Hello
matt00perl and welcome,
be sure next time to be precise as you can about what yoou have and what you expect, because, as chatted some hours ago, i think your expectection are mispelled.
In any case, if this can help you, for uniqueness i suggest to use hash.
#!perl
use strict;
use warnings;
use Data::Dumper;
my %occur;
my $data_pos = tell DATA; # save the position, for later use
while (<DATA>) {
chomp; #elimnates newline
s/\s*<p>\s*//g;#remove tags and unecessary withespaces
my ($time,$src_mac,$dest_mac,$src_ip,$src_port,$dest_ip,$dest_port
+) = split /\s\|\s/, $_;
#check lesser time
# be AWARE of the poor time comparison implementation: maybe bette
+r transform each time
#in seconds from epoch, do the comparison numerically (ie: < or >
+instead of lt gt), riconvert in what you want
if (defined $occur{$dest_ip}{'mintime'}) {
$occur{$dest_ip}{'mintime'} = $time if $time lt $occur{$dest_i
+p}{'mintime'};
}
else {$occur{$dest_ip}{'mintime'} = $time}
#check greater time
if (defined $occur{$dest_ip}{'maxtime'}) {
$occur{$dest_ip}{'maxtime'} = $time if $time gt $occur{$dest_i
+p}{'maxtime'};
}
else {$occur{$dest_ip}{'maxtime'} = $time}
#you can save in the hash entry other fields you may need..
# $occur{$dest_ip}{'src_mac'} = $src_mac; and so on..
}
print Dumper (\%occur);
#or to be precise we need unique connections i think
undef %occur;
seek DATA, $data_pos, 0; #rewind DATA
while (<DATA>){
chomp;
s/\s*<p>\s*//g;
my ($time,$src_mac,$dest_mac,$src_ip,$src_port,$dest_ip,$dest_port
+) = split /\s\|\s/, $_;
#change only the hash key creation
my $connection = 'from_'.$src_ip.'_to_'.$dest_ip.'_port_'.$dest_po
+rt;
#all the same now
if (defined $occur{$connection}{'mintime'}) {
$occur{$connection}{'mintime'} = $time if $time lt $occur{$con
+nection}{'mintime'};
}
else {$occur{$connection}{'mintime'} = $time}
#check greater time
if (defined $occur{$connection}{'maxtime'}) {
$occur{$connection}{'maxtime'} = $time if $time gt $occur{$con
+nection}{'maxtime'};
}
else {$occur{$connection}{'maxtime'} = $time}
}
print Dumper (\%occur);
__DATA__
<p> 03-23 00:37:28.174515 | 8ca982044d00 | c04a00332142 | 192.168.1.10
+0 | 49671 | 180.149.153.11 | 80 <p>
<p> 03-23 00:37:28.174536 | 8ca982044d00 | c04a00332142 | 192.168.1.10
+0 | 49671 | 180.149.153.11 | 80 <p>
<p> 03-23 00:41:36.422588 | 8ca982044d00 | c04a00332142 | 192.168.1.10
+0 | 49672 | 180.149.153.11 | 80 <p>
<p> 03-23 00:44:18.584080 | 8ca982044d00 | c04a00332142 | 192.168.1.10
+0 | 49671 | 180.149.153.11 | 80 <p>
<p> 03-23 00:44:22.588592 | 8ca982044d00 | c04a00332142 | 192.168.1.10
+0 | 35660 | 180.149.134.61 | 80 <p>
<p> 03-23 00:45:12.636571 | 8ca982044d00 | c04a00332142 | 192.168.1.10
+0 | 35661 | 180.149.134.61 | 80 <p>
####OUTPUT
$VAR1 = {
'180.149.153.11' => {
'maxtime' => '03-23 00:44:18.584080',
'mintime' => '03-23 00:37:28.174515'
},
'180.149.134.61' => {
'maxtime' => '03-23 00:45:12.636571',
'mintime' => '03-23 00:44:22.588592'
}
};
$VAR1 = {
'from_192.168.1.100_to_180.149.153.11_port_80' => {
'maxtime
+' => '03-23 00:44:18.584080',
'mintime
+' => '03-23 00:37:28.174515'
},
'from_192.168.1.100_to_180.149.134.61_port_80' => {
'maxtime
+' => '03-23 00:45:12.636571',
'mintime
+' => '03-23 00:44:22.588592'
}
};
HtH
L*
There are no rules, there are no thumbs..
Reinvent the wheel, then learn The Wheel; may be one day you reinvent one of THE WHEELS.
