Thursday, March 3rd, 2016

IP Address Counts from Apache Access Logs

Combine Grep, Cut, Sort, and Uniq shell commands to filter, and sort an apache (or Nginx, lighthttpd, etc) log file by visitor IP Address counts.

$ grep 'text' /path/to/access.log | cut -d' ' -f1 | sort | uniq -c | sort -r

This is how it works:

Grep: Search the access log file for a particular string (such as a particular resource path or user agent). Pipe the results to:

Cut: Split each line by a space (the apache log file format delimiter) and return the first field (IP address). Also useful are fields 7 and 9 (resource path and status code, respectively in an apache access log).  Pipe the results to:

