I need help with analyze nginx logs. Sample of log:
10.10.10.10 - - [21/Mar/2016:00:00:00 +0000] "GET /example?page=&per_page=100&scopes= HTTP/1.1" 200 769 "-" "" "1.1.1.1" 10.10.10.10 - - [21/Mar/2016:00:00:00 +0000] "GET /example?page=&per_page=500&scopes= HTTP/1.1" 200 769 "-" "" "1.1.1.1" 11.11.11.11 - - [21/Mar/2016:00:00:00 +0000] "GET /example?page=&per_page=10&scopes= HTTP/1.1" 200 769 "-" "" "1.1.1.1" 12.12.12.12 - - [21/Mar/2016:00:00:00 +0000] "GET /example?page=&per_page=500&scopes= HTTP/1.1" 200 769 "-" "" "1.1.1.1" 13.13.13.13 - - [21/Mar/2016:00:00:00 +0000] "GET /example HTTP/1.1" 200 769 "-" "" "1.1.1.1"
Is it possible to select with count all uniq ip addresses which contain per_page parameter and this parameter equal or greater than 100?
So, the output can be in any format:
10.10.10.10 - 2 # ip 10.10.10.10 was found twice 12.12.12.12 - 1
Is it possible to get with one command?
Advertisement
Answer
$ awk '/per_page=[0-9]{3}/{cnt[$1]++} END{for (ip in cnt) print ip, cnt[ip]}' file
12.12.12.12 1
10.10.10.10 2
This is absolutely basic awk – read the book Effective Awk Programming, 4th Edition, by Arnold Robbins if you’re going to be any other text file processing in UNIX.