔符来使用排序来识别自定义字段,发现这个这个anwser,没有成功。

How can I sort these lines in a desc order by a h_time field using some command line tool using a as simple as possible syntax?如何使用一些命令行工具使用尽可能简单的语法按 h_time 字段按降序对这些行进行排序?

1 个解决方案

解决方案1
 0  2018-09-12 07:01:39

You could do something like this.你可以做这样的事情。 First use perl regex to replace and bring the numeric value at first as shown below then sort it.首先使用 perl regex 替换并首先引入数值,如下所示,然后对其进行排序。 This way you can even display only the required information.这样您甚至可以只显示所需的信息。

perl -pe 's/(.+)(h_time=\d+, )(.+)/\2\1\3/g' log | sort -V

Which gives:这使:

h_time=51, Sep 12 05:14:00 host1[716]: 2018-09-12 05:14:00.076 [MessageBroker-2] INF 1 com.acme l=35 h_status=success, msg=some message
h_time=54, Sep 11 20:00:00 host1[716]: 2018-09-11 20:00:00.389 [MessageBroker-2] INF 1 com.acme l=35 h_status=success, msg=some message
h_time=77, Sep 12 04:42:00 host1[716]: 2018-09-12 04:42:00.682 [MessageBroker-2] INF 1 com.acme l=35 h_status=success, msg=some message
h_time=8, Sep 12 05:15:02 host1[716]: 2018-09-12 05:15:02.536 [Test worker    ] INF 2 com.acme l=35 h_status=success, msg=some message

Or if you want only some information:或者,如果您只想要一些信息:

perl -pe 's/(\w+ \d+ [\d:]+).+\[(.+)].+h_time=(\d+), .+/\3 ms\t\2\t\t\1/g' log | sort -V

Which gives:这使:

8 ms    Test worker             Sep 12 05:15:02
51 ms   MessageBroker-2         Sep 12 05:14:00
54 ms   MessageBroker-2         Sep 11 20:00:00
77 ms   MessageBroker-2         Sep 12 04:42:00

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用sort命令仅通过Linux中的第一个字段对日志文件进行排序? - How can I use sort command to sort the log file only by the first field in Linux? 是否可以使用Linux sort命令对每行末尾的数字进行大型文本文件的排序? - Is it possible to sort a huge text file using Linux sort command by a number at the end of each line? 命令行上日志文件中时间的分箱直方图 - Binned histogram of timings in log file on command line 使用sed命令更新配置文件的键值时出现问题 - Trouble with using sed command to update key value of config file 使用行字段的命令输出命令 - Order command output using line field 使用sed Linux命令清理日志文件 - Clean a log file using sed Linux command 想在此时间戳上使用排序命令对我的日志文件进行排序2019-06-29T12:39:23.428Z但由于存在多个分界符而感到困惑 - want to sort my log file on this timestamp 2019-06-29T12:39:23.428Z using sort command but confused as there are multiple delimeter 命令行:监视日志文件并将数据添加到数据库 - Command line: monitor log file and add data to database Bash:按字节顺序区分大小写的排序命令或使用python sort命令对文本文件进行排序 - Bash: Sort text file by bytewise case sensitive sort command or using python sort command 使用命令行转换Apache日志日期时间格式 - Convert Apache Log Datetime Format Using Command Line
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM