CN-1681 cn_event库表创建

2024-08-02 16:52:29 +08:00
parent 566d5d51fb
commit f6abcd85ac
3 changed files with 79 additions and 2 deletions
--- a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_24.08.sql
+++ b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_24.08.sql
@@ -1662,3 +1662,41 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.match_unordered_sequence ON CLU
    event_name String,
    severity Int64
 ) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'match_unordered_sequence_local', rand());
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_event_local ON CLUSTER ck_cluster(
    event_id UInt64, 
    match_ids SimpleAggregateFunction(anyLast, String),
    key_fields SimpleAggregateFunction(anyLast, String),
    key_values SimpleAggregateFunction(anyLast, String),
    rule_id SimpleAggregateFunction(anyLast, Int64),
    rule_version SimpleAggregateFunction(anyLast, String),
    rule_type SimpleAggregateFunction(anyLast, Int8),
    is_builtin SimpleAggregateFunction(anyLast, Int8),
    event_type SimpleAggregateFunction(anyLast, String),
    event_name SimpleAggregateFunction(anyLast, String),
    start_time SimpleAggregateFunction(min, Int64),
    end_time SimpleAggregateFunction(max, Int64),
    duration_s SimpleAggregateFunction(max, Int64),
    status SimpleAggregateFunction(max, Int8)
 ) 
 ENGINE=AggregatingMergeTree ORDER BY event_id;
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_event ON CLUSTER ck_cluster(
    event_id UInt64, 
    match_ids SimpleAggregateFunction(anyLast, String),
    key_fields SimpleAggregateFunction(anyLast, String),
    key_values SimpleAggregateFunction(anyLast, String),
    rule_id SimpleAggregateFunction(anyLast, Int64),
    rule_version SimpleAggregateFunction(anyLast, String),
    rule_type SimpleAggregateFunction(anyLast, Int8),
    is_builtin SimpleAggregateFunction(anyLast, Int8),
    event_type SimpleAggregateFunction(anyLast, String),
    event_name SimpleAggregateFunction(anyLast, String),
    start_time SimpleAggregateFunction(min, Int64),
    end_time SimpleAggregateFunction(max, Int64),
    duration_s SimpleAggregateFunction(max, Int64),
    status SimpleAggregateFunction(max, Int8)
 )
 ENGINE = Distributed('ck_cluster',
 'cyber_narrator_galaxy',
 'cn_event_local',
 rand());
--- a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_check_24.08.sql
+++ b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_check_24.08.sql
@@ -64,3 +64,5 @@ SELECT key_fields, key_values, event_info, start_time, end_time, match_id, rule_
 FROM cyber_narrator_galaxy.match_sequence where start_time >= toUnixTimestamp('2030-01-01 00:00:00') AND start_time <toUnixTimestamp('2030-01-01 00:00:01');
 SELECT key_fields, key_values, event_info, start_time, end_time, match_id, rule_id, rule_version, rule_type, is_builtin, event_type, event_name, severity
 FROM cyber_narrator_galaxy.match_unordered_sequence where start_time >= toUnixTimestamp('2030-01-01 00:00:00') AND start_time <toUnixTimestamp('2030-01-01 00:00:01');
 SELECT event_id, match_ids, key_fields, key_values, rule_id, rule_version, rule_type, is_builtin, event_type, event_name, start_time, end_time, duration_s, status
 FROM cyber_narrator_galaxy.cn_event where start_time >= toUnixTimestamp('2030-01-01 00:00:00') AND start_time <toUnixTimestamp('2030-01-01 00:00:01');
--- a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_upgrade_24.08.sql
+++ b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_upgrade_24.08.sql
@@ -1,5 +1,3 @@
 set distributed_ddl_task_timeout = 180;
 CREATE TABLE cyber_narrator_galaxy.match_indicator_local ON CLUSTER ck_cluster (
    indicator_fields String,
    indicator_values String,
@@ -174,3 +172,42 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.match_unordered_sequence ON CLU
    event_name String,
    severity Int64
 ) ENGINE = Distributed('ck_cluster', 'cyber_narrator_galaxy', 'match_unordered_sequence_local', rand());
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_event_local ON CLUSTER ck_cluster(
    event_id UInt64, 
    match_ids SimpleAggregateFunction(anyLast, String),
    key_fields SimpleAggregateFunction(anyLast, String),
    key_values SimpleAggregateFunction(anyLast, String),
    rule_id SimpleAggregateFunction(anyLast, Int64),
    rule_version SimpleAggregateFunction(anyLast, String),
    rule_type SimpleAggregateFunction(anyLast, Int8),
    is_builtin SimpleAggregateFunction(anyLast, Int8),
    event_type SimpleAggregateFunction(anyLast, String),
    event_name SimpleAggregateFunction(anyLast, String),
    start_time SimpleAggregateFunction(min, Int64),
    end_time SimpleAggregateFunction(max, Int64),
    duration_s SimpleAggregateFunction(max, Int64),
    status SimpleAggregateFunction(max, Int8)
 ) 
 ENGINE=AggregatingMergeTree ORDER BY event_id;
 CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_event ON CLUSTER ck_cluster(
    event_id UInt64, 
    match_ids SimpleAggregateFunction(anyLast, String),
    key_fields SimpleAggregateFunction(anyLast, String),
    key_values SimpleAggregateFunction(anyLast, String),
    rule_id SimpleAggregateFunction(anyLast, Int64),
    rule_version SimpleAggregateFunction(anyLast, String),
    rule_type SimpleAggregateFunction(anyLast, Int8),
    is_builtin SimpleAggregateFunction(anyLast, Int8),
    event_type SimpleAggregateFunction(anyLast, String),
    event_name SimpleAggregateFunction(anyLast, String),
    start_time SimpleAggregateFunction(min, Int64),
    end_time SimpleAggregateFunction(max, Int64),
    duration_s SimpleAggregateFunction(max, Int64),
    status SimpleAggregateFunction(max, Int8)
 )
 ENGINE = Distributed('ck_cluster',
 'cyber_narrator_galaxy',
 'cn_event_local',
 rand());