Awk (1), awk

Awk (1), awk
The following information is extracted from the netstat command as an example.

$ cat netstat.txtProto Recv-Q Send-Q Local-Address          Foreign-Address             Statetcp        0      0 0.0.0.0:3306           0.0.0.0:*                   LISTENtcp        0      0 0.0.0.0:80             0.0.0.0:*                   LISTENtcp        0      0 127.0.0.1:9000         0.0.0.0:*                   LISTENtcp        0      0 coolshell.cn:80        124.205.5.146:18245         TIME_WAITtcp        0      0 coolshell.cn:80        61.140.101.185:37538        FIN_WAIT2tcp        0      0 coolshell.cn:80        110.194.134.189:1032        ESTABLISHEDtcp        0      0 coolshell.cn:80        123.169.124.111:49809       ESTABLISHEDtcp        0      0 coolshell.cn:80        116.234.127.77:11502        FIN_WAIT2tcp        0      0 coolshell.cn:80        123.169.124.111:49829       ESTABLISHEDtcp        0      0 coolshell.cn:80        183.60.215.36:36970         TIME_WAITtcp        0   4166 coolshell.cn:80        61.148.242.38:30901         ESTABLISHEDtcp        0      1 coolshell.cn:80        124.152.181.209:26825       FIN_WAIT1tcp        0      0 coolshell.cn:80        110.194.134.189:4796        ESTABLISHEDtcp        0      0 coolshell.cn:80        183.60.212.163:51082        TIME_WAITtcp        0      1 coolshell.cn:80        208.115.113.92:50601        LAST_ACKtcp        0      0 coolshell.cn:80        123.169.124.111:49840       ESTABLISHEDtcp        0      0 coolshell.cn:80        117.136.20.85:50025         FIN_WAIT2tcp        0      0 :::22                  :::*                        LISTEN

The following is the simplest and most commonly used awk example. It outputs 1st columns and 4th examples.

• Awk statements are enclosed in single quotes. Note that they can only be enclosed in single quotes.
• $1 .. $ n indicates the number of instances. Note: $0 indicates the entire row.

  $ awk '{print $1, $4}' netstat.txtProto Local-Addresstcp 0.0.0.0:3306tcp 0.0.0.0:80tcp 127.0.0.1:9000tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp :::22

Let's take a look at the formatting output of awk, which is similar to the printf of C language:

$ awk'{printf "%-8s %-8s %-8s %-18s %-22s %-15s\n",$1,$2,$3,$4,$5,$6}'netstat.txtProto    Recv-Q   Send-Q   Local-Address      Foreign-Address        Statetcp      0        0        0.0.0.0:3306       0.0.0.0:*              LISTENtcp      0        0        0.0.0.0:80         0.0.0.0:*              LISTENtcp      0        0        127.0.0.1:9000     0.0.0.0:*              LISTENtcp      0        0        coolshell.cn:80    124.205.5.146:18245    TIME_WAITtcp      0        0        coolshell.cn:80    61.140.101.185:37538   FIN_WAIT2tcp      0        0        coolshell.cn:80    110.194.134.189:1032   ESTABLISHEDtcp      0        0        coolshell.cn:80    123.169.124.111:49809  ESTABLISHEDtcp      0        0        coolshell.cn:80    116.234.127.77:11502   FIN_WAIT2tcp      0        0        coolshell.cn:80    123.169.124.111:49829  ESTABLISHEDtcp      0        0        coolshell.cn:80    183.60.215.36:36970    TIME_WAITtcp      0        4166     coolshell.cn:80    61.148.242.38:30901    ESTABLISHEDtcp      0        1        coolshell.cn:80    124.152.181.209:26825  FIN_WAIT1tcp      0        0        coolshell.cn:80    110.194.134.189:4796   ESTABLISHEDtcp      0        0        coolshell.cn:80    183.60.212.163:51082   TIME_WAITtcp      0        1        coolshell.cn:80    208.115.113.92:50601   LAST_ACKtcp      0        0        coolshell.cn:80    123.169.124.111:49840  ESTABLISHEDtcp      0        0        coolshell.cn:80    117.136.20.85:50025    FIN_WAIT2tcp      0        0        :::22              :::*                   LISTEN

Let's take a look at how to filter records (the following filtering condition is: the value of the third column is 0 & the value of the 6th column is LISTEN)

$ awk '$3==0 && $6=="LISTEN" ' netstat.txttcp        0      0 0.0.0.0:3306               0.0.0.0:*              LISTENtcp        0      0 0.0.0.0:80                 0.0.0.0:*              LISTENtcp        0      0 127.0.0.1:9000             0.0.0.0:*              LISTENtcp        0      0 :::22                      :::*                   LISTEN

"=" Is a comparison operator. Other comparison operators :! =, <, <>=, <P>

 

Let's take a look at the ways to filter records:

$ awk' $3>0 {print $0}'netstat.txtProto Recv-Q Send-Q Local-Address          Foreign-Address             Statetcp        0   4166 coolshell.cn:80        61.148.242.38:30901         ESTABLISHEDtcp        0      1 coolshell.cn:80        124.152.181.209:26825       FIN_WAIT1tcp        0      1 coolshell.cn:80        208.115.113.92:50601        LAST_ACK

If we need a header, we can introduce the built-in variable NR:

$ awk '$3==0 && $6=="LISTEN" || NR==1 '  netstat.txtProto Recv-Q Send-Q Local-Address          Foreign-Address             Statetcp        0      0 0.0.0.0:3306           0.0.0.0:*                   LISTENtcp        0      0 0.0.0.0:80             0.0.0.0:*                   LISTENtcp        0      0 127.0.0.1:9000         0.0.0.0:*                   LISTENtcp        0      0 :::22                  :::*                        LISTEN

Add the formatted output:

$ awk'$3==0 && $6=="LISTEN" || NR==1 {printf "%-20s %-20s %s\n",$4,$5,$6}'netstat.txtLocal-Address        Foreign-Address      State0.0.0.0:3306         0.0.0.0:*            LISTEN0.0.0.0:80           0.0.0.0:*            LISTEN127.0.0.1:9000       0.0.0.0:*            LISTEN:::22                :::*                 LISTEN

Built-in Variables

Speaking of built-in variables, let's take a look at some built-in variables of awk:

$0 current record (this variable stores the content of the entire row) $1 ~ $ N the nth field of the current record. The fields are separated by FS. The default delimiter of the FS input field is space or the number of fields in the current record of TabNF, this is the number of records read by the NR column, that is, the row number. Starting from 1, if there are multiple files, this value is constantly increasing. The current number of FNR records. Different from NR, this value will be the record delimiter input by RS in the row number of each file. The default value is the delimiter of the field output by OFS, it is also the record separator output by space ORS by default. The default value is the name of the current input file of the Line Break FILENAME.

How to use it? For example, if we want to output a row number:

$ awk'$3==0 && $6=="ESTABLISHED" || NR==1 {printf "%02s %s %-20s %-20s %s\n",NR, FNR, $4,$5,$6}'netstat.txt01 1 Local-Address        Foreign-Address      State07 7 coolshell.cn:80      110.194.134.189:1032 ESTABLISHED08 8 coolshell.cn:80      123.169.124.111:49809 ESTABLISHED10 10 coolshell.cn:80      123.169.124.111:49829 ESTABLISHED14 14 coolshell.cn:80      110.194.134.189:4796 ESTABLISHED17 17 coolshell.cn:80      123.169.124.111:49840 ESTABLISHED

Delimiter

$  awk 'BEGIN{FS=":"} {print $1,$3,$6}' /etc/passwdroot 0 /rootbin 1 /bindaemon 2 /sbinadm 3 /var/admlp 4 /var/spool/lpdsync5 /sbinshutdown6 /sbinhalt 7 /sbin

The above command is also equivalent to: (-F means specifying a separator)

$ awk-F: '{print $1,$3,$6}'/etc/passwd

Note: If you want to specify multiple delimiters, you can:

awk-F '[;:]'

String Matching

$ awk '$6 ~ /FIN/ || NR==1 {print NR,$4,$5,$6}' OFS="\t" netstat.txt1       Local-Address   Foreign-Address State6       coolshell.cn:80 61.140.101.185:37538    FIN_WAIT29       coolshell.cn:80 116.234.127.77:11502    FIN_WAIT213      coolshell.cn:80 124.152.181.209:26825   FIN_WAIT118      coolshell.cn:80 117.136.20.85:50025     FIN_WAIT2$ $ awk '$6 ~ /WAIT/ || NR==1 {print NR,$4,$5,$6}' OFS="\t" netstat.txt1       Local-Address   Foreign-Address State5       coolshell.cn:80 124.205.5.146:18245     TIME_WAIT6       coolshell.cn:80 61.140.101.185:37538    FIN_WAIT29       coolshell.cn:80 116.234.127.77:11502    FIN_WAIT211      coolshell.cn:80 183.60.215.36:36970     TIME_WAIT13      coolshell.cn:80 124.152.181.209:26825   FIN_WAIT115      coolshell.cn:80 183.60.212.163:51082    TIME_WAIT18      coolshell.cn:80 117.136.20.85:50025     FIN_WAIT2

The above example matches the FIN status, and the second example matches the WAIT status. Actually ~ Indicates that the mode starts. // Indicates the mode. This is the matching of a regular expression.

 

In fact, awk can match the first line like grep, just like this:

$ awk '/LISTEN/' netstat.txttcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTENtcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTENtcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTENtcp        0      0 :::22                   :::*                    LISTEN