Move old version files and add <Clickhouse_CN_NFSP建表语句.sql> file.

Clickhouse最新全量建表语句/Clickhouse_CN_NFSP建表语句.sql

@@ -0,0 +1,311 @@
+create database IF NOT EXISTS cyber_narrator_galaxy ON CLUSTER ck_cluster;
+create database IF NOT EXISTS cyber_narrator_galaxy ON CLUSTER ck_query;
+
+
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_nfsp_local on cluster ck_cluster (
+    id Int32,
+    expiration_id Int32,
+    src_ip String,
+    src_mac String,
+    src_oui String,
+    src_port Int32,
+    dst_ip String,
+    dst_mac String,
+    dst_oui String,
+    dst_port Int32,
+    protocol Int32,
+    ip_version Int32,
+    vlan_id Int32,
+    bidirectional_first_seen_ms Int64,
+    bidirectional_last_seen_ms Int64,
+    bidirectional_duration_ms Int64,
+    bidirectional_packets Int64,
+    bidirectional_bytes Int64,
+    src2dst_first_seen_ms Int64,
+    src2dst_last_seen_ms Int64,
+    src2dst_duration_ms Int64,
+    src2dst_packets Int64,
+    src2dst_bytes Int64,
+    dst2src_first_seen_ms Int64,
+    dst2src_last_seen_ms Int64,
+    dst2src_duration_ms Int64,
+    dst2src_packets Int64,
+    dst2src_bytes Int64,
+    tunnel_id Int64,
+    application_name String,
+    application_category_name String,
+    application_is_guessed Int64,
+    application_confidence Int64,
+    requested_server_name String,
+    client_fingerprint String,
+    server_fingerprint String,
+    user_agent String,
+    content_type String,
+    bidirectional_min_ps Int64,
+    bidirectional_mean_ps Float64,
+    bidirectional_stddev_ps Float64,
+    bidirectional_max_ps Int64,
+    src2dst_min_ps Int64,
+    src2dst_mean_ps Float64,
+    src2dst_stddev_ps Float64,
+    src2dst_max_ps Int64,
+    dst2src_min_ps Int64,
+    dst2src_mean_ps Float64,
+    dst2src_stddev_ps Float64,
+    dst2src_max_ps Int64,
+    bidirectional_min_piat_ms Int64,
+    bidirectional_mean_piat_ms Float64,
+    bidirectional_stddev_piat_ms Float64,
+    bidirectional_max_piat_ms Int64,
+    src2dst_min_piat_ms Int64,
+    src2dst_mean_piat_ms Float64,
+    src2dst_stddev_piat_ms Float64,
+    src2dst_max_piat_ms Int64,
+    dst2src_min_piat_ms Int64,
+    dst2src_mean_piat_ms Float64,
+    dst2src_stddev_piat_ms Float64,
+    dst2src_max_piat_ms Int64,
+    bidirectional_syn_packets Int64,
+    bidirectional_cwr_packets Int64,
+    bidirectional_ece_packets Int64,
+    bidirectional_urg_packets Int64,
+    bidirectional_ack_packets Int64,
+    bidirectional_psh_packets Int64,
+    bidirectional_rst_packets Int64,
+    bidirectional_fin_packets Int64,
+    src2dst_syn_packets Int64,
+    src2dst_cwr_packets Int64,
+    src2dst_ece_packets Int64,
+    src2dst_urg_packets Int64,
+    src2dst_ack_packets Int64,
+    src2dst_psh_packets Int64,
+    src2dst_rst_packets Int64,
+    src2dst_fin_packets Int64,
+    dst2src_syn_packets Int64,
+    dst2src_cwr_packets Int64,
+    dst2src_ece_packets Int64,
+    dst2src_urg_packets Int64,
+    dst2src_ack_packets Int64,
+    dst2src_psh_packets Int64,
+    dst2src_rst_packets Int64,
+    dst2src_fin_packets Int64,	
+    splt_direction Array(Int64),
+    splt_ps Array(Int64),
+    splt_piat_ms Array(Int64),
+    stf_payload_sizes Array(Int64),
+    stf_directions Array(Int64),
+    stf_gram_sequences Array(String),
+    stf_gram_match_results String,
+    stf_encrypted_tunnel_flag Int64,
+    stf_simple_obfs_resp_flag Int64,
+    stf_valid_packet_counts Int64,
+    stf_has_tcp_handshake Int64
+)
+ENGINE = MergeTree
+PARTITION BY toYYYYMMDD(toDate(bidirectional_first_seen_ms/1000))
+ORDER BY bidirectional_first_seen_ms;
+
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_nfsp on cluster ck_cluster (
+    id Int32,
+    expiration_id Int32,
+    src_ip String,
+    src_mac String,
+    src_oui String,
+    src_port Int32,
+    dst_ip String,
+    dst_mac String,
+    dst_oui String,
+    dst_port Int32,
+    protocol Int32,
+    ip_version Int32,
+    vlan_id Int32,
+    bidirectional_first_seen_ms Int64,
+    bidirectional_last_seen_ms Int64,
+    bidirectional_duration_ms Int64,
+    bidirectional_packets Int64,
+    bidirectional_bytes Int64,
+    src2dst_first_seen_ms Int64,
+    src2dst_last_seen_ms Int64,
+    src2dst_duration_ms Int64,
+    src2dst_packets Int64,
+    src2dst_bytes Int64,
+    dst2src_first_seen_ms Int64,
+    dst2src_last_seen_ms Int64,
+    dst2src_duration_ms Int64,
+    dst2src_packets Int64,
+    dst2src_bytes Int64,
+    tunnel_id Int64,
+    application_name String,
+    application_category_name String,
+    application_is_guessed Int64,
+    application_confidence Int64,
+    requested_server_name String,
+    client_fingerprint String,
+    server_fingerprint String,
+    user_agent String,
+    content_type String,
+    bidirectional_min_ps Int64,
+    bidirectional_mean_ps Float64,
+    bidirectional_stddev_ps Float64,
+    bidirectional_max_ps Int64,
+    src2dst_min_ps Int64,
+    src2dst_mean_ps Float64,
+    src2dst_stddev_ps Float64,
+    src2dst_max_ps Int64,
+    dst2src_min_ps Int64,
+    dst2src_mean_ps Float64,
+    dst2src_stddev_ps Float64,
+    dst2src_max_ps Int64,
+    bidirectional_min_piat_ms Int64,
+    bidirectional_mean_piat_ms Float64,
+    bidirectional_stddev_piat_ms Float64,
+    bidirectional_max_piat_ms Int64,
+    src2dst_min_piat_ms Int64,
+    src2dst_mean_piat_ms Float64,
+    src2dst_stddev_piat_ms Float64,
+    src2dst_max_piat_ms Int64,
+    dst2src_min_piat_ms Int64,
+    dst2src_mean_piat_ms Float64,
+    dst2src_stddev_piat_ms Float64,
+    dst2src_max_piat_ms Int64,
+    bidirectional_syn_packets Int64,
+    bidirectional_cwr_packets Int64,
+    bidirectional_ece_packets Int64,
+    bidirectional_urg_packets Int64,
+    bidirectional_ack_packets Int64,
+    bidirectional_psh_packets Int64,
+    bidirectional_rst_packets Int64,
+    bidirectional_fin_packets Int64,
+    src2dst_syn_packets Int64,
+    src2dst_cwr_packets Int64,
+    src2dst_ece_packets Int64,
+    src2dst_urg_packets Int64,
+    src2dst_ack_packets Int64,
+    src2dst_psh_packets Int64,
+    src2dst_rst_packets Int64,
+    src2dst_fin_packets Int64,
+    dst2src_syn_packets Int64,
+    dst2src_cwr_packets Int64,
+    dst2src_ece_packets Int64,
+    dst2src_urg_packets Int64,
+    dst2src_ack_packets Int64,
+    dst2src_psh_packets Int64,
+    dst2src_rst_packets Int64,
+    dst2src_fin_packets Int64,	
+    splt_direction Array(Int64),
+    splt_ps Array(Int64),
+    splt_piat_ms Array(Int64),
+    stf_payload_sizes Array(Int64),
+    stf_directions Array(Int64),
+    stf_gram_sequences Array(String),
+    stf_gram_match_results String,
+    stf_encrypted_tunnel_flag Int64,
+    stf_simple_obfs_resp_flag Int64,
+    stf_valid_packet_counts Int64,
+    stf_has_tcp_handshake Int64
+)
+ENGINE =Distributed(ck_cluster,cyber_narrator_galaxy,session_record_nfsp_local,rand());
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_nfsp on cluster ck_query (
+    id Int32,
+    expiration_id Int32,
+    src_ip String,
+    src_mac String,
+    src_oui String,
+    src_port Int32,
+    dst_ip String,
+    dst_mac String,
+    dst_oui String,
+    dst_port Int32,
+    protocol Int32,
+    ip_version Int32,
+    vlan_id Int32,
+    bidirectional_first_seen_ms Int64,
+    bidirectional_last_seen_ms Int64,
+    bidirectional_duration_ms Int64,
+    bidirectional_packets Int64,
+    bidirectional_bytes Int64,
+    src2dst_first_seen_ms Int64,
+    src2dst_last_seen_ms Int64,
+    src2dst_duration_ms Int64,
+    src2dst_packets Int64,
+    src2dst_bytes Int64,
+    dst2src_first_seen_ms Int64,
+    dst2src_last_seen_ms Int64,
+    dst2src_duration_ms Int64,
+    dst2src_packets Int64,
+    dst2src_bytes Int64,
+    tunnel_id Int64,
+    application_name String,
+    application_category_name String,
+    application_is_guessed Int64,
+    application_confidence Int64,
+    requested_server_name String,
+    client_fingerprint String,
+    server_fingerprint String,
+    user_agent String,
+    content_type String,
+    bidirectional_min_ps Int64,
+    bidirectional_mean_ps Float64,
+    bidirectional_stddev_ps Float64,
+    bidirectional_max_ps Int64,
+    src2dst_min_ps Int64,
+    src2dst_mean_ps Float64,
+    src2dst_stddev_ps Float64,
+    src2dst_max_ps Int64,
+    dst2src_min_ps Int64,
+    dst2src_mean_ps Float64,
+    dst2src_stddev_ps Float64,
+    dst2src_max_ps Int64,
+    bidirectional_min_piat_ms Int64,
+    bidirectional_mean_piat_ms Float64,
+    bidirectional_stddev_piat_ms Float64,
+    bidirectional_max_piat_ms Int64,
+    src2dst_min_piat_ms Int64,
+    src2dst_mean_piat_ms Float64,
+    src2dst_stddev_piat_ms Float64,
+    src2dst_max_piat_ms Int64,
+    dst2src_min_piat_ms Int64,
+    dst2src_mean_piat_ms Float64,
+    dst2src_stddev_piat_ms Float64,
+    dst2src_max_piat_ms Int64,
+    bidirectional_syn_packets Int64,
+    bidirectional_cwr_packets Int64,
+    bidirectional_ece_packets Int64,
+    bidirectional_urg_packets Int64,
+    bidirectional_ack_packets Int64,
+    bidirectional_psh_packets Int64,
+    bidirectional_rst_packets Int64,
+    bidirectional_fin_packets Int64,
+    src2dst_syn_packets Int64,
+    src2dst_cwr_packets Int64,
+    src2dst_ece_packets Int64,
+    src2dst_urg_packets Int64,
+    src2dst_ack_packets Int64,
+    src2dst_psh_packets Int64,
+    src2dst_rst_packets Int64,
+    src2dst_fin_packets Int64,
+    dst2src_syn_packets Int64,
+    dst2src_cwr_packets Int64,
+    dst2src_ece_packets Int64,
+    dst2src_urg_packets Int64,
+    dst2src_ack_packets Int64,
+    dst2src_psh_packets Int64,
+    dst2src_rst_packets Int64,
+    dst2src_fin_packets Int64,	
+    splt_direction Array(Int64),
+    splt_ps Array(Int64),
+    splt_piat_ms Array(Int64),
+    stf_payload_sizes Array(Int64),
+    stf_directions Array(Int64),
+    stf_gram_sequences Array(String),
+    stf_gram_match_results String,
+    stf_encrypted_tunnel_flag Int64,
+    stf_simple_obfs_resp_flag Int64,
+    stf_valid_packet_counts Int64,
+    stf_has_tcp_handshake Int64
+)
+ENGINE =Distributed(ck_cluster,cyber_narrator_galaxy,session_record_nfsp_local,rand());
+