Grep unique line6/17/2023 ![]() ![]() You have to account for the fact that the max number is 255 in each octet position. If you want an even more accurate regex pattern to match an ip address, it gets quite complex and lengthy. - a simple and short pattern, takes advantage the length of the IP being between 6 and 15 characters.We will improve the pattern in the next one. \. \. \. - this is the one used above, the shortfall is that it can match more than 3 numbers in each octet position.Here are a few regular expressions that can be used to match IP addresses in a log file (note I have taken out some of the escaping): Other regex patterns to match an IP addressĪs I mentioned the pattern we are using above is not perfect, but it works pretty well and is reasonably easy to understand. Pretty handy right? It works great for counting or finding ip addresses in nginx, apache or any kind of log files with ip addresses. The above will put them in order from least to greatest, you can pipe the result to tail if you only want to see the top N IP addresses! ![]() The ip counts are not in order, so we can pass our results through sort again, this time with the -n flag to use a numeric sort. ![]() Now we can use the -c flag for uniq to display counts: grep -o "\ \.\ \.\ \.\ " httpd.log | sort | uniq -c Show me the number of times each IP shows up in the log We can do that with the sort command, like so: grep -o "\ \.\ \.\ \.\ " httpd.log | sort | uniq We can use the uniq command to remove duplicate ip addresses, but uniq needs a sorted input. How can I find unique ip addresses in a log file? You just need to come up with a regular expression to match an IP, I'll use this: "\ \.\ \.\ \.\ " it's not perfect, but it will work. This feature turns out to be pretty handy, let's say you want to find all the IP addresses in a file. This tells grep to only output the matched pattern (instead of lines that mach the pattern). I've been using grep to search through files on linux / mac for years, but one flag I didn't use much until recently is the -o flag. ![]()
0 Comments
Leave a Reply. |