in reply to Re^5: Hash Value via Data::Dumper
in thread Hash Value via Data::Dumper

Hello HDB,

You output comes like this : 


$VAR1 = {
          'xyz456' => '13571',
          'xyz123' => '13570'
        };

[download]

while I want : 


$VAR1 = {
          'xyz123' => '13571',
                   '13570'
        };

[download]

Basically, what I want is to get conn# from SRCH string, go to the first hash, map with uid, lookup the value, if exist, count the # of values, if >3, print "bad user".

Thanks for all your effort.

Replies are listed 'Best First'.
Re^7: Hash Value via Data::Dumper
by hdb (Monsignor) on Jun 14, 2013 at 09:37 UTC

    I had overlooked that a user can have more than one connection, see this: 

    use strict;
use warnings;
use Data::Dumper;

my %users;
my %searches;

#open my $fh, '<', 'file1.txt' or die "failed: $!";
while (<DATA>) { # I use DATA handle instead of $fh for convenience
        if( /BIND/ ) {
                my( $conn, $uid ) = /conn=(\d+).*uid=(.*?),/;
                push @{$users{$uid}}, $conn;
        }
        if( /SRCH=Q/ ) {
                my ($timestamp, $conn) = /\[(.*?)\] conn=(\d+)/;
                push @{$searches{$conn}}, $timestamp;
        }
}
#close $fh;

for my $user (keys %users) {
        for my $conn (@{$users{$user}}) {
                print "User $user had ".scalar( @{$searches{$conn}} ).
+" searches on connection $conn\n";
                print "\t=> Bad user!\n" if  @{$searches{$conn}} > 3;
        }
}

print Dumper \%users;
print Dumper \%searches;


__DATA__
[04/Jun/2013:13:06:13 -0600] conn=13570 op=14 msgId=13 - BIND dn="uid=
+xyz123,ou=People,o=xyz.com" method=128 version=3
[04/Jun/2013:15:06:13 -0600] conn=13570 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:15:06:14 -0600] conn=13570 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:15:06:15 -0600] conn=13570 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:15:06:16 -0600] conn=13570 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:15:06:17 -0600] conn=13570 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:13:06:13 -0600] conn=13572 op=14 msgId=13 - BIND dn="uid=
+xyz123,ou=People,o=xyz.com" method=128 version=3
[04/Jun/2013:15:06:13 -0600] conn=13572 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:15:06:14 -0600] conn=13572 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:15:06:15 -0600] conn=13572 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:15:06:16 -0600] conn=13572 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:15:06:17 -0600] conn=13572 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:17:06:13 -0600] conn=13571 op=14 msgId=13 - BIND dn="uid=
+someoneelse,ou=People,o=xyz.com" method=128 version=3
[04/Jun/2013:18:06:17 -0600] conn=13571 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:18:06:17 -0600] conn=13571 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q

    [download]
[reply]
[d/l]
      Hi HDB, Not able to get any output, can you please check from your side? Thanks, John
[reply]

        I get 

        User xyz123 had 5 searches on connection 13570
    => Bad user!
User xyz123 had 5 searches on connection 13572
    => Bad user!
User someoneelse had 2 searches on connection 13571
$VAR1 = {
          'xyz123' => [
                        '13570',
                        '13572'
                      ],
          'someoneelse' => [
                             '13571'
                           ]
        };
$VAR1 = {
          '13571' => [
                       '04/Jun/2013:18:06:17 -0600',
                       '04/Jun/2013:18:06:17 -0600'
                     ],
          '13572' => [
                       '04/Jun/2013:15:06:13 -0600',
                       '04/Jun/2013:15:06:14 -0600',
                       '04/Jun/2013:15:06:15 -0600',
                       '04/Jun/2013:15:06:16 -0600',
                       '04/Jun/2013:15:06:17 -0600'
                     ],
          '13570' => [
                       '04/Jun/2013:15:06:13 -0600',
                       '04/Jun/2013:15:06:14 -0600',
                       '04/Jun/2013:15:06:15 -0600',
                       '04/Jun/2013:15:06:16 -0600',
                       '04/Jun/2013:15:06:17 -0600'
                     ]
        };

        [download]
[reply]
[d/l]
        Hi HDB,

        Thanks it is working for me as well, however there might be chances when "SRCH=Q" string will not be there within the logs. When I remove this string from the logs, it gives me undefined error 

        
[04/Jun/2013:13:06:13 -0600] conn=13570 op=14 msgId=13 - BIND dn="uid=
+xyz123,ou=People,o=xyz.com" method=128 version=3
[04/Jun/2013:15:06:13 -0600] conn=13570 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:13:06:13 -0600] conn=13572 op=14 msgId=13 - BIND dn="uid=
+xyz123,ou=People,o=xyz.com" method=128 version=3
[04/Jun/2013:15:06:13 -0600] conn=13572 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:17:06:13 -0600] conn=13571 op=14 msgId=13 - BIND dn="uid=
+someoneelse,ou=People,o=xyz.com" method=128 version=3
[04/Jun/2013:18:06:17 -0600] conn=13571 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139 SRCH=Q
[04/Jun/2013:13:06:13 -0600] conn=13573 op=14 msgId=13 - BIND dn="uid=
+xyz123,ou=People,o=xyz.com" method=128 version=3
[04/Jun/2013:15:06:13 -0600] conn=13573 op=14 msgId=15 - RESULT err=0 
+tag=101 nentries=48030 etime=139

        [download]

        Error : 

        
User xyz123 had 1 searches on connection 13570
User xyz123 had 1 searches on connection 13572
Can't use an undefined value as an ARRAY reference at hash1.pl line 23
+, <IN> line 8.

        [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom