comment on

I have an array which Dumps to this

What you show is the contents of hashref, not an array. You're referring perhaps to the anonymous array under 'hits'?

Let's say your hashref that you get back from Elasticsearch is called $results. Let's assume you want to know which IPs requested which resources, and you'd like a count. The following parses your hashref and produces another hash containing your desired data.

use strict; use warnings; use feature 'say';
use Data::Dumper; $Data::Dumper::Indent = $Data::Dumper::Sortkeys = 1;

my $results = load_results();
my %interesting;

# extract interesting data, record count of hits per IP per request
for my $hit ( map { $_->{'_source'} } @{ $results->{'hits'}->{'hits'} 
+} ) {
    $interesting{ $hit->{'request'} }->{ $hit->{'clientip'} }++;
}

say Dumper \%interesting;

sub load_results {
    return {
          '_shards' => {
                         'skipped' => 0,
                         'successful' => 5,
                         'total' => 5,
                         'failed' => 0
                       },
          'hits' => {
                      'hits' => [
                                  {
                                    '_id' => 'AV6SrwuTv7sBjjRqMiW1',
                                    '_source' => {
                                                   'request' => '/inde
+x.php',
                                                   'clientip' => '192.
+168.1.1'
                                                 },
                                    '_type' => 'nginx',
                                    '_index' => 'nginx-2017.09.18',
                                    '_score' => '4.238926'
                                  },
                                  {
                                    '_id' => 'AV6SrwuTv7sBjjRqMiW1',
                                    '_source' => {
                                                   'request' => '/inde
+x.php',
                                                   'clientip' => '192.
+168.1.1'
                                                 },
                                    '_type' => 'nginx',
                                    '_index' => 'nginx-2017.09.18',
                                    '_score' => '4.238926'
                                  },
                                  {
                                    '_id' => 'AV6UL-DOv7sBjjRqMidb',
                                    '_source' => {
                                                   'clientip' => '192.
+168.1.1',
                                                   'request' => '/'
                                                 },
                                    '_score' => '4.189655',
                                    '_type' => 'nginx',
                                    '_index' => 'nginx-2017.09.18'
                                  },
                                  {
                                    '_id' => 'AV6SrwuTv7sBjjRqMiW1',
                                    '_source' => {
                                                   'request' => '/',
                                                   'clientip' => '192.
+168.1.2'
                                                 },
                                    '_type' => 'nginx',
                                    '_index' => 'nginx-2017.09.18',
                                    '_score' => '4.238926'
                                  },

                                ],
                      'total' => 2,
                      'max_score' => '4.238926'
                    },
          'took' => 0,
          'timed_out' => undef
        };
} # end sub

__END__
[download]

The key lines are:

for my $hit ( map { $_->{'_source'} } @{ $results->{'hits'}->{'hits'} 
+} ) {
    $interesting{ $hit->{'request'} }->{ $hit->{'clientip'} }++;
}
[download]

To understand a complex expression involving a loop it's often helpful to read from the right to the left.

Here you start with the value of $results->{'hits'}->{'hits'}, which is the anonymous array you're interested in.
This is dereferenced with @{ ... }, which turns it into a regular array we can work with.
map then loops through this array, assigning the value of each element to $_, and then returning the result of the expression $_->{'_source'}, which is the hashref containing the two k-v pairs you want.
Then on the next line you populate the hash %interesting with a key for each unique value of 'request', and a value of a hashref, with its own subkeys for each 'clientip' that requested the resource.
The value for each of those subkeys is incremented by one for each time the record is found (starting from 0 which is magically auto-initialized by Perl).

This gives a data structure like this (I added a couple of hits to flesh out the results):

$VAR1 = {
  '/' => {
    '192.168.1.1' => 1,
    '192.168.1.2' => 1
  },
  '/index.php' => {
    '192.168.1.1' => 2
  }
};
[download]

Which you can then loop through and print in a report or whatever.

[ ... ]

for my $hit ( map { $_->{'_source'} } @{ $results->{'hits'}->{'hits'} 
+} ) {
    $interesting{ $hit->{'request'} }->{ $hit->{'clientip'} }++;
}

for my $resource ( keys %interesting ) {
    say "Resource: $resource";
    foreach my $ip ( keys %{ $interesting{ $resource } } ) {
        say "\t$ip made $interesting{ $resource }->{ $ip } requests";
    }
}
[download]

Output:

Resource: /
    192.168.1.1 made 1 requests
    192.168.1.2 made 1 requests
Resource: /index.php
    192.168.1.1 made 2 requests
[download]

Hope this helps!

The way forward always starts with a minimal test.

In reply to Re: Looping trough Array Key/Value Pairs by 1nickt
in thread Looping trough Array Key/Value Pairs by maikelnight

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.