【无标题】

awk

插入

对齐

[AO@node1 ~]$ awk '{$1=$1;print}' test.txt

ss sss ssss
aa aaa aaa
bb bb bb bb

[AO@node1 ~]$ awk 'BEGIN{OFS="\t"}{$1=$1;print}' test.txt

ss    sss    ssss
aa    aaa    aaa
bb    bb    bb    bb
 

[AO@node1 ~]$ cat test.txt

ss sss ssss
aa aaa aaa
bb    bb bb  bb

 筛选网卡

[AO@node1 ~]$ ip a | awk '/inet/&&!($2~/^127/){print$2}'
::1/128
192.168.48.136/24
fe80::20c:29ff:feba:2b2b/64
192.168.122.1/24

[AO@node1 ~]$ ifconfig | awk 'BEGIN{RS=""}NR==2{print $6}'
127.0.0.1

[AO@node1 ~]$ ifconfig | awk 'BEGIN{RS="";FS="\n"}!/lo/{$0=$2;FS=" ";$0=$0;print $2}'
192.168.48.136
 

计数

[AO@node1 ~]$ awk '{arr[$0]++}END{OFS="\t";for(idx in arr){printf arr[idx],idx}}' test.txt
1111[AO@node1 ~]$ 
 

1111[AO@node1 ~]$ awk '{arr[$0]++}END{for(i in arr){print arr[i], i}}' test.txt   
1 
1 aa aaa aaa
1 bb    bb bb  bb
1 ss sss ssss
 

检查tcp情况

[AO@node1 ~]$ netstat -tnap
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      -                   
tcp        0      0 192.168.48.136:59752    151.101.65.91:443       ESTABLISHED 2428/gnome-shell    
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
tcp6       0      0 ::1:631                 :::*                    LISTEN      -                   
tcp6       0      0 :::111                  :::*                    LISTEN      -   

 [AO@node1 ~]$ netstat -antp | awk '{arr[$6]++}END{for (i in arr){print arr[i], i}}'
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
7 LISTEN
1 ESTABLISHED
1 established)
1 Foreign

AO@node1 ~]$ netstat -antp | grep 'tcp' | awk '{print $6}' | sort | uniq -c
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
      1 ESTABLISHED
      7 LISTEN
 

统计ip访问非200状态码的次数

awk '$9!=200{arr[$1]++}END{for(i in arr){print arr[i],i}}' access.log | sort -k1nr | head -n 10 

处理确实字段的数据 

AO@node1 ~]$ awk '{print $0}' FIELDWIDTHS="2 2:6 2:6 2:3 2:13 2:11" test.txt

ss sss ssss
aa aaa aaa
bb    bb bb  bb
 

 分割字符串

[AO@node1 ~]$ awk '{print $1,substr($2,1,3)}' test.txt
 
ss sss
aa aaa
bb bb

[AO@node1 ~]$ cat test.txt

ss sss ssss
aa aaa aaa
bb    bb bb  bb
 

 

 筛选某个时间段的数据

BEGIN{
  # 要筛选什么时间的日志，将其时间构建成epoch值
  which_time = mktime("2019 11 10 03 42 40")
}

{
  # 取出日志中的日期时间字符串部分
  match($0,"^.*\\[(.*)\\].*",arr)
 
  # 将日期时间字符串转换为epoch值
  tmp_time = strptime2(arr[1])
 
  # 通过比较epoch值来比较时间大小
  if(tmp_time > which_time){
    print
  }
}

# 构建的时间字符串格式为："10/Nov/2019:23:53:44+08:00"
function strptime2(str,dt_str,arr,Y,M,D,H,m,S) {
  dt_str = gensub("[/:+]"," ","g",str)
  # dt_sr = "10 Nov 2019 23 53 44 08 00"
  split(dt_str,arr," ")
  Y=arr[3]
  M=mon_map(arr[2])
  D=arr[1]
  H=arr[4]
  m=arr[5]
  S=arr[6]
  return mktime(sprintf("%s %s %s %s %s %s",Y,M,D,H,m,S))
}

function mon_map(str,mons){
  mons["Jan"]=1
  mons["Feb"]=2
  mons["Mar"]=3
  mons["Apr"]=4
  mons["May"]=5
  mons["Jun"]=6
  mons["Jul"]=7
  mons["Aug"]=8
  mons["Sep"]=9
  mons["Oct"]=10
  mons["Nov"]=11
  mons["Dec"]=12
  return mons[str]
}