Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add patterns and grok command #813

Merged
merged 28 commits into from
Sep 30, 2022
Merged

Add patterns and grok command #813

merged 28 commits into from
Sep 30, 2022

Conversation

joshuali925
Copy link
Member

@joshuali925 joshuali925 commented Sep 9, 2022
edited

Description

see #814 , #815

  • add java-grok source code into sql.common
    • java-grok is an independent library that's used for the PPL's grok command, but in the latest release Grok is not serializable (and SQL grok expression cannot be pushed down). After discussing with peng I'm tentatively moving the source code into sql.common module.
  • add grok PPL command, similar to how parse currently works with regex
  • add patterns command, which removes unwanted characters from a log line to create a new field as the pattern of that log line
  • patterns currently supports default pattern (remove all alphanumerical characters) or user can define what characters should be removed

Issues Resolved

closes #814
closes #815

Check List

  • New functionality includes testing.
    • All tests pass, including unit test, integration test and doctest
  • New functionality has been documented.
    • New functionality has javadoc added
    • New functionality has user manual doc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@joshuali925
Add punct
5f27053 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Add grok
4b08343 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Refactor and fix tests
7ac9391 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Add grok and punct expression tests
25f13a7 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Fix checkstyle
ac99785 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Fix non-included derived fields showing up
8b76ebe 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Update punct regex
d200791 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Add punct and grok to parse docs
697c4b7 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Remove unused class
858ff61 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Update punct regex and tests
6da106a 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Initial refactor to split grok and patterns from parse command
b65ee40 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Update tests for refactoring
e4a7128 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Add docs for patterns and grok
1e98b4e 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Minor refactors
6dd7a7a 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925 joshuali925 requested a review from a team as a code owner September 9, 2022 20:36
@codecov-commenter
Copy link

codecov-commenter commented Sep 9, 2022
edited

Codecov Report

Merging #813 (9ec7825) into 2.x (8245943) will increase coverage by 0.09%.
The diff coverage is 100.00%.

@@             Coverage Diff              @@
##                2.x     opensearch-project/observability#813      +/-   ##
============================================
+ Coverage     94.87%   94.97%   +0.09%     
- Complexity     2956     3004      +48     
============================================
  Files           291      294       +3     
  Lines          7869     8017     +148     
  Branches        572      586      +14     
============================================
+ Hits           7466     7614     +148     
  Misses          349      349              
  Partials         54       54
Flag Coverage Δ
query-workbench 62.76% <ø> (ø)
sql-engine 97.85% <100.00%> (+0.04%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...rg/opensearch/sql/analysis/ExpressionAnalyzer.java 100.00% <ø> (ø)
...ensearch/sql/expression/ExpressionNodeVisitor.java 100.00% <ø> (ø)
...ain/java/org/opensearch/sql/analysis/Analyzer.java 100.00% <100.00%> (ø)
...c/main/java/org/opensearch/sql/expression/DSL.java 100.00% <100.00%> (ø)
...pensearch/sql/expression/parse/GrokExpression.java 100.00% <100.00%> (ø)
...ensearch/sql/expression/parse/ParseExpression.java 100.00% <100.00%> (ø)
...earch/sql/expression/parse/PatternsExpression.java 100.00% <100.00%> (ø)
...ensearch/sql/expression/parse/RegexExpression.java 100.00% <100.00%> (ø)
...ensearch/sql/planner/physical/ProjectOperator.java 100.00% <100.00%> (ø)
...main/java/org/opensearch/sql/utils/ParseUtils.java 100.00% <100.00%> (ø)
... and 9 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@penghuo
Copy link
Collaborator

penghuo commented Sep 14, 2022

@joshuali925 as comments in #814. I think we could add grok as a method in parse command for now.

penghuo
penghuo reviewed Sep 14, 2022
View reviewed changes
core/src/main/java/org/opensearch/sql/expression/parse/GrokExpression.java Outdated
if (match != null) {
return new ExprStringValue(match.toString());
}
log.warn("failed to extract pattern {} from input {}", grok.getOriginalGrokPattern(),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should sanitize rawString when logging

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it warn? or debug?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed to debug. rawString is unstructured text not sure how to sanitize, let me know if i should remove it from log

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should replace rawString as ***.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hard coded it to ***

@joshuali925
Address comments
29e7e00 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Remove unused class
93091ef 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Move grok library into common module
9c3b952 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Remove unused grok discovery
a52f544 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925 joshuali925 changed the base branch from main to 2.x September 19, 2022 17:35
@joshuali925
Improve default patterns performance
3a0cc6b 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Add thekrakken/java-grok to NOTICE file
e530734 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Remove punct reference
bc0b49c 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Merge branch '2.x' into punct
f331e09
penghuo
penghuo reviewed Sep 28, 2022
View reviewed changes
Copy link
Collaborator

@penghuo penghuo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

files in common/test/resources/nasa is required? seems like split file

@joshuali925
Copy link
Member Author

files in common/test/resources/nasa is required? seems like split file

yes it's split file, used here

sql/common/src/test/java/org/opensearch/sql/common/grok/ApacheTest.java

Lines 52 to 67 in f331e09

public void test002_nasa_httpd_access() throws GrokException, IOException {
Grok grok = compiler.compile("%{COMMONAPACHELOG}");
System.out.println("Starting test with nasa log -- may take a while");
BufferedReader br;
String line;
File dir = new File(LOG_DIR_NASA);
for (File child : dir.listFiles()) {
br = new BufferedReader(new FileReader(LOG_DIR_NASA + child.getName()));
while ((line = br.readLine()) != null) {
Match gm = grok.match(line);
final Map<String, Object> capture = gm.capture();
Assertions.assertThat(capture).doesNotContainKey("Error");
}
br.close();
}
}

@joshuali925
Sanitize raw string in log
585ff9e 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Remove stringbuilder
da52648 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Ignore .pid.lock file
53c6867 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
dai-chen
dai-chen reviewed Sep 28, 2022
View reviewed changes
docs/user/ppl/cmd/grok.rst Outdated Show resolved Hide resolved
docs/user/ppl/cmd/patterns.rst Outdated Show resolved Hide resolved
@joshuali925
Add more details for patterns doc
65bfa78 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@joshuali925
Add apache logs data to doctest
9ec7825 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
dai-chen
dai-chen approved these changes Sep 29, 2022
View reviewed changes
Copy link
Collaborator

@dai-chen dai-chen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes!

vamsi-amazon
vamsi-amazon reviewed Sep 30, 2022
View reviewed changes
ppl/src/main/antlr/OpenSearchPPLParser.g4

patternsParameter
: (NEW_FIELD EQUAL new_field=stringLiteral)
| (PATTERN EQUAL pattern=stringLiteral)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if the pattern itself contains single quotes and double quotes.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

user should escape quotes in quotes

@joshuali925 joshuali925 merged commit 7b1574e into opensearch-project:2.x Sep 30, 2022
MitchellGale pushed a commit to Bit-Quill/opensearch-project-sql that referenced this pull request Oct 3, 2022
@joshuali925 @MitchellGale
Add patterns and grok command (opensearch-project#813)
fd8d30c 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
GabeFernandez310 pushed a commit to Bit-Quill/opensearch-project-sql that referenced this pull request Oct 19, 2022
@joshuali925 @GabeFernandez310
Add patterns and grok command (opensearch-project#813)
821fbb0 
Signed-off-by: Joshua Li <joshuali925@gmail.com>
@dai-chen dai-chen added enhancement New feature or request PPL Piped processing language labels Oct 31, 2022
This was referenced Nov 2, 2022
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaxKsyunz MaxKsyunz MaxKsyunz left review comments

@vamsi-amazon vamsi-amazon vamsi-amazon left review comments

@penghuo penghuo penghuo approved these changes

@dai-chen dai-chen dai-chen approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request PPL Piped processing language
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FEATURE] Support extracting log patterns using PPL [FEATURE] Support grok command in PPL
6 participants
@joshuali925 @codecov-commenter @penghuo @dai-chen @MaxKsyunz @vamsi-amazon