From 03c4575b6e7cb411953814788401115d63638b61 Mon Sep 17 00:00:00 2001
From: houjinchuan <houjinchuan@iie.ac.cn>
Date: Wed, 20 Jul 2022 14:36:13 +0800
Subject: [PATCH] =?UTF-8?q?cn=2009=E7=89=88=E6=9C=ACck=E4=BF=AE=E6=94=B9?=
 =?UTF-8?q?=E5=AD=97=E6=AE=B5=E5=90=8D=EF=BC=8C=E5=A2=9E=E5=8A=A0=E8=A1=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../CN-22.09/clickhouse/update-09-ck.sql      |  12 +-
 .../Clickhouse_CN_建表语句.sql                | 977 +++++++++++++++++-
 2 files changed, 965 insertions(+), 24 deletions(-)

diff --git a/CN发布版本更新记录/CN-22.09/clickhouse/update-09-ck.sql b/CN发布版本更新记录/CN-22.09/clickhouse/update-09-ck.sql
index c503cad..eb69743 100644
--- a/CN发布版本更新记录/CN-22.09/clickhouse/update-09-ck.sql
+++ b/CN发布版本更新记录/CN-22.09/clickhouse/update-09-ck.sql
@@ -6,10 +6,10 @@ ALTER  table cyber_narrator_galaxy.session_record_cn_local on cluster ck_cluster
 ALTER  table cyber_narrator_galaxy.session_record_cn on cluster ck_cluster add column IF NOT EXISTS common_app_id  String after common_app_label;
 ALTER  table cyber_narrator_galaxy.session_record_cn on cluster ck_query add column IF NOT EXISTS common_app_id  String after common_app_label;
 
-ALTER  table cyber_narrator_galaxy.session_record_cn_local on cluster ck_cluster add column IF NOT EXISTS client_is_internal  Nullable(Int64) after domain_whois_org;
-ALTER  table cyber_narrator_galaxy.session_record_cn on cluster ck_cluster add column IF NOT EXISTS client_is_internal  Nullable(Int64) after domain_whois_org;
-ALTER  table cyber_narrator_galaxy.session_record_cn on cluster ck_query add column IF NOT EXISTS client_is_internal  Nullable(Int64) after domain_whois_org;
+ALTER  table cyber_narrator_galaxy.session_record_cn_local on cluster ck_cluster add column IF NOT EXISTS client_zone  String after domain_whois_org;
+ALTER  table cyber_narrator_galaxy.session_record_cn on cluster ck_cluster add column IF NOT EXISTS client_zone  String after domain_whois_org;
+ALTER  table cyber_narrator_galaxy.session_record_cn on cluster ck_query add column IF NOT EXISTS client_zone  String after domain_whois_org;
 
-ALTER  table cyber_narrator_galaxy.session_record_cn_local on cluster ck_cluster add column IF NOT EXISTS server_is_internal  Nullable(Int64) after client_idc_renter;
-ALTER  table cyber_narrator_galaxy.session_record_cn on cluster ck_cluster add column IF NOT EXISTS server_is_internal  Nullable(Int64) after client_idc_renter;
-ALTER  table cyber_narrator_galaxy.session_record_cn on cluster ck_query add column IF NOT EXISTS server_is_internal  Nullable(Int64) after client_idc_renter;
+ALTER  table cyber_narrator_galaxy.session_record_cn_local on cluster ck_cluster add column IF NOT EXISTS server_zone  String after client_idc_renter;
+ALTER  table cyber_narrator_galaxy.session_record_cn on cluster ck_cluster add column IF NOT EXISTS server_zone  String after client_idc_renter;
+ALTER  table cyber_narrator_galaxy.session_record_cn on cluster ck_query add column IF NOT EXISTS server_zone  String after client_idc_renter;
diff --git a/Clickhouse最新全量建表语句/Clickhouse_CN_建表语句.sql b/Clickhouse最新全量建表语句/Clickhouse_CN_建表语句.sql
index f1f96c4..b20130c 100644
--- a/Clickhouse最新全量建表语句/Clickhouse_CN_建表语句.sql
+++ b/Clickhouse最新全量建表语句/Clickhouse_CN_建表语句.sql
@@ -3,7 +3,7 @@ create database IF NOT EXISTS cyber_narrator_galaxy ON CLUSTER ck_query;
 
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn_local ON CLUSTER ck_cluster (
- common_recv_time  Int64,
+  common_recv_time  Int64,
   common_direction  Int64,
   common_stream_dir  Int64,
   common_start_time Int64,
@@ -70,7 +70,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn_local ON CLUS
   domain_reputation_level  String,
   domain_icp_company_name  String,
   domain_whois_org  String,
-  client_is_internal  Nullable(Int64),
+  client_zone  String,
   client_country  String,
   client_province  String,
   client_region  String,
@@ -80,7 +80,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn_local ON CLUS
   client_asn String,
   client_whois_owner  String,
   client_idc_renter  String,
-  server_is_internal  Nullable(Int64),
+  server_zone  String,
   server_country  String,
   server_province  String,
   server_region  String,
@@ -121,7 +121,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn_local ON CLUS
 ) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY common_recv_time SETTINGS index_granularity = 8192;
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn ON CLUSTER ck_cluster (
- common_recv_time  Int64,
+  common_recv_time  Int64,
   common_direction  Int64,
   common_stream_dir  Int64,
   common_start_time Int64,
@@ -188,7 +188,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn ON CLUSTER ck
   domain_reputation_level  String,
   domain_icp_company_name  String,
   domain_whois_org  String,
-  client_is_internal  Nullable(Int64),
+  client_zone  String,
   client_country  String,
   client_province  String,
   client_region  String,
@@ -198,7 +198,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn ON CLUSTER ck
   client_asn String,
   client_whois_owner  String,
   client_idc_renter  String,
-  server_is_internal  Nullable(Int64),
+  server_zone  String,
   server_country  String,
   server_province  String,
   server_region  String,
@@ -239,7 +239,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn ON CLUSTER ck
 ) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'session_record_cn_local', rand());
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn ON CLUSTER ck_query (
- common_recv_time  Int64,
+  common_recv_time  Int64,
   common_direction  Int64,
   common_stream_dir  Int64,
   common_start_time Int64,
@@ -306,7 +306,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn ON CLUSTER ck
   domain_reputation_level  String,
   domain_icp_company_name  String,
   domain_whois_org  String,
-  client_is_internal  Nullable(Int64),
+  client_zone  String,
   client_country  String,
   client_province  String,
   client_region  String,
@@ -316,7 +316,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn ON CLUSTER ck
   client_asn String,
   client_whois_owner  String,
   client_idc_renter  String,
-  server_is_internal  Nullable(Int64),
+  server_zone  String,
   server_country  String,
   server_province  String,
   server_region  String,
@@ -358,7 +358,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.session_record_cn ON CLUSTER ck
 
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.security_event_local ON CLUSTER ck_cluster (
- event_id  UInt64,
+  event_id  UInt64,
   start_time  Int64,
   event_severity  String,
   security_type  String,
@@ -404,7 +404,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.security_event_local ON CLUSTER
 ) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(start_time)) ORDER BY (event_id, start_time) SETTINGS index_granularity = 8192;
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.security_event ON CLUSTER ck_cluster (
- event_id  UInt64,
+  event_id  UInt64,
   start_time  Int64,
   event_severity  String,
   security_type  String,
@@ -450,7 +450,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.security_event ON CLUSTER ck_cl
 ) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'security_event_local', rand());
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.security_event ON CLUSTER ck_query (
- event_id  UInt64,
+  event_id  UInt64,
   start_time  Int64,
   event_severity  String,
   security_type  String,
@@ -497,7 +497,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.security_event ON CLUSTER ck_qu
 
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_map_local ON CLUSTER ck_cluster (
- server_country  String,
+  server_country  String,
   client_country  String,
   server_province  String,
   client_province  String,
@@ -525,7 +525,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_map_local ON CLUSTER ck_
 ) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_recv_time, server_country, common_l4_protocol, common_schema_type, server_region) SETTINGS index_granularity = 8192;
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_map ON CLUSTER ck_cluster (
- server_country  String,
+  server_country  String,
   client_country  String,
   server_province  String,
   client_province  String,
@@ -553,7 +553,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_map ON CLUSTER ck_cluste
 ) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_map_local', rand());
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_map ON CLUSTER ck_query (
- server_country  String,
+  server_country  String,
   client_country  String,
   server_province  String,
   client_province  String,
@@ -582,7 +582,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_map ON CLUSTER ck_query
 
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_top_entity_local ON CLUSTER ck_cluster (
- common_client_ip  String,
+  common_client_ip  String,
   common_server_ip  String,
   domain  String,
   common_app_label  LowCardinality(String),
@@ -611,7 +611,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_top_entity_local ON CLUS
 ) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (group_by, order_by, common_recv_time, time_granularity) SETTINGS index_granularity = 8192;
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_top_entity ON CLUSTER ck_cluster (
- common_client_ip  String,
+  common_client_ip  String,
   common_server_ip  String,
   domain  String,
   common_app_label  LowCardinality(String),
@@ -640,7 +640,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_top_entity ON CLUSTER ck
 ) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_top_entity_local', rand());
 
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_top_entity ON CLUSTER ck_query (
- common_client_ip  String,
+  common_client_ip  String,
   common_server_ip  String,
   domain  String,
   common_app_label  LowCardinality(String),
@@ -668,3 +668,944 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_top_entity ON CLUSTER ck
   packet_retrans  Float64
 ) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_top_entity_local', rand());
 
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_ip_local ON CLUSTER ck_cluster (
+ ip String,
+ side String,
+ zone String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (stat_time,ip) SETTINGS index_granularity = 8192;
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_ip ON CLUSTER ck_cluster (
+ ip String,
+ side String,
+ zone String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_ip_local', rand());
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_ip ON CLUSTER ck_query (
+ ip String,
+ side String,
+ zone String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_ip_local', rand());
+
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_region_local ON CLUSTER ck_cluster (
+ country String,
+ province String,
+ city String,
+ side String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (stat_time,country,province,city) SETTINGS index_granularity = 8192;
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_region ON CLUSTER ck_cluster (
+ country String,
+ province String,
+ city String,
+ side String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_region_local', rand());
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_region ON CLUSTER ck_query (
+ country String,
+ province String,
+ city String,
+ side String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_region_local', rand());
+
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_asn_local ON CLUSTER ck_cluster (
+ asn String,
+ isp String,
+ side String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (stat_time,asn,isp) SETTINGS index_granularity = 8192;
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_asn ON CLUSTER ck_cluster (
+ asn String,
+ isp String,
+ side String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_asn_local', rand());
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_asn ON CLUSTER ck_query (
+ asn String,
+ isp String,
+ side String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_asn_local', rand());
+
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_idc_renter_local ON CLUSTER ck_cluster (
+ idc_renter String,
+ side String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (stat_time,idc_renter) SETTINGS index_granularity = 8192;
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_idc_renter ON CLUSTER ck_cluster (
+ idc_renter String,
+ side String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_idc_renter_local', rand());
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_idc_renter ON CLUSTER ck_query (
+ idc_renter String,
+ side String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_idc_renter_local', rand());
+
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_application_local ON CLUSTER ck_cluster (
+ common_app_label String,
+ app_category String,
+ app_subcategory String,
+ app_company String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (stat_time,common_app_label,app_category,app_subcategory,app_company) SETTINGS index_granularity = 8192;
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_application ON CLUSTER ck_cluster (
+ common_app_label String,
+ app_category String,
+ app_subcategory String,
+ app_company String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_application_local', rand());
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_application ON CLUSTER ck_query (
+ common_app_label String,
+ app_category String,
+ app_subcategory String,
+ app_company String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_application_local', rand());
+
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_domain_local ON CLUSTER ck_cluster (
+ domain String,
+ domain_category_name String,
+ domain_category_group String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (stat_time,domain,domain_category_name,domain_category_group) SETTINGS index_granularity = 8192;
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_domain ON CLUSTER ck_cluster (
+ domain String,
+ domain_category_name String,
+ domain_category_group String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_domain_local', rand());
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_domain ON CLUSTER ck_query (
+ domain String,
+ domain_category_name String,
+ domain_category_group String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_domain_local', rand());
+
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_http_host_local ON CLUSTER ck_cluster (
+ http_host String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (stat_time,http_host) SETTINGS index_granularity = 8192;
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_http_host ON CLUSTER ck_cluster (
+ http_host String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_http_host_local', rand());
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_http_host ON CLUSTER ck_query (
+ http_host String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_http_host_local', rand());
+
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_ssl_sni_local ON CLUSTER ck_cluster (
+ ssl_sni String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (stat_time,ssl_sni) SETTINGS index_granularity = 8192;
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_ssl_sni ON CLUSTER ck_cluster (
+ ssl_sni String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_ssl_sni_local', rand());
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_ssl_sni ON CLUSTER ck_query (
+ ssl_sni String,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_ssl_sni_local', rand());
+
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_protocol_local ON CLUSTER ck_cluster (
+ common_l7_protocol  String,
+ common_server_port Int64,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (stat_time,common_l7_protocol,common_server_port) SETTINGS index_granularity = 8192;
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_protocol ON CLUSTER ck_cluster (
+ common_l7_protocol  String,
+ common_server_port Int64,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_protocol_local', rand());
+
+CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_protocol ON CLUSTER ck_query (
+ common_l7_protocol  String,
+ common_server_port Int64,
+ stat_time Int64,
+ common_c2s_pkt_num Int64,
+ common_c2s_byte_num Int64,
+ common_s2c_pkt_num Int64,
+ common_s2c_byte_num Int64,
+ common_sessions Int64,
+ traffic_inbound_byte Int64,
+ traffic_inbound_pkt Int64,
+ traffic_outbound_byte Int64,
+ traffic_outbound_pkt Int64,
+ traffic_internal_byte Int64,
+ traffic_internal_pkt Int64,
+ traffic_through_byte Int64,
+ traffic_through_pkt Int64,
+ c2s_tcp_lostlen_ratio Float64,
+ s2c_tcp_lostlen_ratio Float64,
+ tcp_lostlen_ratio Float64,
+ c2s_tcp_unorder_num_ratio Float64,
+ s2c_tcp_unorder_num_ratio Float64,
+ tcp_unorder_num_ratio Float64,
+ c2s_byte_retrans_ratio Float64,
+ s2c_byte_retrans_ratio Float64,
+ byte_retrans_ratio Float64,
+ c2s_pkt_retrans_ratio Float64,
+ s2c_pkt_retrans_ratio Float64,
+ pkt_retrans_ratio Float64,
+ avg_establish_latency_ms Float64,
+ avg_http_response_latency_ms Float64,
+ avg_ssl_con_latency_ms Float64
+) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_protocol_local', rand());