Mailing-List: contact user-help@hive.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@hive.apache.org
MIME-Version: 1.0
In-Reply-To: <CY4PR06MB291970FB7A54CC93382C1D2AAFF70@CY4PR06MB2919.namprd06.prod.outlook.com>
References: <CALecy4vTfoVOAfJLwRGj3e1qUenc=Hw_e-w+6OB_tcZC59f-XQ@mail.gmail.com>
 <CA+JTEPP4tV5V9n41x0Fs7Pr4bD_MtBV7JwuDNRMs2ciTR+XFYw@mail.gmail.com>
 <CALecy4upiSaVBDMKvLDZWKu6maUE36nJoBnCWr-n1cLaEBu6Bg@mail.gmail.com>
 <CA+JTEPMaogBin-eWEXcT+nDhEL6mOQXTQK0pfj2OaT4JL=ygVA@mail.gmail.com>
 <CALecy4tL1xdp2iTmxWtmjk44ssVY3J8is2S7+ooj=nT330STHA@mail.gmail.com>
 <CALecy4vVtQ-Ke2A+=WNe61QtyWmW8T343e_y5cvehtWd7250GA@mail.gmail.com>
 <CY4PR06MB29197005EC8A83F47DC90F82AFF70@CY4PR06MB2919.namprd06.prod.outlook.com>
 <CY4PR06MB291970FB7A54CC93382C1D2AAFF70@CY4PR06MB2919.namprd06.prod.outlook.com>
From: Manish Rangari <linuxtricksfordevops@gmail.com>
Date: Wed, 21 Sep 2016 10:27:57 +0530
Message-ID: <CALecy4upgTzCun8J+5PLWLA4mQtekowzxnpqF_DqXh8+EM3RVA@mail.gmail.com>
Subject: Re: ELB Log processing
To: user@hive.apache.org
Content-Type: multipart/alternative; boundary=001a113ddb5c901afc053cfd639a
archived-at: Wed, 21 Sep 2016 04:58:11 -0000

--001a113ddb5c901afc053cfd639a
Content-Type: text/plain; charset=UTF-8

Thanks Dudu, both the queries worked like a charm. I personally liked
second query as it is quite easy to remember.

--Manish

On Tue, Sep 20, 2016 at 8:41 PM, Markovitz, Dudu <dmarkovitz@paypal.com>
wrote:

> Or
>
>
>
> create view elb_raw_log_detailed
>
> as
>
> select request_date, elbname, requestip, requestport, backendip,
> backendport, requestprocessingtime, backendprocessingtime,
> clientresponsetime, elbresponsecode, backendresponsecode, receivedbytes,
> sentbytes, requestverb, url, parse_url(url, 'QUERY','aid') as aid,
> parse_url(url, 'QUERY','tid') as tid, parse_url(url, 'QUERY','eid') as eid,
> parse_url(url, 'QUERY','did') as did, protocol, useragent, ssl_cipher,
> ssl_protocol
>
> from elblog;
>
>
>
> Dudu
>
>
>
> *From:* Markovitz, Dudu [mailto:dmarkovitz@paypal.com]
> *Sent:* Tuesday, September 20, 2016 6:06 PM
> *To:* user@hive.apache.org
> *Subject:* RE: ELB Log processing
>
>
>
> create view elb_raw_log_detailed
>
> as
>
> select request_date, elbname, requestip, requestport, backendip,
> backendport, requestprocessingtime, backendprocessingtime,
> clientresponsetime, elbresponsecode, backendresponsecode, receivedbytes,
> sentbytes, requestverb, url, u.aid, u.tid, u.eid,u.did, protocol,
> useragent, ssl_cipher, ssl_protocol
>
> from elblog
>
> LATERAL VIEW parse_url_tuple(url,'QUERY:eid','QUERY:tid','QUERY:aid','QUERY:did')
> u as eid,tid,aid,did
>
> ;
>
>
>
> Dudu
>
>
>
> *From:* Manish Rangari [mailto:linuxtricksfordevops@gmail.com
> <linuxtricksfordevops@gmail.com>]
> *Sent:* Tuesday, September 20, 2016 4:09 PM
> *To:* user@hive.apache.org
> *Subject:* Re: ELB Log processing
>
>
>
> Guys,
>
>
>
> I am struggling to create this view. I am keep getting the error in bold.
> I found that I need to use lateral view but still I am not able to get the
> syntax right.
>
>
>
> hive> create view elb_raw_log_detailed as select request_date, elbname,
> requestip, requestport, backendip, backendport, requestprocessingtime,
> backendprocessingtime, clientresponsetime, elbresponsecode,
> backendresponsecode, receivedbytes, sentbytes, requestverb, url,
> parse_url_tuple(url, 'QUERY:aid') as aid, parse_url_tuple(url, 'QUERY:tid')
> as tid, parse_url_tuple(url, 'QUERY:eid') as eid, parse_url_tuple(url,
> 'QUERY:did') as did, protocol, useragent, ssl_cipher, ssl_protocol from
> elblogz;
>
>
>
> *FAILED: SemanticException [Error 10081]: UDTF's are not supported outside
> the SELECT clause, nor nested in expressions*
>
>
>
> On Tue, Sep 20, 2016 at 3:56 PM, Manish Rangari <
> linuxtricksfordevops@gmail.com> wrote:
>
> Yes views looks like a way to go
>
>
>
> On Tue, Sep 20, 2016 at 3:49 PM, Damien Carol <damien.carol@gmail.com>
> wrote:
>
> The royal way to do that is a view IMHO.
>
>
>
> 2016-09-20 12:14 GMT+02:00 Manish Rangari <linuxtricksfordevops@gmail.com
> >:
>
> Thanks for the reply Damien. The suggestion you gave is really useful.
> Currently I am achieving my desired output by performing below steps. But I
> want to achieve the desired result in one step instead of two. Do we have
> any way so that I can get the aid, did etc in create table statement? If
> not I will have to look for the option that you mentioned
>
>
>
> 1.
>
> CREATE TABLE elblog (
>
> Request_date STRING,
>
>       ELBName STRING,
>
>       RequestIP STRING,
>
>       RequestPort INT,
>
>       BackendIP STRING,
>
>       BackendPort INT,
>
>       RequestProcessingTime DOUBLE,
>
>       BackendProcessingTime DOUBLE,
>
>       ClientResponseTime DOUBLE,
>
>       ELBResponseCode STRING,
>
>       BackendResponseCode STRING,
>
>       ReceivedBytes BIGINT,
>
>       SentBytes BIGINT,
>
>       RequestVerb STRING,
>
>       URL STRING,
>
>       Protocol STRING,
>
> Useragent STRING,
>
> ssl_cipher STRING,
>
> ssl_protocol STRING
>
> )
>
> ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.RegexSerDe'
>
> WITH SERDEPROPERTIES (
>
>           "input.regex" = "([^ ]*) ([^ ]*) ([^ ]*):([0-9]*) ([^
> ]*):([0-9]*) ([.0-9]*) ([.0-9]*) ([.0-9]*) (-|[0-9]*) (-|[0-9]*) ([-0-9]*)
> ([-0-9]*) \"([^ ]*) ([^ ]*) (- |[^ ]*)\" \"(.*)\" (.*) (.*)$"
>
> )
>
> STORED AS TEXTFILE;
>
>
>
> 2.
>
> create table elb_raw_log as select request_date, elbname, requestip,
> requestport, backendip, backendport, requestprocessingtime,
> backendprocessingtime, clientresponsetime, elbresponsecode,
> backendresponsecode, receivedbytes, sentbytes, requestverb, url,
> regexp_extract(url, '.*aid=([a-zA-Z0-9]+).*', 1) as aid,
> regexp_extract(url, '.*tid=([a-zA-Z0-9]+).*', 1) as tid,
> regexp_extract(url, '.*eid=([a-zA-Z0-9]+).*', 1) as eid,
> regexp_extract(url, '.*did=([a-zA-Z0-9]+).*', 1) as did, protocol,
> useragent, ssl_cipher, ssl_protocol from elblog;
>
>
>
> On Tue, Sep 20, 2016 at 3:12 PM, Damien Carol <damien.carol@gmail.com>
> wrote:
>
> see the udf *parse_url_tuple*
>
> SELECT b.*
>
> FROM src LATERAL VIEW parse_url_tuple(fullurl, 'HOST', 'PATH', 'QUERY',
> 'QUERY:id') b as host, path, query, query_id LIMIT 1;
>
>
>
> https://cwiki.apache.org/confluence/display/Hive/LanguageManual+UDF#
> LanguageManualUDF-parse_url_tuple
>
>
>
> 2016-09-20 11:22 GMT+02:00 Manish Rangari <linuxtricksfordevops@gmail.com
> >:
>
> Guys,
>
>
>
> I want to get the field of elb logs. A sample elb log is given below and I
> am using below create table definition. It is working fine. I am getting
> what I wanted but now I want the bold part as well. For example eid, tid,
> aid. Can anyone help me how can I match them as well.
>
>
>
> NOTE: The position of aid, eid, tid is not fixed and it may change.
>
>
>
> 2016-09-16T06:55:19.056871Z testelb 2.1.7.2:52399 192.168.1.5:80 0.000021
> 0.000596 0.00002 200 200 0 43 "GET https://site1.example.com:443/peek?
> *eid=aw123&tid=fskc235n&aid=2ADSFGSDG* HTTP/1.1" "Mozilla/5.0 (Windows NT
> 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85
> Safari/537.36" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
>
>
>
>
>
> CREATE TABLE elblog (
>
> Request_date STRING,
>
>       ELBName STRING,
>
>       RequestIP STRING,
>
>       RequestPort INT,
>
>       BackendIP STRING,
>
>       BackendPort INT,
>
>       RequestProcessingTime DOUBLE,
>
>       BackendProcessingTime DOUBLE,
>
>       ClientResponseTime DOUBLE,
>
>       ELBResponseCode STRING,
>
>       BackendResponseCode STRING,
>
>       ReceivedBytes BIGINT,
>
>       SentBytes BIGINT,
>
>       RequestVerb STRING,
>
>       URL STRING,
>
>       Protocol STRING,
>
> Useragent STRING,
>
> ssl_cipher STRING,
>
> ssl_protocol STRING
>
> )
>
> ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.RegexSerDe'
>
> WITH SERDEPROPERTIES (
>
>           "input.regex" = "([^ ]*) ([^ ]*) ([^ ]*):([0-9]*) ([^
> ]*):([0-9]*) ([.0-9]*) ([.0-9]*) ([.0-9]*) (-|[0-9]*) (-|[0-9]*) ([-0-9]*)
> ([-0-9]*) \"([^ ]*) ([^ ]*) (- |[^ ]*)\" \"(.*)\" (.*) (.*)$"
>
> )
>
> STORED AS TEXTFILE;
>
>
>
>
>
>
>
>
>
>
>

--001a113ddb5c901afc053cfd639a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Thanks Dudu, both the queries worked like a charm. I perso=
nally liked second query as it is quite easy to remember.<div><br></div><di=
v>--Manish=C2=A0</div></div><div class=3D"gmail_extra"><br><div class=3D"gm=
ail_quote">On Tue, Sep 20, 2016 at 8:41 PM, Markovitz, Dudu <span dir=3D"lt=
r">&lt;<a href=3D"mailto:dmarkovitz@paypal.com" target=3D"_blank">dmarkovit=
z@paypal.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d">Or<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;;color:#1f497d">create view elb_raw_log_detailed<u></u><u></=
u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;;color:#1f497d">as
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;;color:#1f497d">select request_date, elbname, requestip, req=
uestport, backendip, backendport, requestprocessingtime, backendprocessingt=
ime, clientresponsetime, elbresponsecode, backendresponsecode,
 receivedbytes, sentbytes, requestverb, url, parse_url(url, &#39;QUERY&#39;=
,&#39;aid&#39;) as aid, parse_url(url, &#39;QUERY&#39;,&#39;tid&#39;) as ti=
d, parse_url(url, &#39;QUERY&#39;,&#39;eid&#39;) as eid, parse_url(url, =
9;QUERY&#39;,&#39;did&#39;) as did, protocol, useragent, ssl_cipher, ssl_pr=
otocol
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;;color:#1f497d">from elblog;<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d">Dudu<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:11.0pt;font-family:&quot=
;Calibri&quot;,sans-serif">From:</span></b><span style=3D"font-size:11.0pt;=
font-family:&quot;Calibri&quot;,sans-serif"> Markovitz, Dudu [mailto:<a hre=
f=3D"mailto:dmarkovitz@paypal.com" target=3D"_blank">dmarkovitz@paypal.com<=
/a>]
<br>
<b>Sent:</b> Tuesday, September 20, 2016 6:06 PM<br>
<b>To:</b> <a href=3D"mailto:user@hive.apache.org" target=3D"_blank">user@h=
ive.apache.org</a><br>
<b>Subject:</b> RE: ELB Log processing<u></u><u></u></span></p>
</div>
</div><div><div class=3D"h5">
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;;color:#1f497d">create view elb_raw_log_detailed
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;;color:#1f497d">as
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;;color:#1f497d">select request_date, elbname, requestip, req=
uestport, backendip, backendport, requestprocessingtime, backendprocessingt=
ime, clientresponsetime, elbresponsecode, backendresponsecode,
 receivedbytes, sentbytes, requestverb, url, u.aid, u.tid, u.eid,u.did, pro=
tocol, useragent, ssl_cipher, ssl_protocol
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;;color:#1f497d">from elblog<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;;color:#1f497d">LATERAL VIEW parse_url_tuple(url,&#39;QUERY:=
<wbr>eid&#39;,&#39;QUERY:tid&#39;,&#39;QUERY:aid&#39;,&#39;<wbr>QUERY:did&#=
39;) u as eid,tid,aid,did<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;;color:#1f497d">;<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d">Dudu<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><b><span style=3D"font-size:11.0pt;font-family:&quot=
;Calibri&quot;,sans-serif">From:</span></b><span style=3D"font-size:11.0pt;=
font-family:&quot;Calibri&quot;,sans-serif"> Manish Rangari [<a href=3D"mai=
lto:linuxtricksfordevops@gmail.com" target=3D"_blank">mailto:linuxtricksfor=
devops@<wbr>gmail.com</a>]
<br>
<b>Sent:</b> Tuesday, September 20, 2016 4:09 PM<br>
<b>To:</b> <a href=3D"mailto:user@hive.apache.org" target=3D"_blank">user@h=
ive.apache.org</a><br>
<b>Subject:</b> Re: ELB Log processing<u></u><u></u></span></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<div>
<p class=3D"MsoNormal">Guys,<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<p class=3D"MsoNormal">I am struggling to create this view. I am keep getti=
ng the error in bold. I found that I need to use lateral view but still I a=
m not able to get the syntax right.<u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<div>
<p class=3D"MsoNormal">hive&gt; create view elb_raw_log_detailed as select =
request_date, elbname, requestip, requestport, backendip, backendport, requ=
estprocessingtime, backendprocessingtime, clientresponsetime, elbresponseco=
de, backendresponsecode, receivedbytes,
 sentbytes, requestverb, url, parse_url_tuple(url, &#39;QUERY:aid&#39;) as =
aid, parse_url_tuple(url, &#39;QUERY:tid&#39;) as tid, parse_url_tuple(url,=
 &#39;QUERY:eid&#39;) as eid, parse_url_tuple(url, &#39;QUERY:did&#39;) as =
did, protocol, useragent, ssl_cipher, ssl_protocol from elblogz;<u></u><u><=
/u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><b>FAILED: SemanticException [Error 10081]: UDTF&#39=
;s are not supported outside the SELECT clause, nor nested in expressions</=
b><u></u><u></u></p>
</div>
</div>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">On Tue, Sep 20, 2016 at 3:56 PM, Manish Rangari &lt;=
<a href=3D"mailto:linuxtricksfordevops@gmail.com" target=3D"_blank">linuxtr=
icksfordevops@gmail.<wbr>com</a>&gt; wrote:<u></u><u></u></p>
<blockquote style=3D"border:none;border-left:solid #cccccc 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-=
bottom:5.0pt">
<div>
<p class=3D"MsoNormal">Yes views looks like a way to go<u></u><u></u></p>
</div>
<div>
<div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">On Tue, Sep 20, 2016 at 3:49 PM, Damien Carol &lt;<a=
 href=3D"mailto:damien.carol@gmail.com" target=3D"_blank">damien.carol@gmai=
l.com</a>&gt; wrote:<u></u><u></u></p>
<blockquote style=3D"border:none;border-left:solid #cccccc 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-=
bottom:5.0pt">
<div>
<div>
<p class=3D"MsoNormal">The royal way to do that is a view IMHO.<u></u><u></=
u></p>
</div>
</div>
<div>
<div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">2016-09-20 12:14 GMT+02:00 Manish Rangari &lt;<a hre=
f=3D"mailto:linuxtricksfordevops@gmail.com" target=3D"_blank">linuxtricksfo=
rdevops@gmail.<wbr>com</a>&gt;:<u></u><u></u></p>
<blockquote style=3D"border:none;border-left:solid #cccccc 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-=
bottom:5.0pt">
<div>
<p class=3D"MsoNormal">Thanks for the reply Damien. The suggestion you gave=
 is really useful. Currently I am achieving my desired output by performing=
 below steps. But I want to achieve the desired result in one step instead =
of two. Do we have any way so that
 I can get the aid, did etc in create table statement? If not I will have t=
o look for the option that you mentioned<u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">1.=C2=A0<u></u><u></u></p>
</div>
<div>
<div>
<div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">CREATE TABLE elblog =
(<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">Request_date STRING,=
<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 ELBName STRING,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 RequestIP STRING,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 RequestPort INT,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 BackendIP STRING,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 BackendPort INT,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 RequestProcessingTime DOUBLE,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 BackendProcessingTime DOUBLE,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 ClientResponseTime DOUBLE,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 ELBResponseCode STRING,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 BackendResponseCode STRING,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 ReceivedBytes BIGINT,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 SentBytes BIGINT,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 RequestVerb STRING,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 URL STRING,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 Protocol STRING,<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">Useragent STRING,<u>=
</u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">ssl_cipher STRING,<u=
></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">ssl_protocol STRING<=
u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">)<u></u><u></u></spa=
n></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">ROW FORMAT SERDE =
9;org.apache.hadoop.hive.<wbr>serde2.RegexSerDe&#39;<u></u><u></u></span></=
p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">WITH SERDEPROPERTIES=
 (<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">=C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 &quot;input.regex&quot; =3D &quot;([^ ]*) ([^ ]*) ([^ ]*):([=
0-9]*) ([^ ]*):([0-9]*) ([.0-9]*) ([.0-9]*) ([.0-9]*) (-|[0-9]*) (-|[0-9]*)=
 ([-0-9]*) ([-0-9]*) \&quot;([^ ]*) ([^ ]*) (- |[^ ]*)\&quot; \&quot;(.*)\&=
quot; (.*) (.*)$&quot;<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">)<u></u><u></u></spa=
n></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt">STORED AS TEXTFILE;<=
u></u><u></u></span></p>
</div>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div>
</div>
<div>
<p class=3D"MsoNormal">2.<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">create table elb_raw_log as select request_date, elb=
name, requestip, requestport, backendip, backendport, requestprocessingtime=
, backendprocessingtime, clientresponsetime, elbresponsecode, backendrespon=
secode, receivedbytes, sentbytes,
 requestverb, url, regexp_extract(url, &#39;.*aid=3D([a-zA-Z0-9]+).*&#39;, =
1) as aid, regexp_extract(url, &#39;.*tid=3D([a-zA-Z0-9]+).*&#39;, 1) as ti=
d, regexp_extract(url, &#39;.*eid=3D([a-zA-Z0-9]+).*&#39;, 1) as eid, regex=
p_extract(url, &#39;.*did=3D([a-zA-Z0-9]+).*&#39;, 1) as did, protocol,
 useragent, ssl_cipher, ssl_protocol from elblog;=C2=A0<u></u><u></u></p>
</div>
</div>
<div>
<div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">On Tue, Sep 20, 2016 at 3:12 PM, Damien Carol &lt;<a=
 href=3D"mailto:damien.carol@gmail.com" target=3D"_blank">damien.carol@gmai=
l.com</a>&gt; wrote:<u></u><u></u></p>
<blockquote style=3D"border:none;border-left:solid #cccccc 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-=
bottom:5.0pt">
<div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt">see the udf <code><b>=
<span style=3D"font-size:10.0pt">parse_url_tuple</span></b></code><u></u><u=
></u></p>
<div>
<div>
<p class=3D"MsoNormal"><code><span style=3D"font-size:10.0pt">SELECT b.*</s=
pan></code><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><code><span style=3D"font-size:10.0pt">FROM src LATE=
RAL VIEW parse_url_tuple(fullurl, &#39;HOST&#39;, &#39;PATH&#39;, &#39;QUER=
Y&#39;, &#39;QUERY:id&#39;) b as host, path, query, query_id LIMIT 1;</span=
></code><u></u><u></u></p>
</div>
</div>
<p class=3D"MsoNormal"><br>
<br>
<a href=3D"https://cwiki.apache.org/confluence/display/Hive/LanguageManual+=
UDF#LanguageManualUDF-parse_url_tuple" target=3D"_blank">https://cwiki.apac=
he.org/<wbr>confluence/display/Hive/<wbr>LanguageManual+UDF#<wbr>LanguageMa=
nualUDF-parse_url_<wbr>tuple</a><u></u><u></u></p>
</div>
<div>
<div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">2016-09-20 11:22 GMT+02:00 Manish Rangari &lt;<a hre=
f=3D"mailto:linuxtricksfordevops@gmail.com" target=3D"_blank">linuxtricksfo=
rdevops@gmail.<wbr>com</a>&gt;:<u></u><u></u></p>
<blockquote style=3D"border:none;border-left:solid #cccccc 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-=
bottom:5.0pt">
<div>
<div>
<p class=3D"MsoNormal">Guys,=C2=A0<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">I want to get the field of elb logs. A sample elb lo=
g is given below and I am using below create table definition. It is workin=
g fine. I am getting what I wanted but now I want the bold part as well. Fo=
r example eid, tid, aid. Can anyone
 help me how can I match them as well.=C2=A0<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">NOTE: The position of aid, eid, tid is not fixed and=
 it may change.=C2=A0<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">2016-09-16T06:55:19.056871Z testelb <a href=3D"http:=
//2.1.7.2:52399" target=3D"_blank">
2.1.7.2:52399</a> <a href=3D"http://192.168.1.5:80" target=3D"_blank">192.1=
68.1.5:80</a> 0.000021 0.000596 0.00002 200 200 0 43 &quot;GET
<a href=3D"https://site1.example.com:443/peek" target=3D"_blank">https://si=
te1.example.com:443/<wbr>peek</a>?<b>eid=3Daw123&amp;tid=3Dfskc235n&amp;<wb=
r>aid=3D2ADSFGSDG</b> HTTP/1.1&quot; &quot;Mozilla/5.0 (Windows NT 6.1) App=
leWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36&quot;
 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2<u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<div>
<p class=3D"MsoNormal">CREATE TABLE elblog (<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">Request_date STRING,<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 ELBName STRING,<u></u><u></u></=
p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 RequestIP STRING,<u></u><u></u>=
</p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 RequestPort INT,<u></u><u></u><=
/p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 BackendIP STRING,<u></u><u></u>=
</p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 BackendPort INT,<u></u><u></u><=
/p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 RequestProcessingTime DOUBLE,<u=
></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 BackendProcessingTime DOUBLE,<u=
></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 ClientResponseTime DOUBLE,<u></=
u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 ELBResponseCode STRING,<u></u><=
u></u></p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 BackendResponseCode STRING,<u><=
/u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 ReceivedBytes BIGINT,<u></u><u>=
</u></p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 SentBytes BIGINT,<u></u><u></u>=
</p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 RequestVerb STRING,<u></u><u></=
u></p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 URL STRING,<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 Protocol STRING,<u></u><u></u><=
/p>
</div>
<div>
<p class=3D"MsoNormal">Useragent STRING,<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">ssl_cipher STRING,<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">ssl_protocol STRING<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">)<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">ROW FORMAT SERDE &#39;org.apache.hadoop.hive.<wbr>se=
rde2.RegexSerDe&#39;<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">WITH SERDEPROPERTIES (<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 &quot;input.regex=
&quot; =3D &quot;([^ ]*) ([^ ]*) ([^ ]*):([0-9]*) ([^ ]*):([0-9]*) ([.0-9]*=
) ([.0-9]*) ([.0-9]*) (-|[0-9]*) (-|[0-9]*) ([-0-9]*) ([-0-9]*) \&quot;([^ =
]*) ([^ ]*) (- |[^ ]*)\&quot; \&quot;(.*)\&quot; (.*) (.*)$&quot;<u></u><u>=
</u></p>
</div>
<div>
<p class=3D"MsoNormal">)<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">STORED AS TEXTFILE;<u></u><u></u></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div></div></div>
</div>

</blockquote></div><br></div>

--001a113ddb5c901afc053cfd639a--