Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

How to extract fields containing specific strings?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting How to extract fields containing specific strings?
# 1  
Old 09-21-2015
RedHat How to extract fields containing specific strings?
Hello

I have a log file with thousands of lines like below

Code:
Sep 21 13:02:52 lnxtst01 kernel: New TCP in: IN=eth0 OUT= MAC=00:1a:4b:50:b7:32:00:08:e3:ff:fc:04:08:00 SRC=10.184.46.4 DST=10.162.139.21 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=52961 DF PROTO=TCP SPT=55688 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Sep 21 13:03:03 lnxtst01 kernel: New TCP out: IN= OUT=eth0 SRC=10.162.139.21 DST=10.161.8.2 LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=4306 DF PROTO=UDP SPT=60328 DPT=53 LEN=63
Sep 21 13:03:03 lnxtst01 kernel: New TCP out: IN= OUT=eth0 SRC=10.162.139.21 DST=10.199.10.61 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6954 DF PROTO=TCP SPT=50865 DPT=8089 WINDOW=14600 RES=0x00 SYN URGP=0

How can i extract the fields containing SRC, DST, SPT & DPT strings. I could have used awk '{print $n}' if they are in fixed column but sometimes their column number getting changed.

Please advise, thanks
# 2  
Old 09-21-2015
Like this?
Code:
awk '{for (i=4; i<=NF; i++) if ($i!~/SRC|DST|SPT|DPT/) $i=""; print}'

# 3  
Old 09-21-2015
Hello magnus29,

If you want to get only values of SRC, DST, SPT and DPTt hen following may help you in same.
Code:
awk '{match($0,/SRC=[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/);if($0){A=substr($0,RSTART,RLENGTH)};match($0,/DST=[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/);if($0){A=A?A OFS substr($0,RSTART,RLENGTH):substr($0,RSTART,RLENGTH)};match($0,/SPT=[0-9]+/);if($0){A=A?A FS substr($0,RSTART,RLENGTH):substr($0,RSTART,RLENGTH)};match($0,/DPT=[0-9]+/);if($0){A=A?A FS substr($0,RSTART,RLENGTH):substr($0,RSTART,RLENGTH)};}{print A}' Input_file

Output will be as follows.
Code:
SRC=10.184.46.4 DST=10.162.139.21 SPT=55688 DPT=22
SRC=10.162.139.21 DST=10.161.8.2 SPT=60328 DPT=53
SRC=10.162.139.21 DST=10.199.10.61 SPT=50865 DPT=8089

Thanks,
R. Singh
# 4  
Old 09-21-2015
Code:
$ perl -nle '@a = /((?:SRC|D[SP]T|SPT)=[\d\.]+)/g and print "@a"' magnus29.file
SRC=10.184.46.4 DST=10.162.139.21 SPT=55688 DPT=22
SRC=10.162.139.21 DST=10.161.8.2 SPT=60328 DPT=53
SRC=10.162.139.21 DST=10.199.10.61 SPT=50865 DPT=8089

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

How to extract fields from a CSV i.e comma separated where some of the fields having comma as value?

can anyone help me!!!! How to I parse the CSV file file name : abc.csv (csv file) The above file containing data like abv,sfs,,hju,',',jkk wff,fst,,rgr,',',rgr ere,edf,erg,',',rgr,rgr I have a requirement like i have to extract different field and assign them into different... (4 Replies)
Discussion started by: J.Jena
4 Replies

2. Shell Programming and Scripting

Bash - Comparing 2 xml strings masking certain fields

Would like to compare 2 XML Strings which has certain known fields changed. For example, Date field will always have differences. When comparing both strings, skip/mask all the occurring Date Field's `DtField1` and `DtField2` Note: these are not formatted xml format. File1: ... (1 Reply)
Discussion started by: Sajjadmehdi
1 Replies

3. UNIX for Dummies Questions & Answers

Issue when using egrep to extract strings (too many strings)

Dear all, I have a data like below (n of rows=400,000) and I want to extract the rows with certain strings. I use code below. It works if there is not too many strings for example n of strings <5000. while I have 90,000 strings to extract. If I use the egrep code below, I will get error: ... (3 Replies)
Discussion started by: forevertl
3 Replies

4. UNIX for Dummies Questions & Answers

Printing lines with specific strings at specific columns

Hi I have a file which is tab-delimited. Now, I'd like to print the lines which have "chr6" string in both first and second columns. Could anybody help? (3 Replies)
Discussion started by: a_bahreini
3 Replies

5. Shell Programming and Scripting

Print only lines where fields concatenated match strings

Hello everyone, Maybe somebody could help me with an awk script. I have this input (field separator is comma ","): 547894982,M|N|J,U|Q|P,98,101,0,1,1 234900027,M|N|J,U|Q|P,98,101,0,1,1 234900023,M|N|J,U|Q|P,98,54,3,1,1 234900028,M|H|J,S|Q|P,98,101,0,1,1 234900030,M|N|J,U|F|P,98,101,0,1,1... (2 Replies)
Discussion started by: Ophiuchus
2 Replies

6. UNIX for Advanced & Expert Users

bash/grep/awk/sed: How to extract every appearance of text between two specific strings

I have a text wich looks like this: clid=2 cid=6 client_database_id=35 client_nickname=Peter client_type=0|clid=3 cid=22 client_database_id=57 client_nickname=Paul client_type=0|clid=5 cid=22 client_database_id=7 client_nickname=Mary client_type=0|clid=6 cid=22 client_database_id=6... (3 Replies)
Discussion started by: Pioneer1976
3 Replies

7. Shell Programming and Scripting

AWK- delimiting the strings and matching the fields

Hello, I am newbie in awk. I have just started learning it. 1) I have input file which looks like: {4812 4009 1602 2756 306} {4814 4010 1603 2757 309} {8116 9362 10779 } {10779 10121 9193 10963 10908} {1602 2756 306 957 1025} {1603 2757 307} and so on..... 2) In output: a)... (10 Replies)
Discussion started by: kajolo
10 Replies

8. Shell Programming and Scripting

Remove specific strings from certain fields

I'm working with a set of files where I'm trying to remove a set of characters from specific fields. The files are comma-delimited, and the characters I want to remove include: - open parentheses - ( - close parentheses - ) - space followed by a dollar sign - $ I don't want to remove every... (1 Reply)
Discussion started by: HLee1981
1 Replies

9. Shell Programming and Scripting

Extract fields

Hi, I have a tmp file like below: <ADATA> ANUM=900 ADESC=Saving ATYP=0 TXREGD=0 </ADATA> <ADATA> ANUM=890 ADESC=Saving ATYP=0 ABAL=9000 TXREGD=1 </ADATA> <ADATA> (2 Replies)
Discussion started by: kunigirib
2 Replies

10. Shell Programming and Scripting

Extract fields from from this

thank youuuu (0 Replies)
Discussion started by: rnallamothu
0 Replies
Login or Register to Ask a Question