Menu
How can one split existing apache logfiles into separate files by month?
I've scoured the web and I can't find anything. Yes, I know about logrotate and cronolog and all that. But nothing I've found helps me with splitting existing files.
Is there an awk script or something?
Here's a snippet of the data:
124.115.5.11 - - [30/May/2011:23:21:37 -0500] "GET / HTTP/1.0" 200 206492 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322;TencentTraveler)"
58.61.164.39 - - [31/May/2011:00:36:35 -0500] "GET / HTTP/1.0" 200 206492 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322;TencentTraveler)"
114.80.93.55 - - [31/May/2011:01:42:17 -0500] "GET / HTTP/1.0" 200 206492 "-" "Sosospider+(+http://help.soso.com/webspider.htm)"
114.80.93.73 - - [31/May/2011:02:03:44 -0500] "GET / HTTP/1.0" 200 206492 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322;TencentTraveler)"
123.125.71.98 - - [31/May/2011:12:33:30 -0500] "GET / HTTP/1.1" 103 24576 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
220.181.108.187 - - [31/May/2011:12:33:55 -0500] "GET / HTTP/1.1" 103 24576 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
123.125.71.117 - - [31/May/2011:13:27:56 -0500] "GET / HTTP/1.1" 103 24576 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
123.125.71.78 - - [31/May/2011:16:45:48 -0500] "GET /node/54 HTTP/1.1" 200 3219 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
124.115.1.8 - - [31/May/2011:19:59:58 -0500] "GET / HTTP/1.1" 200 206492 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
123.125.71.69 - - [31/May/2011:22:05:46 -0500] "GET / HTTP/1.1" 200 206492 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
Here's my solution, greatly inspired by Steve's answer below:
One way using awk:
awk 'BEGIN {
split("Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ", months, " ")
for (a = 1; a <= 12; a++)
m[months[a]] = a
}
{
split($4,array,"[:/]");
year = array[3]
month = sprintf("%02d", m[array[2]])
print > FILENAME"-"year"_"month".txt"
}' incendiary.ws-2009
This will output files like:
incendiary.ws-2010-2010_04.txt
incendiary.ws-2010-2010_05.txt
incendiary.ws-2010-2010_06.txt
incendiary.ws-2010-2010_07.txt
Against a 150 MB log file, the Accepted Answer by chepner took 70 seconds on an 3.4 GHz 8 Core Xeon E31270, while this method took 5 seconds.
Original inspiration: https://stackoverflow.com/a/11714105/430062
440
One way using awk:
awk '{ split($4,array,"/"); print > array[2] ".txt" }' file.txt
This will output files like:
May.txt
June.txt
July.txt
etc
EDIT:
Perhaps you would like to keep the years separate:
awk '{ split($4,array,"[:/]"); print > array[2] array[3] ".txt" }' file.txt
This will output files like:
May2011.txt
May2012.txt
July2011.txt
etc
Great answer @steve, I just reversed the terms in your example to get the year to be the first part of the resulting filename, so the file ordering was at least semi-OK.
awk '{ split($4,array,"[:/]"); print > array[3] "-" array[2] ".log" }' file.txt
This is what you get (not ideal)
2021-Apr.log
2021-Aug.log
2021-Dec.log
2021-Feb.log
2021-Jan.log
2021-Jul.log
2021-Jun.log
2021-Mar.log
2021-May.log
2021-Nov.log
2021-Oct.log
2021-Sep.log
Ideally, I would order by %Y-%m, not %Y-%b. Maybe an "awk wizard" can pick up the challenge and do that for us by processing the resulting file names with a second script?
TIP: Unix convert Month name to number
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
