What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

UpGuard checks and validates configurations for every major OS, network device, and cloud provider.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags



Checks apache's access_log file, strips the search queries and shoves them up your e-mail

Terminal - Checks apache's access_log file, strips the search queries and shoves them up your e-mail
awk '/q=/{print $11}' /var/log/httpd/access_log.4 | awk -F 'q=' '{print $2}' | sed 's/+/ /g;s/%22/"/g;s/q=//' | cut -d "&" -f 1
2009-11-22 17:13:48
User: isma
Functions: awk sed
Checks apache's access_log file, strips the search queries and shoves them up your e-mail

as unixmonkey7109 pointed out, first awk parse replaces three steps.


There is 1 alternative - vote for the best!

Terminal - Alternatives
cat /var/log/httpd/access_log | grep q= | awk '{print $11}' | awk -F 'q=' '{print $2}' | sed 's/+/ /g;s/%22/"/g;s/q=//' | cut -d "&" -f 1 | mail [email protected] -s "[your-site] search strings for `date`"
2009-11-22 03:03:06
User: isma
Functions: awk cat grep sed strings

It's not a big line, and it *may not* work for everybody, I guess it depends on the detail of access_log configuration in your httpd.conf. I use it as a prerotate command for logrotate in httpd section so it executes before access_log rotation, everyday at midnight.

Know a better way?

If you can do better, submit your command here.

What others think

It is possible to use one instance awk to pull the search strings and a little bit of python to unescape them so that it catches more than just %22.

awk '/q=/{FS="q=";split($2,a,"&");b=a[1];gsub(/".*$|\+/," ",b);if(b!="-")print b}' /var/log/httpd/access_log|python -c 'import sys,urllib2;print urllib2.unquote(sys.stdin.read().strip())'
Comment by eightmillion 439 weeks and 4 days ago

in that case, why don't do everything in Python..?

Comment by unixmonkey7109 439 weeks and 4 days ago

Because it's longer and uglier and more error prone:

python -c 'import urllib,re;print "\n".join(map(lambda x:urllib.unquote(re.findall(r"q=.*?[&\"]",x.split()[10])[0][2:-1].replace("+"," ")),filter(lambda x:"q=" in x,open("/var/log/httpd/access_log").readlines())))'
Comment by eightmillion 439 weeks and 3 days ago

no its not. Do it with a Python script, not as one liner like that. Otherwise, use (g)awk but no need to create extra pipes to cut+grep+sed.

Comment by unixmonkey7109 439 weeks and 3 days ago

here's a sample matching line from access_log - - [23/Nov/2009:10:00:22 -0200] "GET /2009/10/14/ceibal-reflexiones/ HTTP/1.1" 200 30418 "

the output is

ceibal reflexiones

Comment by isma 439 weeks and 3 days ago

oh.. url filter .. lol


Comment by isma 439 weeks and 3 days ago

@isma, ok, but i don't see any "q=" in that sample. please show an actual sample where there is "q=" in the line.

Comment by unixmonkey7109 439 weeks and 3 days ago

@unixmonkey7109 uh... sorry, I think my comments were unclear. The first one was filtered by commandlinefu, so it didn't show up completely. The sample line (which contains a q= as you will see) is in pastebin.com/fa34b7a1 . I'm sorry this is turning so confusing. It's actually a good idea for monitoring your SEO tasks, and thanks to you, the command was nicely reduced (and, believe me, I learned a lot in that process). So thanks again and maybe you can use it on your own access_log.

PLEASE NOTICE (as I just realized): your httpd.conf should have the next line:

CustomLog "/var/log/httpd/access_log" combined

like that, suffixed by the word "combined" instead of "common" so it would bring the referer.

Comment by isma 439 weeks and 2 days ago

Your point of view

You must be signed in to comment.