gfwleak/galaxy-deployment-updata-record
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加tsg ck测试用例

Browse Source
This commit is contained in:
houjinchuan
2024-03-05 10:48:17 +08:00
parent cb3fca1838
commit 7dc1d4cfec
2 changed files with 124 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
Clickhouse最新全量建表语句/性能测试脚本/test.sql → Clickhouse最新全量建表语句/性能测试脚本/query-new.sql
View File

@@ -1,7 +1,7 @@
Q01.All Fields sub Query (default) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) LIMIT 30;
Q02.All Fields sub Query order by Time desc ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) ORDER BY recv_time DESC LIMIT 30 ;
Q03.All Fields sub Query order by Time asc ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) ORDER BY recv_time ASC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) ORDER BY recv_time ASC LIMIT 30 ;
Q04.All Fields sub Query by Filter(log_id=1153021139190754263) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND log_id = 1153021139190754263 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND log_id = 1153021139190754263 ORDER BY recv_time DESC LIMIT 30 ;
Q04.All Fields sub Query by Filter(log_id=434228307888582660) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND log_id = 434228307888582660 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND log_id = 434228307888582660 ORDER BY recv_time DESC LIMIT 30 ;
Q05.All Fields sub Query by Filter(client_port=52607) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND client_port = 52607 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND client_port = 52607 ORDER BY recv_time DESC LIMIT 30 ;
Q06.All Fields sub Query by Filter(server_port=443) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_port = 443 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_port = 443 ORDER BY recv_time DESC LIMIT 30 ;
Q07.All Fields sub Query by Filter(sent_pkts>5) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND sent_pkts > 5 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND sent_pkts > 5 ORDER BY recv_time DESC LIMIT 30 ;
@@ -11,54 +11,56 @@ Q10.All Fields sub Query by Filter(received_bytes<200) ;SELECT * FROM tsg_galaxy
Q11.All Fields sub Query by Filter(decoded_as='DNS');SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND decoded_as = 'DNS' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND decoded_as = 'DNS' ORDER BY recv_time DESC LIMIT 30 ;
Q12.All Fields sub Query by Filter(tcp_handshake_latency_ms>200) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND tcp_handshake_latency_ms > 200 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND tcp_handshake_latency_ms > 200 ORDER BY recv_time DESC LIMIT 30 ;
Q13.All Fields sub Query by Filter(duration_ms>10000);SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND duration_ms > 10000 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND duration_ms > 10000 ORDER BY recv_time DESC LIMIT 30 ;
Q14.All Fields sub Query by Filter(session_id=1153021139190754263);SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND session_id = 1153021139190754263 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND session_id = 1153021139190754263 ORDER BY recv_time DESC LIMIT 30 ;
Q14.All Fields sub Query by Filter(session_id=434228307888582660);SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND session_id = 434228307888582660 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND session_id = 434228307888582660 ORDER BY recv_time DESC LIMIT 30 ;
Q15.All Fields sub Query by Filter(tcp_client_isn=2857077935);SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND tcp_client_isn = 2857077935 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND tcp_client_isn = 2857077935 ORDER BY recv_time DESC LIMIT 30 ;
Q16.All Fields sub Query by Filter(tcp_server_isn=0);SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND tcp_server_isn = 0 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND tcp_server_isn = 0 ORDER BY recv_time DESC LIMIT 30 ;
Q17.All Fields sub Query by Filter(mail_account='abc@xx.com');SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND mail_account = 'abc@xx.com' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND mail_account = 'abc@xx.com' ORDER BY recv_time DESC LIMIT 30 ;
Q18.All Fields sub Query by Filter(mail_subject='test') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND mail_subject = 'test' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND mail_subject = 'test' ORDER BY recv_time DESC LIMIT 30 ;
Q19.All Fields sub Query by Filter(dns_qname='qbwup.imtt.qq.com');SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND dns_qname = 'qbwup.imtt.qq.com' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND dns_qname = 'qbwup.imtt.qq.com' ORDER BY recv_time DESC LIMIT 30 ;
Q20.All Fields sub Query by Filter(ssl_sni='note.youdao.com');SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_sni = 'note.youdao.com' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_sni = 'note.youdao.com' ORDER BY recv_time DESC LIMIT 30 ;
Q21.All Fields sub Query by Filter(ssl_handshake_latency_ms>100) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_handshake_latency_ms > 100 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_handshake_latency_ms > 100 ORDER BY recv_time DESC LIMIT 30 ;
Q22.All Fields sub Query by Filter(ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_ja3_hash = 'a0e9f5d64349fb13191bc781f81f42e1' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_ja3_hash = 'a0e9f5d64349fb13191bc781f81f42e1' ORDER BY recv_time DESC LIMIT 30 ;
Q23.All Fields sub Query by Filter(server_ip='111.10.53.14' and server_port=443) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip = '111.10.53.14' AND server_port = 443 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip = '111.10.53.14' AND server_port = 443 ORDER BY recv_time DESC LIMIT 30 ;
Q24.All Fields sub Query by Filter(mail_account like 'abc@%');SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND mail_account LIKE 'abc@%' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND mail_account LIKE 'abc@%' ORDER BY recv_time DESC LIMIT 30 ;
Q25.All Fields sub Query by Filter(ssl_sni like '%youdao.com');SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_sni LIKE '%youdao.com' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_sni LIKE '%youdao.com' ORDER BY recv_time DESC LIMIT 30 ;
Q26.All Fields sub Query by Filter(server_port not in (80,443)) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_port NOT IN (80, 443) ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_port NOT IN (80, 443) ORDER BY recv_time DESC LIMIT 30 ;
Q27.ip_protocol top10 ;select ip_protocol ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by ip_protocol order by count() desc limit 10 ;
Q28.decoded_as top10 ;select decoded_as ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by decoded_as order by count() desc limit 10 ;
Q29.client_ip top10 ;select client_ip ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by client_ip order by count() desc limit 10 ;
Q30.client_port top10 ;select client_port ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by client_port order by count() desc limit 10 ;
Q31.subscriber_id top10 ;select subscriber_id ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by subscriber_id order by count() desc limit 10 ;
Q32.server_ip top10 ;select server_ip ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by server_ip order by count() desc limit 10 ;
Q33.server_port top10 ;select server_port ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by server_port order by count() desc limit 10 ;
Q34.app top10 ;select app ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by app order by count() desc limit 10 ;
Q35.sent_pkts top10 ;select sent_pkts ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by sent_pkts order by count() desc limit 10 ;
Q36.received_pkts top10 ;select received_pkts ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by received_pkts order by count() desc limit 10 ;
Q37.http_url top10 ;select http_url ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by http_url order by count() desc limit 10 ;
Q38.http_host top10 ;select http_host ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by http_host order by count() desc limit 10 ;
Q39.server_domain top10 ;select server_domain ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by server_domain order by count() desc limit 10 ;
Q40.ip_protocol top10 by Filter(client_ip='36.189.226.21'); select ip_protocol ,count() from tsg_galaxy_v3.session_record where client_ip='36.189.226.21' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by ip_protocol order by count() desc limit 10 ;
Q41.client_ip top10 by Filter(server_ip='8.8.8.8');select client_ip ,count() from tsg_galaxy_v3.session_record where server_ip='8.8.8.8' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by client_ip order by count() desc limit 10 ;
Q42.client_port top10 by Filter(server_port=443);select client_port ,count() from tsg_galaxy_v3.session_record where server_port=443 and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by client_port order by count() desc limit 10 ;
Q43.subscriber_id top10 by Filter(sent_bytes > 100);select subscriber_id ,count() from tsg_galaxy_v3.session_record where sent_bytes > 100 and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by subscriber_id order by count() desc limit 10 ;
Q44.server_port top10 by Filter(received_bytes<200);select server_port ,count() from tsg_galaxy_v3.session_record where received_bytes<200 and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by server_port order by count() desc limit 10 ;
Q45.app top10 by Filter(server_domain like '%baidu.com%');select app ,count() from tsg_galaxy_v3.session_record where server_domain like '%baidu.com%' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) and server_domain like '%baidu.com%' group by app order by count() desc limit 10 ;
Q46.sent_pkts top10 by Filter(ssl_sni='note.youdao.com');select sent_pkts ,count() from tsg_galaxy_v3.session_record where ssl_sni='note.youdao.com' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by sent_pkts order by count() desc limit 10 ;
Q47.received_pkts top10 by Filter(server_ip='111.10.53.14' and server_port=443);select received_pkts ,count() from tsg_galaxy_v3.session_record where server_ip='111.10.53.14' and server_port=443 and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by received_pkts order by count() desc limit 10 ;
Q48.http_url top10 by Filter(sent_bytes>100);select http_url ,count() from tsg_galaxy_v3.session_record where sent_bytes>100 and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by http_url order by count() desc limit 10 ;
Q49.http_host top10 by Filter(server_ip='8.8.8.8');select http_host ,count() from tsg_galaxy_v3.session_record where server_ip='8.8.8.8' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by http_host order by count() desc limit 10 ;
Q50.server_domain top10 by Filter(decoded_as='HTTP');select server_domain ,count() from tsg_galaxy_v3.session_record where decoded_as='HTTP' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by server_domain order by count() desc limit 10 ;
Q51.Bandwidth Trend (Time Grain 60 second) nofilter ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))) AS stat_time, decoded_as AS type, sum(sent_bytes + received_bytes) AS bytes, sum(sent_pkts + received_pkts) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))), decoded_as LIMIT 100000 ;
Q52.Bandwidth Trend (Time Grain 60 second) by Filter(client_ip='36.189.226.21') ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))) AS stat_time, decoded_as AS type, sum(sent_bytes + received_bytes) AS bytes, sum(sent_pkts + received_pkts) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND client_ip='36.189.226.21' GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))), decoded_as LIMIT 100000 ;
Q53.Bandwidth Trend (Time Grain 60 second) by Filter(server_ip='8.8.8.8') ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))) AS stat_time, decoded_as AS type, sum(sent_bytes + received_bytes) AS bytes, sum(sent_pkts + received_pkts) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip='8.8.8.8' GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))), decoded_as LIMIT 100000 ;
Q54.Bandwidth Trend (Time Grain 60 second) by Filter(server_domain='microsoft.com') ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))) AS stat_time, decoded_as AS type, sum(sent_bytes + received_bytes) AS bytes, sum(sent_pkts + received_pkts) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_domain='microsoft.com' GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))), decoded_as LIMIT 100000 ;
Q55.Bandwidth Trend (Time Grain 60 second) by Filter(server_ip='111.10.53.14' and server_port=443);SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))) AS stat_time, decoded_as AS type, sum(sent_bytes + received_bytes) AS bytes, sum(sent_pkts + received_pkts) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip='111.10.53.14' and server_port=443 GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))), decoded_as LIMIT 100000 ;
Q56.Metrics Query by Filter(decoded_as='HTTP') ;SELECT ROUND(AVG(http_response_latency_ms)) AS http_response_latency FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND decoded_as = 'HTTP' ;
Q57.Metrics Query by Filter(app = 'qq_r2');SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND app = 'qq_r2' ;
Q58.Metrics Query by Filter(server_domain='qq.com') ;SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_domain = 'qq.com' ;
Q59.Metrics Query by Filter(client_ip='116.178.223.59');SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND client_ip = '116.178.223.59' ;
Q60.Metrics Query by Filter(server_ip='8.8.8.8');SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip = '8.8.8.8' ;
Q61.Metrics Query by Filter(app = 'qq_r2') group by recv_time;SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND app = 'qq_r2' GROUP by recv_time order BY max_pkt_retrans_percent desc limit 1 ;
Q62.Metrics Query by Filter(server_domain='qq.com') group by recv_time;SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_domain = 'qq.com' GROUP by recv_time order BY max_pkt_retrans_percent desc limit 1 ;
Q63.Metrics Query by Filter(client_ip='116.178.223.59') group by recv_time;SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND client_ip = '116.178.223.59' GROUP by recv_time order BY max_pkt_retrans_percent desc limit 1 ;
Q64.Metrics Query by Filter(server_ip='8.8.8.8') group by recv_time;SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip = '8.8.8.8' GROUP by recv_time order BY max_pkt_retrans_percent desc limit 1 ;
Q19.All Fields sub Query by Filter(server_domain='qq.com') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_domain = 'qq.com' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_domain = 'qq.com' ORDER BY recv_time DESC LIMIT 30 ;
Q20.All Fields sub Query by Filter(dns_qname='qbwup.imtt.qq.com');SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND dns_qname = 'qbwup.imtt.qq.com' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND dns_qname = 'qbwup.imtt.qq.com' ORDER BY recv_time DESC LIMIT 30 ;
Q21.All Fields sub Query by Filter(ssl_sni='note.youdao.com');SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_sni = 'note.youdao.com' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_sni = 'note.youdao.com' ORDER BY recv_time DESC LIMIT 30 ;
Q22.All Fields sub Query by Filter(ssl_handshake_latency_ms>100) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_handshake_latency_ms > 100 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_handshake_latency_ms > 100 ORDER BY recv_time DESC LIMIT 30 ;
Q23.All Fields sub Query by Filter(ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_ja3_hash = 'a0e9f5d64349fb13191bc781f81f42e1' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_ja3_hash = 'a0e9f5d64349fb13191bc781f81f42e1' ORDER BY recv_time DESC LIMIT 30 ;
Q24.All Fields sub Query by Filter(server_ip='111.10.53.14' and server_port=443) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip = '111.10.53.14' AND server_port = 443 ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip = '111.10.53.14' AND server_port = 443 ORDER BY recv_time DESC LIMIT 30 ;
Q25.All Fields sub Query by Filter(mail_account like 'abc@%');SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND mail_account LIKE 'abc@%' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND mail_account LIKE 'abc@%' ORDER BY recv_time DESC LIMIT 30 ;
Q26.All Fields sub Query by Filter(ssl_sni like '%youdao.com');SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_sni LIKE '%youdao.com' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND ssl_sni LIKE '%youdao.com' ORDER BY recv_time DESC LIMIT 30 ;
Q27.All Fields sub Query by Filter(server_domain like '%baidu.com%') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_domain LIKE '%baidu.com%' ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_domain LIKE '%baidu.com%' ORDER BY recv_time DESC LIMIT 30 ;
Q28.All Fields sub Query by Filter(server_port not in (80,443)) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time IN (SELECT recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_port NOT IN (80, 443) ORDER BY recv_time DESC LIMIT 30) AND recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_port NOT IN (80, 443) ORDER BY recv_time DESC LIMIT 30 ;
Q29.ip_protocol top10 ;select ip_protocol ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by ip_protocol order by count() desc limit 10 ;
Q30.decoded_as top10 ;select decoded_as ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by decoded_as order by count() desc limit 10 ;
Q31.client_ip top10 ;select client_ip ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by client_ip order by count() desc limit 10 ;
Q32.client_port top10 ;select client_port ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by client_port order by count() desc limit 10 ;
Q33.subscriber_id top10 ;select subscriber_id ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by subscriber_id order by count() desc limit 10 ;
Q34.server_ip top10 ;select server_ip ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by server_ip order by count() desc limit 10 ;
Q35.server_port top10 ;select server_port ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by server_port order by count() desc limit 10 ;
Q36.app top10 ;select app ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by app order by count() desc limit 10 ;
Q37.sent_pkts top10 ;select sent_pkts ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by sent_pkts order by count() desc limit 10 ;
Q38.received_pkts top10 ;select received_pkts ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by received_pkts order by count() desc limit 10 ;
Q39.http_url top10 ;select http_url ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by http_url order by count() desc limit 10 ;
Q40.http_host top10 ;select http_host ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by http_host order by count() desc limit 10 ;
Q41.server_domain top10 ;select server_domain ,count() from tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by server_domain order by count() desc limit 10 ;
Q42.ip_protocol top10 by Filter(client_ip='36.189.226.21'); select ip_protocol ,count() from tsg_galaxy_v3.session_record where client_ip='36.189.226.21' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by ip_protocol order by count() desc limit 10 ;
Q43.client_ip top10 by Filter(server_ip='8.8.8.8');select client_ip ,count() from tsg_galaxy_v3.session_record where server_ip='8.8.8.8' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by client_ip order by count() desc limit 10 ;
Q44.client_port top10 by Filter(server_port=443);select client_port ,count() from tsg_galaxy_v3.session_record where server_port=443 and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by client_port order by count() desc limit 10 ;
Q45.subscriber_id top10 by Filter(sent_bytes > 100);select subscriber_id ,count() from tsg_galaxy_v3.session_record where sent_bytes > 100 and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by subscriber_id order by count() desc limit 10 ;
Q46.server_port top10 by Filter(received_bytes<200);select server_port ,count() from tsg_galaxy_v3.session_record where received_bytes<200 and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by server_port order by count() desc limit 10 ;
Q47.app top10 by Filter(server_domain like '%baidu.com%');select app ,count() from tsg_galaxy_v3.session_record where server_domain like '%baidu.com%' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) and server_domain like '%baidu.com%' group by app order by count() desc limit 10 ;
Q48.sent_pkts top10 by Filter(ssl_sni='note.youdao.com');select sent_pkts ,count() from tsg_galaxy_v3.session_record where ssl_sni='note.youdao.com' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by sent_pkts order by count() desc limit 10 ;
Q49.received_pkts top10 by Filter(server_ip='111.10.53.14' and server_port=443);select received_pkts ,count() from tsg_galaxy_v3.session_record where server_ip='111.10.53.14' and server_port=443 and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by received_pkts order by count() desc limit 10 ;
Q50.http_url top10 by Filter(sent_bytes>100);select http_url ,count() from tsg_galaxy_v3.session_record where sent_bytes>100 and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by http_url order by count() desc limit 10 ;
Q51.http_host top10 by Filter(server_ip='8.8.8.8');select http_host ,count() from tsg_galaxy_v3.session_record where server_ip='8.8.8.8' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by http_host order by count() desc limit 10 ;
Q52.server_domain top10 by Filter(decoded_as='HTTP');select server_domain ,count() from tsg_galaxy_v3.session_record where decoded_as='HTTP' and recv_time >= toUnixTimestamp(start_time) and recv_time < toUnixTimestamp(end_time) group by server_domain order by count() desc limit 10 ;
Q53.Bandwidth Trend (Time Grain 60 second) nofilter ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))) AS stat_time, decoded_as AS type, sum(sent_bytes + received_bytes) AS bytes, sum(sent_pkts + received_pkts) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))), decoded_as LIMIT 100000 ;
Q54.Bandwidth Trend (Time Grain 60 second) by Filter(client_ip='36.189.226.21') ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))) AS stat_time, decoded_as AS type, sum(sent_bytes + received_bytes) AS bytes, sum(sent_pkts + received_pkts) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND client_ip='36.189.226.21' GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))), decoded_as LIMIT 100000 ;
Q55.Bandwidth Trend (Time Grain 60 second) by Filter(server_ip='8.8.8.8') ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))) AS stat_time, decoded_as AS type, sum(sent_bytes + received_bytes) AS bytes, sum(sent_pkts + received_pkts) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip='8.8.8.8' GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))), decoded_as LIMIT 100000 ;
Q56.Bandwidth Trend (Time Grain 60 second) by Filter(server_domain='microsoft.com') ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))) AS stat_time, decoded_as AS type, sum(sent_bytes + received_bytes) AS bytes, sum(sent_pkts + received_pkts) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_domain='microsoft.com' GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))), decoded_as LIMIT 100000 ;
Q57.Bandwidth Trend (Time Grain 60 second) by Filter(server_ip='111.10.53.14' and server_port=443);SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))) AS stat_time, decoded_as AS type, sum(sent_bytes + received_bytes) AS bytes, sum(sent_pkts + received_pkts) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip='111.10.53.14' and server_port=443 GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(recv_time)), INTERVAL 60 SECOND))))), decoded_as LIMIT 100000 ;
Q58.Metrics Query by Filter(decoded_as='HTTP') ;SELECT ROUND(AVG(http_response_latency_ms)) AS http_response_latency FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND decoded_as = 'HTTP' ;
Q59.Metrics Query by Filter(app = 'qq_r2');SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND app = 'qq_r2' ;
Q60.Metrics Query by Filter(server_domain='qq.com') ;SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_domain = 'qq.com' ;
Q61.Metrics Query by Filter(client_ip='116.178.223.59');SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND client_ip = '116.178.223.59' ;
Q62.Metrics Query by Filter(server_ip='8.8.8.8');SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip = '8.8.8.8' ;
Q63.Metrics Query by Filter(app = 'qq_r2') group by recv_time;SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND app = 'qq_r2' GROUP by recv_time order BY max_pkt_retrans_percent desc limit 1 ;
Q64.Metrics Query by Filter(server_domain='qq.com') group by recv_time;SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_domain = 'qq.com' GROUP by recv_time order BY max_pkt_retrans_percent desc limit 1 ;
Q65.Metrics Query by Filter(client_ip='116.178.223.59') group by recv_time;SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND client_ip = '116.178.223.59' GROUP by recv_time order BY max_pkt_retrans_percent desc limit 1 ;
Q66.Metrics Query by Filter(server_ip='8.8.8.8') group by recv_time;SELECT ROUND(SUM(tcp_c2s_rtx_pkts + tcp_s2c_rtx_pkts)/SUM(sent_pkts + received_pkts),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE recv_time >= toUnixTimestamp(start_time) AND recv_time < toUnixTimestamp(end_time) AND server_ip = '8.8.8.8' GROUP by recv_time order BY max_pkt_retrans_percent desc limit 1 ;

74
Clickhouse最新全量建表语句/性能测试脚本/query-old.sql Normal file
View File

@@ -0,0 +1,74 @@
Q01.All Fields sub Query (default) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) LIMIT 30 ;
Q02.All Fields sub Query order by Time desc ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) ORDER BY common_recv_time DESC LIMIT 30 ;
Q03.All Fields sub Query order by Time asc ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) ORDER BY common_recv_time ASC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) ORDER BY common_recv_time ASC LIMIT 30 ;
Q04.All Fields sub Query by Filter(common_log_id=434228307888582660) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_log_id = 434228307888582660 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_log_id = 434228307888582660 ORDER BY common_recv_time DESC LIMIT 30 ;
Q05.All Fields sub Query by Filter(common_internal_ip='223.116.37.192') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_internal_ip = '223.116.37.192' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_internal_ip = '223.116.37.192' ORDER BY common_recv_time DESC LIMIT 30 ;
Q06.All Fields sub Query by Filter(common_external_ip='111.10.53.14') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_external_ip = '111.10.53.14' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_external_ip = '111.10.53.14' ORDER BY common_recv_time DESC LIMIT 30 ;
Q07.All Fields sub Query by Filter(common_client_port=52607) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_client_port = 52607 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_client_port = 52607 ORDER BY common_recv_time DESC LIMIT 30 ;
Q08.All Fields sub Query by Filter(common_server_port=443) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_server_port = 443 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_server_port = 443 ORDER BY common_recv_time DESC LIMIT 30 ;
Q09.All Fields sub Query by Filter(common_c2s_pkt_num>5) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_c2s_pkt_num > 5 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_c2s_pkt_num > 5 ORDER BY common_recv_time DESC LIMIT 30 ;
Q10.All Fields sub Query by Filter(common_s2c_pkt_num>5) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_s2c_pkt_num > 5 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_s2c_pkt_num > 5 ORDER BY common_recv_time DESC LIMIT 30 ;
Q11.All Fields sub Query by Filter(common_c2s_byte_num>100) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_c2s_byte_num > 100 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_c2s_byte_num > 100 ORDER BY common_recv_time DESC LIMIT 30 ;
Q12.All Fields sub Query by Filter(common_s2c_byte_num<200) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_s2c_byte_num < 200 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_s2c_byte_num < 200 ORDER BY common_recv_time DESC LIMIT 30 ;
Q13.All Fields sub Query by Filter(common_schema_type='DNS') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_schema_type = 'DNS' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_schema_type = 'DNS' ORDER BY common_recv_time DESC LIMIT 30 ;
Q14.All Fields sub Query by Filter(common_establish_latency_ms>200) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_establish_latency_ms > 200 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_establish_latency_ms > 200 ORDER BY common_recv_time DESC LIMIT 30 ;
Q15.All Fields sub Query by Filter(common_con_duration_ms>10000) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_con_duration_ms > 10000 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_con_duration_ms > 10000 ORDER BY common_recv_time DESC LIMIT 30 ;
Q16.All Fields sub Query by Filter(common_stream_trace_id=434228307888582660) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_stream_trace_id = 434228307888582660 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_stream_trace_id = 434228307888582660 ORDER BY common_recv_time DESC LIMIT 30 ;
Q17.All Fields sub Query by Filter(common_tcp_client_isn=2857077935) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_tcp_client_isn = 2857077935 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_tcp_client_isn = 2857077935 ORDER BY common_recv_time DESC LIMIT 30 ;
Q18.All Fields sub Query by Filter(common_tcp_server_isn=0) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_tcp_server_isn = 0 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_tcp_server_isn = 0 ORDER BY common_recv_time DESC LIMIT 30 ;
Q19.All Fields sub Query by Filter(mail_account='abc@xx.com') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND mail_account = 'abc@xx.com' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND mail_account = 'abc@xx.com' ORDER BY common_recv_time DESC LIMIT 30 ;
Q20.All Fields sub Query by Filter(mail_subject='test') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND mail_subject = 'test' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND mail_subject = 'test' ORDER BY common_recv_time DESC LIMIT 30 ;
Q21.All Fields sub Query by Filter(http_domain='qq.com') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND http_domain = 'qq.com' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND http_domain = 'qq.com' ORDER BY common_recv_time DESC LIMIT 30 ;
Q22.All Fields sub Query by Filter(dns_qname='qbwup.imtt.qq.com') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND dns_qname = 'qbwup.imtt.qq.com' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND dns_qname = 'qbwup.imtt.qq.com' ORDER BY common_recv_time DESC LIMIT 30 ;
Q23.All Fields sub Query by Filter(ssl_sni='note.youdao.com') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND ssl_sni = 'note.youdao.com' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND ssl_sni = 'note.youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ;
Q24.All Fields sub Query by Filter(ssl_con_latency_ms>100) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND ssl_con_latency_ms > 100 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND ssl_con_latency_ms > 100 ORDER BY common_recv_time DESC LIMIT 30 ;
Q25.All Fields sub Query by Filter(ssl_ja3_hash='9b02ebd3a43b62d825e1ac605b621dc8') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND ssl_ja3_hash = '9b02ebd3a43b62d825e1ac605b621dc8' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND ssl_ja3_hash = '9b02ebd3a43b62d825e1ac605b621dc8' ORDER BY common_recv_time DESC LIMIT 30 ;
Q26.All Fields sub Query by Filter(common_server_ip='111.10.53.14' and common_server_port=443) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_server_ip = '111.10.53.14' AND common_server_port = 443 ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_server_ip = '111.10.53.14' AND common_server_port = 443 ORDER BY common_recv_time DESC LIMIT 30 ;
Q27.All Fields sub Query by Filter(mail_account like 'abc@%') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND mail_account LIKE 'abc@%' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND mail_account LIKE 'abc@%' ORDER BY common_recv_time DESC LIMIT 30 ;
Q28.All Fields sub Query by Filter(ssl_sni like '%youdao.com') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND ssl_sni LIKE '%youdao.com' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND ssl_sni LIKE '%youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ;
Q29.All Fields sub Query by Filter(http_domain like '%baidu.com%') ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND http_domain LIKE '%baidu.com%' ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND http_domain LIKE '%baidu.com%' ORDER BY common_recv_time DESC LIMIT 30 ;
Q30.All Fields sub Query by Filter(common_server_port not in (80,443)) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_server_port NOT IN (80, 443) ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_server_port NOT IN (80, 443) ORDER BY common_recv_time DESC LIMIT 30 ;
Q31.All Fields sub Query (sub query by time) ;SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE toDateTime(common_recv_time) IN (SELECT toDateTime(common_recv_time) FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) ORDER BY common_recv_time DESC LIMIT 30) AND toDateTime(common_recv_time) IN (SELECT toDateTime(common_recv_time) FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time IN (SELECT common_recv_time FROM tsg_galaxy_v3.session_record AS session_record WHERE toDateTime(common_recv_time) IN (SELECT toDateTime(common_recv_time) FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) ORDER BY common_recv_time DESC LIMIT 30) AND common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) ORDER BY common_recv_time DESC LIMIT 30;
Q32.common_l4_protocol top10 ;select common_l4_protocol ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_l4_protocol order by count() desc limit 10 ;
Q33.common_schema_type top10 ;select common_schema_type ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_schema_type order by count() desc limit 10 ;
Q34.common_client_ip top10 ;select common_client_ip ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_client_ip order by count() desc limit 10 ;
Q35.common_client_port top10 ;select common_client_port ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_client_port order by count() desc limit 10 ;
Q36.common_subscriber_id top10 ;select common_subscriber_id ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_subscriber_id order by count() desc limit 10 ;
Q37.common_server_ip top10 ;select common_server_ip ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_server_ip order by count() desc limit 10 ;
Q38.common_server_port top10 ;select common_server_port ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_server_port order by count() desc limit 10 ;
Q39.common_app_id top10 ;select common_app_id ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_app_id order by count() desc limit 10 ;
Q40.common_app_label top10 ;select common_app_label ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_app_label order by count() desc limit 10 ;
Q41.common_l7_protocol top10 ;select common_l7_protocol ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_l7_protocol order by count() desc limit 10 ;
Q42.common_c2s_pkt_num top10 ;select common_c2s_pkt_num ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_c2s_pkt_num order by count() desc limit 10 ;
Q43.common_s2c_pkt_num top10 ;select common_s2c_pkt_num ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_s2c_pkt_num order by count() desc limit 10 ;
Q44.http_url top10 ;select http_url ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by http_url order by count() desc limit 10 ;
Q45.http_host top10 ;select http_host ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by http_host order by count() desc limit 10 ;
Q46.http_domain top10 ;select http_domain ,count() from tsg_galaxy_v3.session_record where common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by http_domain order by count() desc limit 10 ;
Q47.common_l4_protocol top10 by Filter(common_client_ip='36.189.226.21') ;select common_l4_protocol ,count() from tsg_galaxy_v3.session_record where common_client_ip='36.189.226.21' and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_l4_protocol order by count() desc limit 10 ;
Q48.common_schema_type top10 by Filter(common_internal_ip='223.116.37.192') ;select common_schema_type ,count() from tsg_galaxy_v3.session_record where common_internal_ip='223.116.37.192' and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_schema_type order by count() desc limit 10 ;
Q49.common_client_ip top10 by Filter(common_server_ip='8.8.8.8') ;select common_client_ip ,count() from tsg_galaxy_v3.session_record where common_server_ip='8.8.8.8' and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_client_ip order by count() desc limit 10 ;
Q50.common_client_port top10 by Filter(common_server_port=443) ;select common_client_port ,count() from tsg_galaxy_v3.session_record where common_server_port=443 and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_client_port order by count() desc limit 10 ;
Q51.common_subscriber_id top10 by Filter(common_c2s_byte_num > 100) ;select common_subscriber_id ,count() from tsg_galaxy_v3.session_record where common_c2s_byte_num > 100 and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_subscriber_id order by count() desc limit 10 ;
Q52.common_server_ip top10 by Filter(common_external_ip='111.10.53.14') ;select common_server_ip ,count() from tsg_galaxy_v3.session_record where common_external_ip='111.10.53.14' and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_server_ip order by count() desc limit 10 ;
Q53.common_server_port top10 by Filter(common_s2c_byte_num<200) ;select common_server_port ,count() from tsg_galaxy_v3.session_record where common_s2c_byte_num<200 and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_server_port order by count() desc limit 10 ;
Q54.common_app_id top10 by Filter(http_domain like '%baidu.com%') ;select common_app_id ,count() from tsg_galaxy_v3.session_record where http_domain like '%baidu.com%' and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) and http_domain like '%baidu.com%' group by common_app_id order by count() desc limit 10 ;
Q55.common_app_label top10 by Filter(common_server_port not in (80,443)) ;select common_app_label ,count() from tsg_galaxy_v3.session_record where common_server_port not in (80,443) and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_app_label order by count() desc limit 10 ;
Q56.common_l7_protocol top10 by Filter(http_domain not like '%microsoft.com') ;select common_l7_protocol ,count() from tsg_galaxy_v3.session_record where http_domain not like '%microsoft.com' and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_l7_protocol order by count() desc limit 10 ;
Q57.common_c2s_pkt_num top10 by Filter(ssl_sni='note.youdao.com') ;select common_c2s_pkt_num ,count() from tsg_galaxy_v3.session_record where ssl_sni='note.youdao.com' and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_c2s_pkt_num order by count() desc limit 10 ;
Q58.common_s2c_pkt_num top10 by Filter(common_server_ip='111.10.53.14' and common_server_port=443) ;select common_s2c_pkt_num ,count() from tsg_galaxy_v3.session_record where common_server_ip='111.10.53.14' and common_server_port=443 and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by common_s2c_pkt_num order by count() desc limit 10 ;
Q59.http_url top10 by Filter(common_c2s_byte_num>100) ;select http_url ,count() from tsg_galaxy_v3.session_record where common_c2s_byte_num>100 and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by http_url order by count() desc limit 10 ;
Q60.http_host top10 by Filter(common_server_ip='8.8.8.8') ;select http_host ,count() from tsg_galaxy_v3.session_record where common_server_ip='8.8.8.8' and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by http_host order by count() desc limit 10 ;
Q61.http_domain top10 by Filter(common_schema_type='HTTP') ;select http_domain ,count() from tsg_galaxy_v3.session_record where common_schema_type='HTTP' and common_recv_time >= toUnixTimestamp(start_time) and common_recv_time < toUnixTimestamp(end_time) group by http_domain order by count() desc limit 10 ;
Q62.Bandwidth Trend (Time Grain 60 second) nofilter ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(common_recv_time)), INTERVAL 60 SECOND))))) AS stat_time, common_schema_type AS type, sum(common_sessions) AS sessions, sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, sum(common_c2s_pkt_num + common_s2c_pkt_num) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(common_recv_time)), INTERVAL 60 SECOND))))), common_schema_type LIMIT 100000 ;
Q63.Bandwidth Trend (Time Grain 60 second) by Filter(common_client_ip='36.189.226.21') ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(common_recv_time)), INTERVAL 60 SECOND))))) AS stat_time, common_schema_type AS type, sum(common_sessions) AS sessions, sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, sum(common_c2s_pkt_num + common_s2c_pkt_num) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_client_ip='36.189.226.21' GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(common_recv_time)), INTERVAL 60 SECOND))))), common_schema_type LIMIT 100000 ;
Q64.Bandwidth Trend (Time Grain 60 second) by Filter(common_server_ip='8.8.8.8') ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(common_recv_time)), INTERVAL 60 SECOND))))) AS stat_time, common_schema_type AS type, sum(common_sessions) AS sessions, sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, sum(common_c2s_pkt_num + common_s2c_pkt_num) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_server_ip='8.8.8.8' GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(common_recv_time)), INTERVAL 60 SECOND))))), common_schema_type LIMIT 100000 ;
Q65.Bandwidth Trend (Time Grain 60 second) by Filter(http_domain='microsoft.com') ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(common_recv_time)), INTERVAL 60 SECOND))))) AS stat_time, common_schema_type AS type, sum(common_sessions) AS sessions, sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, sum(common_c2s_pkt_num + common_s2c_pkt_num) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND http_domain='microsoft.com' GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(common_recv_time)), INTERVAL 60 SECOND))))), common_schema_type LIMIT 100000 ;
Q66.Bandwidth Trend (Time Grain 60 second) by Filter(common_server_ip='111.10.53.14' and common_server_port=443) ;SELECT toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(common_recv_time)), INTERVAL 60 SECOND))))) AS stat_time, common_schema_type AS type, sum(common_sessions) AS sessions, sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, sum(common_c2s_pkt_num + common_s2c_pkt_num) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_server_ip='111.10.53.14' and common_server_port=443 GROUP BY toDateTime(toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(toUnixTimestamp(common_recv_time)), INTERVAL 60 SECOND))))), common_schema_type LIMIT 100000 ;
Q67.Metrics Query by Filter(appid='2815') ;SELECT ROUND(SUM(common_c2s_pkt_retrans + common_s2c_pkt_retrans)/SUM(common_c2s_pkt_num + common_s2c_pkt_num),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_app_id = '2815' ;
Q68.Metrics Query by Filter(http_domain='qq.com') ;SELECT ROUND(SUM(common_c2s_pkt_retrans + common_s2c_pkt_retrans)/SUM(common_c2s_pkt_num + common_s2c_pkt_num),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND http_domain = 'qq.com' ;
Q69.Metrics Query by Filter(common_client_ip='116.178.223.59') ;SELECT ROUND(SUM(common_c2s_pkt_retrans + common_s2c_pkt_retrans)/SUM(common_c2s_pkt_num + common_s2c_pkt_num),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_client_ip = '116.178.223.59' ;
Q70.Metrics Query by Filter(common_server_ip='8.8.8.8') ;SELECT ROUND(SUM(common_c2s_pkt_retrans + common_s2c_pkt_retrans)/SUM(common_c2s_pkt_num + common_s2c_pkt_num),4) AS avg_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_server_ip = '8.8.8.8' ;
Q71.Metrics Query by Filter(appid='2815') group by common_recv_time ;SELECT ROUND(SUM(common_c2s_pkt_retrans + common_s2c_pkt_retrans)/SUM(common_c2s_pkt_num + common_s2c_pkt_num),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_app_id = '2815' GROUP by common_recv_time order BY max_pkt_retrans_percent desc limit 1 ;
Q72.Metrics Query by Filter(http_domain='qq.com') group by common_recv_time ;SELECT ROUND(SUM(common_c2s_pkt_retrans + common_s2c_pkt_retrans)/SUM(common_c2s_pkt_num + common_s2c_pkt_num),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND http_domain = 'qq.com' GROUP by common_recv_time order BY max_pkt_retrans_percent desc limit 1 ;
Q73.Metrics Query by Filter(common_client_ip='116.178.223.59') group by common_recv_time ;SELECT ROUND(SUM(common_c2s_pkt_retrans + common_s2c_pkt_retrans)/SUM(common_c2s_pkt_num + common_s2c_pkt_num),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_client_ip = '116.178.223.59' GROUP by common_recv_time order BY max_pkt_retrans_percent desc limit 1 ;
Q74.Metrics Query by Filter(common_server_ip='8.8.8.8') group by common_recv_time ;SELECT ROUND(SUM(common_c2s_pkt_retrans + common_s2c_pkt_retrans)/SUM(common_c2s_pkt_num + common_s2c_pkt_num),4) as max_pkt_retrans_percent FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toUnixTimestamp(start_time) AND common_recv_time < toUnixTimestamp(end_time) AND common_server_ip = '8.8.8.8' GROUP by common_recv_time order BY max_pkt_retrans_percent desc limit 1;