Bash script to parse log file

Question

Bash script to parse log file

11.4k views Asked by redsox2002 At 24 November 2024 at 05:07

I am trying to parse a log file to extract userIds. Below is how each log is setup in catalina.out. I want to extract just the userId. How would I do that. I tried awk and grep but it returns the entire block instead of just userId. Also, I want to get every unique userId once, because the same user could log in multiple times obviously so I just want the file I write it to to just have it once. Could you guys please help me get an idea where to start? Thanks!

Here are the commands I've tried:

awk '/userId/' catalina.out

grep "userId" catalina.out

When I do this instead of returning back the userId, it returns back the entire block (as seen below)

Log format:

03:44:04.373 [127.0.0.1-8009-exec-178] 
INFO  c.c.c.x.x.w.f.AuthenticationFilter - cachObj
{"guid":"guid","userId":"userId","isPrimary":false,"accessToken":"accessToken"}

Original Q&A

There are 4 answers

**RavinderSingh13** · Answer 1 · 2017-01-09 14:41:49

I am assuming your userids will be found like "userId":"test_chumma" etc etc, if this is the case then following may help you in same.

awk -F'[":,]' '/userId/{print $11}'  Input_file

Off course if you have more requirements then kindly show us more sample output with full conditions.

**JNevill** · Answer 2 · 2017-01-09 14:44:00

Another example with awk:

awk -F"[:,]" '$1 ~ /^{/ {gsub("\"","",$4); print $4}' inFile.log

Here we split the records by a colon : or a comma , using the awk command's F flag -F[:,], Then if the first field in the record $1 starts with a bracket /^{/ (where we use the regex operator ~ for the condition) then we swap out the 4th field's double quotes with nothing gsub("\"","",$4) and print the result print $4

$ cat test
03:44:04.373 [127.0.0.1-8009-exec-178]
INFO  c.c.c.x.x.w.f.AuthenticationFilter - cachObj
{"guid":"guid","userId":"aUserId","isPrimary":false,"accessToken":"accessToken"}
$ awk -F"[:,]" '$1 ~ /^{/ {gsub("\"","",$4); print $4}' test
aUserId

**Claes Wikner** · Answer 3 · 2017-01-10 11:12:46

Claes Wikner On 10 January 2017 at 11:12

awk -F\" '{print $6}' file 

userId

**JFS31** · Answer 4 · 2017-01-10 10:02:38

JFS31 On 10 January 2017 at 10:02

Here is another solution combining awk and cut from unix:

awk '{split($0,a,":"); print a[2]}' catalina.out | cut -f2 -d","
"userId"

But this will also work only for the example you posted.

TechQA.

Bash script to parse log file

There are 4 answers

Related Questions in BASH

Related Questions in PARSING

Related Questions in AWK

Related Questions in CATALINA

Popular Questions

Popular Tags

Trending Questions