Bernd Kuhlens portfolio
awk is a great tool for a short hands on command line analysis of apache requests. The correct syntax depends on the LogFormat of course (which for compliance reasons i cannot state here).
Today I was looking for requests that take longer than 3 seconds (request time is reported as microseconds in my log). Moreover I needed the URL, only a specific time range (2019:04:1, meaning all requests today at 04:10-04:19 UTC) .
Here’s my command:
cat /httpd/logs/access.log |grep "2019:04:1"| awk '{if ($(NF-2) > 3000000) print $4"-----"$7"-----"$(NF-2);}'
$NF-2 is the 3rd last column of the row (awk takes one row as input) and I know that this column has the request time in microseconds. I print the Time (4th column->$4), the URL ($7) and the time ($NF-2).