我正在迭代从Windows主机提取的许多导出的安全事件日志,示例数据框如下所示:
"MachineName","EventID","EntryType","Source","TimeGenerated","TimeWritten","UserName","Message"
"mycompname","5156","SuccessAudit","Microsoft-Windows-Security-Auditing","4/26/2017 10:47:41 AM","4/26/2017 10:47:41 AM",,"The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: %%14592 Source Address: 192.168.10.255 Source Port: 137 Destination Address: 192.168.10.238 Destination Port: 137 Protocol: 17 Filter Information: Filter Run-Time ID: 83695 Layer Name: %%14610 Layer Run-Time ID: 44"
"mycompname","4688","SuccessAudit","Microsoft-Windows-Security-Auditing","4/26/2014 10:47:03 AM","4/26/2014 10:47:03 AM",,"A new process has been created. Subject: Security ID: S-1-5-18 Account Name: mycompname$ Account Domain: mydomain Logon ID: 0x3e7 Process Information: New Process …如何使用登录/注销事件时间创建类似于下面的时间轮?特别希望以时间轮方式关联与星期几相关的平均登录/注销时间?下面的图片就是一个例子,但我正在寻找时间昼夜不停的时间,一周中的时间现在在图片中.我有可用的python和包含登录时间的数据集.我还想将颜色与用户类型相关联,例如管理员与普通用户或某种性质的用户.任何关于如何实现这一点的想法都会很棒.
一些示例数据位于pandas数据框中
DF:
TimeGenerated EventID Username Message
2012-04-01 00:00:13 4624 Matthew This guy logged onto the computer for the first time today
2012-04-01 00:00:14 4624 Matthew This guy authenticated for some stuff
2012-04-01 00:00:15 4624 Adam This guy logged onto the computer for the first time today
2012-04-01 00:00:16 4624 James This guy logged onto the computer for the first time today
2012-04-01 12:00:17 4624 Adam This guy authenticated for some stuff
2012-04-01 12:00:18 4625 James This guy logged off …我有多个包含不同类型的txt文件的zip文件.如下所示:
zip1
- file1.txt
- file2.txt
- file3.txt
如何使用pandas读取每个文件而不提取它们?
我知道如果每个zip是1个文件我可以使用read_csv的压缩方法,如下所示:
df = pd.read_csv(textfile.zip, compression='zip')
任何有关如何做到这一点的帮助都会很棒.
如何合并两个不同的数据帧,在填充空白时保留每个数据帧的所有行?
DF1
Name Addr Num Parent Parent_Addr
Matt 123H 8 James 543F
Adam 213H 9 James 543F
James 321H 10 Mom 654F
Andrew 512F 10 Dad 665F
Faith 555A 7 None 657F
DF2
Name Parent Parent_Num Parent_Addr
Matt James 10 543F
Adam James 10 543F
James Mom 12 654F
None Ian 13 656F
None None None 1234
预期产出
Name Addr Num Parent Parent_Num Parent_Addr
Matt 123H 8 James 10 543F
Adam 213H 9 James 10 543F
James 321H 10 Mom …我有一个如下数据集:
name status number message
matt active 12345 [job: , money: none, wife: none]
james active 23456 [group: band, wife: yes, money: 10000]
adam inactive 34567 [job: none, money: none, wife: , kids: one, group: jail]
如何提取键值对,并将它们转换为一直扩展的数据帧?
预期产量:
name status number job money wife group kids
matt active 12345 none none none none none
james active 23456 none 10000 none band none
adam inactive 34567 none none none none one
该消息包含多种不同的密钥类型.
任何帮助将不胜感激.
我有一个如下数据框:
dateTime Name DateTime day seconds zscore
11/1/2016 15:17 james 11/1/2016 15:17 Tue 55020 1.158266091
11/1/2016 13:41 james 11/1/2016 13:41 Tue 49260 -0.836236954
11/1/2016 15:17 james 11/1/2016 15:17 Tue 55020 1.158266091
11/1/2016 15:17 james 11/1/2016 15:17 Tue 55020 1.158266091
11/1/2016 15:17 james 11/1/2016 15:17 Tue 55020 1.158266091
11/1/2016 15:17 james 11/1/2016 15:17 Tue 55020 1.158266091
11/1/2016 15:17 james 11/1/2016 15:17 Tue 55020 1.158266091
11/1/2016 15:17 james 11/1/2016 15:17 Tue 55020 1.158266091
11/1/2016 15:17 james 11/1/2016 15:17 Tue 55020 1.158266091
11/1/2016 …我有一个如下数据框:
Name IDNum BossNum
John 1 0
Matt 2 1
Mike 3 2
Jack 4 1
如何创建一个名为BossName的附加列,如下所示:
预期产出:
Name IDNum BossNum BossName
John 1 0 John/none (I don't care about boss being ided)
Matt 2 1 John
Mike 3 2 Matt
Jack 4 1 John
我目前已经尝试过:
df['BossName'] = df['Name'][df['BossNum'] in df['IDNum']]
这根本不起作用.关于如何实现这一点的任何想法都会很棒.