gfwleak/galaxy-deployment-updata-record
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Clickhouse_CN_建表语句.sql,新增cn_security_event表

Browse Source
This commit is contained in:
王宽
2023-09-25 03:32:22 +00:00
parent 100624138d
commit d28ed9d661
1 changed files with 105 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
Clickhouse最新全量建表语句/Clickhouse_CN_建表语句.sql
View File

@@ -1694,4 +1694,108 @@ FROM cyber_narrator_galaxy.metric_ip_dynamic_attribute_local AS c1
GROUP BY GROUP BY
ip, ip,
l7_protocol, l7_protocol,
port; port;
CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_security_event_local ON CLUSTER ck_cluster
(
status Int64,
is_builtin Int64,
rule_type String,
victim_ip String,
offender_ip String,
event_info String,
event_key String,
severity String,
event_type String,
duration_s Int64,
event_name String,
app String,
domain String,
event_id Int64,
rule_id Int64,
start_time Int64,
end_time Int64,
match_times Int64
)
ENGINE = MergeTree
ORDER BY event_id
TTL toDateTime(end_time) + toIntervalSecond(2592000),
toDateTime(end_time) + toIntervalSecond(1) GROUP BY event_id
SET
status = anyLast(status),
is_builtin = anyLast(is_builtin),
rule_type = anyLast(rule_type),
victim_ip = anyLast(victim_ip),
offender_ip = anyLast(offender_ip),
event_info = anyLast(event_info),
event_key = anyLast(event_key),
severity = anyLast(severity),
event_type = anyLast(event_type),
duration_s = anyLast(duration_s),
event_name = anyLast(event_name),
app = anyLast(app),
domain = anyLast(domain),
rule_id = anyLast(rule_id),
start_time = anyLast(start_time),
end_time = max(end_time),
match_times = anyLast(match_times);
CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_security_event ON CLUSTER ck_cluster
(
status Int64,
is_builtin Int64,
rule_type String,
victim_ip String,
offender_ip String,
event_info String,
event_key String,
severity String,
event_type String,
duration_s Int64,
event_name String,
app String,
domain String,
event_id Int64,
rule_id Int64,
start_time Int64,
end_time Int64,
match_times Int64
)
ENGINE = Distributed('ck_cluster',
'cyber_narrator_galaxy',
'cn_security_event_local',
rand());
CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_security_event ON CLUSTER ck_query
(
status Int64,
is_builtin Int64,
rule_type String,
victim_ip String,
offender_ip String,
event_info String,
event_key String,
severity String,
event_type String,
duration_s Int64,
event_name String,
app String,
domain String,
event_id Int64,
rule_id Int64,
start_time Int64,
end_time Int64,
match_times Int64
)
ENGINE = Distributed('ck_cluster',
'cyber_narrator_galaxy',
'cn_security_event_local',
rand());