我想你需要先string
reperesentation的dicts
在列转换为dictionaries
每排由json.loads
或ast.literal_eval
,然后创建通过构造新DataFrame
,由子集筛选列,并在必要时通过concat
添加原始列:
d = {'_id__$oid': ['542f8', '542f8', '542f8'], 'channel': ['snort_alert', 'snort_alert', 'snort_alert'], 'payload': ['{"destination_ip":"172.31.14.66","date": "2014-10-19T01:32:36.669861","classification":"Potentially Bad Traffic","proto":"UDP","source_ip":"172.31.0.2","priority":"2","header":"1:2003195:5","signature":"ET POLICY Unusual number of DNS No Such Name Responses ","source_port":"53","destination_port":"34638","sensor":"5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e"}', '{"destination_ip":"172.31.14.66","date": "2014-10-19T01:32:36.669861","classification":"Potentially Bad Traffic","proto":"UDP","source_ip":"172.31.0.2","priority":"2","header":"1:2003195:5","signature":"ET POLICY Unusual number of DNS No Such Name Responses ","source_port":"53","destination_port":"34638","sensor":"5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e"}', '{"destination_ip":"172.31.14.66","date": "2014-10-19T01:32:36.669861","classification":"Potentially Bad Traffic","proto":"UDP","source_ip":"172.31.0.2","priority":"2","header":"1:2003195:5","signature":"ET POLICY Unusual number of DNS No Such Name Responses ","source_port":"53","destination_port":"34638","sensor":"5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e"}']}
reqcols=['_id__$oid','payload','channel']
df = pd.DataFrame(d)
print (df)
_id__$oid channel payload
0 542f8 snort_alert {"destination_ip":"172.31.14.66","date": "2014...
1 542f8 snort_alert {"destination_ip":"172.31.14.66","date": "2014...
2 542f8 snort_alert {"destination_ip":"172.31.14.66","date": "2014...
import json
import ast
df.payload = df.payload.apply(json.loads)
#another slowier solution
#df.payload = df.payload.apply(ast.literal_eval)
required = ["destination_ip", "proto", "source_ip", "date", "sensor"]
df1 = pd.DataFrame(df.payload.values.tolist())[required]
print (df1)
destination_ip proto source_ip date \
0 172.31.14.66 UDP 172.31.0.2 2014-10-19T01:32:36.669861
1 172.31.14.66 UDP 172.31.0.2 2014-10-19T01:32:36.669861
2 172.31.14.66 UDP 172.31.0.2 2014-10-19T01:32:36.669861
sensor
0 5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e
1 5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e
2 5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e
df2 = pd.concat([df[['_id__$oid','channel']], df1], axis=1)
print (df2)
_id__$oid channel destination_ip proto source_ip \
0 542f8 snort_alert 172.31.14.66 UDP 172.31.0.2
1 542f8 snort_alert 172.31.14.66 UDP 172.31.0.2
2 542f8 snort_alert 172.31.14.66 UDP 172.31.0.2
date sensor
0 2014-10-19T01:32:36.669861 5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e
1 2014-10-19T01:32:36.669861 5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e
2 2014-10-19T01:32:36.669861 5cda4a12-4730-11e4-9ee4-0a0b6e7c3e9e
个时序:
#[30000 rows x 3 columns]
df = pd.concat([df]*10000).reset_index(drop=True)
print (df)
In [38]: %timeit pd.DataFrame(df.payload.apply(json.loads).values.tolist())[required]
1 loop, best of 3: 379 ms per loop
In [39]: %timeit pd.read_json('[{}]'.format(df.payload.str.cat(sep=',')))[required]
1 loop, best of 3: 528 ms per loop
In [40]: %timeit pd.DataFrame(df.payload.apply(ast.literal_eval).values.tolist())[required]
1 loop, best of 3: 1.98 s per loop
向我们展示你的输入数据的样本。 –
@JohnZwinck请检查更新的问题 – user1208523