Friday, August 29, 2014

Unique IP in a log

I have a log file with fields and an IP address. I got asked to find the unique IPs today.

It took some internet searching to piece this together. So recording for later:

tail -1000 error.log | grep from | awk '{print $14}' | sort -n | uniq

Tail -N    Gets the last N lines from the log file. 
Grep       Filter out the lines for the ones I wanted. It has many lines without IPs

Those could be replaced with grep from error.log.
Or "cat error*.log"

awk is used to access fields in a record. This says...  show field 14.
That's the space delimited field were the IP is in this particular log.

sort sorts. uses -n to sort numerically.
uniq only keeps the unique records.