comment on

Three steps:

Convert the log into a sortable format, resolving domain names if necessary.

use Socket qw( inet_aton );
while (<>) {
    my $host = extract_host($_);
    print(unpack('H8', inet_aton($host)), $_);
}
[download]

Sort the modified log using unix command line util sort.

Count the dups in the sorted file

my $last;
my $count;
while (<>) {
    my $ip = extract_ip($_);

    if (defined($last) && $last ne $ip) {
        print("$last: $count\n");
        $count = 0;
    }

    $last = $ip;
    ++$count;
}

if (defined($last)) {
    print("$last: $count\n");
}
[download]

The Perl bits use O(1) memory. Unix command line util sort will efficiently use the disk to sort when necessary.

Bonus: You are given the log entries that correspond to each ip address at basically no cost. If you don't need that, you can leave out that information from the file to be sorted.

In reply to Re: Working with large amount of data by ikegami
in thread Working with large amount of data by just1fix

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.