" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED-LOG\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
" console.log(v);",
" }",
" if (v.match(\"kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select * from (select 'Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from session_record union all select 'Interim Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from interim_session_record union all select 'Transaction Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from transaction_record union all select 'Security Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from security_event union all select 'Proxy Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from proxy_event union all select 'Radius' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from radius_record union all select 'Radius ON OFF' as type, from_unixtime(min(event_timestamp) ) as first_time, from_unixtime(max(event_timestamp) ) as last_time from radius_onff_log union all select 'Packet Capture' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from sys_packet_capture_event union all select 'GTPC Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from gtpc_record) order by type",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select * from (select 'Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from session_record union all select 'Interim Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from interim_session_record union all select 'Transaction Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from transaction_record union all select 'Security Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from security_event union all select 'Proxy Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from proxy_event union all select 'Radius' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from radius_record union all select 'Radius ON OFF' as type, from_unixtime(min(event_timestamp) ) as first_time, from_unixtime(max(event_timestamp) ) as last_time from radius_onff_log union all select 'Packet Capture' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from sys_packet_capture_event union all select 'GTPC Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from gtpc_record) order by type"
}
]
},
"description":"验证原始日志是否有最新的数据"
},
"response":[]
}
]
},
{
"name":"数据存储检查(Kafka-Druid)",
"item":[
{
"name":"统计数据-首次与最新加载时间",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select 'Traffic Metrics' as type, min(__time) as first_time, max(__time) as last_time from traffic_metrics_log union all select 'Security Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from security_event_hits_log union all select 'Proxy Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from proxy_event_hits_log union all select 'Internal IP' as type, min(__time) as first_time, max(__time) as last_time from top_internal_host_log union all select 'External IP' as type, min(__time) as first_time, max(__time) as last_time from top_external_host_log union all select 'Subscriber ID' as type, min(__time) as first_time, max(__time) as last_time from top_user_log union all select 'Client IP' as type, min(__time) as first_time, max(__time) as last_time from top_client_ip_log union all select 'Server IP' as type, min(__time) as first_time, max(__time) as last_time from top_server_ip_log union all select 'Website Domain' as type, min(__time) as first_time, max(__time) as last_time from top_website_domain_log union all select 'Hit Urls' as type, min(__time) as first_time, max(__time) as last_time from top_urls_log union all select 'Traffic Summary' as type, min(__time) as first_time, max(__time) as last_time from traffic_summary_log union all select 'Traffic Protocol Stat' as type, min(__time) as first_time, max(__time) as last_time from traffic_protocol_stat_log union all select 'Storage Quota' as type, min(__time) as first_time, max(__time) as last_time from sys_storage_log ",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select 'Traffic Metrics' as type, min(__time) as first_time, max(__time) as last_time from traffic_metrics_log union all select 'Security Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from security_event_hits_log union all select 'Proxy Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from proxy_event_hits_log union all select 'Internal IP' as type, min(__time) as first_time, max(__time) as last_time from top_internal_host_log union all select 'External IP' as type, min(__time) as first_time, max(__time) as last_time from top_external_host_log union all select 'Subscriber ID' as type, min(__time) as first_time, max(__time) as last_time from top_user_log union all select 'Client IP' as type, min(__time) as first_time, max(__time) as last_time from top_client_ip_log union all select 'Server IP' as type, min(__time) as first_time, max(__time) as last_time from top_server_ip_log union all select 'Website Domain' as type, min(__time) as first_time, max(__time) as last_time from top_website_domain_log union all select 'Hit Urls' as type, min(__time) as first_time, max(__time) as last_time from top_urls_log union all select 'Traffic Summary' as type, min(__time) as first_time, max(__time) as last_time from traffic_summary_log union all select 'Traffic Protocol Stat' as type, min(__time) as first_time, max(__time) as last_time from traffic_protocol_stat_log union all select 'Storage Quota' as type, min(__time) as first_time, max(__time) as last_time from sys_storage_log "
"raw":"http://{{qgw_ip}}:{{qgw_port}}?query=select CAST(type, 'Int8') as type,read_rows,query_duration_ms,query,exception,memory_usage,event_time,result_rows,result_bytes from system.query_log_cluster where type>1 and query_id='' order by event_time desc limit 1",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select CAST(type, 'Int8') as type,read_rows,query_duration_ms,query,exception,memory_usage,event_time,result_rows,result_bytes from system.query_log_cluster where type>1 and query_id='' order by event_time desc limit 1"
"raw":"http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT DISTINCT concat(host_address,':','8123') as endpoint FROM system.clusters FORMAT JSON;",
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select \n arrayJoin(splitByString(',',source_country_list)) as source_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \n and notEmpty(source_country_list)\ngroup by arrayJoin(splitByString(',',source_country_list)) order by count desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select \n arrayJoin(splitByString(',',source_country_list)) as source_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \n and notEmpty(source_country_list)\ngroup by arrayJoin(splitByString(',',source_country_list)) order by count desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"Top Destination Countries",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n destination_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \ngroup by destination_country\norder by count desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n destination_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \ngroup by destination_country\norder by count desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"Top Victims",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n destination_ip,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \ngroup by destination_ip\norder by count desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n destination_ip,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \ngroup by destination_ip\norder by count desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"Attack Type",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n attack_type,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \ngroup by attack_type\norder by attack_type",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n attack_type,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \ngroup by attack_type\norder by attack_type"
}
]
}
},
"response":[]
},
{
"name":"Severity",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n severity,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \ngroup by severity\norder by severity",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n severity,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \ngroup by severity\norder by severity"
}
]
}
},
"response":[]
},
{
"name":"Destination IP Distribution",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n destination_ip, IP_TO_GEO(destination_ip) as destination_geo,\n any(destination_country) as destination_country,\n groupUniqArray(arrayJoin(splitByString(',',source_country_list))) as source_coutries,\n max(bit_rate) as max_bit_rate,\n max(packet_rate) as max_packet_rate,\n max(session_rate) as max_session_rate,\n min(start_time) as min_start_time,\n max(end_time) as max_end_time,\n (max_end_time-min_start_time) as duration,\n groupUniqArray(attack_type) as attack_type,\n count(*) as count\nfrom dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}')\ngroup by destination_ip \norder by count desc limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n destination_ip, IP_TO_GEO(destination_ip) as destination_geo,\n any(destination_country) as destination_country,\n groupUniqArray(arrayJoin(splitByString(',',source_country_list))) as source_coutries,\n max(bit_rate) as max_bit_rate,\n max(packet_rate) as max_packet_rate,\n max(session_rate) as max_session_rate,\n min(start_time) as min_start_time,\n max(end_time) as max_end_time,\n (max_end_time-min_start_time) as duration,\n groupUniqArray(attack_type) as attack_type,\n count(*) as count\nfrom dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}')\ngroup by destination_ip \norder by count desc limit 100"
}
]
}
},
"response":[]
},
{
"name":"DoS Attack Connection",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n start_time,\n destination_ip,\n IP_TO_GEO(destination_ip) as destination_geo,\n destination_country,\n source_country_list,\n attack_type,\n severity,bit_rate, packet_rate, session_rate from dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') order by start_time asc limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n start_time,\n destination_ip,\n IP_TO_GEO(destination_ip) as destination_geo,\n destination_country,\n source_country_list,\n attack_type,\n severity,bit_rate, packet_rate, session_rate from dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') order by start_time asc limit 100"
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(total_in_bytes)* 8 / 300 as trafficInBits,\n\tsum(total_out_bytes)* 8 / 300 as trafficOutBits,\n\tsum(total_in_bytes + total_out_bytes)* 8 / 300 as trafficTotalBits,\n\tsum(total_in_packets)/ 300 as trafficInPackets,\n\tsum(total_out_packets)/ 300 as trafficOutPackets,\n\tsum(total_in_packets + total_out_packets)/ 300 as trafficTotalPackets,\n\tsum(new_conn_num)/ 300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300)",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tsum(total_in_bytes)* 8 / 300 as trafficInBits,\n\tsum(total_out_bytes)* 8 / 300 as trafficOutBits,\n\tsum(total_in_bytes + total_out_bytes)* 8 / 300 as trafficTotalBits,\n\tsum(total_in_packets)/ 300 as trafficInPackets,\n\tsum(total_out_packets)/ 300 as trafficOutPackets,\n\tsum(total_in_packets + total_out_packets)/ 300 as trafficTotalPackets,\n\tsum(new_conn_num)/ 300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300)"
}
]
},
"description":"最近5分钟"
},
"response":[]
},
{
"name":"基础统计-新建、活跃(计数)-now",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select \n sum(new_conn_num)/300 as new_conn_num, \n sum(live_conn_num) as live_conn_num \nfrom (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num \n from traffic_metrics_log \n where __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300)\n group by device_id)",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select \n sum(new_conn_num)/300 as new_conn_num, \n sum(live_conn_num) as live_conn_num \nfrom (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num \n from traffic_metrics_log \n where __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300)\n group by device_id)"
}
]
}
},
"response":[]
},
{
"name":"基础统计-流量(趋势)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as statisticsTime,\n\tsum(total_in_bytes) as total_in_bytes,\n\tsum(total_out_bytes) as total_out_bytes,\n\tsum(total_in_bytes + total_out_bytes) as total_all_bytes,\n\tsum(total_in_packets) as total_in_packets,\n\tsum(total_out_packets) as total_out_packets,\n\tsum(total_in_packets + total_out_packets) as total_all_packets,\n\tsum(new_conn_num) as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tgroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero'))\nlimit 50000",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as statisticsTime,\n\tsum(total_in_bytes) as total_in_bytes,\n\tsum(total_out_bytes) as total_out_bytes,\n\tsum(total_in_bytes + total_out_bytes) as total_all_bytes,\n\tsum(total_in_packets) as total_in_packets,\n\tsum(total_out_packets) as total_out_packets,\n\tsum(total_in_packets + total_out_packets) as total_all_packets,\n\tsum(new_conn_num) as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tgroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero'))\nlimit 50000"
}
]
}
},
"response":[]
},
{
"name":"基础统计-新建、活跃(趋势)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select * from (select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,\n'new_conn_num' as type,\nsum(new_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}'\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),'new_conn_num' union all select statisticTime, 'live_conn_num' as type,sum(sessions) as sessions from ( select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,device_id,\nmax(established_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}' \ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),device_id) group by statisticTime,'live_conn_num' ) order by statisticTime asc limit 50000",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select * from (select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,\n'new_conn_num' as type,\nsum(new_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}'\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),'new_conn_num' union all select statisticTime, 'live_conn_num' as type,sum(sessions) as sessions from ( select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,device_id,\nmax(established_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}' \ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),device_id) group by statisticTime,'live_conn_num' ) order by statisticTime asc limit 50000"
}
]
}
},
"response":[]
},
{
"name":"安全命中策略-命中动作连接数(计数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select 'Default' as action, sum(default_in_bytes+default_out_bytes) as bytes, sum(default_in_packets+default_out_packets) as packets, sum(default_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Allow' as action, sum(allow_in_bytes+allow_out_bytes) as bytes, sum(allow_in_packets+allow_out_packets) as packets, sum(allow_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Deny' as action, sum(deny_in_bytes+deny_out_bytes) as bytes, sum(deny_in_packets+deny_out_packets) as packets, sum(deny_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Monitor' as action, sum(monitor_in_bytes+monitor_out_bytes) as bytes, sum(monitor_in_packets+monitor_out_packets) as packets, sum(monitor_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Intercept' as action, sum(intercept_in_bytes+intercept_out_bytes) as bytes, sum(intercept_in_packets+intercept_out_packets) as packets, sum(intercept_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}'",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select 'Default' as action, sum(default_in_bytes+default_out_bytes) as bytes, sum(default_in_packets+default_out_packets) as packets, sum(default_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Allow' as action, sum(allow_in_bytes+allow_out_bytes) as bytes, sum(allow_in_packets+allow_out_packets) as packets, sum(allow_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Deny' as action, sum(deny_in_bytes+deny_out_bytes) as bytes, sum(deny_in_packets+deny_out_packets) as packets, sum(deny_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Monitor' as action, sum(monitor_in_bytes+monitor_out_bytes) as bytes, sum(monitor_in_packets+monitor_out_packets) as packets, sum(monitor_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Intercept' as action, sum(intercept_in_bytes+intercept_out_bytes) as bytes, sum(intercept_in_packets+intercept_out_packets) as packets, sum(intercept_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}'"
}
]
}
},
"response":[]
},
{
"name":"安全命中策略-命中动作连接数(趋势)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as statisticTime,\n\tsum(default_in_bytes + default_out_bytes) as default_bytes,\n\tsum(default_in_packets + default_out_packets) as default_packets,\n\tsum(default_conn_num) as default_sessions,\n\tsum(allow_in_bytes + allow_out_bytes) as allow_bytes,\n\tsum(allow_in_packets + allow_out_packets) as allow_packets,\n\tsum(allow_conn_num) as allow_sessions,\n\tsum(deny_in_bytes + deny_out_bytes) as deny_bytes,\n\tsum(deny_in_packets + deny_out_packets) as deny_packets,\n\tsum(deny_conn_num) as deny_sessions,\n\tsum(monitor_in_bytes + monitor_out_bytes) as monitor_bytes,\n\tsum(monitor_in_packets + monitor_out_packets) as monitor_packets,\n\tsum(monitor_conn_num) as monitor_sessions,\n\tsum(intercept_in_bytes + intercept_out_bytes) as intercept_bytes,\n\tsum(intercept_in_packets + intercept_out_packets) as intercept_packets,\n\tsum(intercept_conn_num) as intercept_sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero'))\nlimit 50000",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as statisticTime,\n\tsum(default_in_bytes + default_out_bytes) as default_bytes,\n\tsum(default_in_packets + default_out_packets) as default_packets,\n\tsum(default_conn_num) as default_sessions,\n\tsum(allow_in_bytes + allow_out_bytes) as allow_bytes,\n\tsum(allow_in_packets + allow_out_packets) as allow_packets,\n\tsum(allow_conn_num) as allow_sessions,\n\tsum(deny_in_bytes + deny_out_bytes) as deny_bytes,\n\tsum(deny_in_packets + deny_out_packets) as deny_packets,\n\tsum(deny_conn_num) as deny_sessions,\n\tsum(monitor_in_bytes + monitor_out_bytes) as monitor_bytes,\n\tsum(monitor_in_packets + monitor_out_packets) as monitor_packets,\n\tsum(monitor_conn_num) as monitor_sessions,\n\tsum(intercept_in_bytes + intercept_out_bytes) as intercept_bytes,\n\tsum(intercept_in_packets + intercept_out_packets) as intercept_packets,\n\tsum(intercept_conn_num) as intercept_sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero'))\nlimit 50000"
}
]
}
},
"response":[]
},
{
"name":"安全命中策略-策略命中排名(TopN)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select policy_id as policyId, sum(hits) as sessions from security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by policy_id order by sessions desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select policy_id as policyId, sum(hits) as sessions from security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by policy_id order by sessions desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-活跃源IP排名(TopN-会话数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as clientIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'sessions'\ngroup by\n\tsource\norder by\n\tsessions desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tsource as clientIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'sessions'\ngroup by\n\tsource\norder by\n\tsessions desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-活跃源IP排名(TopN-包数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as clientIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'packets'\ngroup by\n\tsource\norder by\n\ttotalPackets desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tsource as clientIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'packets'\ngroup by\n\tsource\norder by\n\ttotalPackets desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-活跃源IP排名(TopN-字节数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as clientIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'bytes'\ngroup by\n\tsource\norder by\n\ttotalBytes desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tsource as clientIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'bytes'\ngroup by\n\tsource\norder by\n\ttotalBytes desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-活跃目的IP排名(TopN-会话数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='sessions' group by destination order by sessions desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='sessions' group by destination order by sessions desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-活跃目的IP排名(TopN-包数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='packets' group by destination order by totalPackets desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='packets' group by destination order by totalPackets desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-活跃目的IP排名(TopN-字节数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' group by destination order by totalBytes desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' group by destination order by totalBytes desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-活跃用户排名(TopN-会话数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='sessions' group by subscriber_id order by sessions desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='sessions' group by subscriber_id order by sessions desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-活跃用户排名(TopN-包数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='packets' group by subscriber_id order by totalPackets desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='packets' group by subscriber_id order by totalPackets desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-活跃用户排名(TopN-字节数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' group by subscriber_id order by totalBytes desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' group by subscriber_id order by totalBytes desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-活跃网址排名(TopN)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select url,sum(session_num) as sessions from top_urls_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by url order by sessions desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select url,sum(session_num) as sessions from top_urls_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by url order by sessions desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-活跃域名排名(TopN)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select domain,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_website_domain_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='sessions' group by domain order by sessions desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select domain,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_website_domain_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='sessions' group by domain order by sessions desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-APP排名(TopN-会话数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tapp_name as app_name,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttraffic_app_stat_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\tapp_name\norder by\n\tsessions desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tapp_name as app_name,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttraffic_app_stat_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\tapp_name\norder by\n\tsessions desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-APP的行为排名(TopN-会话数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsub_app_name as app_name,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttraffic_app_stat_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and app_name='lyf-http' and sub_app_name is not null\ngroup by\n\tsub_app_name\norder by\n\tsessions desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tsub_app_name as app_name,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttraffic_app_stat_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and app_name='lyf-http' and sub_app_name is not null\ngroup by\n\tsub_app_name\norder by\n\tsessions desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-内部主机排名(TopN-会话数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'sessions'\ngroup by\n\tsource\norder by\n\tsessions desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'sessions'\ngroup by\n\tsource\norder by\n\tsessions desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-内部主机排名(TopN-包数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets'\ngroup by\n\tsource\norder by\n\tpackets desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets'\ngroup by\n\tsource\norder by\n\tpackets desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-内部主机排名(TopN-字节数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes'\ngroup by\n\tsource\norder by\n\tbytes desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes'\ngroup by\n\tsource\norder by\n\tbytes desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-外部主机排名(TopN-会话数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions'\ngroup by\n\tdestination\norder by\n\tsessions desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions'\ngroup by\n\tdestination\norder by\n\tsessions desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-外部主机排名(TopN-包数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets'\ngroup by\n\tdestination\norder by\n\tpackets desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets'\ngroup by\n\tdestination\norder by\n\tpackets desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"终端统计信息-外部主机排名(TopN-字节数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes'\ngroup by\n\tdestination\norder by\n\tbytes desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes'\ngroup by\n\tdestination\norder by\n\tbytes desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"代理命中策略-命中动作连接数(计数)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select 'Allow' as action, sum(intcp_allow_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Monitor' as action, sum(intcp_mon_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Deny' as action, sum(intcp_deny_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Redirect' as action, sum(intcp_rdirt_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Replace' as action, sum(intcp_repl_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Hijack' as action, sum(intcp_hijk_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Insert' as action, sum(intcp_ins_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}'",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select 'Allow' as action, sum(intcp_allow_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Monitor' as action, sum(intcp_mon_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Deny' as action, sum(intcp_deny_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Redirect' as action, sum(intcp_rdirt_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Replace' as action, sum(intcp_repl_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Hijack' as action, sum(intcp_hijk_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Insert' as action, sum(intcp_ins_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}'"
}
]
}
},
"response":[]
},
{
"name":"代理命中策略-命中动作连接数(趋势)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(intcp_allow_num) as intercept_allow_conn_num, sum(intcp_mon_num) as intercept_monitor_conn_num, sum(intcp_deny_num) as intercept_deny_conn_num, sum(intcp_rdirt_num) as intercept_redirect_conn_num, sum(intcp_repl_num) as intercept_replace_conn_num, sum(intcp_hijk_num) as intercept_hijack_conn_num, sum(intcp_ins_num) as intercept_insert_conn_num from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 50000",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(intcp_allow_num) as intercept_allow_conn_num, sum(intcp_mon_num) as intercept_monitor_conn_num, sum(intcp_deny_num) as intercept_deny_conn_num, sum(intcp_rdirt_num) as intercept_redirect_conn_num, sum(intcp_repl_num) as intercept_replace_conn_num, sum(intcp_hijk_num) as intercept_hijack_conn_num, sum(intcp_ins_num) as intercept_insert_conn_num from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 50000"
}
]
}
},
"response":[]
},
{
"name":"代理命中策略-Pinning(Not)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(not_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(not_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100"
}
]
}
},
"response":[]
},
{
"name":"代理命中策略-Pinning(Maybe)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(maybe_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(maybe_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100"
}
]
}
},
"response":[]
},
{
"name":"代理命中策略-Pinning(Yes)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100"
}
]
}
},
"response":[]
},
{
"name":"代理命中策略-策略命中排名(TopN)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select policy_id as policyId, sum(hits) as sessions from proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by policy_id order by sessions desc limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select policy_id as policyId, sum(hits) as sessions from proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by policy_id order by sessions desc limit 10"
}
]
}
},
"response":[]
},
{
"name":"新建/活跃连接平均速率",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query= select\n sum(new_conn_num)/300 as new_conn_num,\n sum(live_conn_num) as live_conn_num from (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num from traffic_metrics_log \n where __time >= {{Last 5 Minutes Start}} \n group by device_id) ",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":" select\n sum(new_conn_num)/300 as new_conn_num,\n sum(live_conn_num) as live_conn_num from (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num from traffic_metrics_log \n where __time >= {{Last 5 Minutes Start}} \n group by device_id) "
}
]
}
},
"response":[]
},
{
"name":"网络带宽平均速率",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=\nselect\n\tsum(total_in_bytes)*8/300 as traffic_in_bits,\n\tsum(total_out_bytes)*8/300 as traffic_out_bits\nfrom\n\ttraffic_metrics_log\nwhere \n\t__time >= {{Last 5 Minutes Start}} ",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"\nselect\n\tsum(total_in_bytes)*8/300 as traffic_in_bits,\n\tsum(total_out_bytes)*8/300 as traffic_out_bits\nfrom\n\ttraffic_metrics_log\nwhere \n\t__time >= {{Last 5 Minutes Start}} "
}
]
}
},
"response":[]
},
{
"name":"网络包数平均速率",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=\nselect\n\tsum(total_in_packets)/300 as traffic_in_packets,\n\tsum(total_out_packets)/300 as traffic_out_packets\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} ",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"\nselect\n\tsum(total_in_packets)/300 as traffic_in_packets,\n\tsum(total_out_packets)/300 as traffic_out_packets\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} "
}
]
}
},
"response":[]
},
{
"name":"网络会话数量平均速率",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=\nselect\n\tsum(new_conn_num)/300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} ",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"\nselect\n\tsum(new_conn_num)/300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} "
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response":[]
},
{
"name":"通联-流量计数(now)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(common_s2c_byte_num)* 8 / 300 as trafficInBits,\n\tsum(common_c2s_byte_num)* 8 / 300 as trafficOutBits,\n\tsum(common_s2c_byte_num + common_c2s_byte_num)* 8 / 300 as trafficTotalBits,\n\tsum(common_s2c_pkt_num)/ 300 as trafficInPackets,\n\tsum(common_c2s_pkt_num)/ 300 as trafficOutPackets,\n\tsum(common_s2c_pkt_num + common_c2s_pkt_num)/ 300 as trafficTotalPackets,\n\tsum(common_sessions)/ 300 as sessions\nfrom\n\t session_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP(now())-300",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\tsum(common_s2c_byte_num)* 8 / 300 as trafficInBits,\n\tsum(common_c2s_byte_num)* 8 / 300 as trafficOutBits,\n\tsum(common_s2c_byte_num + common_c2s_byte_num)* 8 / 300 as trafficTotalBits,\n\tsum(common_s2c_pkt_num)/ 300 as trafficInPackets,\n\tsum(common_c2s_pkt_num)/ 300 as trafficOutPackets,\n\tsum(common_s2c_pkt_num + common_c2s_pkt_num)/ 300 as trafficTotalPackets,\n\tsum(common_sessions)/ 300 as sessions\nfrom\n\t session_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP(now())-300"
}
]
}
},
"response":[]
},
{
"name":"通联-近1小时日志变化 (默认,预统计)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >={{Last 1 Hour Start}} and schema_type='BASE' group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='HTTP' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SSL' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='MAIL' group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='DNS' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='APP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='QUIC' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='FTP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SIP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='RTP' group by {{PT1M_TIME}}, schema_type",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >={{Last 1 Hour Start}} and schema_type='BASE' group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='HTTP' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SSL' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='MAIL' group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='DNS' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='APP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='QUIC' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='FTP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SIP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='RTP' group by {{PT1M_TIME}}, schema_type"
}
]
}
},
"response":[]
},
{
"name":"通联日志-近1小时日志变化 (原始日志)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n sum(common_sessions) as sessions,\n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\nfrom\n session_record\nwhere common_recv_time > {{Last 1 Hour Start}}\ngroup by\n stat_time,\n common_schema_type order by stat_time asc",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n sum(common_sessions) as sessions,\n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\nfrom\n session_record\nwhere common_recv_time > {{Last 1 Hour Start}}\ngroup by\n stat_time,\n common_schema_type order by stat_time asc"
}
]
}
},
"response":[]
},
{
"name":"通联日志-日志总量",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from session_record where common_recv_time >= '{{start_time}}' and common_recv_time <'{{end_time}}'",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select count(*) as events from session_record where common_recv_time >= '{{start_time}}' and common_recv_time <'{{end_time}}'"
}
]
}
},
"response":[]
},
{
"name":"事务日志",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response":[]
},
{
"name":"活跃会话日志",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response":[]
},
{
"name":"安全策略日志",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response":[]
},
{
"name":"安全策略-近1小时日志变化(默认,预统计)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, 'allow' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=128 group by {{PT1M_TIME}},'allow'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'deny' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=16 group by {{PT1M_TIME}},'deny'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'monitor' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=1 group by {{PT1M_TIME}},'monitor'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'intercept' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=2 group by {{PT1M_TIME}}, 'intercept'",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select {{PT1M_TIME}} as stat_time, 'allow' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=128 group by {{PT1M_TIME}},'allow'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'deny' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=16 group by {{PT1M_TIME}},'deny'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'monitor' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=1 group by {{PT1M_TIME}},'monitor'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'intercept' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=2 group by {{PT1M_TIME}}, 'intercept'"
}
]
}
},
"response":[]
},
{
"name":"安全策略-近1小时日志变化(原始日志)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n (CASE\n WHEN common_action = 1 THEN 'Monitor'\n WHEN common_action = 2 THEN 'Intercept'\n WHEN common_action = 16 THEN 'Deny'\n WHEN common_action = 48 THEN 'Manipulation'\n WHEN common_action = 128 THEN 'Allow'\n ELSE 'None'\n END) as type,\n count(*) as events\nfrom\n security_event where common_recv_time > {{Last 1 Hour Start}}\ngroup by\n stat_time,\n common_action order by stat_time asc",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n {{PT5M_RECV_TIME}} as stat_time,\n (CASE\n WHEN common_action = 1 THEN 'Monitor'\n WHEN common_action = 2 THEN 'Intercept'\n WHEN common_action = 16 THEN 'Deny'\n WHEN common_action = 48 THEN 'Manipulation'\n WHEN common_action = 128 THEN 'Allow'\n ELSE 'None'\n END) as type,\n count(*) as events\nfrom\n security_event where common_recv_time > {{Last 1 Hour Start}}\ngroup by\n stat_time,\n common_action order by stat_time asc"
}
]
}
},
"response":[]
},
{
"name":"安全策略-日志总量",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from security_event where common_recv_time >= '{{start_time}}' and common_recv_time <'{{end_time}}'",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select count(*) as events from security_event where common_recv_time >= '{{start_time}}' and common_recv_time <'{{end_time}}'"
}
]
}
},
"response":[]
},
{
"name":"安全策略-动作命中计数",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select (CASE WHEN common_action=1 THEN 'Monitor' WHEN common_action=2 THEN 'Intercept' WHEN common_action=16 THEN 'Deny' WHEN common_action=48 THEN 'Manipulation' WHEN common_action=128 THEN 'Allow' ELSE 'None' END) as action,\n count(*) as hits,\n sum(common_c2s_byte_num ) as bytes_sent,\n sum(common_s2c_byte_num ) as bytes_received,\n sum(common_c2s_byte_num+common_s2c_byte_num ) as bytes,sum(common_c2s_pkt_num ) as packets_sent,\n sum(common_s2c_pkt_num ) as packets_received,\n sum(common_c2s_pkt_num+common_s2c_pkt_num ) as packets from security_event where common_recv_time >= '{{start_time}}' and common_recv_time <'{{end_time}}' group by common_action",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select (CASE WHEN common_action=1 THEN 'Monitor' WHEN common_action=2 THEN 'Intercept' WHEN common_action=16 THEN 'Deny' WHEN common_action=48 THEN 'Manipulation' WHEN common_action=128 THEN 'Allow' ELSE 'None' END) as action,\n count(*) as hits,\n sum(common_c2s_byte_num ) as bytes_sent,\n sum(common_s2c_byte_num ) as bytes_received,\n sum(common_c2s_byte_num+common_s2c_byte_num ) as bytes,sum(common_c2s_pkt_num ) as packets_sent,\n sum(common_s2c_pkt_num ) as packets_received,\n sum(common_c2s_pkt_num+common_s2c_pkt_num ) as packets from security_event where common_recv_time >= '{{start_time}}' and common_recv_time <'{{end_time}}' group by common_action"
}
]
}
},
"response":[]
},
{
"name":"代理策略日志",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response":[]
},
{
"name":"代理策略-动作命中计数",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query= select common_sub_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') group by common_sub_action",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":" select common_sub_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') group by common_sub_action"
}
]
}
},
"response":[]
},
{
"name":"代理策略-近1小时动作命中变化 (默认,预统计)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='allow' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='monitor' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='deny' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='redirect' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='replace' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='hijack' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='insert' group by {{PT1M_TIME}}, sub_action\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='allow' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='monitor' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='deny' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='redirect' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='replace' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='hijack' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='insert' group by {{PT1M_TIME}}, sub_action\n"
}
]
}
},
"response":[]
},
{
"name":"代理策略-近1小时动作命中变化 (原始日志)",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_sub_action as type,\n count(*) as events\nfrom\n proxy_event where common_recv_time > {{Last 1 Hour Start}}\ngroup by\n stat_time,\n common_sub_action order by stat_time asc",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n {{PT5M_RECV_TIME}} as stat_time,\n common_sub_action as type,\n count(*) as events\nfrom\n proxy_event where common_recv_time > {{Last 1 Hour Start}}\ngroup by\n stat_time,\n common_sub_action order by stat_time asc"
}
]
}
},
"response":[]
},
{
"name":"代理策略-日志总量",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from proxy_event where common_recv_time >= '{{start_time}}' and common_recv_time <'{{end_time}}'",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select count(*) as events from proxy_event where common_recv_time >= '{{start_time}}' and common_recv_time <'{{end_time}}'"
}
]
}
},
"response":[]
},
{
"name":"Radius日志",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response":[]
},
{
"name":"GTP-C日志",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response":[]
},
{
"name":"VoIP融合日志",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from voip_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from voip_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response":[]
},
{
"name":"DoS事件日志",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n log_id,\n attack_type,\n source_country_list,\n source_ip_list,\n destination_ip,\n destination_country,\n severity, \n start_time,\n end_time,\n conditions,\n bit_rate,\n packet_rate,\n session_rate from dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}')\norder by start_time desc \nlimit 0,20",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n log_id,\n attack_type,\n source_country_list,\n source_ip_list,\n destination_ip,\n destination_country,\n severity, \n start_time,\n end_time,\n conditions,\n bit_rate,\n packet_rate,\n session_rate from dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}')\norder by start_time desc \nlimit 0,20"
}
]
}
},
"response":[]
},
{
"name":"DoS事件-Summary",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(start_time,'PT10M')) as stat_time,\n attack_type as type,\n count(*) as count\nfrom\n dos_event\nwhere start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n stat_time,\n attack_type\norder by stat_time asc",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(start_time,'PT10M')) as stat_time,\n attack_type as type,\n count(*) as count\nfrom\n dos_event\nwhere start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n stat_time,\n attack_type\norder by stat_time asc"
}
]
}
},
"response":[]
},
{
"name":"DoS事件-Destination IP Traffic Trend",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5m', 'zero')) as stat_time, \n\tavg(session_rate) as session_rate,\n avg(packet_rate) as packet_rate,\n avg(bit_rate) as bit_rate\nfrom traffic_top_destination_ip_metrics_log\nwhere __time >= '{{start_time}}'\nand __time < '{{end_time}}' and destination_ip='8.8.8.8' and attack_type='TCP SYN Flood'\ngroup by\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5m', 'zero')) ",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5m', 'zero')) as stat_time, \n\tavg(session_rate) as session_rate,\n avg(packet_rate) as packet_rate,\n avg(bit_rate) as bit_rate\nfrom traffic_top_destination_ip_metrics_log\nwhere __time >= '{{start_time}}'\nand __time < '{{end_time}}' and destination_ip='8.8.8.8' and attack_type='TCP SYN Flood'\ngroup by\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5m', 'zero')) "
"raw":"http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT SUM(`bytes_on_disk`) FROM system.parts WHERE database ='{{clickhouse_database}}'",
"protocol":"http",
"host":[
"{{clickhouse_ip}}"
],
"port":"{{clickhouse_port}}",
"query":[
{
"key":"database",
"value":"{{clickhouse_database}}"
},
{
"key":"user",
"value":"{{clickhouse_user}}"
},
{
"key":"password",
"value":"{{clickhouse_password}}"
},
{
"key":"query",
"value":"SELECT SUM(`bytes_on_disk`) FROM system.parts WHERE database ='{{clickhouse_database}}'"
"raw":"http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT SUM(`total_space`) FROM system.disks",
"protocol":"http",
"host":[
"{{clickhouse_ip}}"
],
"port":"{{clickhouse_port}}",
"query":[
{
"key":"database",
"value":"{{clickhouse_database}}"
},
{
"key":"user",
"value":"{{clickhouse_user}}"
},
{
"key":"password",
"value":"{{clickhouse_password}}"
},
{
"key":"query",
"value":"SELECT SUM(`total_space`) FROM system.disks"
"raw":"http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT SUM(bytes_on_disk) FROM system.parts WHERE database = '{{clickhouse_database}}' AND partition =toString(toYYYYMMDD(yesterday()));",
"protocol":"http",
"host":[
"{{clickhouse_ip}}"
],
"port":"{{clickhouse_port}}",
"query":[
{
"key":"database",
"value":"{{clickhouse_database}}"
},
{
"key":"user",
"value":"{{clickhouse_user}}"
},
{
"key":"password",
"value":"{{clickhouse_password}}"
},
{
"key":"query",
"value":"SELECT SUM(bytes_on_disk) FROM system.parts WHERE database = '{{clickhouse_database}}' AND partition =toString(toYYYYMMDD(yesterday()));"
"raw":"{\"query\":\"SELECT used_size FROM sys_storage_log WHERE log_type = 'Report and Metrics' ORDER BY __time DESC LIMIT 1\",\"context\":{\"skipEmptyBuckets\":\"false\"},\"resultFormat\":\"object\"}",
"raw":"{\r\n \"query\": \"SELECT DISTINCT(datasource) FROM sys.tasks WHERE datasource NOT LIKE '%hot%'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}",
"raw":"http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT DISTINCT(name) FROM system.tables WHERE database = 'tsg_galaxy_v3' AND engine in ('MergeTree','ReplicatedMergeTree') FORMAT JSON;",
"protocol":"http",
"host":[
"{{clickhouse_ip}}"
],
"port":"{{clickhouse_port}}",
"query":[
{
"key":"database",
"value":"{{clickhouse_database}}"
},
{
"key":"user",
"value":"{{clickhouse_user}}"
},
{
"key":"password",
"value":"{{clickhouse_password}}"
},
{
"key":"query",
"value":"SELECT DISTINCT(name) FROM system.tables WHERE database = 'tsg_galaxy_v3' AND engine in ('MergeTree','ReplicatedMergeTree') FORMAT JSON;"
}
]
},
"description":"根据不同的ip查询所有clickhouse的表"
},
"response":[]
}
]
}
]
},
{
"name":"07.常用快捷功能",
"item":[
{
"name":"某域名下钻",
"item":[
{
"name":"Domain Entity",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" , groupUniqArray(common_l7_protocol) as protocols,FROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" , median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes, any(common_server_location) as Location from session_record where http_domain='{{domain}}' and common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' ",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select FROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" , groupUniqArray(common_l7_protocol) as protocols,FROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" , median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes, any(common_server_location) as Location from session_record where http_domain='{{domain}}' and common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' "
}
]
}
},
"response":[]
},
{
"name":"Domain Access Trend",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'P1D')) as stat_time, count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes from session_record where http_domain='{{domain}}' and common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by stat_time order by stat_time limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'P1D')) as stat_time, count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes from session_record where http_domain='{{domain}}' and common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by stat_time order by stat_time limit 100"
}
]
}
},
"response":[]
},
{
"name":"Client",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip as \"Client IP\" , avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\", count(1) as Responses,any(common_client_location) as Location from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and http_domain='{{domain}}' group by \"Client IP\" order by Responses desc limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select common_client_ip as \"Client IP\" , avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\", count(1) as Responses,any(common_client_location) as Location from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and http_domain='{{domain}}' group by \"Client IP\" order by Responses desc limit 100"
}
]
}
},
"response":[]
},
{
"name":"Server",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select common_server_ip as \"Server IP\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes,any(common_server_location) as Location from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and http_domain='{{domain}}' group by \"Server IP\" order by bytes desc limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select common_server_ip as \"Server IP\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes,any(common_server_location) as Location from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and http_domain='{{domain}}' group by \"Server IP\" order by bytes desc limit 100"
}
]
}
},
"response":[]
},
{
"name":"URI",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select http_url as \"URI\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and http_domain='{{domain}}' group by \"URI\" order by Responses desc limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select http_url as \"URI\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and http_domain='{{domain}}' group by \"URI\" order by Responses desc limit 100"
}
]
}
},
"response":[]
}
]
},
{
"name":"某IP下钻",
"item":[
{
"name":"IP Entity",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" ,\n\tFROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" ,\n\tcount(1) as Sessions,\n\tsum(if(common_client_ip = '{{client_ip}}', 1, 0)) as \"Clients\", sum(if(common_server_ip='{{server_ip}}', 1, 0)) as \"Servers\",\n\tany(common_server_location) as Location\nfrom\n\tsession_record\nwhere common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and\n\t(common_server_ip = '{{client_ip}}'\n\tor common_client_ip = '{{server_ip}}')",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tFROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" ,\n\tFROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" ,\n\tcount(1) as Sessions,\n\tsum(if(common_client_ip = '{{client_ip}}', 1, 0)) as \"Clients\", sum(if(common_server_ip='{{server_ip}}', 1, 0)) as \"Servers\",\n\tany(common_server_location) as Location\nfrom\n\tsession_record\nwhere common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and\n\t(common_server_ip = '{{client_ip}}'\n\tor common_client_ip = '{{server_ip}}')"
}
]
}
},
"response":[]
},
{
"name":"Domain",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select http_domain as \"Domain\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes,uniq(common_client_ip) as \"Client IPs\" from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_server_ip='{{server_ip}}' group by \"Domain\" order by \"Client IPs\" desc limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select http_domain as \"Domain\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes,uniq(common_client_ip) as \"Client IPs\" from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_server_ip='{{server_ip}}' group by \"Domain\" order by \"Client IPs\" desc limit 100"
}
]
}
},
"response":[]
},
{
"name":"Client Access Domain",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select http_domain as \"Domain\", median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_client_ip='{{client_ip}}' group by \"Domain\" order by Bytes desc limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select http_domain as \"Domain\", median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_client_ip='{{client_ip}}' group by \"Domain\" order by Bytes desc limit 100"
}
]
}
},
"response":[]
},
{
"name":"Client to Server",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip as \"Client IP\" , common_server_ip as \"Server IP\", groupUniqArray(concat(common_l7_protocol, '/' , toString(common_server_port))) as \"Applicaiton Protocol\",count(1) as Sessions,any(common_client_location) as \"Client Location\",any(common_client_location) as \"Serever Location\" from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and (common_server_ip = '{{server_ip}}'\n\tor common_client_ip = '{{client_ip}}') group by \"Client IP\", \"Server IP\" order by Sessions desc limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select common_client_ip as \"Client IP\" , common_server_ip as \"Server IP\", groupUniqArray(concat(common_l7_protocol, '/' , toString(common_server_port))) as \"Applicaiton Protocol\",count(1) as Sessions,any(common_client_location) as \"Client Location\",any(common_client_location) as \"Serever Location\" from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and (common_server_ip = '{{server_ip}}'\n\tor common_client_ip = '{{client_ip}}') group by \"Client IP\", \"Server IP\" order by Sessions desc limit 100"
}
]
}
},
"response":[]
},
{
"name":"Server QoS & Throutput Trend",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT1H_RECV_TIME}} as stat_time,\n sum(common_c2s_byte_num) as bytes_sent, sum(common_s2c_byte_num) as bytes_received, \n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets,sum(common_sessions) as sessions,avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\"\nfrom\n session_record\nwhere common_recv_time >= '{{start_time}}' and common_recv_time<'{{end_time}}' and common_server_ip='{{server_ip}}'\ngroup by\n stat_time order by stat_time asc",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n {{PT1H_RECV_TIME}} as stat_time,\n sum(common_c2s_byte_num) as bytes_sent, sum(common_s2c_byte_num) as bytes_received, \n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets,sum(common_sessions) as sessions,avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\"\nfrom\n session_record\nwhere common_recv_time >= '{{start_time}}' and common_recv_time<'{{end_time}}' and common_server_ip='{{server_ip}}'\ngroup by\n stat_time order by stat_time asc"
}
]
}
},
"response":[]
}
]
},
{
"name":"协议下钻",
"item":[
{
"name":"应用层协议",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select common_l7_protocol as \"Protocol\" , uniq(common_client_ip) as \"Clients\" , uniq(common_server_ip) as \"Servers\", count(1) as Sessions,sum(common_c2s_byte_num+common_s2c_byte_num) as bytes from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and notEmpty(common_l7_protocol) group by common_l7_protocol order by bytes desc ",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select common_l7_protocol as \"Protocol\" , uniq(common_client_ip) as \"Clients\" , uniq(common_server_ip) as \"Servers\", count(1) as Sessions,sum(common_c2s_byte_num+common_s2c_byte_num) as bytes from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and notEmpty(common_l7_protocol) group by common_l7_protocol order by bytes desc "
}
]
}
},
"response":[]
},
{
"name":"Client",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip as \"Client IP\" , count(1) as Sessions,sum(common_c2s_byte_num) as \"Bytes Out\", sum(common_s2c_byte_num) as \"Bytes In\",any(common_client_location) as Location from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l7_protocol='{{l7_protocol}}' group by \"Client IP\" order by Sessions desc limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select common_client_ip as \"Client IP\" , count(1) as Sessions,sum(common_c2s_byte_num) as \"Bytes Out\", sum(common_s2c_byte_num) as \"Bytes In\",any(common_client_location) as Location from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l7_protocol='{{l7_protocol}}' group by \"Client IP\" order by Sessions desc limit 100"
}
]
}
},
"response":[]
},
{
"name":"Server",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select common_server_ip as \"Server IP\" , count(1) as Sessions,sum(common_c2s_byte_num) as \"Bytes Out\", sum(common_s2c_byte_num) as \"Bytes In\",any(common_server_location) as Location from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l7_protocol='{{l7_protocol}}' group by \"Server IP\" order by Sessions desc limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select common_server_ip as \"Server IP\" , count(1) as Sessions,sum(common_c2s_byte_num) as \"Bytes Out\", sum(common_s2c_byte_num) as \"Bytes In\",any(common_server_location) as Location from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l7_protocol='{{l7_protocol}}' group by \"Server IP\" order by Sessions desc limit 100"
}
]
}
},
"response":[]
}
]
},
{
"name":"DNS 分析",
"item":[
{
"name":"DNS qtype",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,count(1) as requests,\nsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\nsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets\nfrom transaction_record\nwhere common_recv_time >= '{{start_time}}' and common_recv_time < '{{end_time}}' and common_schema_type = 'DNS'\ngroup by dns_qtype\norder by requests desc\n\n\n\n\n\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,count(1) as requests,\nsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\nsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets\nfrom transaction_record\nwhere common_recv_time >= '{{start_time}}' and common_recv_time < '{{end_time}}' and common_schema_type = 'DNS'\ngroup by dns_qtype\norder by requests desc\n\n\n\n\n\n"
}
]
}
},
"response":[]
},
{
"name":"DNS rcode",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other'\n\tEND) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff + common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff + common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_rcode\norder by\n\trequests desc",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other'\n\tEND) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff + common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff + common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_rcode\norder by\n\trequests desc"
}
]
}
},
"response":[]
},
{
"name":"DNS qnames",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n transaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n transaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50"
}
]
}
},
"response":[]
},
{
"name":"DNS qnames by erros",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdns_qname,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tdns_qname,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n"
}
]
}
},
"response":[]
},
{
"name":"DNS server ip",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc\nlimit 50\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc\nlimit 50\n"
}
]
}
},
"response":[]
},
{
"name":"DNS server ip by erros",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n"
}
]
}
},
"response":[]
},
{
"name":"DNS IP Conversations With Highest Errors",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time < '{{end_time}}'\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n"
}
]
}
},
"response":[]
},
{
"name":"DNS Requests With Highes Erros",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_schema_type='DNS' and dns_rcode>0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_schema_type='DNS' and dns_rcode>0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50"
}
]
}
},
"response":[]
}
]
},
{
"name":"DNS 放大攻击",
"item":[
{
"name":"DNS Resolvers",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc"
}
]
}
},
"response":[]
},
{
"name":"DNS Resolver Amlif Times",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?&query=\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":null,
"value":null
},
{
"key":"query",
"value":"\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n"
}
]
}
},
"response":[]
},
{
"name":"DNS Resolver Metrics trend",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?&query=\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":null,
"value":null
},
{
"key":"query",
"value":"\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n"
}
]
}
},
"response":[]
},
{
"name":"DNS Resolver rcode",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?&query=select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_schema_type = 'DNS' \n\tand common_server_ip = '60.13.217.234'\ngroup by\n\tdns_rcode\norder by\n\trequests desc\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":null,
"value":null
},
{
"key":"query",
"value":"select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_schema_type = 'DNS' \n\tand common_server_ip = '60.13.217.234'\ngroup by\n\tdns_rcode\norder by\n\trequests desc\n"
}
]
}
},
"response":[]
},
{
"name":"DNS Resolver qname",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?&query=select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '117.145.34.90'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":null,
"value":null
},
{
"key":"query",
"value":"select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '117.145.34.90'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50"
}
]
}
},
"response":[]
},
{
"name":"DNS Resolver qtype",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?&query=select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,\ncount(1) as requests,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets,\nmax(common_c2s_byte_diff) as max_request_bytes,\nmax(common_s2c_byte_diff) as max_response_bytes,\navg(common_c2s_byte_diff) as avg_request_bytes,\navg(common_s2c_byte_diff) as avg_response_bytes,\nmedian(common_c2s_byte_diff) as median_request_bytes,\nmedian(common_s2c_byte_diff) as median_response_bytes\nfrom transaction_record where\ncommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \nand common_schema_type = 'DNS'\nand common_server_ip = '117.145.34.90'\ngroup by dns_qtype\norder by requests desc",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":null,
"value":null
},
{
"key":"query",
"value":"select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,\ncount(1) as requests,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets,\nmax(common_c2s_byte_diff) as max_request_bytes,\nmax(common_s2c_byte_diff) as max_response_bytes,\navg(common_c2s_byte_diff) as avg_request_bytes,\navg(common_s2c_byte_diff) as avg_response_bytes,\nmedian(common_c2s_byte_diff) as median_request_bytes,\nmedian(common_s2c_byte_diff) as median_response_bytes\nfrom transaction_record where\ncommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \nand common_schema_type = 'DNS'\nand common_server_ip = '117.145.34.90'\ngroup by dns_qtype\norder by requests desc"
}
]
}
},
"response":[]
},
{
"name":"Victim Clients",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10"
}
]
}
},
"response":[]
},
{
"name":"DNS Resolvers by Victim IP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?&query=SELECT\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tany(common_server_location) as server_location\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n and common_client_ip = '123.101.255.253' \n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":null,
"value":null
},
{
"key":"query",
"value":"SELECT\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tany(common_server_location) as server_location\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n and common_client_ip = '123.101.255.253' \n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc"
}
]
}
},
"response":[]
},
{
"name":"Amlif Times Distribution",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?&query=\nselect\n\tcount(*) as ips,\n\tsum(if(byte_ratio <= 1, 1, 0)) as \"1 times\",\n\tsum(if(byte_ratio > 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= '{{start_time}}'\n\t\tand common_recv_time < '{{end_time}}'\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":null,
"value":null
},
{
"key":"query",
"value":"\nselect\n\tcount(*) as ips,\n\tsum(if(byte_ratio <= 1, 1, 0)) as \"1 times\",\n\tsum(if(byte_ratio > 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= '{{start_time}}'\n\t\tand common_recv_time < '{{end_time}}'\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)"
}
]
}
},
"response":[]
},
{
"name":"Ampli Attack Country Distribution",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?&query=SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= '{{start_time}}'\n\t\tand common_recv_time < '{{end_time}}'\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":null,
"value":null
},
{
"key":"query",
"value":"SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= '{{start_time}}'\n\t\tand common_recv_time < '{{end_time}}'\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc"
}
]
}
},
"response":[]
}
]
},
{
"name":"DNS NXDOMAIN Flood",
"item":[
{
"name":"DNS Proxy Server",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n and common_schema_type = 'DNS'\n\tand dns_rcode = 3\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc limit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select \n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n and common_schema_type = 'DNS'\n\tand dns_rcode = 3\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc limit 100"
}
]
}
},
"response":[]
},
{
"name":"Client IP Highest Erros",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n and common_schema_type = 'DNS'\n\tand common_server_ip = '202.106.196.115'\n\tand dns_rcode in (2, 3, 8)\ngroup by\n\tcommon_client_ip\norder by\n\trequests desc\nlimit 100",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n and common_recv_time < '{{end_time}}' \n and common_schema_type = 'DNS'\n\tand common_server_ip = '202.106.196.115'\n\tand dns_rcode in (2, 3, 8)\ngroup by\n\tcommon_client_ip\norder by\n\trequests desc\nlimit 100"
}
]
}
},
"response":[]
}
]
},
{
"name":"基数统计",
"item":[
{
"name":"Total",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tround(tcp_logs / total_logs, 2) as \"TCP Percentage\",\n\tround(udp_logs / total_logs, 2) as \"UDP Percentage\",\n\tround(base_tcp_logs / tcp_logs, 2) as \"Base TCP Percentage\",\n\tround(base_udp_logs / udp_logs, 2) as \"Base UDP Percentage\",\n\tround(egress_logs / total_logs, 2) as \"Egress Percentage\",\n\tround(ingress_logs / total_logs, 2) as \"Ingress Percentage\",\n\ttcp_logs as \"TCP Logs\",\n\tudp_logs as \"UDP Logs\",\n\tegress_logs as \"Egress Logs\",\n\tingress_logs as \"Ingress Logs\",\n\ttotal_logs as \"Total Logs\"\nfrom\n\t(select\n\t\tsum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs,\n\t\tsum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs,\n\t\tsum(If(common_l4_protocol in ('IPv4_TCP', 'IPv6_TCP') and common_schema_type='BASE', 1, 0)) as base_tcp_logs,\n\t\tsum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP') and common_schema_type='BASE', 1, 0)) as base_udp_logs,\n\t\tsum(if(common_direction = 69, 1, 0)) as egress_logs,\n\t\tsum(if(common_direction = 73, 1, 0)) as ingress_logs,\n\t\tcount(*) as total_logs\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' \n\t)",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tround(tcp_logs / total_logs, 2) as \"TCP Percentage\",\n\tround(udp_logs / total_logs, 2) as \"UDP Percentage\",\n\tround(base_tcp_logs / tcp_logs, 2) as \"Base TCP Percentage\",\n\tround(base_udp_logs / udp_logs, 2) as \"Base UDP Percentage\",\n\tround(egress_logs / total_logs, 2) as \"Egress Percentage\",\n\tround(ingress_logs / total_logs, 2) as \"Ingress Percentage\",\n\ttcp_logs as \"TCP Logs\",\n\tudp_logs as \"UDP Logs\",\n\tegress_logs as \"Egress Logs\",\n\tingress_logs as \"Ingress Logs\",\n\ttotal_logs as \"Total Logs\"\nfrom\n\t(select\n\t\tsum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs,\n\t\tsum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs,\n\t\tsum(If(common_l4_protocol in ('IPv4_TCP', 'IPv6_TCP') and common_schema_type='BASE', 1, 0)) as base_tcp_logs,\n\t\tsum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP') and common_schema_type='BASE', 1, 0)) as base_udp_logs,\n\t\tsum(if(common_direction = 69, 1, 0)) as egress_logs,\n\t\tsum(if(common_direction = 73, 1, 0)) as ingress_logs,\n\t\tcount(*) as total_logs\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' \n\t)"
}
]
}
},
"response":[]
},
{
"name":"Log Type",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tround(base_logs / total_logs, 2) as \"BASE Percentage\",\n\tround(http_logs / total_logs, 2) as \"HTTP Percentage\",\n\tround(ssl_logs / total_logs, 2) as \"SSL Percentage\",\n\tround(dns_logs / total_logs, 2) as \"DNS Percentage\",\n\tround(mail_logs / total_logs, 2) as \"MAIL Percentage\",\n\tround(rtp_logs / total_logs, 2) as \"RTP Percentage\",\n\tround(sip_logs / total_logs, 2) as \"SIP Percentage\",\n\tround(ftp_logs / total_logs, 2) as \"FTP Percentage\",\n\tbase_logs as \"BASE Logs\",\n\thttp_logs as \"HTTP Logs\",\n\tssl_logs as \"SSL Logs\",\n\tdns_logs as \"DNS Logs\",\n\tmail_logs as \"MAIL Logs\",\n\trtp_logs as \"RTP Logs\",\n\tsip_logs as \"SIP Logs\",\n\tftp_logs as \"FTP Logs\",\n\ttotal_logs as \"Total Logs\"\nfrom\n\t(\n\tselect\n\t\tsum(if(common_schema_type='BASE', 1, 0)) as base_logs,\n\t\tsum(if(common_schema_type='HTTP', 1, 0)) as http_logs,\n\t\tsum(if(common_schema_type='SSL', 1, 0)) as ssl_logs,\n\t\tsum(if(common_schema_type='DNS', 1, 0)) as dns_logs,\n\t\tsum(if(common_schema_type='MAIL', 1, 0)) as mail_logs,\n\t\tsum(if(common_schema_type='RTP', 1, 0)) as rtp_logs,\n\t\tsum(if(common_schema_type='SIP', 1, 0)) as sip_logs,\n\t\tsum(if(common_schema_type='FTP', 1, 0)) as ftp_logs,\n\t\tcount(*) as total_logs\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t)\n\t\t",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tround(base_logs / total_logs, 2) as \"BASE Percentage\",\n\tround(http_logs / total_logs, 2) as \"HTTP Percentage\",\n\tround(ssl_logs / total_logs, 2) as \"SSL Percentage\",\n\tround(dns_logs / total_logs, 2) as \"DNS Percentage\",\n\tround(mail_logs / total_logs, 2) as \"MAIL Percentage\",\n\tround(rtp_logs / total_logs, 2) as \"RTP Percentage\",\n\tround(sip_logs / total_logs, 2) as \"SIP Percentage\",\n\tround(ftp_logs / total_logs, 2) as \"FTP Percentage\",\n\tbase_logs as \"BASE Logs\",\n\thttp_logs as \"HTTP Logs\",\n\tssl_logs as \"SSL Logs\",\n\tdns_logs as \"DNS Logs\",\n\tmail_logs as \"MAIL Logs\",\n\trtp_logs as \"RTP Logs\",\n\tsip_logs as \"SIP Logs\",\n\tftp_logs as \"FTP Logs\",\n\ttotal_logs as \"Total Logs\"\nfrom\n\t(\n\tselect\n\t\tsum(if(common_schema_type='BASE', 1, 0)) as base_logs,\n\t\tsum(if(common_schema_type='HTTP', 1, 0)) as http_logs,\n\t\tsum(if(common_schema_type='SSL', 1, 0)) as ssl_logs,\n\t\tsum(if(common_schema_type='DNS', 1, 0)) as dns_logs,\n\t\tsum(if(common_schema_type='MAIL', 1, 0)) as mail_logs,\n\t\tsum(if(common_schema_type='RTP', 1, 0)) as rtp_logs,\n\t\tsum(if(common_schema_type='SIP', 1, 0)) as sip_logs,\n\t\tsum(if(common_schema_type='FTP', 1, 0)) as ftp_logs,\n\t\tcount(*) as total_logs\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t)\n\t\t"
}
]
}
},
"response":[]
},
{
"name":"Entities",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'"
}
]
}
},
"response":[]
},
{
"name":"Entities of TCP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')"
}
]
}
},
"response":[]
},
{
"name":"Entities of UDP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')"
}
]
}
},
"response":[]
},
{
"name":"Sources",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server Hits\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External Hits\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server Hits\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External Hits\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'"
}
]
}
},
"response":[]
},
{
"name":"Sources of TCP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\n\t\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\n\t\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')"
}
]
}
},
"response":[]
},
{
"name":"Sources of UDP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\n\t\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\n\t\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')"
}
]
}
},
"response":[]
},
{
"name":"Destinations",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'"
}
]
}
},
"response":[]
},
{
"name":"Destinations of TCP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')"
}
]
}
},
"response":[]
},
{
"name":"Destinations of UDP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')"
}
]
}
},
"response":[]
},
{
"name":"Destinations of DNS",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip) as \"Server IPs\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_server_port=53",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tuniq(common_server_ip) as \"Server IPs\"\nfrom\n\tsession_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' and common_server_port=53"
}
]
}
},
"response":[]
},
{
"name":"Bytes Distribution of TCP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response":[]
},
{
"name":"Bytes Distribution of UDP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t and common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t and common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response":[]
},
{
"name":"Sessions Distribution of TCP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response":[]
},
{
"name":"Sessions Distribution of UDP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response":[]
},
{
"name":"Clients Distribution of TCP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response":[]
},
{
"name":"Clients Distribution of UDP",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\t\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\t\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response":[]
},
{
"name":"TopK Server of TCP by Sessions",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )"
}
]
}
},
"response":[]
},
{
"name":"TopK Server of UDP by Sessions",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )"
}
]
}
},
"response":[]
},
{
"name":"TopK Server of TCP by Bytes",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n"
}
]
}
},
"response":[]
},
{
"name":"TopK Server of UDP by Bytes",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n"
}
]
}
},
"response":[]
},
{
"name":"TopK Server of TCP by Clients",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)\n"
}
]
}
},
"response":[]
},
{
"name":"TopK Server of UDP by Clients",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' \tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' \tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)"
}
]
}
},
"response":[]
},
{
"name":"TopK SNI by Sessions",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(sessions) sessions,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t and notEmpty(ssl_sni)\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by sessions desc limit 100\n )",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tsum(sessions) sessions,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t and notEmpty(ssl_sni)\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by sessions desc limit 100\n )"
}
]
}
},
"response":[]
},
{
"name":"TopK SNI by Bytes",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(bytes) as bytes,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t and notEmpty(ssl_sni)\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by bytes desc limit 100\n )\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n\tsum(bytes) as bytes,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t and notEmpty(ssl_sni)\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by bytes desc limit 100\n )\n"
}
]
}
},
"response":[]
},
{
"name":"URLs Distribution",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(max(url_length),2) as max,\n round(QUANTILE(url_length,0.9999),2) as p9999,\n\tround(QUANTILE(url_length,0.99),2) as p99,\n\tround(QUANTILE(url_length,0.95),2) as p95,\n\tround(QUANTILE(url_length,0.90),2) as p90,\n\tround(median(url_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(http_url) as url_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t and common_schema_type='HTTP'\n)",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n round(max(url_length),2) as max,\n round(QUANTILE(url_length,0.9999),2) as p9999,\n\tround(QUANTILE(url_length,0.99),2) as p99,\n\tround(QUANTILE(url_length,0.95),2) as p95,\n\tround(QUANTILE(url_length,0.90),2) as p90,\n\tround(median(url_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(http_url) as url_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t and common_schema_type='HTTP'\n)"
}
]
}
},
"response":[]
},
{
"name":"URLs Distribution Copy",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"protocolProfileBehavior":{
"disableBodyPruning":true
},
"request":{
"method":"GET",
"header":[],
"body":{
"mode":"formdata",
"formdata":[]
},
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(max(san_length),2) as max,\n round(QUANTILE(san_length,0.9999),2) as p9999,\n\tround(QUANTILE(san_length,0.99),2) as p99,\n\tround(QUANTILE(san_length,0.95),2) as p95,\n\tround(QUANTILE(san_length,0.90),2) as p90,\n\tround(median(san_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(ssl_san) as san_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t and common_schema_type='SSL'\n)",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"option",
"value":"long-term",
"disabled":true
},
{
"key":"resultId",
"value":"129494",
"disabled":true
},
{
"key":"query",
"value":"select\n round(max(san_length),2) as max,\n round(QUANTILE(san_length,0.9999),2) as p9999,\n\tround(QUANTILE(san_length,0.99),2) as p99,\n\tround(QUANTILE(san_length,0.95),2) as p95,\n\tround(QUANTILE(san_length,0.90),2) as p90,\n\tround(median(san_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(ssl_san) as san_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}'\n\t and common_schema_type='SSL'\n)"
}
]
}
},
"response":[]
}
]
},
{
"name":"UDP Flood Detecton",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}?query=\nselect\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tif(notEmpty(ports),length(ports),0) as ports_num\nfrom\n\tsession_record crl\nwhere \tcommon_recv_time >= '{{start_time}}'\nand common_recv_time < '{{end_time}}' \nand common_l4_protocol in ('IPv4_UDP','IPv6_UDP') and common_s2c_pkt_num =0\ngroup by\n\tcommon_server_ip\nhaving ports_num > 100\norder by\n\tports_num desc limit 50",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"query":[
{
"key":"query",
"value":"\nselect\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tif(notEmpty(ports),length(ports),0) as ports_num\nfrom\n\tsession_record crl\nwhere \tcommon_recv_time >= '{{start_time}}'\nand common_recv_time < '{{end_time}}' \nand common_l4_protocol in ('IPv4_UDP','IPv6_UDP') and common_s2c_pkt_num =0\ngroup by\n\tcommon_server_ip\nhaving ports_num > 100\norder by\n\tports_num desc limit 50"
}
]
}
},
"response":[]
},
{
"name":"某服务IP客户端IP变化",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}?query=select\n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\tsession_record crl\nwhere \n\tcommon_recv_time >= '{{start_time}}'\nand common_recv_time < '{{end_time}}' \nand common_server_ip ='182.254.52.55'\ngroup by stat_time\norder by stat_time asc\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"query":[
{
"key":"query",
"value":"select\n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\tsession_record crl\nwhere \n\tcommon_recv_time >= '{{start_time}}'\nand common_recv_time < '{{end_time}}' \nand common_server_ip ='182.254.52.55'\ngroup by stat_time\norder by stat_time asc\n"
}
]
}
},
"response":[]
},
{
"name":"通联带宽趋势分析",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\t{{PT30S_RECV_TIME}} as stat_time,\n\tround(sum(common_c2s_byte_num)*8/30/1000/1000,2) as out_Mbps,\n\tround(sum(common_s2c_byte_num)*8/30/1000/1000,2) as in_Mbps,\n\tround(sum(common_c2s_byte_num + common_s2c_byte_num)*8/30/1000/1000,2) as Mbps,\n\tround(sum(common_c2s_pkt_num + common_s2c_pkt_num)/30/1000,2) as Kpps,\n\tround(sum(common_sessions)/30/1000,2) as \"Ksessions/s\"\nfrom\n\tsession_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time<'{{end_time}}'\ngroup by\n\tstat_time\norder by\n\tstat_time asc",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select\n\t{{PT30S_RECV_TIME}} as stat_time,\n\tround(sum(common_c2s_byte_num)*8/30/1000/1000,2) as out_Mbps,\n\tround(sum(common_s2c_byte_num)*8/30/1000/1000,2) as in_Mbps,\n\tround(sum(common_c2s_byte_num + common_s2c_byte_num)*8/30/1000/1000,2) as Mbps,\n\tround(sum(common_c2s_pkt_num + common_s2c_pkt_num)/30/1000,2) as Kpps,\n\tround(sum(common_sessions)/30/1000,2) as \"Ksessions/s\"\nfrom\n\tsession_record\nwhere\n\tcommon_recv_time >= '{{start_time}}'\n\tand common_recv_time<'{{end_time}}'\ngroup by\n\tstat_time\norder by\n\tstat_time asc"
}
]
}
},
"response":[]
},
{
"name":"评估写入日志量",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}?query=select 'connection_record' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'live_session_record' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tinterim_session_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'transaction_record' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\ttransaction_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'security_event' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tsecurity_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all select 'proxy_event' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tproxy_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n union all select 'radius_record' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tradius_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'gtpc_record' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tgtpc_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"query":[
{
"key":"query",
"value":"select 'connection_record' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'live_session_record' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tinterim_session_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'transaction_record' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\ttransaction_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'security_event' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tsecurity_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all select 'proxy_event' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tproxy_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n union all select 'radius_record' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tradius_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'gtpc_record' as type, round(count(*)/300,0) as \"logs/sec\"\nfrom\n\tgtpc_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})"
}
]
}
},
"response":[]
},
{
"name":"评估单向流",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}?query=select {{Last 5 Minutes Start}} as start_time, {{now}} as end_time, sum(common_sessions) as sessions,\n sum(if(common_stream_dir <> 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"query":[
{
"key":"query",
"value":"select {{Last 5 Minutes Start}} as start_time, {{now}} as end_time, sum(common_sessions) as sessions,\n sum(if(common_stream_dir <> 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n"
}
]
}
},
"response":[]
},
{
"name":"系统报告-预置Metrics",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}?query=select\n\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\tsum(total_new_sessions) as total_new_sessions ,\n\t\tsum(total_close_sessions) as total_close_sessions,\n\t\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\t\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\t\tsum(average_packets_per_second) as average_packets_per_second ,\n\t\tCOUNT(DISTINCT(device_id)) as device_num,\n\t\tsum(live_sessions) as average_live_sessions\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tdevice_id, \n\t\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\t\tsum(total_new_sessions) as total_new_sessions,\n\t\t sum(total_close_sessions) as total_close_sessions,\n\t\t avg(total_new_sessions)/ 5 as average_new_sessions_per_second,\n\t\t avg(total_bytes_transferred)* 8 / 5 as average_bytes_per_second,\n\t\t avg(total_packets_transferred)/ 5 as average_packets_per_second,\n\t\t\tavg(live_sessions) as live_sessions\n\t\tfrom (select __time as stat_time, device_id, \n\t\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\t\tsum(new_conn_num) as total_new_sessions,\n\t\t sum(close_conn_num) as total_close_sessions,\n\t\t max(established_conn_num) as live_sessions\n from traffic_metrics_log \n where\n\t\t__time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\t\t group by\n\t\t __time,\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"query":[
{
"key":"query",
"value":"select\n\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\tsum(total_new_sessions) as total_new_sessions ,\n\t\tsum(total_close_sessions) as total_close_sessions,\n\t\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\t\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\t\tsum(average_packets_per_second) as average_packets_per_second ,\n\t\tCOUNT(DISTINCT(device_id)) as device_num,\n\t\tsum(live_sessions) as average_live_sessions\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tdevice_id, \n\t\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\t\tsum(total_new_sessions) as total_new_sessions,\n\t\t sum(total_close_sessions) as total_close_sessions,\n\t\t avg(total_new_sessions)/ 5 as average_new_sessions_per_second,\n\t\t avg(total_bytes_transferred)* 8 / 5 as average_bytes_per_second,\n\t\t avg(total_packets_transferred)/ 5 as average_packets_per_second,\n\t\t\tavg(live_sessions) as live_sessions\n\t\tfrom (select __time as stat_time, device_id, \n\t\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\t\tsum(new_conn_num) as total_new_sessions,\n\t\t sum(close_conn_num) as total_close_sessions,\n\t\t max(established_conn_num) as live_sessions\n from traffic_metrics_log \n where\n\t\t__time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\t\t group by\n\t\t __time,\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)"
}
]
}
},
"response":[]
},
{
"name":"系统报告-预置Metrics-排除0",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}?query=select\n\tsum(total_hit_sessions) as total_hit_sessions,\n\tsum(total_bytes_transferred) as total_bytes_transferred,\n\tsum(total_packets_transferred) as total_packets_transferred,\n\tsum(total_new_sessions) as total_new_sessions ,\n\tsum(total_close_sessions) as total_close_sessions,\n\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\tsum(average_packets_per_second) as average_packets_per_second ,\n\tCOUNT(DISTINCT(device_id)) as device_num,\n\tsum(live_sessions) as average_live_sessions\nfrom\n\t(\n\tselect\n\t\tdevice_id,\n\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\tsum(new_conn_num) as total_new_sessions,\n\t\tsum(close_conn_num) as total_close_sessions,\n\t\tavg(nullif(new_conn_num,0))/ 5 as average_new_sessions_per_second,\n\t\tavg(nullif(total_in_bytes + total_out_bytes,0))* 8 / 5 as average_bytes_per_second,\n\t\tavg(nullif(total_in_packets + total_out_packets,0))/ 5 as average_packets_per_second,\n\t\tavg(nullif(established_conn_num,0)) as live_sessions\n\tfrom\n\t\ttraffic_metrics_log\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\tgroup by\n\t\tdevice_id)",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"query":[
{
"key":"query",
"value":"select\n\tsum(total_hit_sessions) as total_hit_sessions,\n\tsum(total_bytes_transferred) as total_bytes_transferred,\n\tsum(total_packets_transferred) as total_packets_transferred,\n\tsum(total_new_sessions) as total_new_sessions ,\n\tsum(total_close_sessions) as total_close_sessions,\n\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\tsum(average_packets_per_second) as average_packets_per_second ,\n\tCOUNT(DISTINCT(device_id)) as device_num,\n\tsum(live_sessions) as average_live_sessions\nfrom\n\t(\n\tselect\n\t\tdevice_id,\n\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\tsum(new_conn_num) as total_new_sessions,\n\t\tsum(close_conn_num) as total_close_sessions,\n\t\tavg(nullif(new_conn_num,0))/ 5 as average_new_sessions_per_second,\n\t\tavg(nullif(total_in_bytes + total_out_bytes,0))* 8 / 5 as average_bytes_per_second,\n\t\tavg(nullif(total_in_packets + total_out_packets,0))/ 5 as average_packets_per_second,\n\t\tavg(nullif(established_conn_num,0)) as live_sessions\n\tfrom\n\t\ttraffic_metrics_log\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\tgroup by\n\t\tdevice_id)"
}
]
}
},
"response":[]
},
{
"name":"Dashboard-活跃连接为0问题",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}?query=select\n\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\tsum(total_new_sessions) as total_new_sessions ,\n\t\tsum(total_close_sessions) as total_close_sessions,\n\t\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\t\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\t\tsum(average_packets_per_second) as average_packets_per_second ,\n\t\tCOUNT(DISTINCT(device_id)) as device_num,\n\t\tsum(live_sessions) as average_live_sessions\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tdevice_id, \n\t\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\t\tsum(total_new_sessions) as total_new_sessions,\n\t\t sum(total_close_sessions) as total_close_sessions,\n\t\t avg(total_new_sessions)/ 300 as average_new_sessions_per_second,\n\t\t avg(total_bytes_transferred)* 8 / 300 as average_bytes_per_second,\n\t\t avg(total_packets_transferred)/ 300 as average_packets_per_second,\n\t\t\tavg(live_sessions) as live_sessions\n\t\tfrom (select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M') as stat_time, device_id, \n\t\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\t\tsum(new_conn_num) as total_new_sessions,\n\t\t sum(close_conn_num) as total_close_sessions,\n\t\t max(established_conn_num) as live_sessions\n from traffic_metrics_log \n \n\t\t group by\n\t\t TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M'),\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"query":[
{
"key":"query",
"value":"select\n\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\tsum(total_new_sessions) as total_new_sessions ,\n\t\tsum(total_close_sessions) as total_close_sessions,\n\t\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\t\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\t\tsum(average_packets_per_second) as average_packets_per_second ,\n\t\tCOUNT(DISTINCT(device_id)) as device_num,\n\t\tsum(live_sessions) as average_live_sessions\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tdevice_id, \n\t\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\t\tsum(total_new_sessions) as total_new_sessions,\n\t\t sum(total_close_sessions) as total_close_sessions,\n\t\t avg(total_new_sessions)/ 300 as average_new_sessions_per_second,\n\t\t avg(total_bytes_transferred)* 8 / 300 as average_bytes_per_second,\n\t\t avg(total_packets_transferred)/ 300 as average_packets_per_second,\n\t\t\tavg(live_sessions) as live_sessions\n\t\tfrom (select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M') as stat_time, device_id, \n\t\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\t\tsum(new_conn_num) as total_new_sessions,\n\t\t sum(close_conn_num) as total_close_sessions,\n\t\t max(established_conn_num) as live_sessions\n from traffic_metrics_log \n \n\t\t group by\n\t\t TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M'),\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)"
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select * from (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT1h','zero')) as stat_time from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by stat_time limit 10000) limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select * from (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT1h','zero')) as stat_time from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by stat_time limit 10000) limit 10"
}
]
}
},
"response":[]
},
{
"name":"自定义函数-IP映射",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select IP_TO_GEO(common_server_ip) as geo,IP_TO_COUNTRY(common_server_ip) as country, IP_TO_CITY(common_server_ip) as city from session_record limit 10",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select IP_TO_GEO(common_server_ip) as geo,IP_TO_COUNTRY(common_server_ip) as country, IP_TO_CITY(common_server_ip) as city from session_record limit 10"
}
]
}
},
"response":[]
},
{
"name":"自定义函数-时间粒度补全",
"event":[
{
"listen":"test",
"script":{
"exec":[
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type":"text/javascript"
}
}
],
"request":{
"method":"GET",
"header":[],
"url":{
"raw":"http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT6S','zero')) as stat_time from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by stat_time limit 10000",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"path":[
""
],
"query":[
{
"key":"query",
"value":"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT6S','zero')) as stat_time from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by stat_time limit 10000"
"raw":"http://{{qgw_ip}}:{{qgw_port}}?query=select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by common_log_id having num >1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by common_log_id having num >1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by common_log_id having num >1)",
"protocol":"http",
"host":[
"{{qgw_ip}}"
],
"port":"{{qgw_port}}",
"query":[
{
"key":"query",
"value":"select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by common_log_id having num >1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by common_log_id having num >1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >='{{start_time}}' and common_recv_time < '{{end_time}}' group by common_log_id having num >1)"
