ober/anonymous-gist.lisp

## anonymous-gist.lisp

(defun parse-ct-contents (x)
  (let* ((records (cdr (elt (read-json-gzip-file x) 0)))
	 (record-size (length records)))
    (dolist (x records)
      (let* ((event-time (cdr-assoc :EVENT-TIME x))
	     (user-identity (cdr-assoc :USER-IDENTITY x))
	     (user-name (cdr-assoc :USER-NAME user-identity))
	     (user-key (cdr-assoc :ACCESS-KEY-ID user-identity))
	     ;;(user-identity (cdr-assoc :ACCESS-KEY-ID (cdr-assoc :USER-IDENTITY x)))
	     (event-name (cdr-assoc :EVENT-NAME x))
	     (etime5 (get-internal-real-time))
	     (user-agent (cdr-assoc :USER-AGENT x))
	     (ip (cdr-assoc :SOURCE-+IP+-ADDRESS x))
	     (hostname (get-hostname-by-ip ip)))
	(normalize-insert nil event-time user-name user-key event-name user-agent (or hostname ip))))))

	(defun parse-ct-contents (x)
	(let* ((records (cdr (elt (read-json-gzip-file x) 0)))
	(record-size (length records)))
	(dolist (x records)
	(let* ((event-time (cdr-assoc :EVENT-TIME x))
	(user-identity (cdr-assoc :USER-IDENTITY x))
	(user-name (cdr-assoc :USER-NAME user-identity))
	(user-key (cdr-assoc :ACCESS-KEY-ID user-identity))
	;;(user-identity (cdr-assoc :ACCESS-KEY-ID (cdr-assoc :USER-IDENTITY x)))
	(event-name (cdr-assoc :EVENT-NAME x))
	(etime5 (get-internal-real-time))
	(user-agent (cdr-assoc :USER-AGENT x))
	(ip (cdr-assoc :SOURCE-+IP+-ADDRESS x))
	(hostname (get-hostname-by-ip ip)))
	(normalize-insert nil event-time user-name user-key event-name user-agent (or hostname ip))))))