import re
from pyspark import SparkContext

# 初始化 SparkContext
sc = SparkContext.getOrCreate()

# 日志匹配的正则表达式
LOG_PATTERN = re.compile(
    r'^(\S+) (\S+) (\S+) \[([\w:/]+\s[+-]\d{4})\] "(\S+) (\S+)\s*(\S*)\s?" (\d{3}) (\S+)'
)

# 解析日志的函数
def parse_log_line(line):
    match = LOG_PATTERN.match(line)
    if not match:
        return None

    content_size_str = match.group(9)
    content_size = int(content_size_str) if content_size_str.isdigit() else 0

    return {
        'ip': match.group(1),
        'user_identity': match.group(2),
        'user_id': match.group(3),
        'timestamp': match.group(4),
        'method': match.group(5),
        'endpoint': match.group(6),
        'protocol': match.group(7),
        'status_code': int(match.group(8)),
        'content_size': content_size
    }

if __name__ == "__main__":
    # 加载日志文件
    logFile = "hdfs://master:9000/user/root/apache.access.log.PROJECT"
    raw_logs = sc.textFile(logFile)

    # 解析并过滤有效日志
    access_logs = raw_logs.map(parse_log_line).filter(lambda x: x is not None).cache()

    # 提取状态码为 404 的日志
    error_404_logs = access_logs.filter(lambda log: log['status_code'] == 404).cache()

    # 计算触发 404 错误最多的端点
    top_20_404_endpoints = (
        error_404_logs
        .map(lambda log: (log['endpoint'], 1))
        .reduceByKey(lambda a, b: a + b)
        .takeOrdered(20, key=lambda x: -x[1])
    )

    # 输出结果
    print("前 20 个触发 404 错误最多的端点：")
    for i, (endpoint, count) in enumerate(top_20_404_endpoints):
        print("{}: {} => {} 次 404 错误".format(i + 1, endpoint, count))

    # 停止 Spark
    sc.stop()