Added end-to-end PPL tests for Spark (#1028)

* Added end-to-end PPL tests for Spark Signed-off-by: Norman Jordan <[email protected]> * Added instructions for adding end-to-end tests Signed-off-by: Norman Jordan <[email protected]> --------- Signed-off-by: Norman Jordan <[email protected]>
opensearch-project · Feb 6, 2025 · 4d6ba7d · 4d6ba7d
1 parent eff717a
commit 4d6ba7d
Show file tree

Hide file tree

Showing 455 changed files with 2,791 additions and 0 deletions.
diff --git a/docs/docker/integ-test/README.md b/docs/docker/integ-test/README.md
@@ -169,6 +169,86 @@ Sample response:
 }
 ```
 
+## Adding Tests
+
+### Spark Tests
+
+|     | Query File Extension | Directory                                     |
+|-----|----------------------|-----------------------------------------------|
+| PPL | .ppl                 | e2e-test/src/test/resources/spark/queries/ppl |
+| SQL | .sql                 | e2e-test/src/test/resources/spark/queries/sql |
+
+A test consists of a query and the expected results. Choose a base filename. The query file uses the base filename
+with the extension above. The results file uses the base filename with a `.results` extension. The results file is
+in CSV format with a field headers line.
+
+Example: Adding a PPL Test
+
+1. Create a file named `e2e-test/src/test/resources/spark/queries/ppl/sample-test.ppl` with the following contents:
+   ```
+   source=my-table | fields x, y
+   ```
+2. Generate the expected results file named `e2e-test/src/test/resources/spark/queries/ppl/sample-test.results`
+   It is a CSV file with the field name header. For example:
+   ```
+   x,y
+   1,1
+   2,4
+   3,9
+   ```
+
+### Async API Tests
+
+|     | Query File Extension | Directory                                          |
+|-----|----------------------|----------------------------------------------------|
+| PPL | .ppl                 | e2e-test/src/test/resources/opensearch/queries/ppl |
+| SQL | .sql                 | e2e-test/src/test/resources/opensearch/queries/sql |
+
+A test consists of a query and the expected results. Choose a base filename. The query file uses the base filename
+with the extension above. The results file uses the base filename with a `.results` extension. The results file is
+in JSON format is the response when retrieving the results using the Async Query API.
+
+Example: Adding a PPL Test
+
+1. Create a file named `e2e-test/src/test/resources/opensearch/queries/ppl/sample-test.ppl` with the following
+   contents:
+   ```
+   source=my-table | fields x, y
+   ```
+2. Generate the expected results file named `e2e-test/src/test/resources/opensearch/queries/ppl/sample-test.results`
+   It is a JSON file. For example:
+   ```
+   {
+     "status": "SUCCESS",
+     "schema": [
+       {
+         "name": "x",
+         "type": "integer"
+       },
+       {
+         "name": "y",
+         "type": "integer"
+       }
+     ],
+     "datarows": [
+       [
+         1,
+         1
+       ],
+       [
+         2,
+         4
+       ],
+       [
+         3,
+         9
+       ]
+     ],
+     "total": 3,
+     "size": 3
+   }
+   ```
+
 ## Configuration of the Cluster
 
 There are several settings that can be adjusted for the cluster.

diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_001.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_001.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | dedup 1 status | fields @timestamp, clientip, status, size | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_001.results b/e2e-test/src/test/resources/spark/queries/ppl/query_001.results
@@ -0,0 +1,3 @@
+@timestamp,clientip,status,size
+2023-10-01T10:00:00.000Z,40.135.0.0,200,24736
+2023-10-01T10:20:00.000Z,247.37.0.0,304,0
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_002.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_002.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | dedup status, size | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_002.results b/e2e-test/src/test/resources/spark/queries/ppl/query_002.results
@@ -0,0 +1,4 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_003.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_003.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | dedup 1 status keepempty=true | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_003.results b/e2e-test/src/test/resources/spark/queries/ppl/query_003.results
@@ -0,0 +1,3 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_004.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_004.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | dedup status, size keepempty=true | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_004.results b/e2e-test/src/test/resources/spark/queries/ppl/query_004.results
@@ -0,0 +1,4 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_005.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_005.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | dedup 2 status | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_005.results b/e2e-test/src/test/resources/spark/queries/ppl/query_005.results
@@ -0,0 +1,4 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_006.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_006.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | dedup 2 status, size | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_006.results b/e2e-test/src/test/resources/spark/queries/ppl/query_006.results
@@ -0,0 +1,5 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_007.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_007.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | dedup 2 status, size keepempty=true | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_007.results b/e2e-test/src/test/resources/spark/queries/ppl/query_007.results
@@ -0,0 +1,5 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_008.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_008.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | sort status | fields @timestamp, clientip, status | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_008.results b/e2e-test/src/test/resources/spark/queries/ppl/query_008.results
@@ -0,0 +1,7 @@
+@timestamp,clientip,status
+2023-10-01T10:00:00.000Z,40.135.0.0,200
+2023-10-01T10:05:00.000Z,232.0.0.0,200
+2023-10-01T10:10:00.000Z,26.1.0.0,200
+2023-10-01T10:15:00.000Z,247.37.0.0,200
+2023-10-01T10:25:00.000Z,252.0.0.0,200
+2023-10-01T10:20:00.000Z,247.37.0.0,304
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_009.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_009.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | fields - @timestamp, clientip, status | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_009.results b/e2e-test/src/test/resources/spark/queries/ppl/query_009.results
@@ -0,0 +1,7 @@
+request,size,year,day,month
+GET /images/hm_bg.jpg HTTP/1.0,24736,2023,1,10
+GET /images/hm_bg.jpg HTTP/1.0,24736,2023,1,10
+GET /images/hm_bg.jpg HTTP/1.0,24736,2023,1,10
+GET /french/splash_inet.html HTTP/1.0,3781,2023,1,10
+GET /images/hm_nbg.jpg HTTP/1.0,0,2023,1,10
+GET /images/hm_bg.jpg HTTP/1.0,24736,2023,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_010.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_010.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | eval new_time = @timestamp, new_clientip = clientip | fields - new_time, new_clientip, status | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_010.results b/e2e-test/src/test/resources/spark/queries/ppl/query_010.results
@@ -0,0 +1,7 @@
+@timestamp,request,size,year,clientip,day,month
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,1,10
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,1,10
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,1,10
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,1,10
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_011.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_011.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | eval new_clientip = lower(clientip) | fields - new_clientip | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_011.results b/e2e-test/src/test/resources/spark/queries/ppl/query_011.results
@@ -0,0 +1,7 @@
+@timestamp,request,size,year,clientip,status,day,month,new_clientip
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10,40.135.0.0
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10,232.0.0.0
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,200,1,10,26.1.0.0
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10,247.37.0.0
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10,247.37.0.0
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,200,1,10,252.0.0.0
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_012.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_012.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | fields + @timestamp, clientip, status | fields - clientip, status | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_012.results b/e2e-test/src/test/resources/spark/queries/ppl/query_012.results
@@ -0,0 +1,7 @@
+@timestamp
+2023-10-01T10:00:00.000Z
+2023-10-01T10:05:00.000Z
+2023-10-01T10:10:00.000Z
+2023-10-01T10:15:00.000Z
+2023-10-01T10:20:00.000Z
+2023-10-01T10:25:00.000Z
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_013.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_013.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where status = 200 | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_013.results b/e2e-test/src/test/resources/spark/queries/ppl/query_013.results
@@ -0,0 +1,6 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,200,1,10
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,200,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_014.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_014.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where status != 200 | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_014.results b/e2e-test/src/test/resources/spark/queries/ppl/query_014.results
@@ -0,0 +1,2 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_015.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_015.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where size > 0 | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_015.results b/e2e-test/src/test/resources/spark/queries/ppl/query_015.results
@@ -0,0 +1,6 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,200,1,10
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,200,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_016.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_016.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where size <= 0 | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_016.results b/e2e-test/src/test/resources/spark/queries/ppl/query_016.results
@@ -0,0 +1,2 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_017.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_017.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where clientip = '236.14.2.0' | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_017.results b/e2e-test/src/test/resources/spark/queries/ppl/query_017.results
@@ -0,0 +1 @@
+@timestamp,request,size,year,clientip,status,day,month
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_018.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_018.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where size > 0 AND status = 200 OR clientip = '236.14.2.0' | head 100
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_018.results b/e2e-test/src/test/resources/spark/queries/ppl/query_018.results
@@ -0,0 +1,6 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,200,1,10
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,200,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_019.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_019.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where size <= 0 AND like(request, 'GET%')  | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_019.results b/e2e-test/src/test/resources/spark/queries/ppl/query_019.results
@@ -0,0 +1 @@
+@timestamp,request,size,year,clientip,status,day,month
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_020.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_020.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs status = 200 | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_020.results b/e2e-test/src/test/resources/spark/queries/ppl/query_020.results
@@ -0,0 +1,6 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,200,1,10
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,200,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_021.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_021.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs size > 0 AND status = 200 OR clientip = '236.14.2.0' | head 100
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_021.results b/e2e-test/src/test/resources/spark/queries/ppl/query_021.results
@@ -0,0 +1,6 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,200,1,10
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,200,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_022.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_022.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs size <= 0 AND like(request, 'GET%') | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_022.results b/e2e-test/src/test/resources/spark/queries/ppl/query_022.results
@@ -0,0 +1 @@
+@timestamp,request,size,year,clientip,status,day,month
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_023.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_023.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where isempty(size)
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_023.results b/e2e-test/src/test/resources/spark/queries/ppl/query_023.results
@@ -0,0 +1 @@
+@timestamp,request,size,year,clientip,status,day,month
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_024.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_024.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where ispresent(size)
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_024.results b/e2e-test/src/test/resources/spark/queries/ppl/query_024.results
@@ -0,0 +1,7 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,200,1,10
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,200,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_025.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_025.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where isnull(size) | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_025.results b/e2e-test/src/test/resources/spark/queries/ppl/query_025.results
@@ -0,0 +1 @@
+@timestamp,request,size,year,clientip,status,day,month
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_026.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_026.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where isnotnull(size) | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_026.results b/e2e-test/src/test/resources/spark/queries/ppl/query_026.results
@@ -0,0 +1,7 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,200,1,10
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,200,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_027.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_027.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where like(request, 'GET%') | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_027.results b/e2e-test/src/test/resources/spark/queries/ppl/query_027.results
@@ -0,0 +1 @@
+@timestamp,request,size,year,clientip,status,day,month
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_028.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_028.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where like(request, '%bordeaux%') | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_028.results b/e2e-test/src/test/resources/spark/queries/ppl/query_028.results
@@ -0,0 +1 @@
+@timestamp,request,size,year,clientip,status,day,month
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_029.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_029.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | where case(status = 200, 'success' else 'failed') = 'success' | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_029.results b/e2e-test/src/test/resources/spark/queries/ppl/query_029.results
@@ -0,0 +1,6 @@
+@timestamp,request,size,year,clientip,status,day,month
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,200,1,10
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,200,1,10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_030.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_030.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | eval h = "Hello",  w = "World" | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_030.results b/e2e-test/src/test/resources/spark/queries/ppl/query_030.results
@@ -0,0 +1,7 @@
+@timestamp,request,size,year,clientip,status,day,month,h,w
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10,Hello,World
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10,Hello,World
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,200,1,10,Hello,World
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10,Hello,World
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10,Hello,World
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,200,1,10,Hello,World
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_031.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_031.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | eval @h = "Hello" | eval @w = "World" | fields @timestamp, @h, @w
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_031.results b/e2e-test/src/test/resources/spark/queries/ppl/query_031.results
@@ -0,0 +1,7 @@
+@timestamp,@h,@w
+2023-10-01T10:00:00.000Z,Hello,World
+2023-10-01T10:05:00.000Z,Hello,World
+2023-10-01T10:10:00.000Z,Hello,World
+2023-10-01T10:15:00.000Z,Hello,World
+2023-10-01T10:20:00.000Z,Hello,World
+2023-10-01T10:25:00.000Z,Hello,World
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_032.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_032.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | eval newF = clientip | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_032.results b/e2e-test/src/test/resources/spark/queries/ppl/query_032.results
@@ -0,0 +1,7 @@
+@timestamp,request,size,year,clientip,status,day,month,newF
+2023-10-01T10:00:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,40.135.0.0,200,1,10,40.135.0.0
+2023-10-01T10:05:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,232.0.0.0,200,1,10,232.0.0.0
+2023-10-01T10:10:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,26.1.0.0,200,1,10,26.1.0.0
+2023-10-01T10:15:00.000Z,GET /french/splash_inet.html HTTP/1.0,3781,2023,247.37.0.0,200,1,10,247.37.0.0
+2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10,247.37.0.0
+2023-10-01T10:25:00.000Z,GET /images/hm_bg.jpg HTTP/1.0,24736,2023,252.0.0.0,200,1,10,252.0.0.0
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_033.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_033.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | eval newF = clientip | fields clientip, newF | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_033.results b/e2e-test/src/test/resources/spark/queries/ppl/query_033.results
@@ -0,0 +1,7 @@
+clientip,newF
+40.135.0.0,40.135.0.0
+232.0.0.0,232.0.0.0
+26.1.0.0,26.1.0.0
+247.37.0.0,247.37.0.0
+247.37.0.0,247.37.0.0
+252.0.0.0,252.0.0.0
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_034.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_034.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | eval f = size | where f > 1 | sort f | fields size, clientip, status | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_034.results b/e2e-test/src/test/resources/spark/queries/ppl/query_034.results
@@ -0,0 +1,6 @@
+size,clientip,status
+3781,247.37.0.0,200
+24736,40.135.0.0,200
+24736,232.0.0.0,200
+24736,26.1.0.0,200
+24736,252.0.0.0,200
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_035.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_035.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | eval f = status * 2 | eval h = f * 2 | fields status, f, h | head 10
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_035.results b/e2e-test/src/test/resources/spark/queries/ppl/query_035.results
@@ -0,0 +1,7 @@
+status,f,h
+200,400,800
+200,400,800
+200,400,800
+200,400,800
+304,608,1216
+200,400,800
diff --git a/e2e-test/src/test/resources/spark/queries/ppl/query_036.ppl b/e2e-test/src/test/resources/spark/queries/ppl/query_036.ppl
@@ -0,0 +1 @@
+source = dev.default.http_logs | eval f = size * 2, h = status | stats sum(f) by h
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		source = dev.default.http_logs \| dedup 1 status \| fields @timestamp, clientip, status, size \| head 10
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		source = dev.default.http_logs \| dedup status, size \| head 10
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		source = dev.default.http_logs \| dedup 2 status \| head 10
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		source = dev.default.http_logs \| sort status \| fields @timestamp, clientip, status \| head 10
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		source = dev.default.http_logs \| fields - @timestamp, clientip, status \| head 10
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		source = dev.default.http_logs \| eval new_time = @timestamp, new_clientip = clientip \| fields - new_time, new_clientip, status \| head 10
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		source = dev.default.http_logs \| where status = 200 \| head 10
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		@timestamp,request,size,year,clientip,status,day,month
		2023-10-01T10:20:00.000Z,GET /images/hm_nbg.jpg HTTP/1.0,0,2023,247.37.0.0,304,1,10
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		source = dev.default.http_logs \| where clientip = '236.14.2.0' \| head 10
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		source = dev.default.http_logs status = 200 \| head 10