[ale] Text Processing Happiness - I'm no longer lost

JK jknapka at kneuro.net
Sat Aug 18 13:54:25 EDT 2007


Bruce wrote:
> Now, for step two.
>
> I'm exporting tons of wonderful data, but want to find
> out what unique applications are running. The records
> look like this:
> 10.1.31.84,10.1.12.92,539,0,TCP_ars-master-3176-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_csd-mgmt-port-3071-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_d2000kernel-3119-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_feitianrockey-3152-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_hp-pxpib-3101-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_ncadg-ip-udp-3063-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_ndl-aas-3128-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_responsenet-3045-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_tarantella-3144-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_tip-app-server-3160-tcp,2,88,1
>
> What I'd like to do is find out all the unique
> applications that are running on the network. I want
> to pipe in the file, use the comma as a field
> delimiter - and strip out fields one, two, three, four
> - keep field five (the application), then strip out
> fields six, seven and eight (packets, octets and
> flows). Once I get all the applications stripped out,
> I'll do a sort uniq to get down to one instance per
> app. 
>
> I think the cut command would do the trick, and am
> googling it. Is that the right direction? How do I
> strip the fields and just leave the app. name there?
>
>   
cut -d ',' -f 5 < logfile

Or maybe -f 4; I can't remember if cut numbers fields from 0 or 1.

-- JK
--
(declare (antichrist i) (anarchist i)) -- the sexp-pistols




More information about the Ale mailing list