我想使用AWK在Windows应用程序事件日志中搜索字符串。以下是日志摘录:
W 05-Nov-14 10:09:36 261 CA_OSC <I>Process ax_be has finished without having received an explicit termination request from the component manager </I>
Time: 5.11.2014, 10:09:36, Line: 1161, File: MComsrcOSScompmgrsrc/CaCompPCB.cpp, Process: CaGenericMain (2448)
E 05-Nov-14 10:09:36 17 AY_ISC An error was detected in a process that is monitored by State Manager.
Time: 5.11.2014, 10:09:36, Process: C:AXMServicebinRep.exe_1976,
Text: (05.11.2014 10:09:36) IVS SET: CMonitorThread::ProcessTermination(AppBE,5452) A critical process has
W 05-Nov-14 10:09:37 261 CA_OSC <I>Process main_ui has finished without having received an explicit termination request from the component manager </I>
Time: 5.11.2014, 10:09:37, Line: 1161, File: MComsrcOSScompmgrsrc/CaCompPCB.cpp, Process: CaGenericMain (2448)
我想在事件日志中搜索一个字符串,比如"ProcessTermination",搜索输出应该如下:
E 05-Nov-14 10:09:36 17 AY_ISC An error was detected in a process that is monitored by State Manager.
Time: 5.11.2014, 10:09:36, Process: C:AXMServicebinRep.exe_1976,
Text: (05.11.2014 10:09:36) IVS SET: CMonitorThread::ProcessTermination(AppBE,5452) A critical process has
即。日志和所有摘要行。搜索字符串可以在日志行或任何摘要行中。每一行都由换行符分隔,此日志文件是一个.txt文件。
到目前为止,我已经尝试了以下命令:
awk -v RS="n(E|I|W)" "/ProcessTermination/" XA135420_2014_11_05_AppEventLog.txt
但结果是,E|I|W不见了。我得到的结果和一样
05-Nov-14 10:09:36 17 AY_ISC An error was detected in a process that is monitored by State Manager.
Time: 5.11.2014, 10:09:36, Process: C:AXMServicebinRep.exe_1976,
Text: (05.11.2014 10:09:36) IVS SET: CMonitorThread::ProcessTermination(AppBE,5452) A critical process has
有人能帮我在结果中列出W|E|I(日志行的第一个字段)吗?
注意:我在Windows7上使用GNU Awk 3.1.6。
使用awk 在内存中加载段落
awk '/^[EIW]/{if( P ~ /ProcessTermination/)print P;P=""}{P=P"n"$0}END{if( P ~ /ProcessTermination/)print P}' XA135420_2014_11_05_AppEventLog.txt
对于字段定义,您可以使用FPAT而不是FS来定义字段内容,而不是字段分隔符,但我不知道"RPAT"
通过像您这样设置RS,您可以从记录中删除与RS匹配的字符串,并使您的脚本特定于gawk,这些都不可取。您可以通过保存每个RT值并在下一条记录之前打印它来解决问题:
$ awk -v RS='(^|n)\S' '/ProcessTermination/{print gensub(/^n|n$/,"","g",p$0)} {p=RT}' file
E 05-Nov-14 10:09:36 17 AY_ISC An error was detected in a process that is monitored by State Manager.
Time: 5.11.2014, 10:09:36, Process: C:AXMServicebinRep.exe_1976,
Text: (05.11.2014 10:09:36) IVS SET: CMonitorThread::ProcessTermination(AppBE,5452) A critical process has
由于RS以换行符或文件开头,gensub()必须删除除第一个以外的每个RT以换行符开头的换行符,并删除文件中最后一条记录以换行符结尾的尾随换行符,因为它没有后续的RS匹配来吸收它自然结束的换行符。
更清晰、更简单的解决方案不使用RT,可以在任何awk中工作:
$ cat tst.awk
/^[WEI]/ { check() }
{ buf = buf $0 RS }
END { check() }
function check() {
if ( index(buf,tgt) ) {
printf "%s", buf
}
buf = ""
}
$
$ awk -v tgt="ProcessTermination" -f tst.awk file
E 05-Nov-14 10:09:36 17 AY_ISC An error was detected in a process that is monitored by State Manager.
Time: 5.11.2014, 10:09:36, Process: C:AXMServicebinRep.exe_1976,
Text: (05.11.2014 10:09:36) IVS SET: CMonitorThread::ProcessTermination(AppBE,5452) A critical process has
如果您真的想搜索字符串,而不是正则表达式,请注意使用上面的index()而不是/.../或match()。