uniq 跳过前 N 个字符/字段答案

【问题标题】：uniq skip first N characters/fieldsuniq 跳过前 N 个字符/字段
【发布时间】：2016-04-24 01:07:10
【问题描述】：

这是我拥有的日志文件的内容

    {"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:36","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:37","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$
{"timestamp":"2016-04-20T12:24:38","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$

使用 bash，我想 grep 独特的行并将结果放入文本文件中。我想在检查唯一性时跳过时间戳字段，因为如您所见，除了时间戳之外，这四行是相同的。这是我目前所拥有的：

sudo grep "alert" /home/tsec/prototype/logs/elasticpot.log | uniq | tail -n 10 > /home/tsec/prototype/logs/extractedlogs/elasticpotresult.log

所以 csv 文件中的输出应该是：

 {"timestamp":"2016-04-20T12:24:38","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$

我必须用 -f 标志确定使用唯一但不知道如何。感谢您的帮助！

【问题讨论】：

标签： bash file printing extraction uniq

【解决方案1】：

sort -u -t, -k2,8 elasticpot.log

-u → 为唯一
-t, → 逗号是分隔符
-k2,8 → 关键字段是 2 到 8（或 -k2 → 关键字段是从 2 到结尾）

测试结果：

{"timestamp":"2016-04-20T12:24:35","event_type":"alert","src_ip":"198.55.103.12","src_port":44927,"dest_ip":"127.0.0.1","dest_port":9200,"honeypot":{"name":"Elasticpot","n$

【讨论】：