Move old version files and add <Clickhouse_CN_NFSP建表语句.sql> file.
This commit is contained in:
qidaijie
311
Clickhouse最新全量建表语句/Clickhouse_CN_NFSP建表语句.sql
Normal file
311
Clickhouse最新全量建表语句/Clickhouse_CN_NFSP建表语句.sql
Normal file
@@ -0,0 +1,311 @@
|
|||||||
|
create database IF NOT EXISTS cyber_narrator_galaxy ON CLUSTER ck_cluster;
|
||||||
|
create database IF NOT EXISTS cyber_narrator_galaxy ON CLUSTER ck_query;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_nfsp_local on cluster ck_cluster (
|
||||||
|
id Int32,
|
||||||
|
expiration_id Int32,
|
||||||
|
src_ip String,
|
||||||
|
src_mac String,
|
||||||
|
src_oui String,
|
||||||
|
src_port Int32,
|
||||||
|
dst_ip String,
|
||||||
|
dst_mac String,
|
||||||
|
dst_oui String,
|
||||||
|
dst_port Int32,
|
||||||
|
protocol Int32,
|
||||||
|
ip_version Int32,
|
||||||
|
vlan_id Int32,
|
||||||
|
bidirectional_first_seen_ms Int64,
|
||||||
|
bidirectional_last_seen_ms Int64,
|
||||||
|
bidirectional_duration_ms Int64,
|
||||||
|
bidirectional_packets Int64,
|
||||||
|
bidirectional_bytes Int64,
|
||||||
|
src2dst_first_seen_ms Int64,
|
||||||
|
src2dst_last_seen_ms Int64,
|
||||||
|
src2dst_duration_ms Int64,
|
||||||
|
src2dst_packets Int64,
|
||||||
|
src2dst_bytes Int64,
|
||||||
|
dst2src_first_seen_ms Int64,
|
||||||
|
dst2src_last_seen_ms Int64,
|
||||||
|
dst2src_duration_ms Int64,
|
||||||
|
dst2src_packets Int64,
|
||||||
|
dst2src_bytes Int64,
|
||||||
|
tunnel_id Int64,
|
||||||
|
application_name String,
|
||||||
|
application_category_name String,
|
||||||
|
application_is_guessed Int64,
|
||||||
|
application_confidence Int64,
|
||||||
|
requested_server_name String,
|
||||||
|
client_fingerprint String,
|
||||||
|
server_fingerprint String,
|
||||||
|
user_agent String,
|
||||||
|
content_type String,
|
||||||
|
bidirectional_min_ps Int64,
|
||||||
|
bidirectional_mean_ps Float64,
|
||||||
|
bidirectional_stddev_ps Float64,
|
||||||
|
bidirectional_max_ps Int64,
|
||||||
|
src2dst_min_ps Int64,
|
||||||
|
src2dst_mean_ps Float64,
|
||||||
|
src2dst_stddev_ps Float64,
|
||||||
|
src2dst_max_ps Int64,
|
||||||
|
dst2src_min_ps Int64,
|
||||||
|
dst2src_mean_ps Float64,
|
||||||
|
dst2src_stddev_ps Float64,
|
||||||
|
dst2src_max_ps Int64,
|
||||||
|
bidirectional_min_piat_ms Int64,
|
||||||
|
bidirectional_mean_piat_ms Float64,
|
||||||
|
bidirectional_stddev_piat_ms Float64,
|
||||||
|
bidirectional_max_piat_ms Int64,
|
||||||
|
src2dst_min_piat_ms Int64,
|
||||||
|
src2dst_mean_piat_ms Float64,
|
||||||
|
src2dst_stddev_piat_ms Float64,
|
||||||
|
src2dst_max_piat_ms Int64,
|
||||||
|
dst2src_min_piat_ms Int64,
|
||||||
|
dst2src_mean_piat_ms Float64,
|
||||||
|
dst2src_stddev_piat_ms Float64,
|
||||||
|
dst2src_max_piat_ms Int64,
|
||||||
|
bidirectional_syn_packets Int64,
|
||||||
|
bidirectional_cwr_packets Int64,
|
||||||
|
bidirectional_ece_packets Int64,
|
||||||
|
bidirectional_urg_packets Int64,
|
||||||
|
bidirectional_ack_packets Int64,
|
||||||
|
bidirectional_psh_packets Int64,
|
||||||
|
bidirectional_rst_packets Int64,
|
||||||
|
bidirectional_fin_packets Int64,
|
||||||
|
src2dst_syn_packets Int64,
|
||||||
|
src2dst_cwr_packets Int64,
|
||||||
|
src2dst_ece_packets Int64,
|
||||||
|
src2dst_urg_packets Int64,
|
||||||
|
src2dst_ack_packets Int64,
|
||||||
|
src2dst_psh_packets Int64,
|
||||||
|
src2dst_rst_packets Int64,
|
||||||
|
src2dst_fin_packets Int64,
|
||||||
|
dst2src_syn_packets Int64,
|
||||||
|
dst2src_cwr_packets Int64,
|
||||||
|
dst2src_ece_packets Int64,
|
||||||
|
dst2src_urg_packets Int64,
|
||||||
|
dst2src_ack_packets Int64,
|
||||||
|
dst2src_psh_packets Int64,
|
||||||
|
dst2src_rst_packets Int64,
|
||||||
|
dst2src_fin_packets Int64,
|
||||||
|
splt_direction Array(Int64),
|
||||||
|
splt_ps Array(Int64),
|
||||||
|
splt_piat_ms Array(Int64),
|
||||||
|
stf_payload_sizes Array(Int64),
|
||||||
|
stf_directions Array(Int64),
|
||||||
|
stf_gram_sequences Array(String),
|
||||||
|
stf_gram_match_results String,
|
||||||
|
stf_encrypted_tunnel_flag Int64,
|
||||||
|
stf_simple_obfs_resp_flag Int64,
|
||||||
|
stf_valid_packet_counts Int64,
|
||||||
|
stf_has_tcp_handshake Int64
|
||||||
|
)
|
||||||
|
ENGINE = MergeTree
|
||||||
|
PARTITION BY toYYYYMMDD(toDate(bidirectional_first_seen_ms/1000))
|
||||||
|
ORDER BY bidirectional_first_seen_ms;
|
||||||
|
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_nfsp on cluster ck_cluster (
|
||||||
|
id Int32,
|
||||||
|
expiration_id Int32,
|
||||||
|
src_ip String,
|
||||||
|
src_mac String,
|
||||||
|
src_oui String,
|
||||||
|
src_port Int32,
|
||||||
|
dst_ip String,
|
||||||
|
dst_mac String,
|
||||||
|
dst_oui String,
|
||||||
|
dst_port Int32,
|
||||||
|
protocol Int32,
|
||||||
|
ip_version Int32,
|
||||||
|
vlan_id Int32,
|
||||||
|
bidirectional_first_seen_ms Int64,
|
||||||
|
bidirectional_last_seen_ms Int64,
|
||||||
|
bidirectional_duration_ms Int64,
|
||||||
|
bidirectional_packets Int64,
|
||||||
|
bidirectional_bytes Int64,
|
||||||
|
src2dst_first_seen_ms Int64,
|
||||||
|
src2dst_last_seen_ms Int64,
|
||||||
|
src2dst_duration_ms Int64,
|
||||||
|
src2dst_packets Int64,
|
||||||
|
src2dst_bytes Int64,
|
||||||
|
dst2src_first_seen_ms Int64,
|
||||||
|
dst2src_last_seen_ms Int64,
|
||||||
|
dst2src_duration_ms Int64,
|
||||||
|
dst2src_packets Int64,
|
||||||
|
dst2src_bytes Int64,
|
||||||
|
tunnel_id Int64,
|
||||||
|
application_name String,
|
||||||
|
application_category_name String,
|
||||||
|
application_is_guessed Int64,
|
||||||
|
application_confidence Int64,
|
||||||
|
requested_server_name String,
|
||||||
|
client_fingerprint String,
|
||||||
|
server_fingerprint String,
|
||||||
|
user_agent String,
|
||||||
|
content_type String,
|
||||||
|
bidirectional_min_ps Int64,
|
||||||
|
bidirectional_mean_ps Float64,
|
||||||
|
bidirectional_stddev_ps Float64,
|
||||||
|
bidirectional_max_ps Int64,
|
||||||
|
src2dst_min_ps Int64,
|
||||||
|
src2dst_mean_ps Float64,
|
||||||
|
src2dst_stddev_ps Float64,
|
||||||
|
src2dst_max_ps Int64,
|
||||||
|
dst2src_min_ps Int64,
|
||||||
|
dst2src_mean_ps Float64,
|
||||||
|
dst2src_stddev_ps Float64,
|
||||||
|
dst2src_max_ps Int64,
|
||||||
|
bidirectional_min_piat_ms Int64,
|
||||||
|
bidirectional_mean_piat_ms Float64,
|
||||||
|
bidirectional_stddev_piat_ms Float64,
|
||||||
|
bidirectional_max_piat_ms Int64,
|
||||||
|
src2dst_min_piat_ms Int64,
|
||||||
|
src2dst_mean_piat_ms Float64,
|
||||||
|
src2dst_stddev_piat_ms Float64,
|
||||||
|
src2dst_max_piat_ms Int64,
|
||||||
|
dst2src_min_piat_ms Int64,
|
||||||
|
dst2src_mean_piat_ms Float64,
|
||||||
|
dst2src_stddev_piat_ms Float64,
|
||||||
|
dst2src_max_piat_ms Int64,
|
||||||
|
bidirectional_syn_packets Int64,
|
||||||
|
bidirectional_cwr_packets Int64,
|
||||||
|
bidirectional_ece_packets Int64,
|
||||||
|
bidirectional_urg_packets Int64,
|
||||||
|
bidirectional_ack_packets Int64,
|
||||||
|
bidirectional_psh_packets Int64,
|
||||||
|
bidirectional_rst_packets Int64,
|
||||||
|
bidirectional_fin_packets Int64,
|
||||||
|
src2dst_syn_packets Int64,
|
||||||
|
src2dst_cwr_packets Int64,
|
||||||
|
src2dst_ece_packets Int64,
|
||||||
|
src2dst_urg_packets Int64,
|
||||||
|
src2dst_ack_packets Int64,
|
||||||
|
src2dst_psh_packets Int64,
|
||||||
|
src2dst_rst_packets Int64,
|
||||||
|
src2dst_fin_packets Int64,
|
||||||
|
dst2src_syn_packets Int64,
|
||||||
|
dst2src_cwr_packets Int64,
|
||||||
|
dst2src_ece_packets Int64,
|
||||||
|
dst2src_urg_packets Int64,
|
||||||
|
dst2src_ack_packets Int64,
|
||||||
|
dst2src_psh_packets Int64,
|
||||||
|
dst2src_rst_packets Int64,
|
||||||
|
dst2src_fin_packets Int64,
|
||||||
|
splt_direction Array(Int64),
|
||||||
|
splt_ps Array(Int64),
|
||||||
|
splt_piat_ms Array(Int64),
|
||||||
|
stf_payload_sizes Array(Int64),
|
||||||
|
stf_directions Array(Int64),
|
||||||
|
stf_gram_sequences Array(String),
|
||||||
|
stf_gram_match_results String,
|
||||||
|
stf_encrypted_tunnel_flag Int64,
|
||||||
|
stf_simple_obfs_resp_flag Int64,
|
||||||
|
stf_valid_packet_counts Int64,
|
||||||
|
stf_has_tcp_handshake Int64
|
||||||
|
)
|
||||||
|
ENGINE =Distributed(ck_cluster,cyber_narrator_galaxy,session_record_nfsp_local,rand());
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_nfsp on cluster ck_query (
|
||||||
|
id Int32,
|
||||||
|
expiration_id Int32,
|
||||||
|
src_ip String,
|
||||||
|
src_mac String,
|
||||||
|
src_oui String,
|
||||||
|
src_port Int32,
|
||||||
|
dst_ip String,
|
||||||
|
dst_mac String,
|
||||||
|
dst_oui String,
|
||||||
|
dst_port Int32,
|
||||||
|
protocol Int32,
|
||||||
|
ip_version Int32,
|
||||||
|
vlan_id Int32,
|
||||||
|
bidirectional_first_seen_ms Int64,
|
||||||
|
bidirectional_last_seen_ms Int64,
|
||||||
|
bidirectional_duration_ms Int64,
|
||||||
|
bidirectional_packets Int64,
|
||||||
|
bidirectional_bytes Int64,
|
||||||
|
src2dst_first_seen_ms Int64,
|
||||||
|
src2dst_last_seen_ms Int64,
|
||||||
|
src2dst_duration_ms Int64,
|
||||||
|
src2dst_packets Int64,
|
||||||
|
src2dst_bytes Int64,
|
||||||
|
dst2src_first_seen_ms Int64,
|
||||||
|
dst2src_last_seen_ms Int64,
|
||||||
|
dst2src_duration_ms Int64,
|
||||||
|
dst2src_packets Int64,
|
||||||
|
dst2src_bytes Int64,
|
||||||
|
tunnel_id Int64,
|
||||||
|
application_name String,
|
||||||
|
application_category_name String,
|
||||||
|
application_is_guessed Int64,
|
||||||
|
application_confidence Int64,
|
||||||
|
requested_server_name String,
|
||||||
|
client_fingerprint String,
|
||||||
|
server_fingerprint String,
|
||||||
|
user_agent String,
|
||||||
|
content_type String,
|
||||||
|
bidirectional_min_ps Int64,
|
||||||
|
bidirectional_mean_ps Float64,
|
||||||
|
bidirectional_stddev_ps Float64,
|
||||||
|
bidirectional_max_ps Int64,
|
||||||
|
src2dst_min_ps Int64,
|
||||||
|
src2dst_mean_ps Float64,
|
||||||
|
src2dst_stddev_ps Float64,
|
||||||
|
src2dst_max_ps Int64,
|
||||||
|
dst2src_min_ps Int64,
|
||||||
|
dst2src_mean_ps Float64,
|
||||||
|
dst2src_stddev_ps Float64,
|
||||||
|
dst2src_max_ps Int64,
|
||||||
|
bidirectional_min_piat_ms Int64,
|
||||||
|
bidirectional_mean_piat_ms Float64,
|
||||||
|
bidirectional_stddev_piat_ms Float64,
|
||||||
|
bidirectional_max_piat_ms Int64,
|
||||||
|
src2dst_min_piat_ms Int64,
|
||||||
|
src2dst_mean_piat_ms Float64,
|
||||||
|
src2dst_stddev_piat_ms Float64,
|
||||||
|
src2dst_max_piat_ms Int64,
|
||||||
|
dst2src_min_piat_ms Int64,
|
||||||
|
dst2src_mean_piat_ms Float64,
|
||||||
|
dst2src_stddev_piat_ms Float64,
|
||||||
|
dst2src_max_piat_ms Int64,
|
||||||
|
bidirectional_syn_packets Int64,
|
||||||
|
bidirectional_cwr_packets Int64,
|
||||||
|
bidirectional_ece_packets Int64,
|
||||||
|
bidirectional_urg_packets Int64,
|
||||||
|
bidirectional_ack_packets Int64,
|
||||||
|
bidirectional_psh_packets Int64,
|
||||||
|
bidirectional_rst_packets Int64,
|
||||||
|
bidirectional_fin_packets Int64,
|
||||||
|
src2dst_syn_packets Int64,
|
||||||
|
src2dst_cwr_packets Int64,
|
||||||
|
src2dst_ece_packets Int64,
|
||||||
|
src2dst_urg_packets Int64,
|
||||||
|
src2dst_ack_packets Int64,
|
||||||
|
src2dst_psh_packets Int64,
|
||||||
|
src2dst_rst_packets Int64,
|
||||||
|
src2dst_fin_packets Int64,
|
||||||
|
dst2src_syn_packets Int64,
|
||||||
|
dst2src_cwr_packets Int64,
|
||||||
|
dst2src_ece_packets Int64,
|
||||||
|
dst2src_urg_packets Int64,
|
||||||
|
dst2src_ack_packets Int64,
|
||||||
|
dst2src_psh_packets Int64,
|
||||||
|
dst2src_rst_packets Int64,
|
||||||
|
dst2src_fin_packets Int64,
|
||||||
|
splt_direction Array(Int64),
|
||||||
|
splt_ps Array(Int64),
|
||||||
|
splt_piat_ms Array(Int64),
|
||||||
|
stf_payload_sizes Array(Int64),
|
||||||
|
stf_directions Array(Int64),
|
||||||
|
stf_gram_sequences Array(String),
|
||||||
|
stf_gram_match_results String,
|
||||||
|
stf_encrypted_tunnel_flag Int64,
|
||||||
|
stf_simple_obfs_resp_flag Int64,
|
||||||
|
stf_valid_packet_counts Int64,
|
||||||
|
stf_has_tcp_handshake Int64
|
||||||
|
)
|
||||||
|
ENGINE =Distributed(ck_cluster,cyber_narrator_galaxy,session_record_nfsp_local,rand());
|
||||||
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,96 +1,96 @@
|
|||||||
set distributed_ddl_task_timeout = 180;
|
set distributed_ddl_task_timeout = 180;
|
||||||
|
|
||||||
-- 删除源表同步到临时表物化视图, 七个表
|
-- 删除源表同步到临时表物化视图, 七个表
|
||||||
drop view if exists tsg_galaxy_v3.session_record_local_2310_to_2401_view on cluster ck_cluster;
|
drop view if exists tsg_galaxy_v3.session_record_local_2310_to_2401_view on cluster ck_cluster;
|
||||||
drop view if exists tsg_galaxy_v3.security_event_local_2310_to_security_event_local_2401_view on cluster ck_cluster;
|
drop view if exists tsg_galaxy_v3.security_event_local_2310_to_security_event_local_2401_view on cluster ck_cluster;
|
||||||
drop view if exists tsg_galaxy_v3.security_event_local_2310_to_monitor_event_local_2401_view on cluster ck_cluster;
|
drop view if exists tsg_galaxy_v3.security_event_local_2310_to_monitor_event_local_2401_view on cluster ck_cluster;
|
||||||
drop view if exists tsg_galaxy_v3.transaction_record_local_2310_to_2401_view on cluster ck_cluster;
|
drop view if exists tsg_galaxy_v3.transaction_record_local_2310_to_2401_view on cluster ck_cluster;
|
||||||
drop view if exists tsg_galaxy_v3.voip_record_local_2310_to_2401_view on cluster ck_cluster;
|
drop view if exists tsg_galaxy_v3.voip_record_local_2310_to_2401_view on cluster ck_cluster;
|
||||||
drop view if exists tsg_galaxy_v3.proxy_event_local_2310_to_2401_view on cluster ck_cluster;
|
drop view if exists tsg_galaxy_v3.proxy_event_local_2310_to_2401_view on cluster ck_cluster;
|
||||||
drop view if exists tsg_galaxy_v3.dos_event_local_2310_to_2401_view on cluster ck_cluster;
|
drop view if exists tsg_galaxy_v3.dos_event_local_2310_to_2401_view on cluster ck_cluster;
|
||||||
|
|
||||||
-- 删除源表同步子表物化视图
|
-- 删除源表同步子表物化视图
|
||||||
drop VIEW IF EXISTS tsg_galaxy_v3.common_client_ip ON CLUSTER ck_cluster;
|
drop VIEW IF EXISTS tsg_galaxy_v3.common_client_ip ON CLUSTER ck_cluster;
|
||||||
drop VIEW IF EXISTS tsg_galaxy_v3.common_http_domain ON CLUSTER ck_cluster;
|
drop VIEW IF EXISTS tsg_galaxy_v3.common_http_domain ON CLUSTER ck_cluster;
|
||||||
drop VIEW IF EXISTS tsg_galaxy_v3.common_server_ip ON CLUSTER ck_cluster;
|
drop VIEW IF EXISTS tsg_galaxy_v3.common_server_ip ON CLUSTER ck_cluster;
|
||||||
drop VIEW IF EXISTS tsg_galaxy_v3.common_server_domain ON CLUSTER ck_cluster;
|
drop VIEW IF EXISTS tsg_galaxy_v3.common_server_domain ON CLUSTER ck_cluster;
|
||||||
|
|
||||||
-- 删除源表子表相关回表
|
-- 删除源表子表相关回表
|
||||||
drop table IF EXISTS tsg_galaxy_v3.interim_session_record_local ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.interim_session_record_local ON CLUSTER ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_common_client_ip_local ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_common_client_ip_local ON CLUSTER ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_domain_local ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_domain_local ON CLUSTER ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_ip_local ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_ip_local ON CLUSTER ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_http_domain_local ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_http_domain_local ON CLUSTER ck_cluster;
|
||||||
|
|
||||||
drop table IF EXISTS tsg_galaxy_v3.interim_session_record ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.interim_session_record ON CLUSTER ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_common_client_ip ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_common_client_ip ON CLUSTER ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_domain ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_domain ON CLUSTER ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_ip ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_ip ON CLUSTER ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_http_domain ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_http_domain ON CLUSTER ck_cluster;
|
||||||
|
|
||||||
drop table IF EXISTS tsg_galaxy_v3.interim_session_record ON CLUSTER ck_query;
|
drop table IF EXISTS tsg_galaxy_v3.interim_session_record ON CLUSTER ck_query;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_common_client_ip ON CLUSTER ck_query;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_common_client_ip ON CLUSTER ck_query;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_domain ON CLUSTER ck_query;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_domain ON CLUSTER ck_query;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_ip ON CLUSTER ck_query;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_common_server_ip ON CLUSTER ck_query;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.session_record_http_domain ON CLUSTER ck_query;
|
drop table IF EXISTS tsg_galaxy_v3.session_record_http_domain ON CLUSTER ck_query;
|
||||||
|
|
||||||
-- 源表rename到历史表
|
-- 源表rename到历史表
|
||||||
RENAME TABLE tsg_galaxy_v3.session_record_local to tsg_galaxy_v3.session_record_local_old on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.session_record_local to tsg_galaxy_v3.session_record_local_old on cluster ck_cluster;
|
||||||
RENAME TABLE tsg_galaxy_v3.security_event_local to tsg_galaxy_v3.security_event_local_old on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.security_event_local to tsg_galaxy_v3.security_event_local_old on cluster ck_cluster;
|
||||||
RENAME TABLE tsg_galaxy_v3.transaction_record_local to tsg_galaxy_v3.transaction_record_local_old on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.transaction_record_local to tsg_galaxy_v3.transaction_record_local_old on cluster ck_cluster;
|
||||||
RENAME TABLE tsg_galaxy_v3.voip_record_local to tsg_galaxy_v3.voip_record_local_old on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.voip_record_local to tsg_galaxy_v3.voip_record_local_old on cluster ck_cluster;
|
||||||
RENAME TABLE tsg_galaxy_v3.proxy_event_local to tsg_galaxy_v3.proxy_event_local_old on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.proxy_event_local to tsg_galaxy_v3.proxy_event_local_old on cluster ck_cluster;
|
||||||
RENAME TABLE tsg_galaxy_v3.dos_event_local to tsg_galaxy_v3.dos_event_local_old on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.dos_event_local to tsg_galaxy_v3.dos_event_local_old on cluster ck_cluster;
|
||||||
|
|
||||||
-- 删除源表分布式表
|
-- 删除源表分布式表
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.session_record ON CLUSTER ck_query;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.session_record ON CLUSTER ck_query;
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.session_record ON CLUSTER ck_cluster;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.session_record ON CLUSTER ck_cluster;
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.security_event ON CLUSTER ck_query;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.security_event ON CLUSTER ck_query;
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.security_event ON CLUSTER ck_cluster;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.security_event ON CLUSTER ck_cluster;
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.transaction_record ON CLUSTER ck_query;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.transaction_record ON CLUSTER ck_query;
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.transaction_record ON CLUSTER ck_cluster;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.transaction_record ON CLUSTER ck_cluster;
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.voip_record ON CLUSTER ck_query;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.voip_record ON CLUSTER ck_query;
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.voip_record ON CLUSTER ck_cluster;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.voip_record ON CLUSTER ck_cluster;
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.proxy_event ON CLUSTER ck_query;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.proxy_event ON CLUSTER ck_query;
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.proxy_event ON CLUSTER ck_cluster;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.proxy_event ON CLUSTER ck_cluster;
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.dos_event ON CLUSTER ck_query;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.dos_event ON CLUSTER ck_query;
|
||||||
DROP TABLE IF EXISTS tsg_galaxy_v3.dos_event ON CLUSTER ck_cluster;
|
DROP TABLE IF EXISTS tsg_galaxy_v3.dos_event ON CLUSTER ck_cluster;
|
||||||
|
|
||||||
-- assessment_event不用迁移
|
-- assessment_event不用迁移
|
||||||
drop table IF EXISTS tsg_galaxy_v3.assessment_event on cluster ck_query;
|
drop table IF EXISTS tsg_galaxy_v3.assessment_event on cluster ck_query;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.assessment_event on cluster ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.assessment_event on cluster ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.assessment_event_local on cluster ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.assessment_event_local on cluster ck_cluster;
|
||||||
|
|
||||||
-- 删除废弃表
|
-- 删除废弃表
|
||||||
drop table IF EXISTS tsg_galaxy_v3.gtpc_record_local on cluster ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.gtpc_record_local on cluster ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.gtpc_record on cluster ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.gtpc_record on cluster ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.gtpc_record on cluster ck_query;
|
drop table IF EXISTS tsg_galaxy_v3.gtpc_record on cluster ck_query;
|
||||||
|
|
||||||
drop table IF EXISTS tsg_galaxy_v3.radius_onff_log_local on cluster ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.radius_onff_log_local on cluster ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.radius_onff_log on cluster ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.radius_onff_log on cluster ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.radius_onff_log on cluster ck_query;
|
drop table IF EXISTS tsg_galaxy_v3.radius_onff_log on cluster ck_query;
|
||||||
|
|
||||||
drop table IF EXISTS tsg_galaxy_v3.radius_record_local on cluster ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.radius_record_local on cluster ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.radius_record on cluster ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.radius_record on cluster ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.radius_record on cluster ck_query;
|
drop table IF EXISTS tsg_galaxy_v3.radius_record on cluster ck_query;
|
||||||
|
|
||||||
drop table IF EXISTS tsg_galaxy_v3.sys_packet_capture_event_local on cluster ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.sys_packet_capture_event_local on cluster ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.sys_packet_capture_event on cluster ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.sys_packet_capture_event on cluster ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.sys_packet_capture_event on cluster ck_query;
|
drop table IF EXISTS tsg_galaxy_v3.sys_packet_capture_event on cluster ck_query;
|
||||||
|
|
||||||
drop table IF EXISTS tsg_galaxy_v3.active_defence_event ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.active_defence_event ON CLUSTER ck_cluster;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.active_defence_event ON CLUSTER ck_query;
|
drop table IF EXISTS tsg_galaxy_v3.active_defence_event ON CLUSTER ck_query;
|
||||||
drop table IF EXISTS tsg_galaxy_v3.active_defence_event_local ON CLUSTER ck_cluster;
|
drop table IF EXISTS tsg_galaxy_v3.active_defence_event_local ON CLUSTER ck_cluster;
|
||||||
|
|
||||||
-- 删除临时表之间物化视图
|
-- 删除临时表之间物化视图
|
||||||
drop VIEW IF EXISTS tsg_galaxy_v3.security_event_materialized_view_2401 ON CLUSTER ck_cluster;
|
drop VIEW IF EXISTS tsg_galaxy_v3.security_event_materialized_view_2401 ON CLUSTER ck_cluster;
|
||||||
drop VIEW IF EXISTS tsg_galaxy_v3.monitor_event_materialized_view_2401 ON CLUSTER ck_cluster;
|
drop VIEW IF EXISTS tsg_galaxy_v3.monitor_event_materialized_view_2401 ON CLUSTER ck_cluster;
|
||||||
|
|
||||||
-- 临时表rename到目标表
|
-- 临时表rename到目标表
|
||||||
RENAME TABLE tsg_galaxy_v3.session_record_local_2401 to tsg_galaxy_v3.session_record_local on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.session_record_local_2401 to tsg_galaxy_v3.session_record_local on cluster ck_cluster;
|
||||||
RENAME TABLE tsg_galaxy_v3.security_event_local_2401 to tsg_galaxy_v3.security_event_local on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.security_event_local_2401 to tsg_galaxy_v3.security_event_local on cluster ck_cluster;
|
||||||
RENAME TABLE tsg_galaxy_v3.monitor_event_local_2401 to tsg_galaxy_v3.monitor_event_local on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.monitor_event_local_2401 to tsg_galaxy_v3.monitor_event_local on cluster ck_cluster;
|
||||||
RENAME TABLE tsg_galaxy_v3.transaction_record_local_2401 to tsg_galaxy_v3.transaction_record_local on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.transaction_record_local_2401 to tsg_galaxy_v3.transaction_record_local on cluster ck_cluster;
|
||||||
RENAME TABLE tsg_galaxy_v3.voip_record_local_2401 to tsg_galaxy_v3.voip_record_local on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.voip_record_local_2401 to tsg_galaxy_v3.voip_record_local on cluster ck_cluster;
|
||||||
RENAME TABLE tsg_galaxy_v3.proxy_event_local_2401 to tsg_galaxy_v3.proxy_event_local on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.proxy_event_local_2401 to tsg_galaxy_v3.proxy_event_local on cluster ck_cluster;
|
||||||
RENAME TABLE tsg_galaxy_v3.dos_event_local_2401 to tsg_galaxy_v3.dos_event_local on cluster ck_cluster;
|
RENAME TABLE tsg_galaxy_v3.dos_event_local_2401 to tsg_galaxy_v3.dos_event_local on cluster ck_cluster;
|
||||||
File diff suppressed because it is too large
Load Diff
@@ -1,20 +1,20 @@
|
|||||||
SELECT log_id, recv_time, vsys_id, assessment_date, lot_number, file_name, assessment_file, assessment_type, features, `size`, file_checksum_sha
|
SELECT log_id, recv_time, vsys_id, assessment_date, lot_number, file_name, assessment_file, assessment_type, features, `size`, file_checksum_sha
|
||||||
FROM tsg_galaxy_v3.assessment_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
FROM tsg_galaxy_v3.assessment_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
||||||
SELECT vsys_id, recv_time, log_id, profile_id, start_time, end_time, attack_type, severity, conditions, destination_ip, destination_country, source_ip_list, source_country_list, session_rate, packet_rate, bit_rate
|
SELECT vsys_id, recv_time, log_id, profile_id, start_time, end_time, attack_type, severity, conditions, destination_ip, destination_country, source_ip_list, source_country_list, session_rate, packet_rate, bit_rate
|
||||||
FROM tsg_galaxy_v3.dos_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
FROM tsg_galaxy_v3.dos_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
||||||
SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, statistics_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
|
SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, statistics_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
|
||||||
FROM tsg_galaxy_v3.monitor_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
FROM tsg_galaxy_v3.monitor_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
||||||
SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, statistics_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, ip_protocol, decoded_path, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, doh_url, doh_host, doh_request_line, doh_response_line, doh_cookie, doh_referer, doh_user_agent, doh_content_length, doh_content_type, doh_set_cookie, doh_version, doh_message_id, doh_qr, doh_opcode, doh_aa, doh_tc, doh_rd, doh_ra, doh_rcode, doh_qdcount, doh_ancount, doh_nscount, doh_arcount, doh_qname, doh_qtype, doh_qclass, doh_cname, doh_sub, doh_rr, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
|
SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, statistics_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, ip_protocol, decoded_path, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, doh_url, doh_host, doh_request_line, doh_response_line, doh_cookie, doh_referer, doh_user_agent, doh_content_length, doh_content_type, doh_set_cookie, doh_version, doh_message_id, doh_qr, doh_opcode, doh_aa, doh_tc, doh_rd, doh_ra, doh_rcode, doh_qdcount, doh_ancount, doh_nscount, doh_arcount, doh_qname, doh_qtype, doh_qclass, doh_cname, doh_sub, doh_rr, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
|
||||||
FROM tsg_galaxy_v3.proxy_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
FROM tsg_galaxy_v3.proxy_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
||||||
SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, statistics_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
|
SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, statistics_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
|
||||||
FROM tsg_galaxy_v3.security_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
FROM tsg_galaxy_v3.security_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
||||||
SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, statistics_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
|
SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, statistics_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
|
||||||
FROM tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
FROM tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
||||||
SELECT recv_time, log_id, decoded_as, session_id, ingestion_time, processing_time, insert_time, address_type, vsys_id, client_ip, client_port, server_ip, server_port, sent_pkts, received_pkts, sent_bytes, received_bytes, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye
|
SELECT recv_time, log_id, decoded_as, session_id, ingestion_time, processing_time, insert_time, address_type, vsys_id, client_ip, client_port, server_ip, server_port, sent_pkts, received_pkts, sent_bytes, received_bytes, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye
|
||||||
FROM tsg_galaxy_v3.transaction_record where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
FROM tsg_galaxy_v3.transaction_record where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
||||||
SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, statistics_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, ip_protocol, decoded_path, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
|
SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, statistics_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, ip_protocol, decoded_path, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
|
||||||
FROM tsg_galaxy_v3.voip_record where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
FROM tsg_galaxy_v3.voip_record where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1,271 +1,271 @@
|
|||||||
# 说明
|
# 说明
|
||||||
* 请按步骤依次执行,执行脚本报错时联系研发处理后再执行之后的步骤。
|
* 请按步骤依次执行,执行脚本报错时联系研发处理后再执行之后的步骤。
|
||||||
* 所有ck步骤都需要在query节点执行
|
* 所有ck步骤都需要在query节点执行
|
||||||
* 执行所有sql语句之前需要停止日志留存调度任务,确保ck中无分布式ddl语句H执行,否则执行的sql会阻塞住,影响后续步骤执行
|
* 执行所有sql语句之前需要停止日志留存调度任务,确保ck中无分布式ddl语句H执行,否则执行的sql会阻塞住,影响后续步骤执行
|
||||||
验证sql需要在query节点执行
|
验证sql需要在query节点执行
|
||||||
clickhouse-client -h 127.0.0.1 --port 9001 -m -u default --password ****** --query "select query from system.distributed_ddl_queue where status =0 limit 1"
|
clickhouse-client -h 127.0.0.1 --port 9001 -m -u default --password ****** --query "select query from system.distributed_ddl_queue where status =0 limit 1"
|
||||||
若返回结果为空则可执行升级步骤,否则需要等待。
|
若返回结果为空则可执行升级步骤,否则需要等待。
|
||||||
|
|
||||||
# 一、实时同步任务
|
# 一、实时同步任务
|
||||||
|
|
||||||
* 1.创建临时表
|
* 1.创建临时表
|
||||||
```sh
|
```sh
|
||||||
clickhouse-client -h 127.0.0.1 --port 9001 -m -n -u default --password ****** --distributed_ddl_task_timeout 180 < 01_create_table_2401.sql
|
clickhouse-client -h 127.0.0.1 --port 9001 -m -n -u default --password ****** --distributed_ddl_task_timeout 180 < 01_create_table_2401.sql
|
||||||
```
|
```
|
||||||
|
|
||||||
* 2.创建源表同步到临时表的物化视图
|
* 2.创建源表同步到临时表的物化视图
|
||||||
```sh
|
```sh
|
||||||
clickhouse-client -h 127.0.0.1 --port 9001 -m -n -u default --password ****** --distributed_ddl_task_timeout 180 < 02_create_table_2310_to_2401_view.sql
|
clickhouse-client -h 127.0.0.1 --port 9001 -m -n -u default --password ****** --distributed_ddl_task_timeout 180 < 02_create_table_2310_to_2401_view.sql
|
||||||
```
|
```
|
||||||
|
|
||||||
# 二、升级各个数据中心(可选)
|
# 二、升级各个数据中心(可选)
|
||||||
|
|
||||||
* 1.国家中心启动ck入库任务(XX_2401 task)同步临时表:创建kafka临时topic(以_2401结尾),启动Gohangout同步到临时表任务
|
* 1.国家中心启动ck入库任务(XX_2401 task)同步临时表:创建kafka临时topic(以_2401结尾),启动Gohangout同步到临时表任务
|
||||||
|
|
||||||
* 2.升级各个分数据中心:启动ETL任务发送到国家中心临时topic(以_2401结尾)
|
* 2.升级各个分数据中心:启动ETL任务发送到国家中心临时topic(以_2401结尾)
|
||||||
|
|
||||||
# 三、所有分中心升级完毕,临时表切换为目标表,源表切换为历史表
|
# 三、所有分中心升级完毕,临时表切换为目标表,源表切换为历史表
|
||||||
|
|
||||||
* 1.停止源表ck入库任务
|
* 1.停止源表ck入库任务
|
||||||
|
|
||||||
* 2.停止ck入库临时表任务
|
* 2.停止ck入库临时表任务
|
||||||
|
|
||||||
* 3.重命名旧表和临时表
|
* 3.重命名旧表和临时表
|
||||||
```sql
|
```sql
|
||||||
clickhouse-client -h 127.0.0.1 --port 9001 -m -n -u default --password ****** --distributed_ddl_task_timeout 180 < 03_rename_table.sql
|
clickhouse-client -h 127.0.0.1 --port 9001 -m -n -u default --password ****** --distributed_ddl_task_timeout 180 < 03_rename_table.sql
|
||||||
```
|
```
|
||||||
|
|
||||||
* 4.执行2401版本初始化建表语句
|
* 4.执行2401版本初始化建表语句
|
||||||
```
|
```
|
||||||
clickhouse-client -h 127.0.0.1 --port 9001 -m -n -u default --password ****** --distributed_ddl_task_timeout 180 < 04_init_new_table.sql
|
clickhouse-client -h 127.0.0.1 --port 9001 -m -n -u default --password ****** --distributed_ddl_task_timeout 180 < 04_init_new_table.sql
|
||||||
```
|
```
|
||||||
|
|
||||||
* 5.校验表结构
|
* 5.校验表结构
|
||||||
```
|
```
|
||||||
clickhouse-client -h 127.0.0.1 --port 9001 -m -n -u default --password ****** --distributed_ddl_task_timeout 180 < 05_check.sql
|
clickhouse-client -h 127.0.0.1 --port 9001 -m -n -u default --password ****** --distributed_ddl_task_timeout 180 < 05_check.sql
|
||||||
```
|
```
|
||||||
无报错信息说明校验通过
|
无报错信息说明校验通过
|
||||||
|
|
||||||
* 6.启动目标表ck入库任务(升级完成)
|
* 6.启动目标表ck入库任务(升级完成)
|
||||||
|
|
||||||
|
|
||||||
# 四、离线同步历史数据(可选)
|
# 四、离线同步历史数据(可选)
|
||||||
|
|
||||||
在query节点执行以下步骤,iplist.txt中为ck所有data节点ip地址。
|
在query节点执行以下步骤,iplist.txt中为ck所有data节点ip地址。
|
||||||
|
|
||||||
步骤描述:
|
步骤描述:
|
||||||
* 1.进入migrate_table_2401文件夹,使脚本可执行
|
* 1.进入migrate_table_2401文件夹,使脚本可执行
|
||||||
```
|
```
|
||||||
chmod +x ./*.sh
|
chmod +x ./*.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
* 2.分发迁移脚本到data节点
|
* 2.分发迁移脚本到data节点
|
||||||
```
|
```
|
||||||
./01_send_migrate_table_scripts.sh
|
./01_send_migrate_table_scripts.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
* 2.选择迁移某个表,同步需要时间区间的数据,时间区间:[实时同步任务开始时间向前推n天, 实时同步任务开始时间),时间区间为左闭右开,不包含结束时间点。
|
* 2.选择迁移某个表,同步需要时间区间的数据,时间区间:[实时同步任务开始时间向前推n天, 实时同步任务开始时间),时间区间为左闭右开,不包含结束时间点。
|
||||||
```
|
```
|
||||||
# 迁移security_event表
|
# 迁移security_event表
|
||||||
./02_start_migrate_table.sh security_event "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
./02_start_migrate_table.sh security_event "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
||||||
```
|
```
|
||||||
|
|
||||||
* 3.监控data节点迁移情况,所有表迁移完成后,确认每个节点同步数据成功/失败批次数,如有失败批次确认是否需要处理
|
* 3.监控data节点迁移情况,所有表迁移完成后,确认每个节点同步数据成功/失败批次数,如有失败批次确认是否需要处理
|
||||||
```
|
```
|
||||||
# 监控security_event表迁移
|
# 监控security_event表迁移
|
||||||
./03_monitor_migrate_table.sh security_event
|
./03_monitor_migrate_table.sh security_event
|
||||||
```
|
```
|
||||||
|
|
||||||
* 4.选择下个张需要迁移的表,重复2-4步骤。支持选择迁移的表有: security_event, monitor_event, session_record, transaction_record, voip_record, proxy_event, dos_event。
|
* 4.选择下个张需要迁移的表,重复2-4步骤。支持选择迁移的表有: security_event, monitor_event, session_record, transaction_record, voip_record, proxy_event, dos_event。
|
||||||
|
|
||||||
|
|
||||||
迁移和监控各个表执行命令示例:
|
迁移和监控各个表执行命令示例:
|
||||||
```sh
|
```sh
|
||||||
# 迁移security_event表
|
# 迁移security_event表
|
||||||
./02_start_migrate_table.sh security_event "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
./02_start_migrate_table.sh security_event "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
||||||
# 监控security_event表迁移
|
# 监控security_event表迁移
|
||||||
./03_monitor_migrate_table.sh security_event
|
./03_monitor_migrate_table.sh security_event
|
||||||
|
|
||||||
|
|
||||||
# 迁移monitor_event表
|
# 迁移monitor_event表
|
||||||
./02_start_migrate_table.sh monitor_event "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
./02_start_migrate_table.sh monitor_event "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
||||||
# 监控monitor_event表迁移
|
# 监控monitor_event表迁移
|
||||||
./03_monitor_migrate_table.sh monitor_event
|
./03_monitor_migrate_table.sh monitor_event
|
||||||
|
|
||||||
|
|
||||||
# 迁移session_record表
|
# 迁移session_record表
|
||||||
./02_start_migrate_table.sh session_record "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
./02_start_migrate_table.sh session_record "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
||||||
# 监控session_record表迁移
|
# 监控session_record表迁移
|
||||||
./03_monitor_migrate_table.sh session_record
|
./03_monitor_migrate_table.sh session_record
|
||||||
|
|
||||||
|
|
||||||
# 迁移transaction_record表
|
# 迁移transaction_record表
|
||||||
./02_start_migrate_table.sh transaction_record "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
./02_start_migrate_table.sh transaction_record "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
||||||
# 监控transaction_record表迁移
|
# 监控transaction_record表迁移
|
||||||
./03_monitor_migrate_table.sh transaction_record
|
./03_monitor_migrate_table.sh transaction_record
|
||||||
|
|
||||||
|
|
||||||
# 迁移voip_record表
|
# 迁移voip_record表
|
||||||
./02_start_migrate_table.sh voip_record "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
./02_start_migrate_table.sh voip_record "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
||||||
# 监控voip_record表迁移
|
# 监控voip_record表迁移
|
||||||
./03_monitor_migrate_table.sh voip_record
|
./03_monitor_migrate_table.sh voip_record
|
||||||
|
|
||||||
|
|
||||||
# 迁移proxy_event表
|
# 迁移proxy_event表
|
||||||
./02_start_migrate_table.sh proxy_event "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
./02_start_migrate_table.sh proxy_event "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
||||||
# 监控proxy_event表迁移
|
# 监控proxy_event表迁移
|
||||||
./03_monitor_migrate_table.sh proxy_event
|
./03_monitor_migrate_table.sh proxy_event
|
||||||
|
|
||||||
|
|
||||||
# 迁移dos_event表
|
# 迁移dos_event表
|
||||||
./02_start_migrate_table.sh dos_event "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
./02_start_migrate_table.sh dos_event "2024-01-10 00:00:00" "2024-01-20 00:00:00" 60
|
||||||
# 监控dos_event表迁移
|
# 监控dos_event表迁移
|
||||||
./03_monitor_migrate_table.sh dos_event
|
./03_monitor_migrate_table.sh dos_event
|
||||||
```
|
```
|
||||||
|
|
||||||
迁移日志无报错,数据迁移完成。
|
迁移日志无报错,数据迁移完成。
|
||||||
|
|
||||||
如果有数据迁移失败批次,查看新老表迁移数据量对应情况(ck每台**data**节点):
|
如果有数据迁移失败批次,查看新老表迁移数据量对应情况(ck每台**data**节点):
|
||||||
```sql
|
```sql
|
||||||
-- security_event
|
-- security_event
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(common_recv_time)) d,
|
date_trunc('day', toDateTime(common_recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.security_event_local_old
|
FROM tsg_galaxy_v3.security_event_local_old
|
||||||
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
and common_action in (16, 96)
|
and common_action in (16, 96)
|
||||||
group by date_trunc('day', toDateTime(common_recv_time))
|
group by date_trunc('day', toDateTime(common_recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(recv_time)) d,
|
date_trunc('day', toDateTime(recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.security_event_local
|
FROM tsg_galaxy_v3.security_event_local
|
||||||
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(recv_time))
|
group by date_trunc('day', toDateTime(recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
-- monitor_event
|
-- monitor_event
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(common_recv_time)) d,
|
date_trunc('day', toDateTime(common_recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.security_event_local_old
|
FROM tsg_galaxy_v3.security_event_local_old
|
||||||
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
and common_action = 1
|
and common_action = 1
|
||||||
group by date_trunc('day', toDateTime(common_recv_time))
|
group by date_trunc('day', toDateTime(common_recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(recv_time)) d,
|
date_trunc('day', toDateTime(recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.monitor_event_local
|
FROM tsg_galaxy_v3.monitor_event_local
|
||||||
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(recv_time))
|
group by date_trunc('day', toDateTime(recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
-- session_record
|
-- session_record
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(common_recv_time)) d,
|
date_trunc('day', toDateTime(common_recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.session_record_local_old
|
FROM tsg_galaxy_v3.session_record_local_old
|
||||||
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(common_recv_time))
|
group by date_trunc('day', toDateTime(common_recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(recv_time)) d,
|
date_trunc('day', toDateTime(recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.session_record_local
|
FROM tsg_galaxy_v3.session_record_local
|
||||||
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(recv_time))
|
group by date_trunc('day', toDateTime(recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
-- transaction_record
|
-- transaction_record
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(common_recv_time)) d,
|
date_trunc('day', toDateTime(common_recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.transaction_record_local_old
|
FROM tsg_galaxy_v3.transaction_record_local_old
|
||||||
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(common_recv_time))
|
group by date_trunc('day', toDateTime(common_recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(recv_time)) d,
|
date_trunc('day', toDateTime(recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.transaction_record_local
|
FROM tsg_galaxy_v3.transaction_record_local
|
||||||
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(recv_time))
|
group by date_trunc('day', toDateTime(recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
-- voip_record
|
-- voip_record
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(common_recv_time)) d,
|
date_trunc('day', toDateTime(common_recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.voip_record_local_old
|
FROM tsg_galaxy_v3.voip_record_local_old
|
||||||
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(common_recv_time))
|
group by date_trunc('day', toDateTime(common_recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(recv_time)) d,
|
date_trunc('day', toDateTime(recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.voip_record_local
|
FROM tsg_galaxy_v3.voip_record_local
|
||||||
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(recv_time))
|
group by date_trunc('day', toDateTime(recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
-- proxy_event
|
-- proxy_event
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(common_recv_time)) d,
|
date_trunc('day', toDateTime(common_recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.proxy_event_local_old
|
FROM tsg_galaxy_v3.proxy_event_local_old
|
||||||
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE common_recv_time>= toUnixTimestamp('2024-01-10 00:00:00') and common_recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(common_recv_time))
|
group by date_trunc('day', toDateTime(common_recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(recv_time)) d,
|
date_trunc('day', toDateTime(recv_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.proxy_event_local
|
FROM tsg_galaxy_v3.proxy_event_local
|
||||||
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE recv_time >= toUnixTimestamp('2024-01-10 00:00:00') and recv_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(recv_time))
|
group by date_trunc('day', toDateTime(recv_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
-- dos_event
|
-- dos_event
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(start_time)) d,
|
date_trunc('day', toDateTime(start_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.dos_event_local_old
|
FROM tsg_galaxy_v3.dos_event_local_old
|
||||||
WHERE start_time>= toUnixTimestamp('2024-01-10 00:00:00') and start_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE start_time>= toUnixTimestamp('2024-01-10 00:00:00') and start_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(start_time))
|
group by date_trunc('day', toDateTime(start_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
|
|
||||||
SELECT
|
SELECT
|
||||||
date_trunc('day', toDateTime(start_time)) d,
|
date_trunc('day', toDateTime(start_time)) d,
|
||||||
COUNT(1) cnt
|
COUNT(1) cnt
|
||||||
FROM tsg_galaxy_v3.dos_event_local
|
FROM tsg_galaxy_v3.dos_event_local
|
||||||
WHERE start_time >= toUnixTimestamp('2024-01-10 00:00:00') and start_time < toUnixTimestamp('2024-01-20 00:00:00')
|
WHERE start_time >= toUnixTimestamp('2024-01-10 00:00:00') and start_time < toUnixTimestamp('2024-01-20 00:00:00')
|
||||||
group by date_trunc('day', toDateTime(start_time))
|
group by date_trunc('day', toDateTime(start_time))
|
||||||
order by d
|
order by d
|
||||||
;
|
;
|
||||||
```
|
```
|
||||||
Reference in New Issue
Block a user