Need Help with awk and arrays

fusionX · #1 (**permalink**) 02-10-2008

now its owkring - thanks fo rthe help all .

vgersh99 · #2 (**permalink**) 02-10-2008

what exactly have you tried so far?

fusionX · #3 (**permalink**) 02-10-2008

done - thanks for the help !

otheus · #4 (**permalink**) 02-11-2008

Quote:

Originally Posted by fusionX

Well, its a big script and i've done the other parts but i was stuck in this IP part, here's what tried doing for IP

Code:

{for (i=1;i<=NR;i++) numIP[$1]++}

This doesn't work as you expect. $1 stays the same. It's the same as doing:

Code:

 numIP[$1] = NR;

So each element in the array would be filled with the latest Record number. I'd expect the last IP address to have the highest count.

With all respect, I think you are confused about how AWK works. Your "program" is executed for each line of input, every time. It's like there's a big while loop around your code, and in each iteration, $0 is the input line, and $1, $2, etc, are the fields split via the regular expression in FS (whitespace by default). NR just indicates the current record (line) number. If you want to know if the current record's day is not the same as the previous, you have something like:

Code:


tmp=substr($4,2,2);
if (day != tmp) {
   # New day code here
   # ie, print how many IPs were hit on this day
   print hits_on_this_day;
   # change day to match current record
   day = tmp;
}
else {
  hits_on_this_day++;
}

No need to initialize "day".

fusionX · #5 (**permalink**) 02-10-2008

check out what I had tried....

otheus · #6 (**permalink**) 02-10-2008

Arrays in awk (and php) are purely associative. So you can say

Code:

ip[$1]++;

Getting the busiest date and hour pretty much requires perl, but it's possible to do in gawk and maybe nawk. You'll need the mktime function in the least. It's ugly and you need to populate the full months table and some additional parsing.

Code:

BEGIN { m["Jan"]="01"; m["Feb"]="02"; } # and so on for all months
{ 

# split time field into numbers and letters
split($4,lt,"[^0-9a-zA-Z-]*"); 
# construct timestamp into internal unix representation
ts=mktime( lt[4] " " m[lt[3]] " " lt[2]  " " lt[5]  " " lt[6]  " " lt[7]  " " lt[8]); 
# you don't care about minutes and seconds, so just replace lt[7] and lt[6] with 0's. You could make *two* timestamps -- one for just the days (hours 0'd out) and another for just the hours (always Jan-1-1970, but with the hour filled in).

# bump count for this ip address
ip[$1]++; 
# 
day[ts]++;
}

END { 
  # find busiest day
  frequency=-1; busiest=-1;
  for (d in day) {
   if (day[d] > frequency) {
      frequency=day[d];
      busiest=d;
   }
  }
  print "busiest day: " busiest " hit " frequency " times";
  
}

fusionX · #7 (**permalink**) 02-10-2008

la la la la la la -

its owkring now.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
awk arrays	imonthejazz	Shell Programming and Scripting	1	09-21-2007 09:29 AM
arrays in awk???	craigsky	Shell Programming and Scripting	3	08-27-2007 09:13 PM
ksh script - arrays	sidamin810	Shell Programming and Scripting	13	07-18-2005 03:07 AM
KSH and arrays	whited05	Shell Programming and Scripting	1	06-24-2005 12:07 PM
Two or more arrays in Awk	nitin	UNIX for Advanced & Expert Users	1	12-10-2001 09:37 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode	Rate This Thread: