I want to get the "GET" queries from my server logs.
For example, this is the server log
1.0.0.127.in-addr.arpa - - [10/Jun/2012 15:32:27] code 404, message File not fo$
1.0.0.127.in-addr.arpa - - [10/Jun/2012 15:32:27] "GET /hello HTTP/1.1" 404 -   
1.0.0.127.in-addr.arpa - - [10/Jun/2012 15:41:57] code 404, message File not fo$
1.0.0.127.in-addr.arpa - - [10/Jun/2012 15:41:57] "GET /ss HTTP/1.1" 404 -
When I try with simple grep or awk,
Adi:~ adi$ awk '/GET/, /HTTP/' serverlogs.txt
it gives out
1.0.0.127.in-addr.arpa - - [10/Jun/2012 15:32:27] "GET /hello HTTP/1.1" 404 -
1.0.0.127.in-addr.arpa - - [10/Jun/2012 15:41:57] "GET /ss HTTP/1.1" 404 -
I just want to display : hello and ss
Is there any way this could be done?
You can use grep with -A n option to print N lines after matching lines. Using -B n option you can print N lines before matching lines. Using -C n option you can print N lines before and after matching lines.
For BSD or GNU grep you can use -B num to set how many lines before the match and -A num for the number of lines after the match. If you want the same number of lines before and after you can use -C num . This will show 3 lines before and 3 lines after.
You can use grep -oP '(\w+\W+)? returns(\W+\w+)? ' Is there a case when the text "returns" does not have a word before or after?
Assuming you have gnu grep, you can use perl-style regex to do a positive lookbehind:
grep -oP '(?<=GET\s/)\w+' file
If you don't have gnu grep, then I'd advise just using sed:
sed -n '/^.*GET[[:space:]]\{1,\}\/\([-_[:alnum:]]\{1,\}\).*$/s//\1/p' file
If you happen to have gnu sed, that can be greatly simplified:
sed -n '/^.*GET\s\+\/\(\w\+\).*$/s//\1/p' file
The bottom line here is, you certainly don't need pipes to accomplish this.  grep or sed alone will suffice.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With