@@ -111,3 +111,43 @@ def find_ips(data_str):
111111 ipv4s = set (re .findall (r'\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b' , data_str ))
112112 return ipv4s
113113
114+ def get_pivots (data_obj , name , return_data = None , count = 0 , pivot_threshold = 500 ):
115+ """
116+ Does a deep dive through a data object to check count vs pivot threshold.
117+ Args:
118+ data_obj: Either a list or dict that needs to check pivot count
119+ name: pivot category name
120+ return_data: Holds data to return once we reach the end of the data_obj
121+ count: Lets us track to know when we are finished with the data_obj
122+ pivot_threshold: Threshold to include as a pivot.
123+ """
124+ if return_data is None :
125+ return_data = []
126+ count += 1
127+ if isinstance (data_obj , dict ) and len (data_obj ):
128+ temp_name = name
129+ for k , v in data_obj .items ():
130+ if isinstance (data_obj [k ], (dict , list )):
131+ name = "{}_{}" .format (name , k )
132+ temp_data = get_pivots (
133+ data_obj [k ], name , return_data , count , pivot_threshold
134+ )
135+ if temp_data :
136+ return_data .append ([name [1 :].upper ().replace ("_" , " " ), temp_data ])
137+ name = temp_name
138+ if "count" in data_obj and (1 < data_obj ["count" ] < pivot_threshold ):
139+ return data_obj ["value" ], data_obj ["count" ]
140+ elif isinstance (data_obj , list ) and len (data_obj ):
141+ for index , item in enumerate (data_obj ):
142+ temp_data = get_pivots (item , name , return_data , count , pivot_threshold )
143+ if temp_data :
144+ if isinstance (temp_data , list ):
145+ for x in temp_data :
146+ return_data .append (x )
147+ elif isinstance (temp_data , tuple ):
148+ return_data .append ([name [1 :].upper ().replace ("_" , " " ), temp_data ])
149+ count -= 1
150+ if count :
151+ return
152+ else :
153+ return return_data
0 commit comments