uniq的跳過前N個字符/場

Question

這是日誌文件的內容我有

{"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$ 
{"timestamp":"2016-04-20T12:24:36","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$ 
{"timestamp":"2016-04-20T12:24:37","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$ 
{"timestamp":"2016-04-20T12:24:38","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$ 

使用bash，我希望到grep獨特的線條和結果放在一個文本文件。在檢查唯一性時，我想跳過時間戳字段，因爲您可以看到，除了時間戳之外，這四行是相同的。這是我到目前爲止有：

sudo grep "alert" /home/tsec/prototype/logs/elasticpot.log | uniq | tail -n 10 > /home/tsec/prototype/logs/extractedlogs/elasticpotresult.log 

因此，在一個CSV文件的輸出應該是：

{"timestamp":"2016-04-20T12:24:38","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$ 

我必須肯定使用獨特的-f標誌，但不知道如何。謝謝您的幫助！

Answer 1

sort -u -t, -k2,8 elasticpot.log 

• -u→獨特

• -t,→逗號分隔符

• -k2,8→鍵字段是2至8個（或者-k2→鍵字段是從2至結束）

測試結果：

{"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$