update assets name & content

Signed-off-by: YANGDB <yang.db.dev@gmail.com>

integrations/observability/aws_elb/assets/tables/create_mv_elb-1.0.0.sql

@@ -0,0 +1,41 @@
+CREATE MATERIALIZED VIEW {table_name}_mview AS
+SELECT
+ type as `aws.elb.elb_type`,
+ time as `@timestamp`,
+ elb as `aws.elb.elb_name`,
+ split_part (client_ip, ':', 1) as `communication.source.ip`,
+ split_part (client_ip, ':', 2) as `communication.source.port`,
+ split_part (target_ip, ':', 1) as `communication.destination.ip`,
+ split_part (target_ip, ':', 2) as `communication.destination.port`,
+ request_processing_time as `aws.elb.request_processing_time`,
+ target_processing_time as `aws.elb.target_processing_time`,
+ response_processing_time as `aws.elb.response_processing_time`,
+ elb_status_code as `http.response.status_code`,
+ target_status_code as `aws.elb.target_status_code`,
+ received_bytes as `aws.elb.received_bytes`,
+ sent_bytes as `aws.elb.sent_bytes`,
+ split_part (request, ' ', 1) as `http.request.method`,
+ split_part (request, ' ', 2) as `url.full`,
+ parse_url (split_part (request, ' ', 2), 'HOST') as `url.domain`,
+ parse_url (split_part (request, ' ', 2), 'PATH') as `url.path`,
+ split_part (request, ' ', 3) as `url.schema`,
+ request AS `http.request.body.content`,
+ user_agent as `http.user_agent.original`,
+ user_agent as `http.user_agent.name`,
+ ssl_cipher as `aws.elb.ssl_cipher`,
+ ssl_protocol as `aws.elb.ssl_protocol`,
+ split_part (target_group_arn, ':', 4) as `cloud.region`,
+ split_part (target_group_arn, ':', 5) as `cloud.account.id`,
+ trace_id as `traceId`,
+ chosen_cert_arn as `aws.elb.chosen_cert_arn`,
+ matched_rule_priority as `aws.elb.matched_rule_priority`,
+ request_creation_time as `aws.elb.request_creation_time`,
+ actions_executed as `aws.elb.actions_executed`,
+ redirect_url as `aws.elb.redirect_url`,
+ lambda_error_reason as `aws.elb.lambda_error_reason`,
+ target_port_list as `aws.elb.target_port_list`,
+ target_status_code_list as `aws.elb.target_status_code_list`,
+ classification as `aws.elb.classification`,
+ classification_reason as `aws.elb.classification_reason`
+FROM
+ {table_name};

integrations/observability/aws_elb/assets/tables/create_table_elb-1.0.0.sql

@@ -0,0 +1,36 @@
+CREATE EXTERNAL TABLE IF NOT EXISTS {table_name} (
+ type string,
+ time timestamp,
+ elb string,
+ client_ip string,
+ target_ip string,
+ request_processing_time double,
+ target_processing_time double,
+ response_processing_time double,
+ elb_status_code int,
+ target_status_code string,
+ received_bytes bigint,
+ sent_bytes bigint,
+ request string,
+ user_agent string,
+ ssl_cipher string,
+ ssl_protocol string,
+ target_group_arn string,
+ trace_id string,
+ domain_name string,
+ chosen_cert_arn string,
+ matched_rule_priority string,
+ request_creation_time timestamp,
+ actions_executed string,
+ redirect_url string,
+ lambda_error_reason string,
+ target_port_list string,
+ target_status_code_list string,
+ classification string,
+ classification_reason string
+)
+USING csv
+LOCATION '{s3_bucket_location}'
+OPTIONS (
+ sep=' '
+);

integrations/observability/aws_elb/assets/tables/refresh_mv_elb-1.0.0.sql

@@ -0,0 +1 @@
+REFRESH MATERIALIZED VIEW {table_name}_mview;

integrations/observability/aws_elb/aws_elb-1.0.0.json

@@ -5,17 +5,7 @@
  "description": "AWS Elastic Load Balancer collector",
  "license": "Apache-2.0",
  "type": "logs",
- "type-alias": "logs-elb",
- "labels": [
- "log",
- "aws",
- "communication",
- "http",
- "cloud",
- "elb",
- "url",
- "s3-datasource"
- ],
+ "labels": ["Observability", "Logs", "AWS", "Flint S3", "Cloud"],
  "author": "OpenSearch",
  "sourceUrl": "https://github.com/opensearch-project/dashboards-observability/tree/main/server/adaptors/integrations/__data__/repository/aws_elb/info",
  "statics": {
@@ -59,12 +49,19 @@
  "assets": {
  "tables": [
  {
- "name": "aws_elb_s3_table",
- "version": "1.0.0"
+ "name": "create_table_elb",
+ "version": "1.0.0",
+ "language": "sql"
+ },
+ {
+ "name": "create_mv_elb",
+ "version": "1.0.0",
+ "language": "sql"
  },
  {
- "name": "aws_elb_s3_mv_index",
- "version": "1.0.0"
+ "name": "refresh_mv_elb",
+ "version": "1.0.0",
+ "language": "sql"
  }
  ],
  "savedObjects": {
@@ -75,4 +72,4 @@
  "sampleData": {
  "path": "sample.json"
  }
-}
+}

integrations/observability/aws_elb/info/ELB_S3_DS_Intgration.md

@@ -11,7 +11,7 @@ This is a brief overview of a sample ingestion flow for the AWS ELB integration
 ## S3 Table Definition
 Using S3 datasource as the raw data for this integration requires the following assets to be present:
 
- - S3-ELB [Table definition](../assets/tables/aws_elb_s3_table-1.0.0.sql) this table definition is used by the Spark/EMR catalog
+ - S3-ELB [Table definition](../assets/tables/create_table_elb-1.0.0.sql) this table definition is used by the Spark/EMR catalog
  - S3-ELB [Acceleration table refresh command](../assets/tables/aws_elb_s3_refresh_covering_index-1.0.0.sql) this command will initiate the flint job processing that
  will populate the secondary index according to the specified fields in the mapping metadata section.
  - S3 [opensearch acceleration index template definition ](../assets/indices/aws_elb_covering_index-1.0.0.mapping)
@@ -62,7 +62,7 @@ The next section describes the integration responsibilities for creating the req
 
 Assuming all the prerequisites mentioned above are resolved, the first step would be to create the ELB logical table on the catalog ([Glue](https://aws.amazon.com/glue/)/[Hive](https://hive.apache.org/)) 
 
-- [The ELB table definition](../assets/tables/aws_elb_s3_table-1.0.0.sql) this table definition is used by the Spark/EMR catalog)
+- [The ELB table definition](../assets/tables/create_table_elb-1.0.0.sql) this table definition is used by the Spark/EMR catalog)
 Once the table is created the next phase will be to generate the index template for the ELB log based on the simple schema for Observability index standard.
 
 This index template will be augmented with the [covering index component template](../assets/indices/aws_elb_covering_index-1.0.0.mapping) (In addition to the other component templates)