我有一个日志文件,其中包含很多行,如下所示:
2017-07-16 01:06:07 | 8801624874139 | http://192.168.5.1:2020/credit/purchase/4 | XpressLoan | {"resultCode":0,"resultMessage":"OK","amount":100000,"serviceFee":24400,"totalOutstandingdebt":124400,"msisdn":8801624874139}
2017-07-16 01:06:24 | 8801628666938 | http://192.168.5.1:2020/credit/purchase/5 | XpressLoan | {"resultCode":0,"resultMessage":"OK","amount":50000,"serviceFee":12180,"totalOutstandingdebt":62180,"msisdn":8801628666938}
从上面的日志中我怎样才能得到金额值?
预期输出:
100000
50000
答案1
使用组合awk+杰克(JSON操作工具):
awk '{ print $10 }' logfile | jq -r '.amount'
输出:
100000
50000
通过这种方法,您将能够从 JSON 编码字段中提取任何/多个键/值
答案2
尝试这个:
$ awk -F\" '/amount/ {print $9}' file | sed 's/[:|,]//g'
100000
50000
或者:
$ sed 's/^.*amount\":\([0-9]*\),\".*$/\1/' file
100000
50000
编辑
如果将第一个命令再次通过管道传递给 awk,则可以总结第一个命令的输出,如下例所示:
$ awk -F\" '/amount/ {print $9}' file | sed 's/[:|,]//g' |\
awk '{sum += $1} END {print sum}'
150000
答案3
可以使用多个awk来获取所需的数据。
awk -F"|" {'print $5'}| awk -F"," '{print $3}'| awk -F":" '{print $2}'
- 第一个 awk 将为您提供
{}数据 - 第二个 awk 会给你
key:value - 第三个 awk 将为您提供键的值
即使格式发生变化,也应该通过分隔符来识别模式并相应地进行调整。
例如:
my_var="2017-07-16 01:06:07 | 8801624874139 | http://192.168.5.1:2020/credit/purchase/4 | XpressLoan | {"resultCode":0,"resultMessage":"OK","amount":100000,"serviceFee":24400,"totalOutstandingdebt":124400,"msisdn":8801624874139}"
$ echo $my_var | awk -F"|" {'print $5'}
{resultCode:0,resultMessage:OK,amount:100000,serviceFee:24400,totalOutstandingdebt:124400,msisdn:8801624874139}
$ echo $my_var | awk -F"|" {'print $5'}| awk -F"," '{print $4}'
serviceFee:24400
$ echo $my_var | awk -F"|" {'print $5'}| awk -F"," '{print $3}'| awk -F":" '{print $2}'
100000