awk command - define the size of a word

Question

I'm learning AWK and trying to count the number of sessions to a particular destination.

Using this command:

awk '{print $9}' traffic-log-cust.txt | sort | uniq -c

and I am getting the below output.

#awk '{print $9}' traffic-log-cust.txt | sort | uniq -c
      1 
      1 10.10.17.72/38403->157.55.235.140/40046
      1 10.10.17.72/38403->157.55.235.146/40006
      1 10.10.17.72/38403->157.55.235.148/40039
      1 10.10.17.72/38403->157.55.235.159/40019
      1 10.10.17.72/38403->157.55.235.160/40019
      1 10.10.17.72/38403->157.55.56.156/40046
      1 10.10.17.72/38403->157.55.56.174/40018
      1 10.10.17.72/38403->64.4.23.156/40017
      1 10.10.17.72/38403->64.4.23.164/40011
      1 10.10.17.72/38403->64.4.23.166/40053
      1 10.10.17.72/38403->65.55.223.16/40003
      1 10.10.17.72/38403->65.55.223.44/40002
#

and I believe word 9 have no space and contains destination IP as well.

I would like to know how I can count the sessions based on destination IP's.

Thanks in Advance.

Answer 1

I am going to guess that you are having issues deciding how big each field is. (Your question is unclear.) I would argue you don't need to; just split each row into 2 fields and deal with the second field.

With awk, you specify what the delimiter is with the -F option, and since the greater-than sign (>) is meaningful in many shells, you have to escape it somehow. In Linux, you can use a backslash to do so.

Since you are using awk, you don't need sort and uniq; associative arrays can be used.

Assuming that you are NOT ignoring the ports:

awk -F\> '{dest_ips[$2]++} 
           END {
             for (ip in dest_ips) {
               printf "%s: %d\n", ip, dest_ips[ip]
             }
          }' traffic-log-cust.txt

If you are ignoring the ports, you have to parse that second field first (perhaps using split()).