Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

regex for access log in hive serde

Tags:

regex

hive

I want to extract out (ip, requestUrl, timeStamp) from the access logs to load to hive database. One line from access log is as follows.


66.249.68.6 - - [14/Jan/2012:06:25:03 -0800] "GET /example.com HTTP/1.1" 200 708 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

I tried with following and several variations of regex without any success. (The loaded table is with all NULL values indicating the regex doesn't match the input).


CREATE TABLE access_log (
  remote_ip STRING,
  request_date STRING,
  method STRING,
  request STRING,
  protocol STRING
)
ROW FORMAT SERDE 'org.apache.hadoop.hive.contrib.serde2.RegexSerDe'
WITH SERDEPROPERTIES  (
"input.regex" = "([^ ]) . . [([^]]+)] \"([^ ]) ([^ ]) ([^ \"])\" *",
"output.format.string" = "%1$s %2$s %3$s %4$s %5$s"
)
STORED AS TEXTFILE;

I am not very experienced with regex. Can anybody help me with this?

like image 940
chamibuddhika Avatar asked Feb 01 '12 19:02

chamibuddhika

3 Answers

Use double '\' and '.*' in the end (it's important!):

CREATE EXTERNAL TABLE access_log (
        `ip`                STRING,
        `time_local`        STRING,
        `method`            STRING,
        `uri`               STRING,
        `protocol`          STRING,
        `status`            STRING,
        `bytes_sent`        STRING,
        `referer`           STRING,
        `useragent`         STRING
        )
    ROW FORMAT SERDE 'org.apache.hadoop.hive.contrib.serde2.RegexSerDe'
    WITH SERDEPROPERTIES (
    'input.regex'='^(\\S+) \\S+ \\S+ \\[([^\\[]+)\\] "(\\w+) (\\S+) (\\S+)" (\\d+) (\\d+) "([^"]+)" "([^"]+)".*'
)
STORED AS TEXTFILE
LOCATION '/tmp/access_logs/';

P.S. Hive 0.7.1

like image 146
agorokhov Avatar answered Nov 08 '22 01:11

agorokhov

I use rubular to test my regex. You can also use this expression

([^ ]*) ([^ ]*) ([^ ]*) (?:-|\[([^\]]*)\]) ([^ \"]*|\"[^\"]*\") (-|[0-9]*)

You get the following output

1.  66.249.68.6
2.  -
3.  -
4.  14/Jan/2012:06:25:03 -0800
5.  "GET /example.com HTTP/1.1"
6.  200
like image 36
surajz Avatar answered Nov 08 '22 00:11

surajz

Not fool-proof, but given that it is a log file in a known format then the following should work (untested in Hive, but works with grep -E and with http://www.regexplanet.com/simple/index.html if you replace [^[] with [^\[] and [^]] with [^\]]). Assumes you only want the three values you specifically mentioned.

"input.regex" = "([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)[^[]+\[([^]]+)\][^/]+([^ ]+).+"
"output.format.string" = "%1$s %2$s %3$s"
like image 1
IBBoard Avatar answered Nov 07 '22 23:11

IBBoard
Sign in to Comment

Related questions

Ruby one-liner to capture regular expression matches
Regex for replacing multiple spaces and dashes with or without spaces
return the second instance of a regex search in a line
Remove html entities and extract text content using regex
How to remove ↵ character from JS string
Twig / PHP - Format string using Replace or Regex
Raw string and regular expression in Python
How to remove parentheses only around single words in a string
Python regex to remove emails from string
Masking credit card number using regex
RegExp: I want to remove unnecessary words in the Sentence. How can I do it?
Use Powershell to print out line number of code matching a RegEx
How to replace http:// or www with <a href.. in PHP
Regex for password that requires one numeric or one non-alphanumeric character
How do I find if string has at least one character using regex?
When were non-capturing parentheses added to Perl's regular expressions?
VIM: Add spaces at cursor position
String contains at least one digit
Lua string.match uses irregular regular expressions?
Javascript RegEx to return if string contains characters that are NOT in the RegEx

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!