How do I process saved event streams? : Morro Data

Morro Audit allows you to create a CSV of event stream data for download, which makes it easier to process this information using third-party tools. Scripting languages, such as Python, are one common way to alter and filter data into a more usable form. Some possible ways to manipulate the data include:

Fine-grained filtering of relevant data.
Transforming fields from one format to another, for example timestamps.
Generating statistics.

Here is a simple sample Python script that makes it easy to filter out and process fields. It takes a file named "audit0.csv" and sends the output to "audit0_processed.csv".

#!/bin/python

def process_first_field(field):
    # Do some processing here.
    return field

def process_second_field(field):
    # Do some processing here.
    return field

def process_third_field(field):
    # Do some processing here.
    return field


# CSV fields:
# date/time,operation,path,stream,args,user,ipaddr,host,device,share

in_file = "audit0.csv"
out_file="audit0_processed.csv"

f = open(in_file)
out = open(out_file, "w")
for line in f:
    fields = line.split(',')
    out.write("{}, {}, {}\n".format(
        process_first_field(fields[0]),
        process_second_field(fields[2]),
        process_third_field(fields[5])))
f.close()
out.close()

Morro Data - Support Center

How can we help you today?

How do I process saved event streams? Print

How can we help you today?

How do I process saved event streams? Print

Related Articles