ansaurus

Question

How to get only last IP from one or many divided by comma on beginning of the line

Answer 1

+1 A:

sed -r 's/^(([0-9]+\.){3}[0-9]+, )*(.*)$/\3/'

([0-9]+\.){3}[0-9]+) captures an IP address.

([0-9]+\.){3}[0-9]+, )* repeats capturing until there are no more addresses followed by a comma left, which means that the rest of the line is exactly what we need (please note that the last (or only) address is not followed by the comma).

The last step is to instruct sed to replace a whole input line with what it has captured in the third group of brackets (hence \3 at the end of the expression), which gives us a desired result.

Igor Korkhov 2010-10-28 11:03:52

Thank you Igor, this works, howerer I would need to restrict it to replace commas only until first occurence of [, the rest of line can contain commas that I need to keep unchanged.

Martin 2010-10-28 11:11:07

Now it must work properly, I hope

Igor Korkhov 2010-10-28 11:52:25

Sorrt, it doesn't replace anything now.

Martin 2010-10-28 12:12:22

Hm, I don't think there should be an asterisk before {3}...

Igor Korkhov 2010-10-28 12:16:06

You are right, that asterisk made it work, but changed also the rest of line.

Martin 2010-10-28 12:17:41

I have modified your first reply sed -r "s/^(.*,)? (.*)$/\2/" to sed -r "s/^(.*,)? (.*\[)/\2/" and this seems to work. If you edit your post, I will approve it as accepted answer.

Martin 2010-10-28 12:27:59

It should be sed -r "s/^(.*,)? (.*\[)/\2/"

Martin 2010-10-28 12:38:48

Unfortunately it'll fail on the following line "1.2.3.4, 1.2.3.5 - somethingB [26/Oct/2010:13:10:14 +0200] bla, bla, [xxx]", that is, if there is a comma followed by a square bracket somwhere at the end of the line, while my last expression should work well.

Igor Korkhov 2010-10-28 12:48:07

Thank you for the working code and great explanation of it!

Martin 2010-10-28 12:58:57

a bit simpler: `sed -r 's/^([0-9.]+, )+//'`

glenn jackman 2010-10-28 13:12:32

I like this compromise between Igor's and Glenn's: `sed -r 's/^(([0-9]+\.){3}[0-9]+, )+$//'`

Dennis Williamson 2010-10-28 18:59:04

I myself prefere Glenn's solution because it's very simple, clean and it does its job in this particular scenario. My solution is overcomplicated for this task. Flagged Glenn's expression :)

Igor Korkhov 2010-10-29 09:26:36

Answer 2

A:

Are there any other commas in the line? If not, you can do:

awk -F, '{ print $NF }'

This will leave leading whitespace than you can trim away if desired, using either of these:

awk -F, '{ print $NF }' | sed 's/^ *//'
awk -F, '{ print gensub(/^ */, "", "G", $NF) }'

In awk, the built-in variable NF returns the number of fields on the input line, so printing $NF will print the last field in the line. Thus if there are more commas on the input line, you won't get the output you want.

Note that the use of single quotes is critical (don't use double quotes otherwise $NF is expanded by the shell rather than passed through to awk).

Chris J 2010-10-28 11:30:02

Thank you, but there can be more commas in the rest of the line after the [date] column. I have updated this in the question, sorry.

Martin 2010-10-28 12:35:39

ansaurus

tags:

views:

answers:

How to get only last IP from one or many divided by comma on beginning of the line

related questions