实际的日志文件会是这样的
$ cat file1.log
time=2014-07-23 23:56:28 GMT, user=[unknown], db=[unknown], host= pid=28254 LOG:
time=2014-07-23 23:56:28 GMT, user=portalman, db=ss, host=172.18.183.45 pid=28254 LOG: connection authorized: user=portalman database=ss
time=2014-07-23 23:57:28 GMT, user=[unknown], db=[unknown], host= pid=28269 LOG: connection received: host=172.18.183.45 port=14493
time=2014-07-23 23:57:28 GMT, user=portalman, db=ss, host=172.18.183.45 pid=28269 LOG: connection authorized: user=portalman database=ss
time=2014-07-23 23:57:28 GMT, user=[unknown], db=[unknown], host= pid=28270 LOG: connection received: host=172.18.183.45 port=14494
time=2014-07-23 23:57:28 GMT, user=portalman, db=ss, host=172.18.183.45 pid=28270 LOG: connection authorized: user=portalman database=ss
time=2014-07-23 23:57:58 GMT, user=[unknown], db=[unknown], host= pid=28273 LOG: connection received: host=172.18.183.45 port=14495
column "actice" does not exist at character 17
.
.
.
线路总数约为 20,000 条。在此日志文件中,我需要获取通过以下命令获得的独特错误:
$ find file1.log | xargs grep -e ERROR -e FATAL | cut -d ":" -f4,5 |sort |uniq
以下是结果集,它不是恒定的,它会变化
syntax error at or near "?" at character 1
syntax error at or near "[" at character 1
syntax error at or near "desc" at character 1
syntax error at or near "describtion" at character 1
为了获取每个错误的进程 ID (pid),我使用了:
$ find file1.log | xargs grep 'syntax error at or near "?" at character 1' | cut -d " " -f8 | tail -1
pid=25997
现在我得到了进程ID,然后我需要获取该进程ID的完整信息
$ find file1.log | xargs grep pid=25997
time=2014-07-23 23:10:02 GMT, user=[unknown], db=[unknown], host= pid=25997 LOG: connection received: host=[local]
time=2014-07-23 23:10:02 GMT, user=dbman, db=ss, host=[local] pid=25997 LOG: connection authorized: user=dbman database=ss
time=2014-07-23 23:10:02 GMT, user=dbman, db=ss, host=[local] pid=25997 ERROR: syntax error at or near "?" at character 1
time=2014-07-23 23:10:02 GMT, user=dbman, db=ss, host=[local] pid=25997 STATEMENT: ?column?
如何将所有 3 个查找命令放入 shell 脚本中并自动执行该过程?错误和行数各不相同。没有什么是不变的。