使用 sed 或 grep 进行日志解析
我想从这种日志中获取数据。
11 月 12 日 13:46:14 首页 cxxd[8892]: 208 11/12 13:46:14| qc=IN (1)、qt=A (1)、query="www.yahoo.com。"
实现了这个,它给了我 URL。但不适用于“TAIL -F”,以便我可以仅实时监控网址。
尾-100 /var/log/system.log | grep“查询=”| sed -e "s/.*query=//" | sed -e "s/.*query=//" | sed -e "s/\"//g" | sed -e "s/.$/ /"
请建议或增强
I want to grab data from this kind of log.
Nov 12 13:46:14 Home cxxd[8892]: 208 11/12 13:46:14| qc=IN (1), qt=A (1), query="www.yahoo.com."
Implemented this which gives me the URL. But does not work with "TAIL -F" so that I could monitor live just the urls.
tail -100 /var/log/system.log | grep "query=" | sed -e "s/.*query=//" | sed -e "s/\"//g" | sed -e "s/.$/ /"
Please suggest or enhance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我希望您的多个
sed脚本确实可以使用tail -F输出,只是不符合您的预期。C 标准 IO 库将执行缓冲以提高性能。 IO 库可以执行 (a) 无缓冲 (b) 行缓冲 (c) 块缓冲。如果输出要发送到终端,通常会选择行缓冲。但如果输出要发送到文件或管道,则通常会选择块缓冲。 (它比这更复杂 - 如果有问题的文件描述符用于 stdout 或 stderr 或其他文件,则行为会发生变化。有关完整详细信息,请参阅
setvbuf(3)。) -您现在看到的缓冲可能对性能更好,这确实意味着您可以等待一段时间才能看到任何输出,因为每个命令最终都会积累一个块数据。至少
grep(1)允许--line-buffered命令行选项使用行缓冲 - 并且sed(1)允许--unbuffered命令行选项可以更频繁地刷新输出缓冲区。所以试试这个:(我没有找到
tail(1)的任何类似选项,但即使它向其他人发送数据块,对grep(1)的更改 和sed(1)将有很大帮助。)I expect your multiple
sedscripts do work withtail -Foutput, just not as you expect.The C standard IO libraries will perform buffering to improve performance. The IO library can do (a) no buffering (b) line-buffering (c) block-buffering. The line-buffering is normally chosen if the output is going to a terminal. But if the output is going to a file or pipe, then block buffering is normally chosen. (It's more complicated than this -- the behavior changes if the file descriptor in question is being used for stdout or stderr or another file. See
setvbuf(3)for full details.)So, while the block-buffering you're seeing now is probably better for performance, it does mean you can wait a while before ever seeing any output, as each command will eventually accumulate a block of data. At least
grep(1)allows the--line-bufferedcommand line option to use line-buffering -- andsed(1)allows the--unbufferedcommand line option to flush output buffers more often. So try this:(I didn't find any similar options for
tail(1), but even if it sends blocks of data to the others, the changes togrep(1)andsed(1)will drastically help.)尝试通过将
grep和sed的多次调用替换为awk来减少管道数量:...这会获取与“query”匹配的每一行=" 并抓取最后一个 '=' 之后的所有内容,替换第一个 '"' 和后面的 '."' 并打印结果。
Try reducing the number of pipes by replacing multiple calls to
grepandsedto one withawk:...which takes every line matching "query=" and grabs everything after the last '=', replaces the first '"' and the trailing '."' and prints the result.
尝试 tail -f 和 grep 参数 --line-buffered
Try the tail -f and grep argument --line-buffered