2

I have a log file with multiple data i want to filter on DHCPREQUEST IP from that file and I want to count how many time a IP request for that service content in log file is like this :-

Mar 22 11:20:34 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.1 from aa:00:00:00:00:00 (pc) via 10.1.1.2
Mar 22 11:19:34 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.2 from aa:00:00:00:00:00 (pc) via 10.1.1.2
Mar 22 11:18:34 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.2 from aa:00:00:00:17:00 (pc) via 10.1.1.2
Mar 22 11:16:34 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.1 from aa:00:00:00:00:00 (pc) via 10.1.1.2
Mar 22 11:15:34 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.1 from aa:00:00:00:00:00 (pc) via 10.1.1.2
Mar 22 11:14:34 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.1 from aa:00:00:00:00:00 (pc) via 10.1.1.2
Mar 22 11:12:34 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.1 from aa:00:00:00:00:00 (pc) via 10.1.1.2
Mar 22 11:11:34 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.1 from aa:00:00:00:00:00 (pc) via 10.1.1.2

Using this code I am printing count with grep IP but its showing count 1 for duplicate IP also please suggest what I am doing wrong

five_min='Mar 22 11:15:34' 
while IFS= read -r line; do
    if [[ "$five_min" < "$line" ]] 
    then
        echo "$line" | grep DHCPREQUEST  | awk -F  " " '{print $8 }' | uniq -c
    fi
done < file.txt
Vijay
  • 197
  • 10
  • it is useless to redefine `-F " "` which is standard implementation. Also, you are piping inside the awk call: depending on your flavor, that may cause issues. – Daemon Painter Mar 27 '18 at 12:07

2 Answers2

2

You're running the command on a single line, so it makes sense that you're getting 1.

Having the following test.txt:

Mar 22 11:20:34 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.1 from aa:00:00:00:00:00 (pc) via 10.1.1.2
Mar 22 11:20:35 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.1 from aa:00:00:00:00:00 (pc) via 10.1.1.2
Mar 22 11:20:36 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.1 from aa:00:00:00:00:00 (pc) via 10.1.1.2

The command:

grep DHCPREQUEST test | awk '{print $8}' | uniq -c

prints:

3 10.1.1.1
Maroun
  • 94,125
  • 30
  • 188
  • 241
  • using this way but still not getting right count for duplicate ip – Vijay Mar 27 '18 at 07:45
  • Can you please post a reproducible content of your file? – Maroun Mar 27 '18 at 07:46
  • its same like you are using in test file – Vijay Mar 27 '18 at 07:48
  • @Vijay Divide the pipes - check what's the output of `grep`, then pipe `awk`. – Maroun Mar 27 '18 at 07:48
  • Mar 22 11:20:34 DHCP-IP dhcp: DHCPREQUEST for 10.1.1.1 from aa:00:00:00:00:00 (pc) via 10.1.1.2 : give me this output of grep and awk print 1 10.1.1.1 – Vijay Mar 27 '18 at 07:55
  • @Vijay How many lines you're getting back from `grep DHCPREQUEST test`? – Maroun Mar 27 '18 at 07:56
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/167606/discussion-between-vijay-and-maroun). – Vijay Mar 27 '18 at 08:06
  • @Vijay, could you please post more useful inputs in your post, so that we could understand your requirement better? – RavinderSingh13 Mar 27 '18 at 10:36
  • @RavinderSingh13 problem was loop variable line because of loop line repersents one line on each loop so that uniq is not working now i store the data in temp file then uniq is working now thanks. – Vijay Mar 27 '18 at 11:08
  • 1
    @Vijay, we all are trying to learn here by putting effort, to be honest your information was not enough. I will still say re-phrase your question and do let us know what is needed so that other people who read this thread will be benefited too from this. – RavinderSingh13 Mar 27 '18 at 11:35
  • @Vijay, please add expected output too here and let me know then. – RavinderSingh13 Mar 27 '18 at 12:29
  • @Vijay, for your input my `awk` is working perfectly, please be more clear what is NOT working with it? – RavinderSingh13 Mar 27 '18 at 12:35
  • @Vijay, please select any of the answer as correct answer too, cheers :) – RavinderSingh13 Mar 28 '18 at 04:12
1

Following single awk may help you on same too.

awk 'match($0,/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/){array[substr($0,RSTART,RLENGTH)]++} END{for(i in array){print array[i],i}}'  Input_file

Adding a non-one liner form of solution too now.

awk '
match($0,/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/){  array[substr($0,RSTART,RLENGTH)]++  }
END{
  for(i in array)                         {  print array[i],i                    }
}
'   Input_file
RavinderSingh13
  • 130,504
  • 14
  • 57
  • 93