99 lines
3.9 KiB
JSON
99 lines
3.9 KiB
JSON
{
|
|
"version": "1.0",
|
|
"name": "ClickHouse-Raw",
|
|
"namespace": "ClickHouse",
|
|
"filters": [
|
|
{
|
|
"name":"@start",
|
|
"value": "'2021-10-19 10:00:00'"
|
|
},
|
|
{
|
|
"name":"@end",
|
|
"value": "'2021-10-20 11:00:00'"
|
|
},
|
|
{
|
|
"name":"@common_filter",
|
|
"value": [
|
|
"common_log_id=1153021139190754263",
|
|
"common_client_ip='118.180.48.74'",
|
|
"common_client_ip='120.242.132.200'",
|
|
"common_internal_ip='223.116.37.192'",
|
|
"common_server_ip='8.8.8.8'",
|
|
"common_server_ip='114.114.114.114'",
|
|
"common_server_ip!='114.114.114.114'",
|
|
"common_server_ip='120.239.72.226'",
|
|
"common_external_ip='111.10.53.14'",
|
|
"common_client_port=52607",
|
|
"common_server_port=443",
|
|
"common_c2s_pkt_num>5",
|
|
"common_s2c_pkt_num>5",
|
|
"common_c2s_byte_num>100",
|
|
"common_s2c_byte_num<200",
|
|
"common_schema_type='DNS'",
|
|
"common_establish_latency_ms>200",
|
|
"common_con_duration_ms>10000",
|
|
"common_stream_trace_id=1153021139190754263",
|
|
"common_tcp_client_isn=2857077935",
|
|
"common_tcp_server_isn=0",
|
|
"http_domain='qq.com'",
|
|
"http_domain!='qq.com'",
|
|
"http_domain='yunser.com'",
|
|
"mail_account='abc@xx.com'",
|
|
"mail_subject='test'",
|
|
"dns_qname='qbwup.imtt.qq.com'",
|
|
"ssl_sni='mmbiz.qpic.cn'",
|
|
"ssl_sni='openai.qq.com'",
|
|
"ssl_con_latency_ms>100",
|
|
"ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1'",
|
|
"common_client_ip='36.189.226.21' and common_server_ip='8.8.8.8'",
|
|
"common_server_ip='111.10.53.14' and common_server_port=443",
|
|
"common_server_ip like '120.239%'",
|
|
"common_server_ip not like '120.239%'",
|
|
"common_server_ip like '%114.114%'",
|
|
"mail_account like 'abc@%'",
|
|
"http_domain like '%baidu.com%'",
|
|
"ssl_sni like '%google.com'",
|
|
"http_domain like 'baidu%'",
|
|
"http_domain like '%baidu.com%'",
|
|
"common_client_ip in ('120.239.72.226','114.114.114.114')",
|
|
"common_client_ip not in ('120.239.72.226','114.114.114.114')",
|
|
"common_server_ip='116.177.248.126' and notEmpty(http_domain)",
|
|
"common_server_ip='116.177.248.126' and common_client_ip='120.242.132.200'",
|
|
"common_server_ip='116.177.248.126' and common_stream_trace_id=1153021139190754263",
|
|
"common_client_ip='120.242.132.200' and common_server_ip='116.177.248.126'",
|
|
"http_domain='qq.com' or common_server_ip='120.239.72.226'",
|
|
"common_server_port not in (80,443)",
|
|
"http_domain not like '%qq.com'"
|
|
]
|
|
},
|
|
{
|
|
"name":"@index_filter",
|
|
"value": [
|
|
"common_log_id=1153021139190754263",
|
|
"common_client_ip='118.180.48.74'",
|
|
"common_client_ip='120.242.132.200'",
|
|
"common_server_ip='114.114.114.114'",
|
|
"common_server_ip!='114.114.114.114'",
|
|
"common_server_ip='120.239.72.226'",
|
|
"http_domain='qq.com'",
|
|
"http_domain!='qq.com'",
|
|
"http_domain='yunser.com'",
|
|
"ssl_sni='mmbiz.qpic.cn'",
|
|
"ssl_sni='openai.qq.com'",
|
|
"common_server_ip like '120.239%'",
|
|
"common_server_ip not like '120.239%'",
|
|
"common_server_ip like '%114.114%'",
|
|
"common_subscriber_id='%test%'",
|
|
"http_domain like 'baidu%'",
|
|
"http_domain like '%baidu.com%'",
|
|
"common_client_ip in ('120.239.72.226','114.114.114.114')",
|
|
"common_client_ip not in ('120.239.72.226','114.114.114.114')",
|
|
"common_server_ip='116.177.248.126' and notEmpty(http_domain)",
|
|
"common_server_ip='116.177.248.126' and common_client_ip='120.242.132.200'",
|
|
"common_server_ip='116.177.248.126' and common_stream_trace_id=1153021139190754263",
|
|
"common_client_ip='120.242.132.200' and common_server_ip='116.177.248.126'",
|
|
"http_domain='qq.com' or common_server_ip='120.239.72.226'"
|
|
]
|
|
}
|
|
]
|
|
} |