opensearch-project · opensearch-trigger-bot · Aug 19, 2025
@@ -0,0 +1,5 @@
+{"agent":"Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1","bytes":6219,"clientip":"223.87.60.27","extension":"deb","geo":{"srcdest":"IN:US","src":"IN","dest":"US","coordinates":{"lat":39.41042861,"lon":-88.8454325}},"host":"artifacts.opensearch.org","index":"opensearch_dashboards_sample_data_logs","ip":"223.87.60.27","machine":{"ram":8589934592,"os":"win 8"},"memory":null,"message":"223.87.60.27 - - [2018-07-22T00:39:02.912Z] \"GET /opensearch/opensearch-1.0.0.deb_1 HTTP/1.1\" 200 6219 \"-\" \"Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1\"","phpmemory":null,"referer":"http://twitter.com/success/wendy-lawrence","request":"/opensearch/opensearch-1.0.0.deb","response":200,"tags":["success","info"],"timestamp":"2018-07-22T00:39:02.912Z","url":"https://artifacts.opensearch.org/downloads/opensearch/opensearch-1.0.0.deb_1","utc_time":"2018-07-22T00:39:02.912Z","event":{"dataset":"sample_web_logs"}}
+{"agent":"Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1","bytes":6850,"clientip":"130.246.123.197","extension":"","geo":{"srcdest":"JP:IN","src":"JP","dest":"IN","coordinates":{"lat":38.58338806,"lon":-86.46248778}},"host":"www.opensearch.org","index":"opensearch_dashboards_sample_data_logs","ip":"130.246.123.197","machine":{"ram":3221225472,"os":"win 8"},"memory":null,"message":"130.246.123.197 - - [2018-07-22T03:26:21.326Z] \"GET /beats/metricbeat_1 HTTP/1.1\" 200 6850 \"-\" \"Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1\"","phpmemory":null,"referer":"http://www.opensearch-opensearch-opensearch.com/success/james-mcdivitt","request":"/beats/metricbeat","response":200,"tags":["success","info"],"timestamp":"2018-07-22T03:26:21.326Z","url":"https://www.opensearch.org/downloads/beats/metricbeat_1","utc_time":"2018-07-22T03:26:21.326Z","event":{"dataset":"sample_web_logs"}}
+{"agent":"Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24","bytes":0,"clientip":"120.49.143.213","extension":"css","geo":{"srcdest":"CO:DE","src":"CO","dest":"DE","coordinates":{"lat":36.96015,"lon":-78.18499861}},"host":"cdn.opensearch-opensearch-opensearch.org","index":"opensearch_dashboards_sample_data_logs","ip":"120.49.143.213","machine":{"ram":20401094656,"os":"ios"},"memory":null,"message":"120.49.143.213 - - [2018-07-22T03:30:25.131Z] \"GET /styles/main.css_1 HTTP/1.1\" 503 0 \"-\" \"Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24\"","phpmemory":null,"referer":"http://twitter.com/success/konstantin-feoktistov","request":"/styles/main.css","response":503,"tags":["success","login"],"timestamp":"2018-07-22T03:30:25.131Z","url":"https://cdn.opensearch-opensearch-opensearch.org/styles/main.css_1","utc_time":"2018-07-22T03:30:25.131Z","event":{"dataset":"sample_web_logs"}}
+{"agent":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)","bytes":14113,"clientip":"99.74.118.237","extension":"deb","geo":{"srcdest":"LK:IN","src":"LK","dest":"IN","coordinates":{"lat":48.31140472,"lon":-114.2550694}},"host":"artifacts.opensearch.org","index":"opensearch_dashboards_sample_data_logs","ip":"99.74.118.237","machine":{"ram":11811160064,"os":"ios"},"memory":null,"message":"99.74.118.237 - - [2018-07-22T03:34:43.399Z] \"GET /beats/metricbeat/metricbeat-6.3.2-amd64.deb_1 HTTP/1.1\" 200 14113 \"-\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\"","phpmemory":null,"referer":"http://www.opensearch-opensearch-opensearch.com/success/charles-camarda","request":"/beats/metricbeat/metricbeat-6.3.2-amd64.deb","response":200,"tags":["success","info"],"timestamp":"2018-07-22T03:34:43.399Z","url":"https://artifacts.opensearch.org/downloads/beats/metricbeat/metricbeat-6.3.2-amd64.deb_1","utc_time":"2018-07-22T03:34:43.399Z","event":{"dataset":"sample_web_logs"}}
+{"agent":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)","bytes":2492,"clientip":"177.111.217.54","extension":"","geo":{"srcdest":"MZ:US","src":"MZ","dest":"US","coordinates":{"lat":46.77917333,"lon":-105.3047083}},"host":"www.opensearch.org","index":"opensearch_dashboards_sample_data_logs","ip":"177.111.217.54","machine":{"ram":9663676416,"os":"win 7"},"memory":null,"message":"177.111.217.54 - - [2018-07-22T03:37:04.863Z] \"GET /enterprise_1 HTTP/1.1\" 200 2492 \"-\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\"","phpmemory":null,"referer":"http://twitter.com/success/gregory-harbaugh","request":"/enterprise","response":200,"tags":["success","info"],"timestamp":"2018-07-22T03:37:04.863Z","url":"https://www.opensearch.org/downloads/enterprise_1","utc_time":"2018-07-22T03:37:04.863Z","event":{"dataset":"sample_web_logs"}}
@@ -0,0 +1,44 @@
+{
+  "properties": {
+    "referer": { "type": "keyword" },
+    "request": { "type": "text" },
+    "agent": { "type": "text" },
+    "extension": { "type": "text" },
+    "memory": { "type": "double" },
+    "ip": { "type": "ip" },
+    "index": { "type": "text" },
+    "message": { "type": "text" },
+    "url": { "type": "text" },
+    "tags": { "type": "text" },
+    "geo": {
+      "type": "object",
+      "properties": {
+        "srcdest": { "type": "keyword" },
+        "src": { "type": "keyword" },
+        "dest": { "type": "keyword" },
+        "coordinates": { "type": "geo_point" }
+      }
+    },
+    "@timestamp": { "type": "date" },
+    "utc_time": { "type": "date" },
+    "bytes": { "type": "long" },
+    "machine": {
+      "type": "object",
+      "properties": {
+        "os": { "type": "keyword" },
+        "ram": { "type": "long" }
+      }
+    },
+    "response": { "type": "keyword" },
+    "clientip": { "type": "ip" },
+    "host": { "type": "text" },
+    "event": {
+      "type": "object",
+      "properties": {
+        "dataset": { "type": "keyword" }
+      }
+    },
+    "phpmemory": { "type": "long" },
+    "timestamp": { "type": "date" }
+  }
+}
@@ -6,12 +6,13 @@
 package org.apache.spark.opensearch.table
 
 import org.opensearch.flint.spark.ppl.FlintPPLSuite
+import org.opensearch.flint.spark.udt.{GeoPoint, IPAddress}
 
 import org.apache.spark.sql.Row
 
 class OpenSearchDashboardITSuite extends OpenSearchCatalogSuite with FlintPPLSuite {
   test("test dashboards queries") {
-    Seq(dashboards_sample_data_flights()).foreach { config =>
+    Seq(dashboards_sample_data_flights(), dashboards_sample_data_logs()).foreach { config =>
       withIndexName(config.index) {
         openSearchDashboardsIndex(config.useCaseName, config.index)
         config.tests.foreach { sqlTest =>
@@ -86,4 +87,49 @@ class OpenSearchDashboardITSuite extends OpenSearchCatalogSuite with FlintPPLSui
                || fields bucket, cnt""".stripMargin),
           Seq(Row(0, 4), Row(180, 1)))))
   }
+
+  def dashboards_sample_data_logs(): TestConfig = {
+    val tbl = "logs"
+    TestConfig(
+      "dashboards_sample_data_logs",
+      tbl,
+      Seq(
+        // Count by host
+        QueryTest(
+          Seq(
+            s"""SELECT host, COUNT(*) AS count
+               | FROM dev.default.$tbl
+               | GROUP BY host
+               | ORDER BY count DESC""".stripMargin,
+            s"""source=dev.default.$tbl
+               || stats count() as count by host
+               || sort - count
+               || fields host, count""".stripMargin),
+          Seq(
+            Row("www.opensearch.org", 2),
+            Row("artifacts.opensearch.org", 2),
+            Row("cdn.opensearch-opensearch-opensearch.org", 1))),
+        // Average bytes per response code
+        QueryTest(
+          Seq(
+            s"""SELECT response, AVG(bytes) as avg_bytes
+               | FROM dev.default.$tbl
+               | GROUP BY response
+               | ORDER BY response""".stripMargin,
+            s"""source=dev.default.$tbl
+               || stats avg(bytes) as avg_bytes by response
+               || sort response
+               || fields response, avg_bytes""".stripMargin),
+          Seq(Row("200", 7418.5), Row("503", 0.0))),
+        // Select ip and geo_point fields
+        QueryTest(
+          Seq(
+            s"""SELECT ip, geo.coordinates
+               | FROM dev.default.$tbl
+               | WHERE response = '503'""".stripMargin,
+            s"""source=dev.default.$tbl
+               || where response='503'
+               || fields ip, geo.coordinates""".stripMargin),
+          Seq(Row(IPAddress("120.49.143.213"), GeoPoint(36.96015, -78.18499861))))))
+  }
 }