补充提交，修改校验语句

2024-09-10 11:19:27 +08:00
parent 595b1f380a
commit 1c9da06a50
1 changed files with 4 additions and 2 deletions
--- a/cyber_narrator/installation/clickhouse/旧部署模式建表语句/cn_clickhouse_ddl_check.sql
+++ b/cyber_narrator/installation/clickhouse/旧部署模式建表语句/cn_clickhouse_ddl_check.sql
@@ -51,16 +51,18 @@ SELECT subscriber_id, app, imei, imsi, phone_number, apn, stat_time, sent_pkts,
 FROM cyber_narrator_galaxy.metric_subscriber_app where stat_time >= toUnixTimestamp('2030-01-01 00:00:00') AND stat_time <toUnixTimestamp('2030-01-01 00:00:01');
 SELECT tag, stat_time, ip_sketch, domain_sketch,ip_sketch_agg_state, domain_sketch_agg_state 
 FROM cyber_narrator_galaxy.metric_tag where stat_time >= toUnixTimestamp('2030-01-01 00:00:00') AND stat_time <toUnixTimestamp('2030-01-01 00:00:01');
-SELECT subscriber_id, imei, imsi, phone_number, apn, subscriber_longitude, subscriber_latitude, first_location, second_location, third_location,data_source,  stat_time
+SELECT subscriber_id, imei, imsi, phone_number, apn, cell_id, cell_type, subscriber_longitude, subscriber_latitude, first_location, second_location, third_location,data_source,  stat_time
 FROM cyber_narrator_galaxy.location_subscriber where stat_time >= toUnixTimestamp('2030-01-01 00:00:00') AND stat_time <toUnixTimestamp('2030-01-01 00:00:01');
 SELECT recv_time, log_id, flags, start_timestamp_ms, end_timestamp_ms, duration_ms, decoded_as, client_ip, server_ip, client_port, server_port, app, app_transition, decoded_path, ip_protocol, l7_protocol, out_link_id, in_link_id, subscriber_id, imei, imsi, phone_number, apn, http_host, http_url, http_cookie, http_referer, http_user_agent, http_request_line, http_response_line, http_status_code, ssl_version, ssl_sni, ssl_san, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, dns_qr, dns_opcode, dns_aa, dns_rcode, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_rr, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, out_link_direction, in_link_direction, `domain`, domain_sld, domain_category_name, domain_category_group, domain_reputation_level, domain_icp_company_name, domain_whois_org, domain_tags, client_zone, client_country_region, client_super_admin_area, client_admin_area, client_longitude, client_latitude, client_isp, client_asn, client_ip_tags, server_zone, server_country_region, server_super_admin_area, server_admin_area, server_longitude, server_latitude, server_isp, server_asn, server_ip_tags, app_category, app_subcategory, app_company, app_company_category, app_tags, sent_pkts, sent_bytes, received_pkts, received_bytes, sessions, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_rtt_ms, http_response_latency_ms, ssl_handshake_latency_ms, dns_response_latency_ms
 FROM cyber_narrator_galaxy.session_record_cn where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');

 SELECT indicator_fields, indicator_values, match_num, reset, client_ip, client_country_region, client_super_admin_area, client_admin_area, client_longitude, client_latitude, server_ip, server_country_region, server_super_admin_area, server_admin_area, server_longitude, server_latitude, domain, app, match_time, match_id, rule_id, rule_version, rule_type, is_builtin, event_type, event_name, severity 
 FROM cyber_narrator_galaxy.match_indicator where match_time >= toUnixTimestamp('2030-01-01 00:00:00') AND match_time <toUnixTimestamp('2030-01-01 00:00:01');
-SELECT key_fields, key_values, threshold_num, records_num, reset, start_time, end_time, match_id, rule_id, rule_version, rule_type, is_builtin, event_type, event_name, severity 
+SELECT key_fields, key_values, threshold_value, metric_value, unit, reset, start_time, end_time, match_id, rule_id, rule_version, rule_type, is_builtin, event_type, event_name, severity 
 FROM cyber_narrator_galaxy.match_threshold where start_time >= toUnixTimestamp('2030-01-01 00:00:00') AND start_time <toUnixTimestamp('2030-01-01 00:00:01');
 SELECT key_fields, key_values, event_info, start_time, end_time, match_id, rule_id, rule_version, rule_type, is_builtin, event_type, event_name, severity 
 FROM cyber_narrator_galaxy.match_sequence where start_time >= toUnixTimestamp('2030-01-01 00:00:00') AND start_time <toUnixTimestamp('2030-01-01 00:00:01');
 SELECT key_fields, key_values, event_info, start_time, end_time, match_id, rule_id, rule_version, rule_type, is_builtin, event_type, event_name, severity
 FROM cyber_narrator_galaxy.match_unordered_sequence where start_time >= toUnixTimestamp('2030-01-01 00:00:00') AND start_time <toUnixTimestamp('2030-01-01 00:00:01');
+SELECT event_id, match_ids, key_fields, key_values, rule_id, rule_version, rule_type, is_builtin, event_type, event_name, reset,start_time, end_time, duration_s, status
+FROM cyber_narrator_galaxy.cn_event where start_time >= toUnixTimestamp('2030-01-01 00:00:00') AND start_time <toUnixTimestamp('2030-01-01 00:00:01');