3 awesome AWK one-liners

If you don’t already know what AWK is, you’re going to find this blog post really, really boring. Eyes glazed over, drooling a little bit, head bobbingly boring.

This is you if you are a banana and don’t know what AWK is while reading this post.

This is you if you are POTUS and you know what AWK is while reading this post

Are we clear? If you’re the banana, you should leave now. This post is not for bananas.


While I knew that AWK could parse text files with amazing ease, I did not know until recently that it could do comparisons on the fly. I recently wanted to pull out the number of occurrences of various http response codes from a log file.

Given a log file format like this:

Let’s see how many 200s there are and print the IP addresses of those requests:

awk '{ if ( $8 == 200 ) { print $1} }' access.log

Now let your little sysadmin mind go wild with all of the possibilities of this. Pipe the output into sort and you can start to get some really interesting data very quickly.


Want to kill every damn process on the system? AWK up the PIDs and kill em:

for pid in ${ps -ef | grep http | awk '{print $2}'};do kill $pid; done

OK, so this is more shell-ey than AWK-ey, but it would be pretty damned hard to do without the amazing AWK.

Change Field Delimiters

So far my two examples are great for text files that have their fields delimited by spaces. That’s not the whole world though, my friend. There are lots of delimeters out there and sometimes even when you’re working with a space delimited file, the data you want might not be perfectly delimited by spaces.

Back to this log. Let’s suppose I want to get the Internet Explorer version (MSIE 8.0 in this case).

Change the delimeter to the semi-colon with this invocation.

awk -F; '{print $2}' access.log

Like anything in *nix, the real power is in stringing these simple tools like AWK together. These three little tricks comprise about 85% of my AWK usage and make my life a whole lot simpler.

Did anyone turn into a banana?