From f6abcd85ac1cd50b826657409c7f09cdeb05ea12 Mon Sep 17 00:00:00 2001 From: wangkuan Date: Fri, 2 Aug 2024 16:52:29 +0800 Subject: [PATCH] =?UTF-8?q?CN-1681=20cn=5Fevent=E5=BA=93=E8=A1=A8=E5=88=9B?= =?UTF-8?q?=E5=BB=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../clickhouse/cn_clickhouse_ddl_24.08.sql | 38 +++++++++++++++++ .../cn_clickhouse_ddl_check_24.08.sql | 2 + .../cn_clickhouse_ddl_upgrade_24.08.sql | 41 ++++++++++++++++++- 3 files changed, 79 insertions(+), 2 deletions(-) diff --git a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_24.08.sql b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_24.08.sql index ef14e44..3d384df 100644 --- a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_24.08.sql +++ b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_24.08.sql @@ -1662,3 +1662,41 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.match_unordered_sequence ON CLU event_name String, severity Int64 ) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'match_unordered_sequence_local', rand()); +CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_event_local ON CLUSTER ck_cluster( + event_id UInt64, + match_ids SimpleAggregateFunction(anyLast, String), + key_fields SimpleAggregateFunction(anyLast, String), + key_values SimpleAggregateFunction(anyLast, String), + rule_id SimpleAggregateFunction(anyLast, Int64), + rule_version SimpleAggregateFunction(anyLast, String), + rule_type SimpleAggregateFunction(anyLast, Int8), + is_builtin SimpleAggregateFunction(anyLast, Int8), + event_type SimpleAggregateFunction(anyLast, String), + event_name SimpleAggregateFunction(anyLast, String), + start_time SimpleAggregateFunction(min, Int64), + end_time SimpleAggregateFunction(max, Int64), + duration_s SimpleAggregateFunction(max, Int64), + status SimpleAggregateFunction(max, Int8) +) +ENGINE=AggregatingMergeTree ORDER BY event_id; + +CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_event ON CLUSTER ck_cluster( + event_id UInt64, + match_ids SimpleAggregateFunction(anyLast, String), + key_fields SimpleAggregateFunction(anyLast, String), + key_values SimpleAggregateFunction(anyLast, String), + rule_id SimpleAggregateFunction(anyLast, Int64), + rule_version SimpleAggregateFunction(anyLast, String), + rule_type SimpleAggregateFunction(anyLast, Int8), + is_builtin SimpleAggregateFunction(anyLast, Int8), + event_type SimpleAggregateFunction(anyLast, String), + event_name SimpleAggregateFunction(anyLast, String), + start_time SimpleAggregateFunction(min, Int64), + end_time SimpleAggregateFunction(max, Int64), + duration_s SimpleAggregateFunction(max, Int64), + status SimpleAggregateFunction(max, Int8) +) +ENGINE = Distributed('ck_cluster', + 'cyber_narrator_galaxy', + 'cn_event_local', + rand()); \ No newline at end of file diff --git a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_check_24.08.sql b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_check_24.08.sql index c47c9dc..662216a 100644 --- a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_check_24.08.sql +++ b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_check_24.08.sql @@ -64,3 +64,5 @@ SELECT key_fields, key_values, event_info, start_time, end_time, match_id, rule_ FROM cyber_narrator_galaxy.match_sequence where start_time >= toUnixTimestamp('2030-01-01 00:00:00') AND start_time = toUnixTimestamp('2030-01-01 00:00:00') AND start_time = toUnixTimestamp('2030-01-01 00:00:00') AND start_time