From 9a7c3cabce743344ff5f9606eb9eab4d91d6917d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E5=AE=BD?= <wangkuan@mesalab.cn>
Date: Sun, 25 Jun 2023 02:58:00 +0000
Subject: [PATCH] =?UTF-8?q?23.06=E7=89=88=E6=9C=AC=E6=96=B0=E5=A2=9E?=
 =?UTF-8?q?=E5=AE=9E=E4=BD=93=E5=85=B3=E7=B3=BB=E5=AD=98=E5=82=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Clickhouse_CN_建表语句.sql                | 151 ++++++++++++++++++
 1 file changed, 151 insertions(+)

diff --git a/Clickhouse最新全量建表语句/Clickhouse_CN_建表语句.sql b/Clickhouse最新全量建表语句/Clickhouse_CN_建表语句.sql
index 933ff76..9900fa1 100644
--- a/Clickhouse最新全量建表语句/Clickhouse_CN_建表语句.sql
+++ b/Clickhouse最新全量建表语句/Clickhouse_CN_建表语句.sql
@@ -1707,3 +1707,154 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.metric_dns_rr_cname ON CLUSTER
  external_query_num Int64,
  avg_response_latency_ms Nullable(Float64)
 ) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'metric_dns_rr_cname_local', rand());
+
+
+ CREATE TABLE cyber_narrator_galaxy.cn_entity_relation_local on cluster ck_cluster
+(
+    app_name String,
+    fqdn String,
+    ip String,
+    country String,
+    province String,
+    region String,
+    asn String,
+    create_time Int64,
+    update_time Int64
+)
+ENGINE = MergeTree
+ORDER BY (common_server_ip,
+ common_server_port,
+ common_app_label,
+ domain)
+TTL toDateTime(update_time) + toIntervalSecond(2592000),
+ toDateTime(update_time) + toIntervalSecond(1) GROUP BY ip,
+ fqdn,
+ app_name SET create_time = min(create_time),
+ update_time = max(update_time),
+ country = anyLast(country),
+ province = anyLast(province),
+ region = anyLast(region),
+ asn = anyLast(asn) ;
+   
+ CREATE TABLE if not exists cyber_narrator_galaxy.cn_entity_relation  on cluster ck_query
+(
+    app_name String,
+    fqdn String,
+    ip String,
+    country String,
+    province String,
+    region String,
+    asn String,
+    create_time Int64,
+    update_time Int64
+)
+ENGINE = Distributed('ck_cluster',
+ 'cyber_narrator_galaxy',
+ 'cn_entity_relation_local',
+ rand());
+ CREATE TABLE if not exists cyber_narrator_galaxy.cn_entity_relation  on cluster ck_cluster
+(
+    app_name String,
+    fqdn String,
+    ip String,
+    country String,
+    province String,
+    region String,
+    asn String,
+    create_time Int64,
+    update_time Int64
+)
+ENGINE = Distributed('ck_cluster',
+ 'cyber_narrator_galaxy',
+ 'cn_entity_relation_local',
+ rand());
+  
+ 
+  CREATE TABLE cyber_narrator_galaxy.cn_dynamic_info_relation_local on cluster ck_cluster
+(
+    ip String,
+    l7_protocol String,
+    port Int64,
+    create_time Int64,
+    update_time Int64
+)
+ENGINE = MergeTree
+ORDER BY (ip,port,l7_protocol)
+TTL toDateTime(update_time) + toIntervalSecond(2592000) DELETE,
+ toDateTime(update_time) + toIntervalSecond(1) GROUP BY ip,port,l7_protocol
+ SET create_time = min(create_time),
+ update_time = max(update_time)  ;
+ 
+ CREATE TABLE if not exists cyber_narrator_galaxy.cn_dynamic_info_relation  on cluster ck_query
+(
+    ip String,
+    l7_protocol String,
+    port Int64,
+    create_time Int64,
+    update_time Int64
+)
+ENGINE = Distributed('ck_cluster',
+ 'cyber_narrator_galaxy',
+ 'cn_dynamic_info_relation_local',
+ rand());
+ 
+ CREATE TABLE if not exists cyber_narrator_galaxy.cn_dynamic_info_relation  on cluster ck_cluster
+(
+    ip String,
+    l7_protocol String,
+    port Int64,
+    create_time Int64,
+    update_time Int64
+)
+ENGINE = Distributed('ck_cluster',
+ 'cyber_narrator_galaxy',
+ 'cn_dynamic_info_relation_local',
+ rand());
+
+
+ create MATERIALIZED VIEW if not exists cyber_narrator_galaxy.cn_entity_relation_view on cluster ck_cluster TO cyber_narrator_galaxy.cn_entity_relation_local
+(
+    app_name String,
+    fqdn String,
+    ip String,
+    country String,
+    province String,
+    region String,
+    asn String,
+    create_time Int64,
+    update_time Int64
+) AS
+SELECT
+    common_app_label AS app_name,
+    ssl_sni AS fqdn,
+    common_server_ip AS ip,
+    anyLast(server_country) AS country,
+    anyLast(server_province) AS province,
+    anyLast(server_region) AS region,
+    anyLast(server_asn) AS asn,
+    min(c1.common_recv_time) AS create_time,
+    max(c1.common_recv_time) AS update_time
+FROM cyber_narrator_galaxy.session_record_cn_local c1
+where common_l4_protocol ='IPv4_TCP' OR common_server_port in(53,443)
+GROUP BY ip,app_name,fqdn;  
+ 
+ 
+  create MATERIALIZED VIEW if not exists cyber_narrator_galaxy.cn_dynamic_info_relation_view on cluster ck_cluster TO cyber_narrator_galaxy.cn_dynamic_info_relation_local
+(
+    ip String,
+    l7_protocol String,
+    port Int64,
+    create_time Int64,
+    update_time Int64
+) AS
+SELECT
+    common_server_ip as ip,
+    common_l7_protocol as l7_protocol,
+    common_server_port as port,
+    min(c1.common_recv_time) AS create_time,
+    max(c1.common_recv_time) AS update_time
+FROM cyber_narrator_galaxy.session_record_cn_local c1
+where common_l4_protocol ='IPv4_TCP' OR common_server_port in(53,443)
+GROUP BY ip,l7_protocol,port;  
+ 
+