use strict; use warnings; use feature 'say';
use Data::Dumper; $Data::Dumper::Indent = $Data::Dumper::Sortkeys = 1;
my $results = load_results();
my %interesting;
# extract interesting data, record count of hits per IP per request
for my $hit ( map { $_->{'_source'} } @{ $results->{'hits'}->{'hits'} } ) {
$interesting{ $hit->{'request'} }->{ $hit->{'clientip'} }++;
}
say Dumper \%interesting;
sub load_results {
return {
'_shards' => {
'skipped' => 0,
'successful' => 5,
'total' => 5,
'failed' => 0
},
'hits' => {
'hits' => [
{
'_id' => 'AV6SrwuTv7sBjjRqMiW1',
'_source' => {
'request' => '/index.php',
'clientip' => '192.168.1.1'
},
'_type' => 'nginx',
'_index' => 'nginx-2017.09.18',
'_score' => '4.238926'
},
{
'_id' => 'AV6SrwuTv7sBjjRqMiW1',
'_source' => {
'request' => '/index.php',
'clientip' => '192.168.1.1'
},
'_type' => 'nginx',
'_index' => 'nginx-2017.09.18',
'_score' => '4.238926'
},
{
'_id' => 'AV6UL-DOv7sBjjRqMidb',
'_source' => {
'clientip' => '192.168.1.1',
'request' => '/'
},
'_score' => '4.189655',
'_type' => 'nginx',
'_index' => 'nginx-2017.09.18'
},
{
'_id' => 'AV6SrwuTv7sBjjRqMiW1',
'_source' => {
'request' => '/',
'clientip' => '192.168.1.2'
},
'_type' => 'nginx',
'_index' => 'nginx-2017.09.18',
'_score' => '4.238926'
},
],
'total' => 2,
'max_score' => '4.238926'
},
'took' => 0,
'timed_out' => undef
};
} # end sub
__END__
####
for my $hit ( map { $_->{'_source'} } @{ $results->{'hits'}->{'hits'} } ) {
$interesting{ $hit->{'request'} }->{ $hit->{'clientip'} }++;
}
####
$VAR1 = {
'/' => {
'192.168.1.1' => 1,
'192.168.1.2' => 1
},
'/index.php' => {
'192.168.1.1' => 2
}
};
####
[ ... ]
for my $hit ( map { $_->{'_source'} } @{ $results->{'hits'}->{'hits'} } ) {
$interesting{ $hit->{'request'} }->{ $hit->{'clientip'} }++;
}
for my $resource ( keys %interesting ) {
say "Resource: $resource";
foreach my $ip ( keys %{ $interesting{ $resource } } ) {
say "\t$ip made $interesting{ $resource }->{ $ip } requests";
}
}
####
Resource: /
192.168.1.1 made 1 requests
192.168.1.2 made 1 requests
Resource: /index.php
192.168.1.1 made 2 requests