Issue
I have an AV log file showing a number of values for each process scanned: Name, Path, Total files scanned, Scan time. The file contains hundreds of these process entries (example below) and for Total files scanned and Scan time I'd like to sort and print the highest (or longest) values so I can determine which processes are impacting the system. I've tried various ways with grep but only seem to get a list running in numerical order, when what I really want is to say Process id: 86, Scan time (ns): 12761174 is the highest, then Process id 25, etc. Hope my explanation is clear enough.
Process id: 25
Name: wwww
Path: "/usr/libexec/wwww"
Total files scanned: 42
Scan time (ns): "62416"
Status: Active
Process id: 7
Name: xxxx
Path: "/usr/libexec/xxxx"
Total files scanned: 0
Scan time (ns): "0"
Status: Active
Process id: 86
Name: yyyy
Path: "/usr/libexec/yyyy"
Total files scanned: 2
Scan time (ns): "12761174"
Status: Active
I have tried:
grep -Eo | grep 'Scan time (ns)' '[0-9]+' file | sort
Which results in:
file:Scan time (ns): "9391986"
file:Scan time (ns): "9532119"
file:Scan time (ns): "9730650"
file:Scan time (ns): "9743828"
file:Scan time (ns): "9793469"
file:Scan time (ns): "9911768"
What I am wanting to achieve is something such as:
Process id 9, Scan time (ns): "34561"
Process id 86, Scan time (ns): "45630"
Process id 25, Scan time (ns): "1256822"
Process id 51, Scan time (ns): "52351290"
Process id 30, Scan time (ns): "90257651"
Process id 19, Scan time (ns): "178764794932"
Solution
Here is another approach. It uses sed and sort:
sed '/^Process id:/h; /^Scan time (ns):/!d; s/"//g; H; x; s/\n/, /' file | sort -k7,7n
Note: I've removed double quotes around the scan time values (double quotes around integer values make little sense to me).
Answered By - M. Nejat Aydin Answer Checked By - Timothy Miller (WPSolving Admin)