Linux 解析log4j和Java异常日志
我有以下格式的错误日志:Linux 解析log4j和Java异常日志,linux,sed,awk,grep,log4j,Linux,Sed,Awk,Grep,Log4j,我有以下格式的错误日志: 2014-01-30 16:15:04:720 GMT [commandHandler-thread-3] ERROR com.example.Main 123-1234567-1234567 - Something bad happened. java.lang.RuntimeException: Something bad happened. at ... Caused by: java.lang.RuntimeException: ...
2014-01-30 16:15:04:720 GMT [commandHandler-thread-3] ERROR com.example.Main 123-1234567-1234567 - Something bad happened.
java.lang.RuntimeException: Something bad happened.
at ...
Caused by: java.lang.RuntimeException: ...
at ...
at ...
... 13 more
Caused by: java.lang.RuntimeException: org.hibernate.exception.ConstraintViolationException: Could not execute JDBC batch update
at ...
at ...
... 18 more
Caused by: org.hibernate.exception.ConstraintViolationException: Could not execute JDBC batch update
at ...
at ...
... 19 more
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry '123-1234567-1234567-2014-01-31 06:52:11' for key 'PRIMARY'
at ...
at ...
... 32 more
2014-01-31 06:58:02:933 GMT ...
<filename> 123-1234567-1234567 - Something bad happened: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry '123-1234567-1234567-2014-01-31 06:52:11' for key 'PRIMARY'
grep "commandHandler.*ERROR\|^\S*Caused by"
但我不想得到不属于该特定异常的'caused by'行。这是我到目前为止所拥有的,仍然需要删除“ocated.”中的“.”和删除“caused by:”。不过我很快就要走了,希望到目前为止能有所帮助。虽然我不是AWK大师
awk '{
{for (x=1;x<=NF;x++)
if ($x~"ERROR") {
f++
{if (c !~ f) print "<"file">",a,b}
a=$(x+2)" - "$(x+4)" "$(x+5)" "$(x+6)}
}
{
if (match($0,"Caused by:"))
b=$0
}
{c=f;file=FILENAME}}
END {
print "<"file">",a,b}' javalogs* | sed 1d
awk'{
{对于(x=1;x求解:
awk '
BEGIN {
OFS = "\t";
}
function all_fields_from(start) {
value = "";
for (i = start; i <= NF; ++i) value = value $i (i == NF ? "" : " ");
return value;
}
{
if ($0 ~ /commandHandler.*ERROR/) {
id = $7;
error = all_fields_from(9);
cause = "";
} else if (($0 ~ /Caused by/) && (id != "")) {
cause = all_fields_from(3);
} else if ($0 ~ /^[0-9][0-9][0-9][0-9]/) {
if (id != "") {
print FILENAME, id, error, cause;
}
id = "";
}
}'
file
awk'
开始{
OFS=“\t”;
}
函数所有字段从(开始){
value=“”;
对于(i=start;i为start),您可以像这样过滤stacktrace:egrep“ERROR | result”
awk '
BEGIN {
OFS = "\t";
}
function all_fields_from(start) {
value = "";
for (i = start; i <= NF; ++i) value = value $i (i == NF ? "" : " ");
return value;
}
{
if ($0 ~ /commandHandler.*ERROR/) {
id = $7;
error = all_fields_from(9);
cause = "";
} else if (($0 ~ /Caused by/) && (id != "")) {
cause = all_fields_from(3);
} else if ($0 ~ /^[0-9][0-9][0-9][0-9]/) {
if (id != "") {
print FILENAME, id, error, cause;
}
id = "";
}
}'
file