我的日志存储在多个基于Sun的unix服务器中。
因此,Req1的日志可能在服务器1中,Req2和Req3可能在服务器2中,然后Req4可能再次在服务器1。没有合适的顺序,因为它是根据负载均衡器的决定来存储的。
我们使用grep从所有服务器获取数据。但问题是,它们并没有根据时间进行排序。我想要的是从以下所有服务器获取日志文件,但要根据日期和时间对其进行排序。
编辑以下是该问题的示例。
for (( i=1; i<=24; i++ )) do
echo 'server1' $logfile $i
grep abd12453 /var/logs/$i.log
echo 'server2' $logfile $i
ssh server2 "grep 'abd12453' /var/logs/$i.log"
done
其中abd12453是将基于其提取日志的用户。
上面的命令组合了服务器上所有文件的日志并打印出来。如下所示。
server1 logfile1.log
06/13/2020 13:26:11.142 abd12453 server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log
server2 logfile1.log
06/13/2020 13:25:23.250 abd12453 server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log
server1 logfile2.log
06/13/2020 13:15:35.142 abd12453 server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2.
server2 logfile2.log
06/13/2020 13:14:42.156 abd12453 server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log
上面的日志都是单行和用户名。
我需要根据日期和时间对上面的日志数据进行排序。
所需输出应为
server2 logfile2.log
06/13/2020 13:14:42.156 abd12453 server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log
server1 logfile2.log
06/13/2020 13:15:35.142 abd12453 server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2.
server2 logfile1.log
06/13/2020 13:25:23.250 abd12453 server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log
server1 logfile1.log
06/13/2020 13:26:11.142 abd12453 server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log
由于日期不是YYYY/mm/dd格式,该字段将不会产生正确的排序日期顺序。因此,假设输出中的每个条目都用换行符分隔,并且所有条目都具有相同的日期值,那么我们就可以只使用时间列([3]-段落条目的第4个字段(进行排序,方法是通过以下perl过滤器将结果管道化:
for (( i=1; i<=24; i++ )) do
echo 'server1' $logfile $i
grep abd12453 /var/logs/$i.log
echo 'server2' $logfile $i
ssh server2 "grep 'abd12453' /var/logs/$i.log"
done | perl -00e 'print reverse sort { (split(/s+/,$b))[3] <=> (split(/s+/,$a))[3] } <>'
将产生这样的时间排序结果:
server2 logfile2.log
06/13/2020 13:14:42.156 abd12453 server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log
server1 logfile2.log
06/13/2020 13:15:35.142 abd12453 server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2. server 1 log data2.
server2 logfile1.log
06/13/2020 13:25:23.250 abd12453 server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log data1. server 2 log
server1 logfile1.log
06/13/2020 13:26:11.142 abd12453 server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log data1. server 1 log