awk — Nginx & Apache
Parse nginx combined log — IP, status, size, URI
awk '{print $1, $9, $10, $7}' /var/log/nginx/access.logCount requests per HTTP status code
awk '{status[$9]++} END{for(s in status) printf "%s %d\n",s,status[s]}' /var/log/nginx/access.log | sortTop 10 requesting IPs
awk '{ip[$1]++} END{for(i in ip) printf "%-16s %d\n",i,ip[i]}' access.log | sort -k2 -rn | head -10Total bytes served per URI — heaviest endpoints
awk '$10 ~ /^[0-9]+$/ {bytes[$7]+=$10} END{for(u in bytes) printf "%-40s %12d\n",u,bytes[u]}' access.log | sort -k2 -rn | head -15Requests per minute — traffic spike detection
awk '{gsub(/\[/,"",$4); split($4,t,":"); minute=t[2]":"t[3]; rpm[minute]++} END{for(m in rpm) printf "%s %d\n",m,rpm[m]}' access.log | sortError rate — percentage of 4xx and 5xx responses
awk '{total++; if($9 ~ /^[45]/) errors++} END{printf "total=%d errors=%d rate=%.2f%%\n",total,errors,(errors/total)*100}' access.logTop 10 missing pages (404s)
awk '$9==404 {uri[$7]++} END{for(u in uri) print uri[u], u}' access.log | sort -rn | head -10Identify large responses over 1MB
awk '$10 > 1048576 {printf "%-16s %8d bytes %s\n",$1,$10,$7}' access.log