log-filter.py

from collections import Counter

# Multi-line string of Apache logs - we want to extract and list top 3 IP's
log_data = """192.168.1.10 - - [10/Oct/2023:13:55:36 +0000] "GET /api/users HTTP/1.1" 200 2326
10.0.0.15 - - [10/Oct/2023:13:55:37 +0000] "POST /login HTTP/1.1" 200 532
192.168.1.10 - - [10/Oct/2023:13:55:38 +0000] "GET /dashboard HTTP/1.1" 200 4521
203.0.113.45 - - [10/Oct/2023:13:55:39 +0000] "GET /api/data HTTP/1.1" 404 196
10.0.0.15 - - [10/Oct/2023:13:55:40 +0000] "GET /profile HTTP/1.1" 200 1024
198.51.100.22 - - [10/Oct/2023:13:55:41 +0000] "GET / HTTP/1.1" 200 3045
192.168.1.10 - - [10/Oct/2023:13:55:42 +0000] "POST /api/submit HTTP/1.1" 500 0
203.0.113.45 - - [10/Oct/2023:13:55:43 +0000] "GET /static/css/main.css HTTP/1.1" 200 1543
198.51.100.22 - - [10/Oct/2023:13:55:44 +0000] "GET /about HTTP/1.1" 200 2187
10.0.0.15 - - [10/Oct/2023:13:55:45 +0000] "GET /logout HTTP/1.1" 302 0
192.168.1.10 - - [10/Oct/2023:13:55:46 +0000] "GET /api/status HTTP/1.1" 200 89
203.0.113.45 - - [10/Oct/2023:13:55:47 +0000] "POST /contact HTTP/1.1" 200 156
198.51.100.22 - - [10/Oct/2023:13:55:48 +0000] "GET /services HTTP/1.1" 200 2934
172.16.0.8 - - [10/Oct/2023:13:55:49 +0000] "GET /admin HTTP/1.1" 403 142
172.16.0.8 - - [10/Oct/2023:13:55:50 +0000] "GET /admin/login HTTP/1.1" 200 876"""

#Convert to a list [] with each line being comma seperated
lines = log_data.split('\n')
#print(lines)

# Iterate over the list (box of envelopes), split out each item (open the envelope) and slice out the first element from each
ips = []
for line in lines:
    ip = line.split()[0]
    ips.append(ip)

#print(ips)

# A set doesn't contain any duplicate items, however this doesn't quite help us
new_set = set(ips)
#print(new_set)

# This produces a dictionary with the IP and count for each unique IP
ip_counts = Counter(ips)
print(ip_counts)
top_3 = ip_counts.most_common(4)

print("Top 3 IP addresses:")
for ip, count in top_3:
    print(f"{ip} - {count} requests")