Fatal编程技术网
  • bash/
  • Bash uniq跳过前N个字符/字段

Bash uniq跳过前N个字符/字段

bash file printing

Bash uniq跳过前N个字符/字段,bash,file,printing,extraction,uniq,Bash,File,Printing,Extraction,Uniq,这是我的日志文件的内容 {"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$ {"timestamp":"2016-04-20T12:24:36","event_type":"alert","src_

这是我的日志文件的内容

    {"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:36","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:37","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:38","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
使用bash,我希望grep唯一的行并将结果放入文本文件中。我想在检查唯一性时跳过timestamp字段,因为您可以看到,除了timestamp之外,这四行是相同的。这就是我到目前为止所做的:

sudo grep "alert" /home/tsec/prototype/logs/elasticpot.log | uniq | tail -n 10 > /home/tsec/prototype/logs/extractedlogs/elasticpotresult.log
因此,csv文件中的输出应为:

 {"timestamp":"2016-04-20T12:24:38","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
我必须在-f标志中使用unique,但不确定如何使用。谢谢你的帮助

sort -u -t, -k2,8 elasticpot.log

  • -u
    → 独特的

  • -t,
    → 逗号是分隔符

  • -k2,8
    → 关键字段为2到8(
    -k2
    → 关键字段(从2到结尾)

测试结果:

{"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$

  • -u
    → 独特的

  • -t,
    → 逗号是分隔符

  • -k2,8
    → 关键字段为2到8(
    -k2
    → 关键字段(从2到结尾)

测试结果:

{"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$