(AWK) How to sort these results?!
Dear Experts,
I hope you can help me out to try and sort these results into a structured manner.
The script I have build is basically to analyse Windows 2k3 server Eventlogs. Basically, I am running the script through Windows by the use of gawk. Now, I have the results I want to have but the ID's are sorted.
Now, I have the following script:
(script inserted in the first comment for privacy purposes(google copy/paste skills)
And the following "unsorted" results:
Now these results are not visually appealing, I would love the sort the results on the eventId numbers. (From Smallest number > Largest number.)
What have I tried so far?
Well I've tried using the sort command, however, It doesn't work properly.
Output with " | sort -n -k1" & " | sort -n":
Hopefully you Experts can help me out.
I hope you can help me out to try and sort these results into a structured manner.
The script I have build is basically to analyse Windows 2k3 server Eventlogs. Basically, I am running the script through Windows by the use of gawk. Now, I have the results I want to have but the ID's are sorted.
Now, I have the following script:
(script inserted in the first comment for privacy purposes(google copy/paste skills)
And the following "unsorted" results:
[ - - EvenID's per category - - ]
Error eventID's:
1002 : 1
1109 : 2
29 : 18
8 : 106
Warning eventID's:
4 : 9
36 : 46
1003 : 21745
100 : 33489
8 : 9
Information eventID's:
4 : 5
26 : 7
35 : 13
7035 : 408
8033 : 2417Now these results are not visually appealing, I would love the sort the results on the eventId numbers. (From Smallest number > Largest number.)
What have I tried so far?
Well I've tried using the sort command, however, It doesn't work properly.
Output with " | sort -n -k1" & " | sort -n":
Error eventID's:
Information eventID's:
Warning eventID's:
1002 : 1
1109 : 2
29 : 18
8 : 106
4 : 9
36 : 46
1003 : 21745
100 : 33489
8 : 9
4 : 5
26 : 7
35 : 13
7035 : 408
8033 : 2417Hopefully you Experts can help me out.
ASKER
Sorry for the unsorted script.
I've attached the code as the Code Snippet.
I've attached the code as the Code Snippet.
#!/bin/awk -f
BEGIN {
FS=","
}
#
{
if ($4 ~ /Error/) {
eventidE[$6]++
}
else if ($4 ~ /Warning/) {
eventidW[$6]++
}
else if ($4 ~ /Information/) {
eventidI[$6]++
}
}
END {
print "[ - - EvenID's per algemene categorie - - ]"
print " Error eventID's: "
for (error in eventidE) {
print error "\t:\t", eventidE[error]
}
print "\n Warning eventID's: "
for (warning in eventidW) {
print warning "\t:\t", eventidW[warning]
}
print "\n Information eventID's: "
for (information in eventidI) {
print information "\t:\t", eventidI[information]
}
}
Hi,
please check gawk's asort function.
http://www.gnu.org/manual/gawk/html_node/Array-Sorting.html
and
http://www.gnu.org/manual/gawk/html_node/String-Functions.html#String-Functions
Basically, you will have to add something like
n = asort(eventidE) # between line 23 and 24 (second post)
n = asort(eventidW) # between line 27 and 28 (second post)
n = asort(eventidI) # between line 31 and 32 (second post)
"n" will contain the number of array elements.
wmp
please check gawk's asort function.
http://www.gnu.org/manual/gawk/html_node/Array-Sorting.html
and
http://www.gnu.org/manual/gawk/html_node/String-Functions.html#String-Functions
Basically, you will have to add something like
n = asort(eventidE) # between line 23 and 24 (second post)
n = asort(eventidW) # between line 27 and 28 (second post)
n = asort(eventidI) # between line 31 and 32 (second post)
"n" will contain the number of array elements.
wmp
ASKER
Hey [b]woolmilkporc[/b],
"asort" doesn't seem to sort on the eventid's nummerical value, instead it replaces the eventid's with a random number.
So, it does not work I'm afraid.
Hopefully there's some other way getting the results (quite desperate, sad I know).
- Mario
"asort" doesn't seem to sort on the eventid's nummerical value, instead it replaces the eventid's with a random number.
So, it does not work I'm afraid.
Hopefully there's some other way getting the results (quite desperate, sad I know).
- Mario
OK,
I think that's related to the way you use the array index.
You could try "asorti" instead of "asort", which will use this index for sorting - yet I don't know what this index will look like afterwards.
If this doesn't work either, I fear you will actually have to rely on some external sort - quite difficult with the type of output you desire!
wmp
I think that's related to the way you use the array index.
You could try "asorti" instead of "asort", which will use this index for sorting - yet I don't know what this index will look like afterwards.
If this doesn't work either, I fear you will actually have to rely on some external sort - quite difficult with the type of output you desire!
wmp
ASKER
Hey woolmilkporc,
Thanks for the ongoing, very quick support!
However, "asorti" also doesn't seem to work and I have no idea how to properly sort the values otherwise.
I hope there is someone out there able to help me. Although, I must thank a lot for all your help so far, woolmilkporc.
- Mario
Thanks for the ongoing, very quick support!
However, "asorti" also doesn't seem to work and I have no idea how to properly sort the values otherwise.
I hope there is someone out there able to help me. Although, I must thank a lot for all your help so far, woolmilkporc.
- Mario
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
#!/bin/awk -f
BEGIN {
FS=","
}
#
{
if ($4 ~ /Error/) {
eventidE[$6]++
}
else if ($4 ~ /Warning/) {
eventidW[$6]++
}
else if ($4 ~ /Information/) {
eventidI[$6]++
}
}
END {
print "[ - - EvenID's per algemene categorie - - ]"
print " Error eventID's: "
for (error in eventidE) {
print error "\t:\t", eventidE[error]
}
print "\n Warning eventID's: "
for (warning in eventidW) {
print warning "\t:\t", eventidW[warning]
}
print "\n Information eventID's: "
for (information in eventidI) {
print information "\t:\t", eventidI[information]
}
}
[/code]