Linux上文本处理三剑客awk

GNU awk：gawk

文本处理三工具：grep, sed, awk
grep, egrep, fgrep：文本过滤工具
sed: 行编辑器
awk：报告生成器，格式化文本输出

AWK: Aho, Weinberger, Kernighan（作者三个人名字） --> New AWK, NAWK

gawk - pattern scanning and processing language

基本用法：gawk [options] 'program' FILE ...
program: PATTERN{ACTION STATEMENTS}
语句之间用分号分隔

options：
-F：指明输入时用到的字段分隔符

[root@promote ~]# awk -F: '{print $1}' /etc/passwd
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
operator
games
ftp
nobody
systemd-network
dbus
polkitd
sshd
postfix
centos
tcpdump
apache
tss
geoclue

-v var=value: 自定义变量

常用输出命令

print命令

格式：print item1, item2, ...

要点：
(1) 使用逗号分隔符
(2) 输出的各item可以字符串，也可以是数值；当前记录的字段、变量或awk的表达式
(3) 如省略item，相当于print $0

[root@promote ~]# tail -5 /etc/fstab | awk '{print $2,$4}'
 
/ defaults
/boot defaults
/home defaults
swap defaults
[root@promote ~]# tail -5 /etc/fstab | awk '{print "hello",$2,$4}'
hello  
hello / defaults
hello /boot defaults
hello /home defaults
hello swap defaults
[root@promote ~]# awk -v FS=':' -v OFS=':' '{print $1,$3,$7}' /etc/passwd
root:0:/bin/bash
bin:1:/sbin/nologin
daemon:2:/sbin/nologin
adm:3:/sbin/nologin
lp:4:/sbin/nologin
sync:5:/bin/sync
shutdown:6:/sbin/shutdown
halt:7:/sbin/halt
mail:8:/sbin/nologin
operator:11:/sbin/nologin
games:12:/sbin/nologin
ftp:14:/sbin/nologin
nobody:99:/sbin/nologin
systemd-network:192:/sbin/nologin
dbus:81:/sbin/nologin
polkitd:999:/sbin/nologin
sshd:74:/sbin/nologin
postfix:89:/sbin/nologin
centos:1000:/bin/bash
tcpdump:72:/sbin/nologin
apache:48:/sbin/nologin
tss:59:/sbin/nologin
geoclue:998:/sbin/nologin

printf命令

格式化输出：printf FORMAT, item1, item2, ...

(1) FORMAT必须给出;
(2) 不会自动换行，需要显式给出换行控制符，\n
(3) FORMAT中需要分别为后面的每个item指定一个格式化符号；

格式符	作用
%c	显示字符的ASCII码
%d, %i	示十进制整数
%c	显示字符的ASCII码
%e, %E	科学计数法数值显示
%f	显示为浮点数
%g, %G	以科学计数法或浮点形式显示数值
%s	显示字符串
%u	无符号整数
%%	显示%自身

[root@promote ~]# awk -F: '{printf "Username: %s, UID: %d\n",$1,$3}' /etc/passwd
Username: root, UID: 0
Username: bin, UID: 1
Username: daemon, UID: 2
Username: adm, UID: 3
Username: lp, UID: 4
Username: sync, UID: 5
Username: shutdown, UID: 6
Username: halt, UID: 7
Username: mail, UID: 8
Username: operator, UID: 11
Username: games, UID: 12
Username: ftp, UID: 14
Username: nobody, UID: 99
Username: systemd-network, UID: 192
Username: dbus, UID: 81
Username: polkitd, UID: 999
Username: sshd, UID: 74
Username: postfix, UID: 89
Username: centos, UID: 1000
Username: tcpdump, UID: 72
Username: apache, UID: 48
Username: tss, UID: 59
Username: geoclue, UID: 998

修饰符	作用
#[.#]	第一个数字控制显示的宽度；第二个#表示小数点后的精度
-	左对齐
+	显示数值的符号

[root@promote ~]# awk -F: '{printf "Username: %-15s, UID: %d\n",$1,$3}' /etc/passwd
Username: root           , UID: 0
Username: bin            , UID: 1
Username: daemon         , UID: 2
Username: adm            , UID: 3
Username: lp             , UID: 4
Username: sync           , UID: 5
Username: shutdown       , UID: 6
Username: halt           , UID: 7
Username: mail           , UID: 8
Username: operator       , UID: 11
Username: games          , UID: 12
Username: ftp            , UID: 14
Username: nobody         , UID: 99
Username: systemd-network, UID: 192
Username: dbus           , UID: 81
Username: polkitd        , UID: 999
Username: sshd           , UID: 74
Username: postfix        , UID: 89
Username: centos         , UID: 1000

变量

内建变量

变量名	全称	作用
FS	input field seperator	默认为空白字符
OFS	output field seperator	默认为空白字符

[root@promote ~]# awk -v FS=':' '{print $1}' /etc/passwd
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
operator
games
ftp
nobody
systemd-network
dbus
polkitd
sshd
postfix
centos
tcpdump
apache
tss
geoclue

变量名	全称	作用
RS	input record seperator	输入时的换行符
ORS	output record seperator	输出时的换行符

[root@promote ~]# awk -v rs=' ' '{print}' /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
centos:x:1000:1000::/home/centos:/bin/bash
tcpdump:x:72:72::/:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
geoclue:x:998:996:User for geoclue:/var/lib/geoclue:/sbin/nologin

变量名	全称	作用
NF	number of field	每行字段数量
NR	number of record	行数（对行统一计数）
FNR		各文件分别计数；行数

注意：{print NF}, {print $NF}区别

[root@promote ~]# awk '{print NF}' /etc/fstab 
0
1
2
10
1
9
12
1
6
6
6
6
[root@promote ~]# awk '{print NR}' /etc/fstab 
1
2
3
4
5
6
7
8
9
10
11
12

变量名	作用
FILENAME	当前文件名

[root@promote ~]# awk '{print FILENAME}' /etc/fstab 
/etc/fstab
/etc/fstab
/etc/fstab
/etc/fstab
/etc/fstab
/etc/fstab
/etc/fstab
/etc/fstab
/etc/fstab
/etc/fstab
/etc/fstab
/etc/fstab

变量名	作用
ARGC	命令行参数的个数
ARGV	数组，保存的是命令行所给定的各参数

[root@promote ~]# awk 'BEGIN{print ARGC}' /etc/fstab 
2
[root@promote ~]# awk 'BEGIN{print ARGV[0]}' /etc/fstab 
awk
[root@promote ~]# awk 'BEGIN{print ARGV[1]}' /etc/fstab 
/etc/fstab

自定义变量

(1) -v var=value
变量名区分字符大小写；

(2) 在program中直接定义

[root@promote ~]# awk 'BEGIN{test="hello gawk";print test}'
hello gawk

操作符

操作符名	操作符
算术操作符	x+y, x-y, x*y, x/y, x^y, x%y,-x,+x
字符串操作符	没有符号的操作符，字符串连接
赋值操作符	>=, +=, -=, *=, /=, %=, ^=,++, --
比较操作符	>, >=, <, <=, !=, ==
模式匹配符	~：是否匹配，!~：是否不匹配
逻辑操作符	&&,\|\|,!
函数调用	function_name(argu1, argu2, ...)

条件表达式：

selector?if-true-expression:if-false-expression

示例：如果 id号大于1000，用户为普通用户，否则就为系统管理员

[root@promote ~]# awk -F: '{$3>=1000?usertype="Common User":usertype="Sysadmin or SysUser";printf "%15s:%-s\n",$1,usertype}' /etc/passwd

PATTERN

(1) empty：空模式，匹配每一行；
(2) /regular expression/：仅处理能够被此处的模式匹配到的行；

(3) relational expression: 关系表达式；结果有“真”有“假”；结果为“真”才会被处理；
真：结果为非0值，非空字符串；

[root@promote ~]# awk -F: '$3<1000{print $1,$3}' /etc/passwd
root 0
bin 1
daemon 2
adm 3
lp 4
sync 5
shutdown 6
halt 7
mail 8
operator 11
games 12
ftp 14
nobody 99
systemd-network 192
dbus 81
polkitd 999
sshd 74
postfix 89
tcpdump 72
apache 48
tss 59
geoclue 998
[root@promote ~]# awk -F: '$NF=="/bin/bash"{print $1,$NF}' /etc/passwd
root /bin/bash
centos /bin/bash

(4) line ranges：行范围
startline,endline：/pat1/,/pat2/
注意：不支持直接给出数字的格式

[root@promote ~]# awk -F: '/^b/,/^g/{print $1}' /etc/passwd
bin
daemon
adm
lp
sync
shutdown
halt
mail
operator
games
[root@promote ~]# awk -F: '(NR>=2&&NR<=10){print $1}' /etc/passwd
bin
daemon
adm
lp
sync
shutdown
halt
mail
operator

(5) BEGIN/END模式
BEGIN{}: 仅在开始处理文件中的文本之前执行一次；
END{}：仅在文本处理完成之后执行一次；

[root@promote ~]# awk -F: 'BEGIN{print" username  uid   \n----------------"}{print $1,$3}END{print" ==============\n  end         "}' /etc/passwd
 username  uid   
----------------
root 0
bin 1
daemon 2
adm 3
lp 4
sync 5
shutdown 6
halt 7
mail 8
operator 11
games 12
ftp 14
nobody 99
systemd-network 192
dbus 81
polkitd 999
sshd 74
postfix 89
centos 1000
tcpdump 72
apache 48
tss 59
geoclue 998
 ==============
  end

常用的action

(1) Expressions
(2) Control statements：if, while等；
(3) Compound statements：组合语句；
(4) input statements
(5) output statements

控制语句

if-else

语法：if(condition) statement [else statement]

使用场景：对awk取得的整行或某个字段做条件判断

[root@promote ~]# awk -F: '{if($3>=1000) {printf "Common user: %s\n",$1} else {printf "root or Sysuser: %s\n",$1}}' /etc/passwd
root or Sysuser: root
root or Sysuser: bin
root or Sysuser: daemon
root or Sysuser: adm
root or Sysuser: lp
root or Sysuser: sync
root or Sysuser: shutdown
root or Sysuser: halt
root or Sysuser: mail
root or Sysuser: operator
root or Sysuser: games
root or Sysuser: ftp
root or Sysuser: nobody
root or Sysuser: systemd-network
root or Sysuser: dbus
root or Sysuser: polkitd
root or Sysuser: sshd
root or Sysuser: postfix
Common user: centos
root or Sysuser: tcpdump
root or Sysuser: apache
root or Sysuser: tss
root or Sysuser: geoclue

[root@promote ~]# awk -F: '{if($NF=="/bin/bash") print $1}' /etc/passwd
root
centos

[root@promote ~]# awk '{if(NF>5) print $0}' /etc/fstab
# Created by anaconda on Sun Apr 14 09:29:51 2019
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
/dev/mapper/centos_promote-root /                       xfs     defaults        0 0
UUID=273deb66-d03c-457f-8b29-5df019b3e53a /boot                   xfs     defaults        0 0
/dev/mapper/centos_promote-home /home                   xfs     defaults        0 0
/dev/mapper/centos_promote-swap swap                    swap    defaults        0 0

[root@promote ~]# df -h
Filesystem                       Size  Used Avail Use% Mounted on
/dev/mapper/centos_promote-root   50G  1.7G   49G   4% /
devtmpfs                         898M     0  898M   0% /dev
tmpfs                            910M     0  910M   0% /dev/shm
tmpfs                            910M  9.6M  901M   2% /run
tmpfs                            910M     0  910M   0% /sys/fs/cgroup
/dev/mapper/centos_promote-home   67G   33M   67G   1% /home
/dev/sda1                       1014M  146M  869M  15% /boot
tmpfs                            182M     0  182M   0% /run/user/0
[root@promote ~]# df -h | awk -F[%] '/^\/dev/{print $1}' | awk '{if($NF>=10) print $1}'
/dev/sda1

while循环

语法：while(condition) statement
条件“真”，进入循环；条件“假”，退出循环；

使用场景：对一行内的多个字段逐一类似处理时使用；对数组中的各元素逐一处理时使用；

[root@promote ~]# awk '/^[[:space:]]*linux16/{i=1;while(i<=NF) {print $i,length($i); i++}}' /etc/grub2.cfg
linux16 7
/vmlinuz-3.10.0-957.el7.x86_64 30
root=/dev/mapper/centos_promote-root 36
ro 2
crashkernel=auto 16
rd.lvm.lv=centos_promote/root 29
rd.lvm.lv=centos_promote/swap 29
rhgb 4
quiet 5
LANG=en_US.UTF-8 16
linux16 7
/vmlinuz-0-rescue-6f14150e17f24a19917ff162dd467b32 50
root=/dev/mapper/centos_promote-root 36
ro 2
crashkernel=auto 16
rd.lvm.lv=centos_promote/root 29
rd.lvm.lv=centos_promote/swap 29
rhgb 4
quiet 5

[root@promote ~]# awk '/^[[:space:]]*linux16/{i=1;while(i<=NF) {if(length($i)>=7) {print $i,length($i)}; i++}}' /etc/grub2.cfg
linux16 7
/vmlinuz-3.10.0-957.el7.x86_64 30
root=/dev/mapper/centos_promote-root 36
crashkernel=auto 16
rd.lvm.lv=centos_promote/root 29
rd.lvm.lv=centos_promote/swap 29
LANG=en_US.UTF-8 16
linux16 7
/vmlinuz-0-rescue-6f14150e17f24a19917ff162dd467b32 50
root=/dev/mapper/centos_promote-root 36
crashkernel=auto 16
rd.lvm.lv=centos_promote/root 29
rd.lvm.lv=centos_promote/swap 29

do-while循环

语法：do statement while(condition)
意义：至少执行一次循环体

for循环

语法：for(expr1;expr2;expr3) statement
for(variable assignment;condition;iteration process) {for-body}

[root@promote ~]# awk '/^[[:space:]]*linux16/{for(i=1;i<=NF;i++) {print $i,length($i)}}' /etc/grub2.cfg
linux16 7
/vmlinuz-3.10.0-957.el7.x86_64 30
root=/dev/mapper/centos_promote-root 36
ro 2
crashkernel=auto 16
rd.lvm.lv=centos_promote/root 29
rd.lvm.lv=centos_promote/swap 29
rhgb 4
quiet 5
LANG=en_US.UTF-8 16
linux16 7
/vmlinuz-0-rescue-6f14150e17f24a19917ff162dd467b32 50
root=/dev/mapper/centos_promote-root 36
ro 2
crashkernel=auto 16
rd.lvm.lv=centos_promote/root 29
rd.lvm.lv=centos_promote/swap 29
rhgb 4
quiet 5

特殊用法：
能够遍历数组中的元素；
语法：for(var in array) {for-body}

switch语句

语法：switch(expression) {case VALUE1 or /REGEXP/: statement; case VALUE2 or /REGEXP2/: statement; ...; default: statement}

break和continue

break [n]
continue

提前结束对本行的处理而直接进入下一行

示例：
取出id号为偶数的用户

[root@promote ~]# awk -F: '{if($3%2!=0) next; print $1,$3}' /etc/passwd
root 0
daemon 2
lp 4
shutdown 6
mail 8
games 12
ftp 14
systemd-network 192
sshd 74
centos 1000
tcpdump 72
apache 48
geoclue 998

array

关联数组：array[index-expression]

index-expression:
(1) 可使用任意字符串；字符串要使用双引号；
(2) 如果某数组元素事先不存在，在引用时，awk会自动创建此元素，并将其值初始化为“空串”；
若要判断数组中是否存在某元素，要使用"index in array"格式进行；

若要遍历数组中的每个元素，要使用for循环
for(var in array) {for-body}

[root@promote ~]# awk 'BEGIN{weekdays["mon"]="Monday";weekdays["tue"]="Tuesday";for(i in weekdays) {print weekdays[i]}}'
Tuesday
Monday

注意：var会遍历array的每个索引；

state["LISTEN"]++
state["ESTABLISHED"]++

[root@promote ~]# netstat -tan | awk '/^tcp\>/{state[$NF]++}END{for(i in state) { print i,state[i]}}'
LISTEN 2
ESTABLISHED 2

[root@promote ~]# awk '{ip[$1]++}END{for(i in ip) {print i,ip[i]}}' /var/log/httpd/access_log

示例：用awk查看tcp连接处于TIMEOUT的连接个数

[root@promote ~]# netstat -tan | awk '/TIMEOUT/{state[$NF]}END{for(i in state){print i,state[i]}}'

练习1：统计/etc/fstab文件中每个文件系统类型出现的次数；

[root@promote ~]# awk '/^UUID/{fs[$4]++}END{for(i in fs) {print i,fs[i]}}' /etc/fstab
defaults 1

练习2：统计指定文件中每个单词出现的次数；

[root@promote ~]#  awk '{for(i=1;i<=NF;i++){count[$i]++}}END{for(i in count) {print i,count[i]}}' /etc/fstab
man 1
and/or 1
maintained 1
xfs 3
14 1
Accessible 1
# 7
Apr 1
are 1
defaults 4
blkid(8) 1
/ 1
0 8
See 1
Created 1
/dev/mapper/centos_promote-root 1
on 1
mount(8) 1
anaconda 1
fstab(5), 1
/dev/mapper/centos_promote-home 1
/boot 1
findfs(8), 1
/home 1
2019 1
'/dev/disk' 1
by 2
/etc/fstab 1
/dev/mapper/centos_promote-swap 1
09:29:51 1
pages 1
more 1
UUID=273deb66-d03c-457f-8b29-5df019b3e53a 1
info 1
swap 2
Sun 1
filesystems, 1
reference, 1
for 1
under 1

函数

内置函数

数值处理：
rand()：返回0和1之间一个随机数；

[root@promote ~]# awk 'BEGIN{print rand()}'
0.237788

字符串处理：

字符串	作用
length([s])	返回指定字符串的长度
sub(r,s,[t])	以r表示的模式来查找t所表示的字符中的匹配的内容，并将其第一次出现替换为s所表示的内容
gsub(r,s,[t])	以r表示的模式来查找t所表示的字符中的匹配的内容，并将其所有出现均替换为s所表示的内容
split(s,a[,r])	以r为分隔符切割字符s，并将切割后的结果保存至a所表示的数组中

示例1：把每行的第1字段中，第一次出现的小写o替换为大写O；注意：仅替换每行一次出现的

[root@wujunjie ~]# awk -F: '{sub(o,O,$1)}' /etc/passwd

示例2：显示来访的主机地址连接的次数

[root@promote ~]#  netstat -tan | awk '/^tcp\>/{split($5,ip,":");count[ip[1]]++}END{for (i in count) {print i,count[i]}}'
192.168.0.101 1
0.0.0.0 2