Update queries for parsing raw logs

Signed-off-by: Simeon Widdis <sawiddis@amazon.com>
opensearch-project · Oct 27, 2023 · 0c266a6 · 0c266a6
1 parent 1f28a3c
commit 0c266a6
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 43 deletions.
diff --git a/server/adaptors/integrations/__data__/repository/aws_elb/assets/create_mv-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_elb/assets/create_mv-1.0.0.sql
@@ -1,38 +1,38 @@
 CREATE MATERIALIZED VIEW
  {table_name}_mview AS
  SELECT
- type as `aws.elb.elb_type`,
- time as `@timestamp`,
- elb as `aws.elb.elb_name`,
- client_ip as `aws.elb.client.ip`,
- client_port as `aws.elb.client.port`,
- target_ip as `aws.elb.target_ip`,
- target_port as `aws.elb.target_port`,
- request_processing_time as `aws.elb.request_processing_time`,
- target_processing_time as `aws.elb.target_processing_time`,
- response_processing_time as `aws.elb.response_processing_time`,
- elb_status_code as `aws.elb.elb_status_code`,
- target_status_code as `aws.elb.target_status_code`,
- received_bytes as `aws.elb.received_bytes`,
- sent_bytes as `aws.elb.sent_bytes`,
- request_verb as `http.request.method`,
- request_url as `url.full`,
- request_proto as `url.schema`,
- user_agent as `http.user_agent.name`,
- ssl_cipher as `aws.elb.ssl_cipher`,
- ssl_protocol as `aws.elb.ssl_protocol`,
- target_group_arn as `aws.elb.target_group_arn`,
- trace_id as `traceId`,
- domain_name as `url.domain`,
- chosen_cert_arn as `aws.elb.chosen_cert_arn`,
- matched_rule_priority as `aws.elb.matched_rule_priority`,
- request_creation_time as `aws.elb.request_creation_time`,
- actions_executed as `aws.elb.actions_executed`,
- redirect_url as `aws.elb.redirect_url`,
- lambda_error_reason as `aws.elb.lambda_error_reason`,
- target_port_list as `aws.elb.target_port_list`,
- target_status_code_list as `aws.elb.target_status_code_list`,
- classification as `aws.elb.classification`,
- classification_reason as `aws.elb.classification_reason`
+  type as `aws.elb.elb_type`,
+  time as `@timestamp`,
+  elb as `aws.elb.elb_name`,
+  split_part(client_ip, ':', 1) as `aws.elb.client.ip`,
+  split_part(client_ip, ':', 2) as `aws.elb.client.port`,
+  split_part(target_ip, ':', 1) as `aws.elb.target.ip`,
+  split_part(target_ip, ':', 2) as `aws.elb.target.port`,
+  request_processing_time as `aws.elb.request_processing_time`,
+  target_processing_time as `aws.elb.target_processing_time`,
+  response_processing_time as `aws.elb.response_processing_time`,
+  elb_status_code as `aws.elb.elb_status_code`,
+  target_status_code as `aws.elb.target_status_code`,
+  received_bytes as `aws.elb.received_bytes`,
+  sent_bytes as `aws.elb.sent_bytes`,
+  split_part(request, ' ', 1) as `http.request.method`,
+  split_part(request, ' ', 2) as `url.full`,
+  split_part(request, ' ', 3) as `url.schema`,
+  user_agent as `http.user_agent.name`,
+  ssl_cipher as `aws.elb.ssl_cipher`,
+  ssl_protocol as `aws.elb.ssl_protocol`,
+  target_group_arn as `aws.elb.target_group_arn`,
+  trace_id as `traceId`,
+  domain_name as `url.domain`,
+  chosen_cert_arn as `aws.elb.chosen_cert_arn`,
+  matched_rule_priority as `aws.elb.matched_rule_priority`,
+  request_creation_time as `aws.elb.request_creation_time`,
+  actions_executed as `aws.elb.actions_executed`,
+  redirect_url as `aws.elb.redirect_url`,
+  lambda_error_reason as `aws.elb.lambda_error_reason`,
+  target_port_list as `aws.elb.target_port_list`,
+  target_status_code_list as `aws.elb.target_status_code_list`,
+  classification as `aws.elb.classification`,
+  classification_reason as `aws.elb.classification_reason`
  FROM
- {table_name};
+  {table_name};
diff --git a/server/adaptors/integrations/__data__/repository/aws_elb/assets/create_table-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_elb/assets/create_table-1.0.0.sql
@@ -3,19 +3,15 @@ CREATE EXTERNAL TABLE IF NOT EXISTS {table_name} (
  time timestamp,
  elb string,
  client_ip string,
- client_port bigint,
  target_ip string,
- target_port bigint,
  request_processing_time double,
  target_processing_time double,
  response_processing_time double,
- elb_status_code bigint,
+ elb_status_code int,
  target_status_code string,
  received_bytes bigint,
  sent_bytes bigint,
- request_verb string,
- request_url string,
- request_proto string,
+ request string,
  user_agent string,
  ssl_cipher string,
  ssl_protocol string,
@@ -24,7 +20,7 @@ CREATE EXTERNAL TABLE IF NOT EXISTS {table_name} (
  domain_name string,
  chosen_cert_arn string,
  matched_rule_priority string,
- request_creation_time string,
+ request_creation_time timestamp,
  actions_executed string,
  redirect_url string,
  lambda_error_reason string,
@@ -33,5 +29,8 @@ CREATE EXTERNAL TABLE IF NOT EXISTS {table_name} (
  classification string,
  classification_reason string
 )
-USING parquet
-LOCATION '{s3_bucket_location}';
+USING csv
+LOCATION '{s3_bucket_location}'
+OPTIONS (
+ sep=' '
+);