“ awk”未按预期处理shell变量

Question

I am working on filtering Specific text from a log file. Problem here is that awk is not processing on shell variable. But working fine on filename. I am storing a new log entry that comes in log file in a shell variable using "new_log=tail -n5 alerts.log" in a loop whenever a new log comes, then ,

Level_no=`awk '{FS="Rule: "}{print $2}' "$new_log" | sed '/^$/d' | awk '{FS=" "}{print $3}' | sed 's/)//g'

Output:

awk: fatal: cannot open file `** Alert 1564460779.1380: mail  - ossec,syscheck
* New Log starts from ** Alert 1564460779.1380: mail  - ossec,syscheck *`

Above mentioned command works well when I run it in terminal using filename instead of shell variable as follows:

awk '{FS="Rule: "}{print $2}' logs_mining | sed '/^$/d' | awk '{FS=" "}{print $3}' | sed 's/)//g'

But its performance issue if I store new log entry in another file and process from there.

So I researched more and more and came to know about awk variables...here is my shell script..

Level_no=`awk -v var="$new_log" '{FS="Rule: "}{print $2}' var | sed '/^$/d' | awk '{FS=" "}{print $3}' | sed 's/)//g'

Then output says

awk: fatal: cannot open file `var' for reading (No such file or directory)

Actual Result should be Successful execution of awk script.

Answer 1

If new_log contains the data you want to process, not a filename, you need to pipe it to awk . You can do this with a here-string.

Level_no=`awk '{FS="Rule: "}{print $2}' <<<"$new_log" | sed '/^$/d' | awk '{FS=" "}{print $3}' | sed 's/)//g'`

It's also not necessary to pipe the output to sed and another awk , you can do it all in the first script.

Level_no=$(awk -F'Rule: ' '$2 != "" {split($2, a, " "); gsub(/)/, "", a[3]); print a[3]}' <<<"$new_log")

You probably don't need the variable, though, just pipe the output of the command to awk:

Level_no=$(tail -n5 alerts.log | awk -F'Rule: ' '$2 != "" {split($2, a, " "); gsub(/)/, "", a[3]); print a[3]}')