Home / Cheat Sheets / AWK Command Cheat Sheet

Linux text processing

AWK Command Cheat Sheet

Extract columns, filter rows, count values and summarise logs with AWK. Useful for access logs, CSV-style data and quick command-line reports.

Syntax

Print a column

awk '{print $1}' file.txt

Print multiple columns

awk '{print $1, $4, $9}' access.log

Use a delimiter

awk -F: '{print $1}' /etc/passwd

Pattern plus action

awk '/error/ {print $0}' error_log

Fields and delimiters

Variable	Meaning
`$0`	The whole line.
`$1`, `$2`	First field, second field and so on.
`NF`	Number of fields on the current line.
`NR`	Current line number.
`FS`	Input field separator.
`OFS`	Output field separator.

awk -F, '{print $1, $3}' data.csv
awk -F: '{print "User:", $1, "Shell:", $7}' /etc/passwd

Filters

Status code 500

awk '$9 == 500 {print $1, $7, $9}' access.log

Large responses

awk '$10 > 1000000 {print $1, $7, $10}' access.log

Regex match

awk '$7 ~ /wp-login.php/ {print $1}' access.log

Regex not match

awk '$7 !~ /\.(css|js|png|jpg)$/ {print $7}' access.log

Counting and totals

Count lines

awk 'END {print NR}' file.txt

Sum a column

awk '{sum += $3} END {print sum}' numbers.txt

Average

awk '{sum += $3} END {print sum/NR}' numbers.txt

Count unique IPs

awk '{count[$1]++} END {for (ip in count) print count[ip], ip}' access.log

Log analysis

Top IPs

awk '{print $1}' access.log | sort | uniq -c | sort -nr | head

Top requested URLs

awk '{print $7}' access.log | sort | uniq -c | sort -nr | head

Count status codes

awk '{print $9}' access.log | sort | uniq -c | sort -nr

Bandwidth by IP

awk '{bytes[$1]+=$10} END {for (ip in bytes) print bytes[ip], ip}' access.log | sort -nr | head

Formatting

awk 'BEGIN {printf "%-18s %-8s %s\n", "IP", "STATUS", "URL"} {printf "%-18s %-8s %s\n", $1, $9, $7}' access.log

Use printf when you want aligned columns. Use print when quick output is enough.

Real workflows

AWK workflows for quick reports

Count requests per IP

awk '{count[$1]++} END {for (ip in count) print count[ip], ip}' access.log | sort -nr | head

Count status codes

awk '{codes[$9]++} END {for (code in codes) print code, codes[code]}' access.log | sort

Use comma delimiter

awk -F, '{print $1, $3}' data.csv

Sum a column

awk '{sum += $2} END {print sum}' numbers.txt

Example output

Example AWK output

$ awk '{codes[$9]++} END {for (code in codes) print code, codes[code]}' access.log | sort
200 2842
301 42
404 188
500 9

FAQ

Frequently Asked Questions

What does $1 mean in AWK?

$1 is the first field on the current input line.

How do I choose a delimiter?

Use -F, for example awk -F, for CSV-style input.

How do I count unique values?

Use an associative array such as count[$1]++.

Can AWK calculate totals?

Yes, add values to a variable and print it in the END block.

Syntax

Print a column

Print multiple columns

Use a delimiter

Pattern plus action

Fields and delimiters

Filters

Status code 500

Large responses

Regex match

Regex not match

Counting and totals

Count lines

Sum a column

Average

Count unique IPs

Log analysis

Top IPs

Top requested URLs

Count status codes

Bandwidth by IP

Formatting

Related tools and guides

AWK workflows for quick reports

Count requests per IP

Count status codes

Use comma delimiter

Sum a column

Example AWK output

Related guides and official references

On CommandLineQuiz

External references

Frequently Asked Questions