Parsing Log File with bash script

Here is an example of a log file that I am trying to parse through.

2018-09-09 15:32:28 Alert Server1 Running Check TRIGGERED
+--------------------------------------+---------+
| ID        | host           | altID     | value |
+--------------------------------------+---------+
| 4als4234  | host1.mail.com | isRunning | true  |
| 5nsh3463  | host2.mail.com | isRunning | false |
+--------------------------------------+---------+
Instance: server
Alert ID: server_running

I would like to have a script that runs and formats the logs to look like this:

host: host1.mail.com 
altID: isRunning
value: true 
Alert ID: server_running

host: host2.mail.com 
altID: isRunning
value: false 
AlertID: server_running

I am knew to linux in general and my bash scripting knowledge is limited. I have tried using a few awk commands but I can't seem to get the format right. Any suggestions?

2 answers

  • answered 2018-10-11 20:40 stack0114106

    Check this Perl solution:

    $ cat alert.pl
    open $INPUT,"<","$ARGV[0]" or die "No such file";
    my $alertid ="";
    while(my $row = <$INPUT>)
    {
     if ($row=~m/^[|]\s*\d/m)
       {
         my @F = split(/\|/, $row);
         push @ht,"$F[2]";push @alt,"$F[3]";push @val,"$F[4]";
       }
     if ($row=~m/^Alert/m)
       {
         ($alertid = $row)=~s/(.*):(.*)/\2/g;
       }
    }
    foreach my $id (0..1)
    {
    print "host:$ht[$id]\n" ;
    print "altID:$alt[$id]\n" ;
    print "value:$val[$id]\n" ;
    print "AlertID:${alertid}\n" ;
    }
    $ perl -f alert.pl alert.log  // Calling the perl script
    host: host1.mail.com
    altID: isRunning
    value: true
    AlertID: server_running
    
    host: host2.mail.com
    altID: isRunning
    value: false
    AlertID: server_running
    

  • answered 2018-10-11 20:55 glenn jackman

    With GNU awk:

    gawk '
        /Alert.*TRIGGERED/ {alert_start = NR}
        alert_start && NR == alert_start + 4 { # the first data row of the table
            while (NF == 9) {
                ids[$2]["host"]  = $4
                ids[$2]["altID"] = $6
                ids[$2]["value"] = $8
                getline
            }
        }
        alert_start && /^Alert ID/ {
            for (id in ids)
                printf "host: %s\naltID: %s\nvalue: %s\nAlert ID: %s\n\n",
                    ids[id]["host"], ids[id]["altID"], ids[id]["value"], $3
            delete ids
            alert_start = 0
        }
    ' log.file