借助阿里云日志服务cli还可以干更多,比如统计每天http 4xx 和 5xx数量。
这个脚本重点在awk的使用,提取字段和拼接字段。

www4xx5xx.sh

#! /bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
ALIYUN_LOG_CLI_ACCESSID=
ALIYUN_LOG_CLI_ACCESSKEY=
ALIYUN_LOG_CLI_ENDPOINT=cn-beijing.log.aliyuncs.com
export ALIYUN_LOG_CLI_ACCESSID
export ALIYUN_LOG_CLI_ACCESSKEY
export ALIYUN_LOG_CLI_ENDPOINT


function portal4xx(){
    todaytime=$(date "+%Y-%m-%d %H:%M:%S %Z")
    yesterdaytime=$(date -d '1 days ago' "+%Y-%m-%d %H:%M:%S %Z")
    current4xx=$(aliyun log get_log_all --project="www" --logstore="www-nginx-access" --query="status>=400 and status<500| select status,count(*)  as count group by status ORDER BY status ASC" --from_time="$yesterdaytime" --to_time="$todaytime" --jmes-filter="join('\n', map(&to_string(@), @))" |awk -F "[\"]" '{print $10":"$12","$2":"$4}' |awk '{{printf"%s\\n",$0}}')
    curl -H "Content-type: application/json" -X POST -d '{"text": "last 24h 4xx stats:\n'"${current4xx}"'"}' https://example/incoming/xxx
}

function portal5xx(){
    todaytime=$(date "+%Y-%m-%d %H:%M:%S %Z")
    yesterdaytime=$(date -d '1 days ago' "+%Y-%m-%d %H:%M:%S %Z")
    current5xx=$(aliyun log get_log_all --project="www" --logstore="www-nginx-access" --query="status>=500 and status<600| select status,count(*)  as count group by status ORDER BY status ASC" --from_time="$yesterdaytime" --to_time="$todaytime" --jmes-filter="join('\n', map(&to_string(@), @))" |awk -F "[\"]" '{print $10":"$12","$2":"$4}' |awk '{{printf"%s\\n",$0}}')
    curl -H "Content-type: application/json" -X POST -d '{"text": "last 24h 5xx stats:\n'"${current5xx}"'"}' https://example.com/incoming/xxx
}
portal4xx
portal5xx

上面脚本中比较折腾人的是要把下面格式写成json格式发出去

"count":"2171" "status":"403"
"count":"3529" "status":"404"
"count":"283" "status":"499"

把上面格式写成json如下

{"text": "last 24h 5xx stats:\ncount:2171,status:403\ncount:3529,status:404\ncount:283,status:499"}

双引号去掉容易,难的是把多行间真实的换行替换成字符串\n,这里使用awk '{{printf"%s\n",$0}}'