- 论坛徽章:
- 0
|
1489487789.043 84157 223.74.234.176 TCP_HIT/206 3920174 GET http://vega**************etup.exe - -/- application/octet-stream "http://scg**************0_1.html?pc=4089&sc=7889&mc=2223&gc=2&mt=2044&kw=86621&et=1&sid=" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" ADVisitTemp=4089$2044$2223$7889$2$1$2017/3/14 18:05:14$86621$19982f68-aeb3-4efd-ba1b-57033db6e9fe$http://scgg.gyyx.cn/wd/360_1.html$$www.so.com$; ADVisitForEver=4089$2044$2223$7889$2$2$2017/3/14 18:05:14$86621$$www.so.com$; GYYX_CHECKCODE_VJ=93749f58-58bb-4c09-997d-09eff46cc13c
1489487742.921 176386 183.30.218.59 TCP_HIT/206 55781740 GET http://vega**************_setup.exe - -/- application/octet-stream "http://w****************nload/" "Mozilla/4.0 (compatible; MSIE 9.0; qdesk 2.4.1266.203; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C)" ADVisitTemp=4089$12$74$155$2$1$2017/3/14 18:30:25$0$946632fe-4c6e-4b72-8c85-9861315fd3d9$http://scgg.gyyx.cn/wd/bdsem.html$$bzclk.baidu.com$; ADVisitForEver=4089$12$74$155$2$2$2017/3/14 18:30:25$0$$bzclk.baidu.com$; GYYX_CHECKCODE_VJ=0032d40f-fbb9-4438-ad6c-860460fd8234; PageVisitGuid=1afc4fd9-4da7-45b1-90fa-6ed170d80cdc; Hm_lvt_e924c3167e6fb451d00dfae361b6b261=1489486908; Hm_lpvt_e924c3167e6fb451d00dfae361b6b261=1489486910
1489487656.131 77848 59.38.38.116 TCP_HIT/206 537734 GET http://vega**************etup.exe - -/- application/octet-stream "http://****************wnload/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" Hm_lvt_e924c3167e6fb451d00dfae361b6b261=1489479501,1489487201; Hm_lpvt_e924c3167e6fb451d00dfae361b6b261=1489487203; PageVisitGuid=f0f8da1a-fb42-4337-aaf1-c0d58147f90c
cdn日志内容如上:
我的思路是将第一个字段的时间戳换算成时间格式为w3c格式 30/Dec/2006:12:12:12
然后比如计算00:00:01 - 00:04:59的和
cat filename|egrep "15/Mar/2017:00:0[1-4]"|awk '{sum+=$5}END{print sum}'
但是这样有个问题,就是日志内容太多,将第一个字段换算成w3c格式输出到另一个文件需要的时间太长。
各位大牛有什么好的思路木有,求指导!!!!
|
|