-
Notifications
You must be signed in to change notification settings - Fork 14
/
tables.kql
88 lines (59 loc) · 2.47 KB
/
tables.kql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
// === logs ===
.drop table kibana_sample_data_logs_raw
.create table kibana_sample_data_logs_raw (raw: dynamic)
kibana_sample_data_logs_raw
//| limit 10
| evaluate bag_unpack(raw)
| evaluate bag_unpack(_source)
| project-away _id, _index, _score, _type
| getschema
| order by ColumnName asc
.drop table kibana_sample_data_logs
.set kibana_sample_data_logs <|
kibana_sample_data_logs_raw
//| limit 10
| evaluate bag_unpack(raw)
| evaluate bag_unpack(_source)
| project timestamp, agent, bytes, clientip, extension, geo, host, index, ip, machine, memory, message, phpmemory, referer, request, response, tags, url
// === ecommerce ===
.drop table kibana_sample_data_ecommerce_raw
.create table kibana_sample_data_ecommerce_raw (raw: dynamic)
kibana_sample_data_ecommerce_raw
| limit 10
| evaluate bag_unpack(raw)
| evaluate bag_unpack(_source)
kibana_sample_data_ecommerce_raw
//| limit 10
| evaluate bag_unpack(raw)
| evaluate bag_unpack(_source)
| project-away _id, _index, _score, _type
| getschema
| order by ColumnName asc
.drop table kibana_sample_data_ecommerce
.set kibana_sample_data_ecommerce <|
kibana_sample_data_ecommerce_raw
//| limit 10
| evaluate bag_unpack(raw)
| evaluate bag_unpack(_source)
| project category, currency, customer_first_name, customer_full_name, customer_gender, customer_id, customer_last_name, customer_phone, day_of_week, day_of_week_i, email, geoip, manufacturer, order_date, order_id, products, sku, taxful_total_price, taxless_total_price, total_quantity, total_unique_products, type, user
// === flights ===
.drop table kibana_sample_data_flights_raw
.create table kibana_sample_data_flights_raw (raw: dynamic)
kibana_sample_data_flights_raw
| limit 10
| evaluate bag_unpack(raw)
| evaluate bag_unpack(_source)
kibana_sample_data_flights_raw
//| limit 10
| evaluate bag_unpack(raw)
| evaluate bag_unpack(_source)
| project-away _id, _index, _score, _type
| getschema
| order by ColumnName asc
.drop table kibana_sample_data_flights
.set kibana_sample_data_flights <|
kibana_sample_data_flights_raw
//| limit 10
| evaluate bag_unpack(raw)
| evaluate bag_unpack(_source)
| project timestamp, dayOfWeek, Dest, DestAirportID, DestCityName, DestCountry, DestLocation, DestRegion, DestWeather, toreal(DistanceKilometers), toreal(DistanceMiles), FlightDelay, FlightDelayMin, FlightDelayType, FlightNum, toint(FlightTimeHour), toint(FlightTimeMin), Origin, OriginAirportID, OriginCityName, OriginCountry, OriginLocation, OriginRegion, OriginWeather