我有如下测试日志。尝试以更好的方式阅读它。向字典添加元素时出现键错误。在检查if条件时,不生成任何输出,而在执行elif键错误时

Jan 23 2016 10:30:08AM - bla bla Server-1A linked
Jan 23 2016 11:04:56AM - bla bla Server-1B linked
Jan 23 2016 1:18:32PM - bla bla Server-1B dislinked from server
Jan 23 2016 4:16:09PM - bla bla DOS activity from 201.10.0.4
Jan 23 2016 9:43:44PM - bla bla Server-1A dislinked from server
Feb 1 2016 12:40:28AM - bla bla Server-1A linked
Feb 1 2016 1:21:52AM - bla bla DOS activity from 192.168.123.4
Mar 29 2016 1:13:07PM - bla bla Server-1A dislinked from server




result = []
_dict = {}
spu = []
with open(r'C:\Users\Desktop\test.log') as f:
    for line in f:
        date, rest = line.split(' - ', 1)
        conn_disconn = rest.split(' ')[3]
        server_name = rest.split(' ')[2]
        if line.strip()[-1].isdigit():
            dos = re.findall('[0-9]+(?:\.[0-9]+){3}',line)
            spu.extend(dos)
        ##Error part is below
        if conn_disconn  == 'linked':
            dict_to_append = {server_name: [(conn_disconn, date)]}
            print (dict_to_append)
            _dict[server_name] = dict_to_append
            result.append(dict_to_append)
        elif conn_disconn == 'dislinked':
            _dict[server_name][server_name].append(conn_disconn,date)
            del _dict[server_name]
print (result)


预期中

[{'Server-1A': [('linked', 'Jan 23 2016 11:30:08AM'), ('dislinked', 'Jan 23 2016 10:43:44PM')]},
{'Server-1B': [('linked', 'Jan 23 2016 12:04:56AM'), ('dislinked', 'Jan 23 2016 2:18:32PM')]},
{'Server-1A': [('linked', 'Feb 1 2016  1:40:28AM'), ('dislinked', 'Mar 29 2016 2:13:07PM')]},
{'Server-1A': [('linked', 'Jan 23 2016 11:30:08AM'), ('dislinked', 'Jan 23 2016 10:43:44PM')]},
{'Server-1B': [('linked', 'Jan 23 2016 12:04:56AM'), ('dislinked', 'Jan 23 2016 2:18:32PM')]},
{'Server-1A': [('linked', 'Feb 1 2016  1:40:28AM'), ('dislinked', 'Mar 29 2016 2:13:07PM')]},
{'Server-1A': [('linked', 'Jan 23 2016 11:30:08AM'), ('dislinked', 'Jan 23 2016 10:43:44PM')]},
{'Server-1B': [('linked', 'Jan 23 2016 12:04:56AM'), ('dislinked', 'Jan 23 2016 2:18:32PM')]},
{'Server-1A': [('linked', 'Feb 1 2016  1:40:28AM'), ('dislinked', 'Mar 29 2016 2:13:07PM')]},
{Dos:['201.10.0.4','192.168.123.4']}]

最佳答案

当您检查if conn_disconn == 'linked':时,conn_disconn具有linked\n,因此它没有添加到词典中,并且您得到了关键错误。

import re
result = []
_dict = {}
spu = []
with open("r'C:\Users\Desktop\test.log'") as f:
    for line in f:
        date, rest = line.split(' - ', 1)
        conn_disconn = rest.split(' ')[3].strip()
        server_name = rest.split(' ')[2]
        if line.strip()[-1].isdigit():
            dos = re.findall('[0-9]+(?:\.[0-9]+){3}',line)
            spu.extend(dos)
        ##Error part is below
        if conn_disconn  == 'linked':
            dict_to_append = {server_name: [(conn_disconn, date)]}
            print (dict_to_append)
            _dict[server_name] = dict_to_append[server_name]
            result.append(dict_to_append)
        elif conn_disconn == 'dislinked':

            _dict[server_name].append((conn_disconn,date))
            del _dict[server_name]
print (result)


输出:

[{'Server-1A': [('linked', 'Jan 23 2016 10:30:08AM'), ('dislinked', 'Jan 23 2016 9:43:44PM')]}, {'Server-1B': [('linked', 'Jan 23 2016 11:04:56AM'), ('dislinked', 'Jan 23 2016 1:18:32PM')]}, {'Server-1A': [('linked', 'Feb 1 2016 12:40:28AM'), ('dislinked', 'Mar 29 2016 1:13:07PM')]}]

09-26 08:53