awk 分析nginx日志

ljwd1000

需求，统计出每个小时出现的访问状态（nginx状态码：例如，200,302,502,504等）次数，要求输出结果格式为：

时间    状态   次数



日志文件格式类似如下，但是nginx的log并没有我贴出的这么整齐

1. 10.150.82.151 - - [22/Nov/2012:03:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 302 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095
   
2. 10.150.82.152 - - [22/Nov/2012:03:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 302 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095
   
3. 10.150.82.122 - - [22/Nov/2012:04:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 200 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095
   
4. 10.150.82.157 - - [22/Nov/2012:04:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 502 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095
   
5. 10.150.82.153 - - [22/Nov/2012:06:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 504 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095
   
6. 10.150.82.156 - - [22/Nov/2012:06:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 502 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095

复制代码

我写个大概的，不知道如何去精确取得状态码这一列

1. awk  '{split($4,a,":|\\[");time=a[2]":"a[3];for(i=1;i<=NF;i++){if($i==502||$i==504){num[time"\t"$i]++}}}END{for(i in num)print i,num[i]}'

复制代码

yestreenstars

总要给点数据来测试吧？

kernel69

再添点东西吧

1. 我是是测试

复制代码

ljwd1000

1. 10.150.82.151 - - [22/Nov/2012:03:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 302 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095
   
2. 10.150.82.152 - - [22/Nov/2012:03:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 302 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095
   
3. 10.150.82.122 - - [22/Nov/2012:04:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 200 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095
   
4. 10.150.82.157 - - [22/Nov/2012:04:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 502 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095
   
5. 10.150.82.153 - - [22/Nov/2012:06:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 504 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095
   
6. 10.150.82.156 - - [22/Nov/2012:06:02:45 +0900] "POST /m/gashapon/free/1/?signed=1&t=1353524557.0 HTTP/1.1" 502 0 "-" "DoCoMo/2.0 SH06A3(c500;TB;W24H14)" "116.93.151.35" 0.095

复制代码

回复 2# yestreenstars


    类似于这样的log，但是数据没有这么整齐，呵呵

ljwd1000

回复 4# ljwd1000


    已经修改了。帮忙看看，谢谢了

ljwd1000

回复 6# zooyo

1. 22/Nov/2012:06  504 934

复制代码

类似于此

yestreenstars

1. awk '{a=substr($4,2,14);b[a" "$9]++}END{for(i in b)print i,b[i]}' file | sort

复制代码

or

1. awk '{a=gensub(/\[(.*):.*:.*/,"\\1",1,$4);b[a" "$9]++}END{for(i in b)print i,b[i]}' file | sort

复制代码

ljwd1000

回复 8# yestreenstars


    哎，给的数据太整齐了。真不好意思。状态码那一列以空格分割不是固定的位置。。。

yestreenstars

回复 9# ljwd1000


    把你所有的特例也要写出来啊，不然怎么搞啊