I have some proxy logs in the squid format. Some entries do not have the user, though most do. I can create a transaction by source ip, and that transaction will give me the duration. However, where the logs don't have a user, there will be 2 user Id's - the user, and "-". Below is an example leaving out non relevant fields...
1373936631.040 .. 192.168.0.227 ... GET http://.. bill%20jones NONE/- text/html
1373936633.436 .. 192.168.0.227 ... GET http://.. - NONE/- text/html
1373936651.746 .. 192.168.0.227 ... GET http://.. bill%20jones DIRECT/122.160.120.150 video/x-flv
From this, I would like to output the duration, source Ip, and the user as bill%20jones
20.706 192.168.0.227 bill%20jones
Is there a way to iterate throught the multi value user names, ignoring the user "-", and coming back with the first value that isn't "-" ?
Thanks.