日志格式
203.0.113.101 - - [27/Jan/2020:12:49:52 +0800] "GET /api/data/getIndex.html HTTP/1.1" 200 238 "https://blog.ponfey.com/2020/01/27/%E4%BD%BF%E7%94%A8awk%E5%AF%B9du-sh%E6%96%87%E4%BB%B6%E5%88%97%E8%A1%A8%E5%A4%A7%E5%B0%8F%E7%BB%9F%E8%AE%A1sum%E6%B1%87%E6%80%BB%E6%B1%82%E5%92%8C/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36" "-"
筛选
[zhuxiaoshai@blog httpd]# cat 20200127.log | awk -F ' ' '{split($4,array,"[");if(array[2]>="27/Jan/2020:12:49:00" && array[2]<="27/Jan/2020:12:52:00")print $0}'
命令详解
awk -F ’ ’ 以空格分隔行内内容
‘{…}’ 对分隔后的内容运行命令的代码段,格式化之后
'{
split($4,array,"[");
if(array[2]>="27/Jan/2020:12:49:00" && array[2]<="27/Jan/2020:12:52:00")print $0
}'
split函数分割的是$4, [27/Jan/2020:12:49:52 , 保存到array 。结果是array[1-n], 其中时间是array[2]
