Before you start with our AWK parser, it's imperative that you nail down the AWK language:
Use this as an input to your script:
CPU ID USAGE cpu 0 73.5% cpu 1 11.6% cpu 2 19.22% cpu 3 15.1% Something else, foobar Another foobar |
AWK has multiple versions. We support the most basic one (we use the JAWK, Java-based AWK implementation), so now GAWK functions unfortunately. |
Once you feel you are ready with AWK, you are ready for your first ind script based on AWK. Now remember this:
Here are a few sample AWK parsers (we've removed the META and REMOTE sections for clarity):
# This is a snippet: just the AWK section of an .ind script. This script tries to write the metric "config-unsaved" # and set it to 1 if the user forgot to save the device configuration. This specific device can only respond with "unsaved" or "saved". #! PARSER::AWK /saved/ { # Matches either 'saved' or 'unsaved' if ( $1 == "unsaved" ) { writeDoubleMetric("config-unsaved",null,"gauge",300,1) # Note - 1 is a way to say "true" in our metrics } else { writeDoubleMetric("config-unsaved",null,"gauge",300,0) # Note - 0 is a way to say "false" in our metrics } } |
# # This is a snippet: just the AWK section of an .ind script. This script takes the output of ls (listing files) and # collects any files which match certain criteria. The collected files are reported all together in a complex metric. # Example script input: #-rw-rw---- 1 admin root 0 2016-10-07 15:01:47.000000000 +0200 /var/log/dump/usermode/service.12334.core.gz #-rw-rw---- 1 admin root 0 2016-10-04 06:16:29.000000000 +0200 /var/log/dump/usermode/sshd.13383.core.gz #drwxrwx--- 2 admin root 4096 2016-10-07 15:02:28.000000000 +0200 /var/crash/bounds #! PARSER::AWK # -rw-r--r-- 1 admin root 2898543 2016-07-12 08:52:01.000000000 +0200 sshd.14383.core.gz /root/ { # Only matches lines with 'root'. Will 'ignore' any other lines. # Exclude some directories if ($9 !~ "/var/crash/bounds|/var/crash/minfree") { ifile++ # Note, we don't need to initialize this variable anywhere # starting data createDate=$6 createTime=$7 # year,month,day split(createDate,dateArray,"-") createYear=dateArray[1] createMonth=dateArray[2] createDay=dateArray[3] # time gsub(/.[0-9]+/,"",createTime) split(createTime, createTimeArr,":") # Create complex object array # the writeComplexMetricObjectArray function (see further below) takes a multi-dimensional array as input. # The dimensions are separated using the comma (notice it below). The first dimension is a numeric identifier # of the entry. The second dimension is the field for the entry. The result of the two lines below (with the input above) # is an array which looks like this: # files[1, "path"] = "/var/log/dump/usermode/service.12334.core.gz" # files[1, "created"] = 1475852507 --- we use "seconds since epoch (01/01/1970)" for date/time (this is a useful converter: http://www.epochconverter.com/) # files[2, "path"] = "/var/log/dump/usermode/sshd.13383.core.gz" # files[2, "created"] = 1475561789 files[ifile, "path"]=$9 files[ifile, "created"]=datetime(createYear,createMonth,createDay,createTimeArr[1],createTimeArr[2],createTimeArr[3]) } } # After all the line handling is done, we're ready to output the metric END { # Write complex metric - after we've collected all the files writeComplexMetricObjectArray("core-dumps", null, files) } |