擅长:python、mysql、java
<p>当我们看到一个新的时间戳时,可以使用<a href="http://www.tutorialspoint.com/python/dictionary_setdefault.htm" rel="nofollow">dict.setdefault</a>添加一个新的dict,并增加<code>sshd</code>等。。每次我们看到键时,键值为1:</p>
<pre><code>d = {}
with open("in.txt") as f:
for line in f:
# split into time and sshd etc..
time, res = line.split()
# use setdefault so we get a new dict for each timestamp and set each new key's value to 0
d.setdefault(time, {}).setdefault(res[:-1],0)
d[time][res[:-1]] += 1
from pprint import pprint as pp
pp(d)
{'10:01:36': {'adcl': 1, 'sshd': 1},
'10:01:37': {'adcl': 20, 'root': 1, 'runm': 2, 'sshd': 10}}
</code></pre>
<p>您还可以使用<a href="https://docs.python.org/2/library/collections.html#collections.Counter" rel="nofollow">collections.Counter</a>dict:</p>
<pre><code>from collections import Counter
d = {}
with open("in.txt") as f:
for line in f:
time, res = line.split()
d.setdefault(time, Counter())
d[time].update([res[:-1]])
</code></pre>