How to Use awk to Filter Your Nginx access.log
If you’ve ever peeked into your Nginx access.log and felt overwhelmed, don’t worry—you’re not alone. Here are a few quick awk one-liners to help you make sense of the chaos and pull out useful info.
🔍 See Who’s Accessing What
This command shows each unique combination of IP address and requested URL, along with how many times it occurred:
awk '{print $1, $7}' access.log | sort | uniq -c | sort -nr
Breakdown:
$1= IP address$7= Requested URLsort | uniq -c | sort -nrgives you a frequency count, sorted from most to least.
ℹ You might need to tweak the column indices based on your log format.
📅 Sort Requests by Date
Want to see access patterns by time? This snippet includes the timestamp (minus the opening bracket) with each IP and URL:
awk '{print $1, substr($4, 2), $7}' access.log | sort
Great for spotting spikes or trends over time.
🌍 Get Info About an IP Address
Curious about where a request is coming from? Plug the IP into ipinfo.io like so:
curl ipinfo.io/45.148.10.35
This will return details like location, hostname, and more.
That’s it! These commands are great for quick log insights without needing a full analytics stack. Happy grepping!