#!/bin/sh
#
# top_talkers.sh    Richard Morgan (http://internet-b52.net)
#
# Purpose: summarize bits from a log.
#
# 20080922: first cut, work in progress
# 20081123: updates for publishing to the blog
#
# Save me, remove the .txt, and chmod +x top_talkers.sh
#


LOG=$1

# how many "Top talkers" do we want to see?
TOP_KEY=40

# how much of the log do we want to examine?
LOG_LINES=10000

# what are we trying to find?  generally a string in the log 
# that indicates some sort of activity. "registerAcct.jsp"
# for example, indicates an account registration.  Customize
# this to fit your needs.

GREP_FILTER="registerAcct"

# support files
KEY_RAW=/tmp/summarize_key_raw.txt
KEY_UNIQUE=/tmp/summarize_key_unique.txt
KEY_COUNT=/tmp/summarize_key_count.txt


# clean up before we run

rm -f $KEY_RAW
rm -f $KEY_UNIQUE
rm -f $KEY_COUNT


# customize the awk to fit your purposes.  
# The standard Apache log drops the KEY address into the first column

tail -${LOG_LINES}l  $LOG | grep -i $GREP_FILTER | awk '{print $1}' >> $KEY_RAW

if [ -e $KEY_RAW ] && [ -s $KEY_RAW ]
then
	cat $KEY_RAW | sort -u >> $KEY_UNIQUE
else
	echo "No matches returned from ${LOG_LINES} lines of $LOG"
	exit 1	
fi		

# now summarize things

for key in `cat $KEY_UNIQUE`
do
    echo -n "KEY: $key  Count: " >> $KEY_COUNT
    grep -c $key $KEY_RAW >> $KEY_COUNT
done

# counts are in $KEY_COUNT, sort them for review
cat $KEY_COUNT | sort -n -r -k 4 | head -${TOP_KEY}l

# thank you, drive through!