awk的多個分隔符和打印多列

實例日誌文件的兩行創建了一個CSV文件：

May 24 2013 18:13:24 ROUTER1 %%01IFNET/4/UPDOWN(l): The state of interface GigabitEthernet0/0/22 was changed to DOWN. 
May 24 2013 17:59:33 ROUTER1 %%01FIB/3/REFRESH_END(l): FIB refreshing end, the refresh group map is 0!

預期輸出：

May 24 2013 18:13:24,ROUTER1,01IFNET,4,UPDOWN,The state of interface GigabitEthernet0/0/22 was changed to DOWN. 
May 24 2013 17:59:33,ROUTER1,01IFNET,3,REFRESH_END,FIB refreshing end, the refresh group map is 0!

我可以通過這個awk命令設法得到幾個部分：

cat test.log | awk -F'[" "%%/(l)]' '{print $1" "$2" "$3","$4","$5","$8","$9","$10","}'

輸出：

May 24 2013 18:13:24,ROUTER1,01IFNET,4,UPDOWN, 
May 24 2013 17:59:33,ROUTER1,01IFNET,3,REFRESH_END,

但我怎麼能捕捉到多列說明文字後「（1）：」像「FIB清爽結束，刷新組映射爲0！「或」接口GigabitEthernet0/0/22的狀態變爲DOWN。。」請告知

來源

2013-05-28 Rousseau

awk中可以處理多個分隔符：

$ awk -F'[(/% ]' '{printf "%s",$1" "$2" "$3" "$4" "$5","$8","$9","$10",";for(i=12;i<=NF;i++)printf "%s ",$i;print ""}' file 
May 24 2013 18:13:24 ROUTER1,01IFNET,4,UPDOWN,The state of interface GigabitEthernet0 0 22 was changed to DOWN. 
May 24 2013 17:59:33 ROUTER1,01FIB,3,REFRESH_END,FIB refreshing end, the refresh group map is 0!

來源

2013-05-28 12:40:34

謝謝，正是我所需要的！ – Rousseau

sudo_O，-F'[（/％]'匹配什麼？ – jonschipp

'-F'用於設置數據分隔符，其中的值是一個正則表達式'[（/％]'，它定義了一個包含字符的字符類''（''''''''''''或者單個空格。基本上任何類中的字符都不會被當作數據而是作爲分隔符。 –

因爲這是在一行簡單subsition，我只是用sed，如：

$ cat file 
May 24 2013 18:13:24 ROUTER1 %%01IFNET/4/UPDOWN(l): The state of interface GigabitEthernet0/0/22 was changed to DOWN. 
May 24 2013 17:59:33 ROUTER1 %%01FIB/3/REFRESH_END(l): FIB refreshing end, the refresh group map is 0! 

$ sed -r 's/(([^ ]+ +){3}[^ ]+) +([^ ]+)[ %]+([^/]+)\/([^/]+)\/([^(]+)[^ ]+ +(.*)/\1,\3,\4,\5,\6,\7/' file 
May 24 2013 18:13:24,ROUTER1,01IFNET,4,UPDOWN,The state of interface GigabitEthernet0/0/22 was changed to DOWN. 
May 24 2013 17:59:33,ROUTER1,01FIB,3,REFRESH_END,FIB refreshing end, the refresh group map is 0!

如果你喜歡

但這裏有一個awk的解決方案：

$ awk -F' %%|[(][^)+][)]: ' -v OFS="," '{$1=substr($1,1,20) OFS substr($1,22); gsub(/\//,OFS,$2)}1' file 
May 24 2013 18:13:24,ROUTER1,01IFNET,4,UPDOWN,The state of interface GigabitEthernet0/0/22 was changed to DOWN. 
May 24 2013 17:59:33,ROUTER1,01FIB,3,REFRESH_END,FIB refreshing end, the refresh group map is 0!

不，這不會刪除「千兆......」來自第一行輸入的文本，因爲您沒有說明如何識別 - 您想要在「界面」之後刪除文本還是以「千兆」開始或在一些空格或其他內容之後刪除文本？

來源

2013-05-28 12:45:17

感謝您的回覆..實際上我不想去掉「千兆......」不幸的是，這是一個輸入錯誤:) :) – Rousseau

我希望「界面」後去除的東西是不是一個錯字...

髒快捷：（應該有更好的方式，但..）

awk -F'\\(l\\): ' -v OFS="," '{gsub(" %%|/"," ",$1);gsub(/ /,",",$1);for(i=1;i<=3;i++)sub(/,/," ",$1)}$2~/of interface /{gsub(/interface.*/,"interface",$2)}1' file

給

May 24 2013 18:13:24,ROUTER1,01IFNET,4,UPDOWN,The state of interface 
May 24 2013 17:59:33,ROUTER1,01FIB,3,REFRESH_END,FIB refreshing end, the refresh group map is 0!

來源

2013-05-28 12:48:26 Kent

你是對的..確實這是一個錯字：| :(我的壞..反正其實我無意刪除「界面「.. – Rousseau

感謝您的答覆:) – Rousseau

awk的多個分隔符和打印多列

回答

相關問題