- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
我有一个 pandas 列,其中包含 Windows 事件日志的消息字段,如下所示。如何遍历并删除所有非键值样式对?
消息列包含类似的数据,但可能比显示的更多键:值类型,因为这只是一个事件 ID。
message
['subject':'none','security id':'s-1-5-12','account name':'myaccountname','account domain':'domain', 'logon id':'0x3e6', ' process information':'none', 'new process id':'0x1a53', 'new process name':'c:\windows\system32\ipconfig.exe', 'token elevation type':'%%1932','creator process id':'0x1b33', 'process command line':'none', ' token elevation type indicates the type of token that was assigned to the new process in accordance with user account control policy.',' type 1 is a full token with no privileges removed or groups disabled. a full token is only used if user account control is disabled or if the user is the built-in administrator account or a service account.', ' type 2 is an elevated token with no privileges removed or groups disabled. an elevated token is used when user account control is enabled and the user chooses to start the program using run as administrator. an elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege', ' and the user is a member of the administrators group.',' type 3 is a limited token with administrative privileges removed and administrative groups disabled. the limited token is used when user account control is enabled', ' the application does not require administrative privilege', ' and the user does not choose to start the program using run as administrator.']
['subject':'none','security id':'s-1-5-13','account name':'myaccountname','account domain':'domain', 'logon id':'0x3e6', ' process information':'none', 'new process id':'0x1a53', 'new process name':'c:\windows\system32\net.exe', 'token elevation type':'%%1932','creator process id':'0x1b33', 'process command line':'none', ' token elevation type indicates the type of token that was assigned to the new process in accordance with user account control policy.',' type 1 is a full token with no privileges removed or groups disabled. a full token is only used if user account control is disabled or if the user is the built-in administrator account or a service account.', ' type 2 is an elevated token with no privileges removed or groups disabled. an elevated token is used when user account control is enabled and the user chooses to start the program using run as administrator. an elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege', ' and the user is a member of the administrators group.',' type 3 is a limited token with administrative privileges removed and administrative groups disabled. the limited token is used when user account control is enabled', ' the application does not require administrative privilege', ' and the user does not choose to start the program using run as administrator.']
预期输出:
subject security id account name logon id process information new processs id new process name token elevation type creator process id process command line
none s-1-5-12 myaccountname 0x3e6 none 0x1a53 c:\windows\system32\ipconfig.exe %%1932 0x1b33 none
如果我可以从数据中获取非键:值对,我知道我可以使用此方法。
最佳答案
您可以使用yaml
,如果 dict
中缺少 value
,则添加 None
值,然后删除所有 None
对:
print (df)
message
0 {'a':'none','b':'2', ' token.', ' type 1'}
import yaml
print (df.message.apply(yaml.load))
0 {' token.': None, ' type 1': None, 'b': '2', ...
Name: message, dtype: object
df.message = df.message.apply(lambda x: {k: v for k, v in yaml.load(x).items() if v})
print (df)
message
0 {'b': '2', 'a': 'none'}
使用您的数据:
df = pd.DataFrame({'message':["{'subject':'none', 'security id':'s-1-5-12', 'account name':'myaccountname','account domain':'domain', 'logon id':'0x3e6', ' process information':'none', 'new process id':'0x1a53', 'new process name':'c:\windows\system32\ipconfig.exe', 'token elevation type':'%%1932', 'creator process id':'0x1b33','process command line':'none', ' token elevation type indicates the type of token that was assigned to the new process in accordance with user account control policy.', ' type 1 is a full token with no privileges removed or groups disabled. a full token is only used if user account control is disabled or if the user is the built-in administrator account or a service account.', ' type 2 is an elevated token with no privileges removed or groups disabled. an elevated token is used when user account control is enabled and the user chooses to start the program using run as administrator. an elevated token is also used when an application is configured to always require administrative privilege or to always require maimum privilege', ' and the user is a member of the administrators group.',' type 3 is a limited token with administrative privileges removed and administrative groups disabled. the limited token is used when user account control is enabled', ' the application does not require administrative privilege', ' and the user does not choose to start the program using run as administrator.'}"]})
<小时/>
import yaml
df.message = df.message.apply(lambda x: {k: v for k, v in yaml.load(x).items() if v})
df1 = pd.DataFrame(df.pop('message').values.tolist(), index=df.index)
print (df1)
process information account domain account name creator process id \
0 none domain myaccountname 0x1b33
logon id new process id new process name \
0 0x3e6 0x1a53 c:\windows\system32\ipconfig.exe
process command line security id subject token elevation type
0 none s-1-5-12 none %%1932
编辑:
import yaml
df.message=df.message.str[0].apply(lambda x:{k:v for k,v in yaml.load('{'+x+'}').items() if v})
df1 = pd.DataFrame(df.pop('message').values.tolist(), index=df.index)
print (df1)
process information account domain account name creator process id \
0 none domain myaccountname 0x1b33
logon id new process id new process name \
0 0x3e6 0x1a53 c:\windows\system32\ipconfig.exe
process command line security id subject token elevation type
0 none s-1-5-12 none %%1932
关于python - Windows 事件日志消息转换为字典,然后转换为 pandas 列,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43037416/
这是真的: log(A) + log(B) = log(A * B) [0] 这也是真的吗? O(log(A)) + O(log(B)) = O(log(A * B)) [1] 据我了解 O(f
0 引言 我常以为 配置 INFO 日志级别时, 应用程序代码中日志器(logger) debug 级的日志代码,不会被执行(比如,实验1中的printTestLog函数)。但今天线上的问题,
日志 日志是构建工具的主要界面。如果日志太多,真正的警告和问题容易被隐藏。另一方面,如果出了错,你需要找出相关的信息。Gradle 定义了6个日志级别,如表 18.1,“日志级别”所示。除了那些您通
日志 关键进程日志如下…(将 替换为启动服务的用户,将 替换为计算机名称) NameNode: $ HADOOP_HOME / logs / hadoop- -namenode- .log Da
我正在探索项目的 git 历史 FFMpeg .我在提交之间对每个文件执行了更改 517573a67088b5c7a25c18373434e3448892ee93和 80bb65fafab1d2f5f
我不知道如何在 loggly 中使用正则表达式进行搜索。例如,使用表达式 /24nonstop.+7554/ 记录我想查找的内容. { "level_name": "WARNING", "ex
有没有办法为 API 调用打开日志记录? 我们有一个第三方应用程序在使用我们的商店时遇到问题,希望获得一些调试信息。 ~我已经搜索了 bt 一无所获。 我正在使用 1.7 最佳答案 在一段受控的时间内
我正在尝试获取 SVN 中所有副本/移动/等的固定路径的日志历史记录(如果可能的话,递归地)。实际上,我试图避免 peg revisions ,并将日志应用于路径而不是对象。 svn 手册提出了这个问
如何在命令行中运行 NAnt 脚本并在日志文件中获取每个任务的时间? using nant task or NAnt -buildfile:testscript.build testnanttarg
是否有任何默认方式来记录哪些用户代理访问了您的服务器?我需要编制一份访问我们网站的浏览器列表,以便我们知道我们最能支持什么。 谢谢! 最佳答案 日志CGI.HTTP_USER_AGENT ,也许在 A
我在我的应用程序中使用 Spring 发送电子邮件。 我想在发送电子邮件时记录 imap 服务器操作。 我尝试按如下方式在我的 applicationContext.xml 中实现日志:
我已经运行一个 pod 一个多星期了,从开始到现在没有重启过。但是,我仍然无法查看自它启动以来的日志,它只提供最近两天的日志。容器是否有任何日志轮换策略以及如何根据大小或日期控制轮换? 我尝试了以下命
背景: 我正在设置我的第一个 flex 堆栈,尽管我将开始简单,但是我想确保我从良好的体系结构开始。我最终希望有以下解决方案:托管指标,服务器日志(expressjs APM),单页应用程序监视(AP
常规的 hg log 命令给出每个变更集至少 4 行的输出。例如 changeset: 238:03a214f2a1cf user: My Name date: Th
我在我的项目中使用 Spring iBatis 框架。然后使用 logback 进行记录。然后,在检查日志文件时,我可以看到系统正在使用的数据库...出于安全目的我想隐藏它 这是示例日志.. 12:2
我想使用 hg log 生成一个简短的变更日志,涵盖最新版本的变更。发行版标有“v”前缀,例如“v0.9.1”或“v1.0”。是否可以使用 revsets 选择以“v”开头的最后两个标签之间的范围,不
我是 PHP 的新手,所以如果有一个简单的答案,请原谅我。我在 stackoverflow 中搜索过任何类似的问题,但找不到任何帮助。 我正在开发一个现有的基于 php 的应用程序,我只需要能够将对象
我有一个名为 Radius 的程序可以验证用户登录。运行在CentOS服务器上 日志在/var/log/radius.log 中 它们如下 Mon Jul 24 22:17:08 2017 : Aut
我最近从使用“日志”切换到“日志”。 到目前为止,还不错,但我缺少一项关键功能——在运行时更改最低级别的能力。 在“logging',我可以调用 myLogger.setLevel(logging.I
假设我们有速度关键的系统(例如统计/分析、套接字编程等),我们如何设计跟踪和日志。 更具体地说,日志和跟踪通常会降低性能(即使我们有关闭机制或冗长的扩展机制)。在这种情况下,是否有任何关于如何“放置”
我是一名优秀的程序员,十分优秀!