We had a need to analyze how often a web shopper used more than one device to manage her shopping cart within a given time tolerance. We store our Apache access logs in Splunk, so this post is simply a pointer to how you can query Splunk, and take the results and analyze them with an in-memory database in python.<\/p>\n
\r\nfrom pydblite.sqlite import Database, Table\r\nimport splunklib.client as client\r\nimport splunklib.results as results\r\n\r\nservice = client.connect(host=\"cmhlpsplksea01\",port=\"8089\",username=\"showard\",password=\"**********\")\r\nrr = results.ResultsReader(service.jobs.oneshot(\"search host=\\\"cmhlpecomweb*\\\" sourcetype=access_combined 104.137.126.226 | fields _raw\", \r\n **{\"earliest_time\":\"2017-01-12T15:30:00.000-05:00\",\r\n \"latest_time\":\"2017-01-12T17:30:00.000-05:00\",\r\n \"count\": 0}))\r\n\r\ndb = Database(\":memory:\")\r\ntable = Table(\"sessions\", db)\r\ntable.create(('ts', 'TEXT'), ('ip_address', 'TEXT'), ('session_id', 'TEXT'))\r\ntable.open()\r\n\r\norders = dict()\r\nfor result in rr:\r\n agents = result['_raw'].split('\\t')\r\n table.insert(ts=agents[0],ip_address=agents[13], session_id=agents[14])\r\n\r\nassert rr.is_preview == False\r\n\r\nfor r in (r for r in table if r['ts'].find('2017:17:2') > -1):\r\n print \"found\", r\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"We had a need to analyze how often a web shopper used more than one device to manage her shopping cart within a given time tolerance. We store our Apache access logs in Splunk, so this post is simply a…<\/p>\n