0

我在 XML 中有许多独特的事件,我已将它们转换为大约 300 个键的大型散列。这些键中的大多数的值都是哈希值,其中一些键的值又是哈希值。我不知道哈希嵌套会有多深。

我想将原始 300 的每个哈希及其所有键和值(无论它可能有多少)写入无模式数据库。

我已经设法编写了一个(混乱的)方法来输出每个哈希的值,无论它的值可能包含多少个哈希。

我现在面临的问题是我无法确定一个哈希从哪里开始,一个哈希从哪里结束。因此,我无法将单独的事件写入数据库,因为我只剩下所有哈希的输出。

如何确定哪些是单独的事件?

这是我的代码:

require 'crack'
require 'awesome_print'

def printingOutHash(inputHash)
#ap inputHash
  if inputHash.kind_of?(Array)
    puts "array"
    inputHash.each do |x|
      printingOutHash(x)
    end
  end

  if inputHash.kind_of?(Hash)
    inputHash.each do |k, v|
      if v.kind_of?(Hash)
        printingOutHash(v)
      else
        ap "#{k}: #{v}"
      end
    end
  end
end

  h = Crack::XML.parse("<Events><Event><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7036</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2013-03-25T05:00:38.021800000Z'/><EventRecordID>17629</EventRecordID><Correlation/><Execution ProcessID='476' ThreadID='3028'/><Channel>System</Channel><Computer>AMAZONA-ONIST5V</Computer><Security/></System><EventData><Data Name='param1'>Windows Modules Installer</Data><Data Name='param2'>stopped</Data><Binary>540072007500730074006500640049006E007300740061006C006C00650072002F0031000000</Binary></EventData></Event><Event><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7040</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2013-03-25T05:00:37.741000000Z'/><EventRecordID>17628</EventRecordID><Correlation/><Execution ProcessID='476' ThreadID='3028'/><Channel>System</Channel><Computer>AMAZONA-ONIST5V</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='param1'>Windows Modules Installer</Data><Data Name='param2'>auto start</Data><Data Name='param3'>demand start</Data><Data Name='param4'>TrustedInstaller</Data></EventData></Event></Events>")

 printingOutHash(h['Events']['Event'])
4

1 回答 1

0

在处理复杂或大型数据文件时,将 XML 转换为哈希不是一个好主意,因为与搜索 XML 相比,遍历哈希不是很方便。使用像Nokogiri这样的正确工具解析 XML 非常简单。

基于您的 XML:

require 'nokogiri'

xml = "
<Events>
    <Event>
        <System>
            <Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/>
            <EventID Qualifiers='16384'>7036</EventID>
            <Version>0</Version>
            <Level>4</Level>
            <Task>0</Task>
            <Opcode>0</Opcode>
            <Keywords>0x8080000000000000</Keywords>
            <TimeCreated SystemTime='2013-03-25T05:00:38.021800000Z'/>
            <EventRecordID>17629</EventRecordID>
            <Correlation/>
            <Execution ProcessID='476' ThreadID='3028'/>
            <Channel>System</Channel>
            <Computer>AMAZONA-ONIST5V</Computer>
            <Security/>
        </System>
        <EventData>
            <Data Name='param1'>Windows Modules Installer</Data>
            <Data Name='param2'>stopped</Data>
            <Binary>540072007500730074006500640049006E007300740061006C006C00650072002F0031000000</Binary>
        </EventData>
    </Event>
    <Event>
        <System>
            <Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/>
            <EventID Qualifiers='16384'>7040</EventID>
            <Version>0</Version>
            <Level>4</Level>
            <Task>0</Task>
            <Opcode>0</Opcode>
            <Keywords>0x8080000000000000</Keywords>
            <TimeCreated SystemTime='2013-03-25T05:00:37.741000000Z'/>
            <EventRecordID>17628</EventRecordID>
            <Correlation/>
            <Execution ProcessID='476' ThreadID='3028'/>
            <Channel>System</Channel>
            <Computer>AMAZONA-ONIST5V</Computer>
            <Security UserID='S-1-5-18'/>
        </System>
        <EventData>
            <Data Name='param1'>Windows Modules Installer</Data>
            <Data Name='param2'>auto start</Data>
            <Data Name='param3'>demand start</Data>
            <Data Name='param4'>TrustedInstaller</Data>
        </EventData>
    </Event>
</Events>"

这是我如何获取数据的开始:

doc = Nokogiri::XML(xml)
pp doc.search('Event').map { |event|

  system_provider_node = event.at('System Provider')

  system = {
    provider: {
      name: system_provider_node['Name'],
      guid: system_provider_node['Guid'],
      event_source_name: system_provider_node['EventSourceName']
    }
  }

  event_data = event.search('EventData Data').map{ |data|
    {
      name: data['Name'],
      text: data.text
    }
  }

  {
    system: system,
    event_data: event_data
  }    

}

结果是:

[{:system=>
  {:provider=>
    {:name=>"Service Control Manager",
      :guid=>"{555908d1-a6d7-4695-8e1e-26931d2012f4}",
      :event_source_name=>"Service Control Manager"}},
  :event_data=>
  [{:name=>"param1", :text=>"Windows Modules Installer"},
    {:name=>"param2", :text=>"stopped"}]},
{:system=>
  {:provider=>
    {:name=>"Service Control Manager",
      :guid=>"{555908d1-a6d7-4695-8e1e-26931d2012f4}",
      :event_source_name=>"Service Control Manager"}},
  :event_data=>
  [{:name=>"param1", :text=>"Windows Modules Installer"},
    {:name=>"param2", :text=>"auto start"},
    {:name=>"param3", :text=>"demand start"},
    {:name=>"param4", :text=>"TrustedInstaller"}]}]

您不必构建散列数组。对于每一个<Event>,您都可以剥离元素并在数据库的各个表中构建单独的行。这真的取决于你的想法。

于 2013-03-26T05:48:44.920 回答