How to take a bite out of the log and display a piece of string?

Question

It is necessary to bite certain parts of the lines out of the log. It would also be super, so that repetitions are not displayed. but not necessarily.

With this command, I output the lines I need from the log:

$ tail -f /var/adm/messages | grep 'KHARKOV.*errcode=-28' Nov 1 18:19:27 SSCK01 dhcpd[14507]: [ID 687704 local7.error] [tid:55] ERR DHCP(304) Authentication of user KHARKOV-K20 PON 1/1/01/03:11.1.1 failed (errcode=-28). Nov 1 18:19:27 SSCK01 dhcpd[14507]: [ID 687704 local7.error] [tid:7] ERR DHCP(304) Authentication of user KHARKOV-K13 PON 1/1/05/01:27.1.1 failed (errcode=-28). Nov 1 18:19:27 SSCK01 dhcpd[14507]: [ID 687704 local7.error] [tid:20] ERR DHCP(304) Authentication of user KHARKOV-K13 PON 1/1/02/02:45.1.1 failed (errcode=-28).

It is necessary to display a piece:

 KHARKOV-K20 PON 1/1/01/03:11.1.1 KHARKOV-K13 PON 1/1/05/01:27.1.1 KHARKOV-K13 PON 1/1/02/02:45.1.1

I found how using the cut command to bite a piece of the line before the 16m space

 $tail -f /var/adm/messages | grep 'KHARKOV.*errcode=-28' | cut -d' ' -f16 KHARKOV-K20 KHARKOV-K13 KHARKOV-K13

As the rest I can not find.

Accepted Answer · 2015-11-01T21:36:14

Try using awk :

 $tail -f /var/adm/messages | grep 'KHARKOV.*errcode=-28' | awk ' {print $15,$16,$17} '

The first description that I found is http://rus-linux.net/MyLDP/consol/awk.html

UPD

To leave only the unique lines, you can:

 $tail -f /var/adm/messages | grep 'KHARKOV.*errcode=-28' | awk ' {print $15,$16,$17} ' | sort | uniq

@VadimPirx, yes, it was sealed up, thanks, corrected in the answer

Vadim Pirx Vadim Pirx 40 6 · Answer 2 · 2015-11-01T21:42:29

Understood carefully cut This design displays what I need. The output of the line to the left of the 16th and 17th and 18th spaces:

 $ tail -f /var/adm/messages | grep 'KHARKOV.*errcode=-28' | cut -d' ' -f16,17,18 KHARKOV-K20 PON 1/1/01/03:11.1.1 KHARKOV-K13 PON 1/1/05/01:27.1.1 KHARKOV-K13 PON 1/1/02/02:45.1.1

Now it is necessary that no repetition of characters after the 'KHARKOV-'

And who knows how to display the results of this command on the web?

Well, the strings like KHARKOV-K13 PON 1/1/05/01: 27.1.1 and KHARKOV-K13 PON 1/1/05/02: 27.1.1 are different.

Vadim Pirx Vadim Pirx 40 6 · Answer 3 · 2015-11-01T22:50:05

Found a solution. I write the output of the command to the file of result and then from this file cat unique lines

 $ tail -f /var/adm/messages | grep 'KHARKOV.*errcode=-28' | cut -d' ' -f16,17,18 >> result $ cat result | sort | uniq

This can be done in the same line tail -f /var/adm/messages | grep 'KHARKOV.*errcode=-28' | cut -d' ' -f16,17,18 | sort -u
tail -f /var/adm/messages | grep 'KHARKOV.*errcode=-28' | cut -d' ' -f16,17,18 | sort -u

Vadim Pirx Vadim Pirx 40 6 · Answer 4 · 2015-11-02T21:34:54

 tail -f /var/adm/messages | grep 'KHARKOV.*errcode=-28' | awk ' {print $15,$16,$17} ' | sort | uniq tail -f /var/adm/messages | grep 'KHARKOV.*errcode=-28' | cut -d' ' -f16,17,18 | sort -u

Such constructions do not work, apparently they cannot sort strings on the fly.

It works if tail -f is replaced with cat read a piece of log for a day (the second of November) and it has already been processed, made two files, result - all in an crowd and resuls_sort - sorting.

 cat /var/adm/messages | grep 'Nov 2.*KHARKOV.*errcode=-28' | awk ' {print $15,$16,$17} ' >result | cat result | sort | uniq >result_sort

Answer 5 · 2016-01-05T09:33:40

 tail -f /var/adm/messages | awk '/KHARKOV.*errcode=-28/ { print $15, $16, $17 }' | sort -u tail -f /var/adm/messages | awk -F'KHARKOV-| failed' '{ print $2 }' | sort -u

I understood the main thing in sorting on the fly. Try this one.

 tail -f /var/adm/messages | awk '/KHARKOV.*errcode=-28/ { if (!t[$0]++) print $15, $16, $17 }'

This command replaces grep, cut and uniq. Displays unique lines but without additional sorting, in the order they are received at the input of the conveyor

Try to write more resolved answers - not only the code, but also explanations for it.

How to take a bite out of the log and display a piece of string?

5 answers 5

UPD

More articles: