Process and Analyze Log Files with awk/sed/grep

Intermediate12 minTrending

Build a log processing pipeline to extract, filter, aggregate, and summarize information from application and server logs.

Prerequisites

-Bash with GNU coreutils
-Sample log files to process

Steps

Filter log lines by level or pattern

Use grep to extract only error or warning lines from a log file.

$ grep -E '(ERROR|WARN)' /var/log/app.log | tail -20

Use grep -i for case-insensitive matching or grep -c to count matches.

Extract specific fields with awk

Parse structured log lines to extract timestamps, status codes, or response times.

$ awk '{print $1, $2, $NF}' /var/log/access.log | head -20

$1 is the first field, $NF is the last field. Change the delimiter with -F: awk -F',' for CSV logs.

Count occurrences and find top errors

Aggregate log entries to find the most frequent errors or status codes.

$ grep 'ERROR' /var/log/app.log | awk '{print $NF}' | sort | uniq -c | sort -rn | head -10

Extract log entries in a time range

Filter logs between two timestamps using awk comparison.

$ awk '$1" "$2 >= "2026-03-11 10:00:00" && $1" "$2 <= "2026-03-11 12:00:00"' /var/log/app.log

Generate a summary report

Create a one-liner that produces a complete log summary with counts by level.

$ awk '/ERROR/{e++} /WARN/{w++} /INFO/{i++} END{printf "Errors: %d\nWarnings: %d\nInfo: %d\nTotal: %d\n", e, w, i, NR}' /var/log/app.log

Full Script

full-script.sh

#!/usr/bin/env bash
set -euo pipefail

LOG_FILE=${1:?'Usage: $0 <logfile>'}

[[ ! -f "$LOG_FILE" ]] && { echo "File not found: $LOG_FILE" >&2; exit 1; }

echo "=== Log Summary: $LOG_FILE ==="
echo "Total lines: $(wc -l < "$LOG_FILE")"
echo ""

echo "=== Entries by Level ==="
awk '/ERROR/{e++} /WARN/{w++} /INFO/{i++} /DEBUG/{d++}
  END{
    printf "  ERROR:  %d\n  WARN:   %d\n  INFO:   %d\n  DEBUG:  %d\n", e+0, w+0, i+0, d+0
  }' "$LOG_FILE"

echo ""
echo "=== Top 10 Errors ==="
grep 'ERROR' "$LOG_FILE" | sed 's/.*ERROR//' | sort | uniq -c | sort -rn | head -10

echo ""
echo "=== Errors per Hour ==="
grep 'ERROR' "$LOG_FILE" | awk '{print substr($2,1,13)}' | sort | uniq -c

echo ""
echo "=== Last 5 Errors ==="
grep 'ERROR' "$LOG_FILE" | tail -5

FAQ

Discussion

Loading comments...

#!/usr/bin/env bash set -euo pipefail LOG_FILE=${1:?'Usage: $0 <logfile>'} [[ ! -f "$LOG_FILE" ]] && { echo "File not found: $LOG_FILE" >&2; exit 1; } echo "=== Log Summary: $LOG_FILE ===" echo "Total lines: $(wc -l < "$LOG_FILE")" echo "" echo "=== Entries by Level ===" awk '/ERROR/{e++} /WARN/{w++} /INFO/{i++} /DEBUG/{d++} END{ printf " ERROR: %d\n WARN: %d\n INFO: %d\n DEBUG: %d\n", e+0, w+0, i+0, d+0 }' "$LOG_FILE" echo "" echo "=== Top 10 Errors ===" grep 'ERROR' "$LOG_FILE" | sed 's/.*ERROR//' | sort | uniq -c | sort -rn | head -10 echo "" echo "=== Errors per Hour ===" grep 'ERROR' "$LOG_FILE" | awk '{print substr($2,1,13)}' | sort | uniq -c echo "" echo "=== Last 5 Errors ===" grep 'ERROR' "$LOG_FILE" | tail -5