Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Create a hive table upon a fixed-width log file but the last column width is not fixed

Labels:
avatar
author-rank Seaport
Expert Contributor

Created ‎05-31-2019 02:39 PM

Basically, I am trying to analyze SQL server log files using Hive.

The layout is the log file is

  1. char(23) - for timestamp
  2. char(1) - space
  3. char(12) - source
  4. the rest of the row, and the length varies.

The row delimiter is CR+LF.

Below are some entries in the log.

2019-05-28 07:29:55.03 Server      UTC adjustment: -7:00 
2019-05-28 07:29:55.03 Server      (c) Microsoft Corporation. 
2019-05-28 07:29:55.03 Server      All rights reserved. 
2019-05-28 07:29:55.03 Server      Server process ID is 3368.

There are several posts here regarding fixed-width column layout. But in my case, the last column is identified not by the width but by the row delimiter.


3,855 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank Shu_ashu
Master Guru

Created ‎06-01-2019 03:57 PM

@Haijin Li

Use hive Regex serde and your matching regex will be

(.{22})(.{1})(.{12})(.*)

(.{22}) -> 1st capture group for 22 characters

(.{1}) -> 2nd for 1 character

(.{12}) -> 3rd for 12 characters

(.*) -> 4th capture group matches for rest of the row.


View solution in original post

3,789 Views
0 Kudos
0
4 REPLIES 4

avatar
author-rank Shu_ashu
Master Guru

Created ‎06-01-2019 03:57 PM

@Haijin Li

Use hive Regex serde and your matching regex will be

(.{22})(.{1})(.{12})(.*)

(.{22}) -> 1st capture group for 22 characters

(.{1}) -> 2nd for 1 character

(.{12}) -> 3rd for 12 characters

(.*) -> 4th capture group matches for rest of the row.


3,790 Views
0 Kudos
0

avatar
author-rank Seaport
Expert Contributor

Created ‎06-02-2019 03:22 AM

@Shu

Thanks for your help. I am currently on the road and will test your solution once I am back in office.

3,789 Views
0 Kudos

avatar
author-rank Seaport
Expert Contributor

Created on ‎06-03-2019 04:14 AM - edited ‎08-17-2019 03:14 PM

@Shu

Your code put me on the right track. Thanks again.

However, I got some strange returned records. Here are my guesses of the possible causes.

1. The CR and LF as the row delimiter and they are not the default row delimiter of the regex SerDe. How can I specify the row delimiter?

2. There are two strange characters in the first column of the first row. It might be related to the row delimiter too.

Below is the create-table script.

Create External Table slog(LogTime string, LogSource string, LogMessage string) ROW FORMAT SERDE 'org.apache.hadoop.hive.contrib.serde2.RegexSerDe' WITH SERDEPROPERTIES ("input.regex" = "(.{46})(.{24})(.*)") LOCATION '/path/to/slog/';

I attached a screenshot of the log file (in notepad ++) and the hive query result.

109151-captureserde.png


3,789 Views
0 Kudos

avatar
author-rank Shu_ashu
Master Guru

Created ‎06-04-2019 03:04 AM

@Haijin Li

Try with this and this approaches and also to test out the regex serde functionality, Create new file using vi editor in shell and move it to HDFS directory and create table on top of this directory.

3,789 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements