diff options
| author | Paul Buetow <paul@buetow.org> | 2021-12-15 16:06:48 +0000 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2021-12-16 09:22:35 +0000 |
| commit | 895ed15df5144e367a5143d1c36d8abe2fec8f08 (patch) | |
| tree | 027e080ea75a8d0f3bb0030194558c13ce1f3ccb /doc/querylanguage.md | |
| parent | b1f3760dc2f452c3dba7883a538fd14d62a581e9 (diff) | |
documenting how to implement a custom log format
Diffstat (limited to 'doc/querylanguage.md')
| -rw-r--r-- | doc/querylanguage.md | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/doc/querylanguage.md b/doc/querylanguage.md index 725b635..41e95de 100644 --- a/doc/querylanguage.md +++ b/doc/querylanguage.md @@ -1,34 +1,34 @@ DTail Query Language ==================== -The query language allows you to run mapreduce queries on log files. This page intends to be a reference to the language. +The query language allows you to run mapreduce queries on log files. This page is the reference to the language. ## Prerequisites For this to work, DTail needs to understand your log format. DTail already understands its own log format. You can have a look at all examples of the [examples](./examples.md) page using `-query` (these would be all examples of the `dmap` command, and some examples using the `dtail` command). -DTail also ships with a generic log format, which only allows you to run very basic queries. Check out the [log format](./logformats.md) documentation for this. To implement your own log format, please also check out the log format documentation. +DTail also ships with a generic log format, which only allows you to run very basic queries. Check out the [log format](./logformats.md) documentation for this. That page also documents how to implement your own log format parser. ## The language -These are the fundamental types of the query language: +This are the fundamental types of the query language: ```shell NUMBER := A whole number (e.g. 42) FLOAT := A float number, e.g. 3.14 STRING := A quoted string, e.g. "foo" -FIELD := BAREWORD|VARIABLE +FIELD := BAREWORD|$VARIABLE BAREWORD := A bare string without quotes, e.g. foo. This usually contains a value extracted from a log line. -VARIABLE := Like a bareword, but with a $ prefix, e.g. $foo. This usually contains +$VARIABLE := Like a bareword, but with a $ prefix, e.g. $foo. This usually contains a special value set by DTail itself (not necessary from the log line). ``` This is the overall structure of a query: ```shell -QUERY := from TABLE - select SELECT1[,SELECT2...] +QUERY := select SELECT1[,SELECT2...] + [from TABLE] [where CONDITION1[,CONDITION2...]] [group by FIELD1[,FIELD2...]] [order|rorder by ORDERFIELD] @@ -39,7 +39,7 @@ QUERY := from TABLE [logformat LOGFORMAT] ``` -Whereas.... +... whereas: ```shell TABLE := The mapreduce table name, e.g. STATS in MAPREDUCE:STATS @@ -50,7 +50,7 @@ OPERATOR := FLOATOPERATOR|STRINGOPERATOR FLOATOPERATOR := One of: == != < <= > >= STRINGOPERATOR := eq|ne|contains|ncontains|lacks|hasprefix|nhasprefix|hassuffix|nhassuffix ORDERFIELD := FIELD|AGGREGATION(FIELD) -SET := VARIABLE = FLOAT|STRING|FIELD|FUNCTION(FIELD) +SET := $VARIABLE = FLOAT|STRING|FIELD|FUNCTION(FIELD) LOGFORMAT := default|generic|generickv|... AGGREGATION := count|sum|min|max|avg|last|len FUNCTION := md5sum|maskdigits @@ -58,6 +58,6 @@ FUNCTION := md5sum|maskdigits *Notes:* -* `lacks` is an alias for `ncontains` (not contains) -* `rorder` stands for reverse order and is the inverse of `order` +* `rorder` stands for reverse order. +* `lacks` is an alias for `ncontains` (not contains). * Available fields (variables and barewords) vary from the log format used. Check out the [log format](./logformats.md) documentation for more information. |