# S05 T01: Transformació Registre Log amb Regular expressions

<span style=color:darkred>**References:**</span>
+ [PY4E: Regular Expressions](https://www.py4e.com/lessons/regex#)
+ [Python Regex for Data Scientists](https://www.dataquest.io/blog/regular-expressions-data-scientists/)
+ [RegexOne](https://regexone.com/)
+ [Pandas DataFrame Apply](https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.DataFrame.apply.html)
+ [Pandas Series Apply](https://pandas.pydata.org/docs/reference/api/pandas.Series.apply.html)




### Descripció

L'anàlisi de registres és una funció important per al control i l'alerta, el compliment de les polítiques de seguretat, l'auditoria i el compliment normatiu, la resposta a incidents de seguretat i fins i tot les investigacions forenses. En analitzar les dades de registre, les empreses poden identificar més fàcilment les possibles amenaces i altres problemes, trobar la causa arrel i iniciar una resposta ràpida per mitigar els riscos. 

## NIVELL 1 - EXERCICI 1

L'analista ha d'assegurar-se que els registres consisteixen en una gamma completa de missatges i s'interpreten segons el context. Els elements de registre han d'estandaritzar-se, utilitzant els mateixos termes o terminologia, per evitar confusions i proporcionar cohesió.

Com Científic de Dades se t'ha proporcionat accés als registres-Logs on queda registrada l'activitat de totes les visites a realitzades a la pàgina web de l'agència de viatges "akumenius.com".

### Exercici

Estandaritza, identifica i enumera cada un dels atributs / variables de l'estructura de l'arxiu [Web_access_log-akumenius.com](https://github.com/IT-Academy-BCN/Data-Science/blob/main/Data-sources/Web_access_log-akumenius.com.txt.7z) que trobaràs al repositori de GitHub ["Data-sources".](https://github.com/IT-Academy-BCN/Data-Science/tree/main/Data-sources) 

In [1]:
#import libraries
import numpy as np
import pandas as pd
import re
#import json


In [2]:
#let's take a look to the file
#the readlines() return a list of lines
with open('Web_access_log.txt', 'r') as file:
    log = file.readlines()  
log[:5]

['localhost 127.0.0.1 - - [23/Feb/2014:03:10:31 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)" VLOG=-\n',
 'localhost 127.0.0.1 - - [23/Feb/2014:03:10:31 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)" VLOG=-\n',
 'localhost 127.0.0.1 - - [23/Feb/2014:03:10:31 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)" VLOG=-\n',
 'localhost 127.0.0.1 - - [23/Feb/2014:03:10:31 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)" VLOG=-\n',
 'localhost 127.0.0.1 - - [23/Feb/2014:03:10:31 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)" VLOG=-\n']

In [3]:
print(type(log))

<class 'list'>


In [4]:
#break each list in a list of elements splitting by empty space
#we get a list of lists
lst = []
for line in log:
    element = line.split(' ')
    lst.append(element)
print(lst[:5])

[['localhost', '127.0.0.1', '-', '-', '[23/Feb/2014:03:10:31', '+0100]', '"OPTIONS', '*', 'HTTP/1.0"', '200', '-', '"-"', '"Apache', '(internal', 'dummy', 'connection)"', 'VLOG=-\n'], ['localhost', '127.0.0.1', '-', '-', '[23/Feb/2014:03:10:31', '+0100]', '"OPTIONS', '*', 'HTTP/1.0"', '200', '-', '"-"', '"Apache', '(internal', 'dummy', 'connection)"', 'VLOG=-\n'], ['localhost', '127.0.0.1', '-', '-', '[23/Feb/2014:03:10:31', '+0100]', '"OPTIONS', '*', 'HTTP/1.0"', '200', '-', '"-"', '"Apache', '(internal', 'dummy', 'connection)"', 'VLOG=-\n'], ['localhost', '127.0.0.1', '-', '-', '[23/Feb/2014:03:10:31', '+0100]', '"OPTIONS', '*', 'HTTP/1.0"', '200', '-', '"-"', '"Apache', '(internal', 'dummy', 'connection)"', 'VLOG=-\n'], ['localhost', '127.0.0.1', '-', '-', '[23/Feb/2014:03:10:31', '+0100]', '"OPTIONS', '*', 'HTTP/1.0"', '200', '-', '"-"', '"Apache', '(internal', 'dummy', 'connection)"', 'VLOG=-\n']]


In [5]:
#convert the list of lists as a Dataframe
df = pd.DataFrame(lst)
df[100000:100010]

Unnamed: 0,0,1,2,3,4,5,6,7,8,9,...,40,41,42,43,44,45,46,47,48,49
100000,www.akumenius.com,88.14.201.73,-,-,[25/Feb/2014:11:14:09,+0100],"""POST",/raton-search,"HTTP/1.1""",200,...,,,,,,,,,,
100001,www.akumenius.com,88.14.201.73,-,-,[25/Feb/2014:11:14:10,+0100],"""GET",/hotel-list,"HTTP/1.1""",200,...,,,,,,,,,,
100002,localhost,127.0.0.1,-,-,[25/Feb/2014:11:14:10,+0100],"""OPTIONS",*,"HTTP/1.0""",200,...,,,,,,,,,,
100003,www.akumenius.com,88.14.201.73,-,-,[25/Feb/2014:11:14:11,+0100],"""GET",//modules/raton/views/themes/bcoos/images/ajax...,"HTTP/1.1""",200,...,,,,,,,,,,
100004,www.akumenius.com,88.14.201.73,-,-,[25/Feb/2014:11:14:11,+0100],"""GET",/modules/raton/views/themes/bcoos/images/logo_...,"HTTP/1.1""",200,...,,,,,,,,,,
100005,www.akumenius.com,66.249.76.216,-,-,[25/Feb/2014:11:14:12,+0100],"""GET",/destinos-caracteristicas/hoteles-baratos-en-P...,"HTTP/1.1""",200,...,,,,,,,,,,
100006,localhost,127.0.0.1,-,-,[25/Feb/2014:11:14:18,+0100],"""OPTIONS",*,"HTTP/1.0""",200,...,,,,,,,,,,
100007,www.akumenius.com,88.14.201.73,-,-,[25/Feb/2014:11:14:11,+0100],"""POST",/hotel-list-data/,"HTTP/1.1""",200,...,,,,,,,,,,
100008,www.akumenius.com,88.14.201.73,-,-,[25/Feb/2014:11:14:31,+0100],"""GET",/modules/raton/views/themes/bcoos/images/star.png,"HTTP/1.1""",200,...,,,,,,,,,,
100009,www.akumenius.com,88.14.201.73,-,-,[25/Feb/2014:11:14:32,+0100],"""GET",/modules/raton/views/themes/bcoos/images/ficha...,"HTTP/1.1""",200,...,,,,,,,,,,


In [6]:
#from the 12th to the last column, there are nulls
df.isnull().sum()

0          0
1          0
2          0
3          0
4          0
5          0
6          0
7          0
8          0
9          0
10         0
11         0
12        42
13        42
14       677
15      5765
16      7897
17     94000
18     97266
19     97345
20    108417
21    126118
22    136252
23    172945
24    192300
25    193671
26    203914
27    209551
28    221546
29    234742
30    245308
31    248594
32    249779
33    252314
34    253623
35    255492
36    256251
37    257006
38    257984
39    258750
40    259996
41    260138
42    260169
43    260768
44    260768
45    260808
46    260963
47    260963
48    260963
49    260963
dtype: int64

In [7]:
#so, it means that the splitted lists have more empty spaces in some cases that break the lines in many attributes
#we are going to combine the columns from the 12 to the 49, in order to have just 12 columns
cols = np.arange(12,50)
df['resta_linia'] = df[cols].apply(lambda row: ' '.join(row.values.astype(str)), axis=1)

In [8]:
#delete the individual rows we just concat
for n in cols:
    del df[n]

In [9]:
df.head()

Unnamed: 0,0,1,2,3,4,5,6,7,8,9,10,11,resta_linia
0,localhost,127.0.0.1,-,-,[23/Feb/2014:03:10:31,+0100],"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."
1,localhost,127.0.0.1,-,-,[23/Feb/2014:03:10:31,+0100],"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."
2,localhost,127.0.0.1,-,-,[23/Feb/2014:03:10:31,+0100],"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."
3,localhost,127.0.0.1,-,-,[23/Feb/2014:03:10:31,+0100],"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."
4,localhost,127.0.0.1,-,-,[23/Feb/2014:03:10:31,+0100],"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."


In [10]:
#verify if the columns have the correct information
df[0].unique()

array(['localhost', 'www.akumenius.com', 'akumenius.com', 'akumenius.es',
       'test.akumenius.com'], dtype=object)

In [11]:
df[1].value_counts()

66.249.76.216     46382
80.28.221.123     14725
127.0.0.1         13891
217.125.71.222     5201
66.249.75.148      3558
                  ...  
66.249.88.28          1
199.80.54.22          1
66.249.76.226         1
66.249.75.178         1
187.144.53.170        1
Name: 1, Length: 2921, dtype: int64

In [12]:
#because this row is just a '-', we can delete it
df[2].unique()
del df[2]

In [13]:
df[3].value_counts()

-          261833
clarcat        27
Name: 3, dtype: int64

In [14]:
df[4].isnull().sum()

0

In [15]:
#because this row is just a '+0100]', we can delete it
df[5].unique()
del df[5]

In [16]:
df[6].value_counts()

"GET                   229472
"POST                   16668
"OPTIONS                13891
"HEAD                    1787
"-"                        37
"\x80w\x01\x03\x01"         5
Name: 6, dtype: int64

In [17]:
df[9].value_counts()

200    226369
304     25269
404      8630
301       870
206       304
403       194
302       109
502        44
"-"        42
400        21
401         5
500         3
Name: 9, dtype: int64

In [18]:
df[11].unique()

array(['"-"',
       '"http://www.akumenius.com/hoteles-baratos/ofertas-hotel-Playa-Blanca-All-Inclusive-en-Cayo%20Largo_CUBA-62359b.html"',
       '"http://www.akumenius.com/"', ...,
       '"http://www.akumenius.com/booking/152186/t/BARCELO%20DOMINICAN%20BEACH/4"',
       '"http://www.akumenius.com/hotelDetailPopup/49612/b"',
       '"http://www.akumenius.com/destinos-baratos/destinos-caracteristicas/hoteles-baratos-en-Phuket_TAILANDIA-con-Windsurf"'],
      dtype=object)

In [19]:
df['resta_linia'][24:30]

24    "Mozilla/5.0 (compatible; Googlebot/2.1; +http...
25    "Mozilla/5.0 (compatible; Googlebot/2.1; +http...
26    "Mozilla/5.0 (compatible; Googlebot/2.1; +http...
27    "Mozilla/5.0 (compatible; Googlebot/2.1; +http...
28    "Mozilla/5.0 (compatible; Googlebot/2.1; +http...
29    "Mozilla/5.0 (compatible; Googlebot/2.1; +http...
Name: resta_linia, dtype: object

In [20]:
df.tail()

Unnamed: 0,0,1,3,4,6,7,8,9,10,11,resta_linia
261855,www.akumenius.com,5.255.253.53,-,[02/Mar/2014:03:05:39,"""GET",/,"HTTP/1.1""",200,7528,"""-""","""Mozilla/5.0 (compatible; YandexBot/3.0; +http..."
261856,www.akumenius.com,74.86.158.107,-,[02/Mar/2014:03:09:52,"""HEAD",/,"HTTP/1.1""",200,-,"""-""","""Mozilla/5.0+(compatible; UptimeRobot/2.0; htt..."
261857,localhost,127.0.0.1,-,[02/Mar/2014:03:10:18,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."
261858,localhost,127.0.0.1,-,[02/Mar/2014:03:10:18,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."
261859,localhost,127.0.0.1,-,[02/Mar/2014:03:10:18,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."


In [21]:
#rename the good columns
df.rename(columns={0: 'web', 1: 'ip', 4 : 'datetime', 6: 'options', 7:'url', 8:'protocol'}, inplace=True)
df.head()

Unnamed: 0,web,ip,3,datetime,options,url,protocol,9,10,11,resta_linia
0,localhost,127.0.0.1,-,[23/Feb/2014:03:10:31,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."
1,localhost,127.0.0.1,-,[23/Feb/2014:03:10:31,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."
2,localhost,127.0.0.1,-,[23/Feb/2014:03:10:31,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."
3,localhost,127.0.0.1,-,[23/Feb/2014:03:10:31,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."
4,localhost,127.0.0.1,-,[23/Feb/2014:03:10:31,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n ..."


In [22]:
# re.finditer("([\w+\.*\w+\.*\w+\S]) ([\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}]) ([- \w.+]) ([\[.+\]]) ([.+])", log.linia[0]):
#log['web'] = log['linia'].str.split(r'(\w+\.*\w+\.*\w+\S)', expand=True)
#log['linia'].str.split(r'(\w+\.*\w+\.*\w+\S) (\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}) (- \w.+) (\[.+\]) (.+)', expand=True)


In [23]:
#to see the hole string un the column, there is the pd.options.display.max_colwith
pd.options.display.max_colwidth = 200
df['resta_linia'][100000:100020]

100000    "Mozilla/5.0 (Linux; U; Android 2.3.7; es-es; SonyEricssonST25i Build/6.0.B.3.184) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" VLOG=-\n None None None None None None Non...
100001    "Mozilla/5.0 (Linux; U; Android 2.3.7; es-es; SonyEricssonST25i Build/6.0.B.3.184) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" VLOG=-\n None None None None None None Non...
100002    "Apache (internal dummy connection)" VLOG=-\n None None None None None None None None None None None None None None None None None None None None None None None None None None None None None None ...
100003    "Mozilla/5.0 (Linux; U; Android 2.3.7; es-es; SonyEricssonST25i Build/6.0.B.3.184) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" VLOG=-\n None None None None None None Non...
100004    "Mozilla/5.0 (Linux; U; Android 2.3.7; es-es; SonyEricssonST25i Build/6.0.B.3.184) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533

_______________________________

## NIVELL 2 - EXERCICI 2

Neteja, preprocesa, estructura i transforma (dataframe) les dades del registre d'Accés a la web. 

En aquest exercici, netejarem el Dataframe anterior, sobretot les columnes datetime, i la 'resta_linia'. També eliminarem alguna altra columna que no conté informació rellevant.

In [24]:
#delete the column 3, as we did with the column 2 and 5 before.
del df[3]

In [25]:
#create new columns for day, month, year
import datetime as dt
import time as tm

df['datetime'].head()

0    [23/Feb/2014:03:10:31
1    [23/Feb/2014:03:10:31
2    [23/Feb/2014:03:10:31
3    [23/Feb/2014:03:10:31
4    [23/Feb/2014:03:10:31
Name: datetime, dtype: object

In [26]:
#delete the square bracket in the beginning
#https://pandas.pydata.org/docs/reference/api/pandas.Series.apply.html
df['datetime'] = df['datetime'].apply(lambda row : row.replace('[',''))

In [27]:
#split the date by the first ':' -->split(':', 1) and keep only the first part [0]
df['date'] = df['datetime'].apply(lambda row : row.split(':', 1)[0])
#df['date']

In [29]:
df['time'] = df['datetime'].apply(lambda row : row.split(':', 1)[1])
#df['time']

In [32]:
del df['datetime']

In [33]:
#rearrange columns
cols = df.columns.tolist()
cols

['web',
 'ip',
 'options',
 'url',
 'protocol',
 9,
 10,
 11,
 'resta_linia',
 'date',
 'time']

In [35]:
df = df[['web','ip', 'date','time', 'options', 'url', 'protocol', 9, 10, 11, 'resta_linia']]
df.head()

Unnamed: 0,web,ip,date,time,options,url,protocol,9,10,11,resta_linia
0,localhost,127.0.0.1,23/Feb/2014,03:10:31,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n None None None None None None None None None None None None None None None None None None None None None None None None None None None None None None ..."
1,localhost,127.0.0.1,23/Feb/2014,03:10:31,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n None None None None None None None None None None None None None None None None None None None None None None None None None None None None None None ..."
2,localhost,127.0.0.1,23/Feb/2014,03:10:31,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n None None None None None None None None None None None None None None None None None None None None None None None None None None None None None None ..."
3,localhost,127.0.0.1,23/Feb/2014,03:10:31,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n None None None None None None None None None None None None None None None None None None None None None None None None None None None None None None ..."
4,localhost,127.0.0.1,23/Feb/2014,03:10:31,"""OPTIONS",*,"HTTP/1.0""",200,-,"""-""","""Apache (internal dummy connection)"" VLOG=-\n None None None None None None None None None None None None None None None None None None None None None None None None None None None None None None ..."


In [37]:
df['resta_linia'] = df['resta_linia'].apply(lambda row : row.replace('None',''))
df['resta_linia'] = df['resta_linia'].apply(lambda row : row.replace('\n   ',''))
df['resta_linia']

0                                              "Apache (internal dummy connection)" VLOG=-                              
1                                              "Apache (internal dummy connection)" VLOG=-                              
2                                              "Apache (internal dummy connection)" VLOG=-                              
3                                              "Apache (internal dummy connection)" VLOG=-                              
4                                              "Apache (internal dummy connection)" VLOG=-                              
                                                               ...                                                      
261855           "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)" VLOG=-                              
261856    "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)" VLOG=-                               
261857                          

In [38]:
pd.to_datetime(df['date'])

0        2014-02-23
1        2014-02-23
2        2014-02-23
3        2014-02-23
4        2014-02-23
            ...    
261855   2014-03-02
261856   2014-03-02
261857   2014-03-02
261858   2014-03-02
261859   2014-03-02
Name: date, Length: 261860, dtype: datetime64[ns]

0        2021-11-02 03:10:31
1        2021-11-02 03:10:31
2        2021-11-02 03:10:31
3        2021-11-02 03:10:31
4        2021-11-02 03:10:31
                 ...        
261855   2021-11-02 03:05:39
261856   2021-11-02 03:09:52
261857   2021-11-02 03:10:18
261858   2021-11-02 03:10:18
261859   2021-11-02 03:10:18
Name: time, Length: 261860, dtype: datetime64[ns]

__________________________

## NIVELL 2 - EXERCICI 3

Geolocalitza les IP's.

______________________________

## NIVELL 3 - EXERCICI 3

Mostra'm la teva creativitat, Sorprèn-me fes un pas més enllà amb l'anàlisi anterior.

In [41]:
df['ddmmyy']=pd.to_datetime(df['date'])

In [43]:
#x.strftime("%A") --> to get the day of week

AttributeError: 'Series' object has no attribute 'year'