diff --git a/23.10/Galaxy Trouble Shooting API V23.10.postman_collection.json b/23.10/Galaxy Trouble Shooting API V23.10.postman_collection.json new file mode 100644 index 0000000..618eb61 --- /dev/null +++ b/23.10/Galaxy Trouble Shooting API V23.10.postman_collection.json @@ -0,0 +1,12815 @@ +{ + "info": { + "_postman_id": "868bc69c-c241-4552-859c-24b9f0ad19b4", + "name": "Galaxy Trouble Shooting API V23.10", + "description": "# galaxy-troubleshooting-api\n\n使用Postman组件,基于Rest API接口对TSG OLAP 进行功能验证。包括组件健康检查,功能集成测试及故障诊断。\n\n## Release 23.10 (30 OCT 2023)\n\n###### Update\n* 会话日志增加毫米级时间戳字段common_start_timestamp_ms, common_end_timestamp_ms \n* 会话日志增加操作系统指纹common_client_os_name,common_server_os_name\n\n\n## Release 23.09 (30 SEP 2023)\n\n###### Update\n* metrics 修改表名由statistics_object改为object_statistics\n* Flags统计增加Bidirectional标识\n* Closed Session Records 增加http_status_code, ssl_esni_flag, ssl_ech_flag\n* 删除Kafka Topics 目录\n\n## Release 23.08 (21 AUG 2023)\n\n###### New Features\n* Metrics增加Statistics Policy 相关接口\n* Metrics增加Statistics Object 相关接口\n* Metrics增加Statistics rule 命中计数接口\n\n###### Update\n* 会话日志查询,增加重命名字段common_out_link_id、common_in_link_id \n\n## Release 23.07 (21 JUL 2023)\n###### Update\n* 修复Network Throughput Active Sessions计算错误,不除时间粒度\n\n## Release 23.06 (21 JUN 2023)\n###### Update\n* 优化Limit返回值\n\n## Release 23.05 (28 MAY 2023)\n###### New Features\n* 增加Service chaining统计接口\n* QGW增加嵌套子查询接口,用于验证高级搜索\n\n###### Update\n* Main Dashboard统计接口重构,更改统计源\n* Live Traffic Chart 接口重构,更改统计源\n* 原代理日志拆分为Intercept和Manipulation\n* 相关Metrics的Schema更改为重构后的数据源\n\n\n## Release 23.04 (28 APR 2023)\n###### New Features\n* 增加数据写入延迟接口Session Insert Latency Distribution\n* 增加数据写入Kafka延迟接口 Session Ingestion Latency Distribution\n\n###### Update\n* 重构 Security Policy Hits Metrics 统计\n* 重构 Traffic Shaping Metrics 统计\n\n## Release 23.03 (28 MAR 2023)\n\n###### New Features\n* 目录整体重构,重新梳理功能,便于Newman CLI运行\n* ClickHouse目录下增加慢查询故障诊断语句\n* 参数与API接口统一改为英文,避免中文编码执行异常\n* 加密环境变量密码、token等敏感信息\n* 定义全局动态变量:时间范围、随机IP、随机域名等\n\n###### Update\n\n* Flags 添加C2S与S2C标志位标签\n\n\n## Release 23.02 (28 FEB 2023)\n\n###### New Features\n* 增加Traffic Shaping 相关统计接口\n\n###### Update\n* 会话日志增加列common_shaping_rule_ids\n* 会话与安全事件日志增加列common_server_domain\n*会话与安全事件日志增加列common_flags_identify_info\n\n## Release 23.01 (31 JAN 2023)\n###### Update\n* 会话与安全事件日志增加列common_server_fqdn\n* 会话与安全事件日志增加列common_app_full_path\n\n\n## Release 22.12 (30 DEC 2022)\n###### New Features\n* 新增Dashboards-增加App推荐\n* 新增系统报告-会话日志Flags统计\n* 新增系统报告-会话日志Flags占比\n\n###### Update\n* 会话与安全事件日志增加common_flags列\n* 自定义IP映射-增加对ASN函数\n\n\n## Release 22.1 (30 NOV 2022)\n###### New Features\n\n###### Update\n* 会话与安全事件日志增加ssl_ja3s_hash列\n\n\n## Release 22.10 (30 OCT 2022)\n###### New Features\n* 06其它-功能验证-Traffic Summary增加Throughput接口 \n###### Update\n* 更新原有查询,将VSYS ID作为默认查询条件\n\n## Release 22.09 (30 SEP 2022)\n\n###### Update\n* 会话与安全事件日志增加common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc,dtls_sni 列\n\n## Release 22.08 (31 AUG 2022)\n\n###### New Features\n* 其它-查询网关-Live Charts 总带宽流量校验\n* 增加检查数据流-SQL执行计划\n* 增加检查数据流-SQL查看表结构\n* 增加检查数据推荐-推荐IMSI到TEID关系\n* 增加检查数据推荐-推荐IMEI到TEID关系\n* 增加检查数据推荐-推荐Phone Number到TEID关系\n* 增加检查数据推荐-推荐apn到TEID关系\n* 增加检查数据推荐-实时查询任务-提交查询任务(实时统计)\n* 增加检查数据推荐-实时查询任务-获取任务结果(实时统计)\n* 增加检查数据推荐-知识库列表\n* 增加预处理检查-检测预处理延迟\n* 增加预处理检查-已关闭会话日志延迟分布\n###### Update\n\n\n## Release 22.07 (30 JUL 2022)\n\n###### New Features\n* 增加检查数据推荐-Top Server IP流量概况评估\n* 增加检查数据推荐-Top SNI 流量概况评估\n###### Update\n\n\n## Release 22.06 (30 JUE 2022)\n\n###### New Features\n* 检查数据流-增加存储配额一致性检查\n###### Update\n* 系统报告检查-增加与CM默认VSYSID=1参数\n\n\n## Release 22.05 (31 MAY 2022)\n\n###### New Features\n\n###### Update\n* 检查日志-会话日志/安全事件日志增加RDP类型校验\n\n\n## Release 22.04 (29 APR 2022)\n\n###### New Features\n\n###### Update\n* 预处理检查-是否有数据验证,改为通过console后台打印日志\n* Dashboards Top部分功能增加device_group, data_center维度校验\n\n\n## Release 22.03 (8 APR 2022)\n\n###### New Features\n* 增加数据预处理检查,为每类日志增加多个测试用例,区分功能或无数据问题\n###### Update\n* 其它-评估日志预处理,增加ETL处理时延和写入Kafka时延指标\n* 检查日志模块对会话,安全和代理事件日志基于具体字段查询\n\n###### Delete\n* 删除检查数据流,关于Topic的测试用例\n\n## Release 22.02 (8 MAR 2022)\n\n###### New Features\n\n* 检查数据流-元数据检查 增加schema评价文件事件日志\n \n \n\n## Release 22.01 (27 JAN 2022)\n\n###### New Features\n\n* 检查数据流-TopN计算 增加Application接口验证\n \n\n###### Update\n\n* 重新梳理分类,删除无用接口\n* 重新排列分类,将系统自检放到首位\n \n\n## Release 21.12 (1 Dec 2021)\n\n###### New Features\n\n* 新增数据推荐查询-实时查询任务\n* 新增数据推荐查询-推荐Subscriber ID 到IP关系\n* 新增数据推荐查询-推荐APP活跃客户端IP\n* 新增数据推荐查询-推荐TopN Server IP\n* 新增数据推荐查询-推荐TopN SNI\n* 新增常用快捷功能-查询网关,增加优化查询测试集\n * Top 查询优化\n * Calcite 缓存查询\n * 自定义时间函数补全功能\n\n###### Update\n\n* Dashboard 查询,代理策略命中动作增加Edit Element 统计\n \n\n## Release 21.11 (5 Nov 2021)\n\n###### New Features\n\n* Delete\n* Update\n* 修改报告查询接口(由查询mariadb方式变更为API接口)\n* 修改规范“数据推荐查询”所有接口的命名\n \n\n## Release 21.10 (28 OCT 2021)\n\n###### New Features\n\n* 新增HOS健康状态检测接口\n* Delete\n* 删除原ClickHouse/Druid/ArangoDB 状态检查接口\n \n\n## Release 21.09 (23 SEP 2021)\n\n###### New Features\n\n* Update\n* 删除分布式调度任务,5分钟TOPN校验,交由FLink统计\n* 原始日志表名进行重命名,相关查询接口更新\n* 修正DNS分析的SQL数据集\n \n\n## Release 21.08 (15 AUG 2021)\n\n###### New Features\n\n* 新增“Dashboard查询-DoS Threat Map”功能列表,显示DoS检测地图接口\n* 新增“原始日志查询-DoS事件日志”,显示DoS攻击检测日志\n* 新增“原始日志查询-DoS事件日志-Summary”,显示DoS攻击趋势统计\n* 新增“原始日志查询-DoS事件日志-Destination IP Traffic Trend”,显示受害者IP历史流量趋势\n* Update\n* 迁移“Dashboard查询”liveCharts接口,放到“Live Charts”目录中统一管理。\n* 对DNS分析,增加一些查询样例\n \n\n## Release 21.07 (5 JUL 2021)\n\n###### New Features\n\n* 增加”常用快捷功能-基数统计“,用于分析日志分布情况\n* 增加”常用快捷功能-DNS放大攻击“,查询特征数据集\n* 增加”通用检查-对象存储-获取某个文件“,用于文件获取验证\n \n\n###### Update\n\n* 为所有接口增加Tests脚本,对接口进行批量验证测试\n* 修正部分接口查询异常\n \n\n## Release 21.06 (7 JUN 2021)\n\n###### New Features\n\n* Environments 增加环境变量domain、client_ip、server_ip、l7_protocol和PT1M_TIME\n* 常用快捷功能增加某域名下钻、某IP下钻、协议下钻和DNS分析功能\n \n\n###### Update\n\n* 原始日志查询,基于Druid近1小时日志变化粒度从5分钟改为1分钟。包含通联、策略和代理日志。\n \n\n## Release 21.05 (6 MAY 2021)\n\n###### New Features\n\n* 新增“GTP-C日志”功能,辅助故障诊断\n* 新增“事务日志”功能,辅助故障诊断\n* 新增“活跃会话日志”功能,辅助故障诊断\n* 新增“07.常用快捷功能-评估写入日志量”,查看当前系统的吞吐\n \n\n###### Update\n\n* 修改\"01.通用检查-数据存储检查\",增加事务、活跃及GTP-C 检测\n \n\n## Release 21.04 (3 APR 2021)\n\n###### New Features\n\n* 增加“VoIP日志”功能,辅助故障诊断\n* 增加“元数据检查”分类目录\n* 增加“HOS对象存储”目录,用于定位对象存储\n \n\n###### Update\n\n* 修改“SQL语法检查”为“SQL语法验证”,支持SQL语句的静态分析和数据库语义验证\n* 迁移功能项位置,方便问题定位\n \n\n###### Delete\n\n* 删除“系统检查-查询引擎SQL测试集\\[过时\\]”功能,由“故障诊断-sql性能测试”替代。\n \n\n## Release 21.03 (2 MAR 2021)\n\n###### New Features\n\n* 增加故障诊断-元数据功能,可分析日志字段是否与schema一致\n* 增加故障诊断-sql性能测试,可对查询引擎进行功能性验证和POC性能测试\n \n\n###### Update\n\n* 对查询引擎SQL测试集标记过时\n \n\n## Release 21.02 (1 FEB 2021)\n\n###### Update\n\n* 改善内部测试集,应对新的功能修改\n \n\n## Release 20.11.rc3 (11 DEC 2020)\n\n###### New Features\n\n* 增加常用快捷功能- 安装证书独立客户端IP数据趋势\n* 增加常用快捷功能-访问速度最慢TOP20 域名\n* 增加常用快捷功能-报告预置Metrics\n* 增加原始日志查询-安全策略-动作命中计数\n* 增加原始日志查询-代理策略-动作命中计数\n* 增加原始日志查询-通联-流量计数(now)\n \n\n###### Update\n\n* 改善Dashboard查询-基础统计-新建、活跃(计数)-now\n* 改善Dashboard查询-新建、活跃(趋势)\n* 目录增加编号,便于管理\n* 修改分布式调度任务-5分钟TOPN-hot表验证表名\n* 部分Action为post 改为 get,便于导出命令行", + "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" + }, + "item": [ + { + "name": "System", + "item": [ + { + "name": "Versions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/monitor/info", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "monitor", + "info" + ] + }, + "description": "查询数据平台各个组件的版本号" + }, + "response": [] + }, + { + "name": "Status", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/monitor/health", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "monitor", + "health" + ] + }, + "description": "查询数据引擎引用的数据库健康状态及目前的配置。" + }, + "response": [] + }, + { + "name": "Metadata", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/metadata", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "diagnosis", + "metadata" + ] + } + }, + "response": [] + }, + { + "name": "Log Type Retention Status", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/sys/storage/consistency", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "sys", + "storage", + "consistency" + ] + } + }, + "response": [] + }, + { + "name": "Apache Druid Task Status", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + "", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/indexer/v1/supervisor?state=true", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "indexer", + "v1", + "supervisor" + ], + "query": [ + { + "key": "state", + "value": "true" + } + ] + }, + "description": "1. 将环境切换至 druid\r\n\r\n2. 执行此接口,如果接口正常返回数据,代表druid服务运行正常" + }, + "response": [] + }, + { + "name": "Report Service Status", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{report_ip}}:{{report_port}}/monitor", + "protocol": "http", + "host": [ + "{{report_ip}}" + ], + "port": "{{report_port}}", + "path": [ + "monitor" + ] + } + }, + "response": [] + }, + { + "name": "HOS Status", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{hos_ip}}:{{hos_port}}/admin/verification", + "protocol": "http", + "host": [ + "{{hos_ip}}" + ], + "port": "{{hos_port}}", + "path": [ + "admin", + "verification" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "TSG", + "item": [ + { + "name": "Schemas", + "item": [ + { + "name": "ClickHouse Tables", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/tables/tsg_galaxy_v3", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "tables", + "tsg_galaxy_v3" + ] + } + }, + "response": [] + }, + { + "name": "Closed Session Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/session_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "session_record" + ] + } + }, + "response": [] + }, + { + "name": "Interim Session Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/interim_session_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "interim_session_record" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Transaction Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/transaction_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "transaction_record" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Security Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/security_event", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "security_event" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Proxy Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/proxy_event", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "proxy_event" + ] + }, + "description": "proxy_event_log" + }, + "response": [] + }, + { + "name": "VoIP Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/voip_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "voip_record" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "DoS Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/dos_event", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "dos_event" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "GTP-C Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/gtpc_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "gtpc_record" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Assessment Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/assessment_event", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "assessment_event" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Apache Druid Tables", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/tables/druid", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "tables", + "druid" + ] + } + }, + "response": [] + }, + { + "name": "Traffic General Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/traffic_general_stat", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "traffic_general_stat" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Application Protocol Stat", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/application_protocol_stat", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "application_protocol_stat" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Security Policy Rule Hits", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/security_rule_hits", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "security_rule_hits" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Statistics Rule Hits", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/statistics_rule_hits", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "statistics_rule_hits" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Proxy Policy Rule Hits", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/proxy_rule_hits", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "proxy_rule_hits" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Traffic Shaping Rule Hits", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/traffic_shaping_rule_hits", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "traffic_shaping_rule_hits" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Service Chaining Rule Hits", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/service_chaining_rule_hits", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "service_chaining_rule_hits" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Statistics Rule", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/statistics_rule", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "statistics_rule" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Object Statistics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/object_statistics", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "object_statistics" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Top Client IPs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_client_ips", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_client_ips" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Top Server IPs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_server_ips", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_server_ips" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Top Internal IPs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_internal_ips", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_internal_ips" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Top External IPs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_external_ips", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_external_ips" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Top Subscribers", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_subscribers", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_subscribers" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Top Server Domains", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_server_domains", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_server_domains" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Top Server FQDNs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_server_fqdns", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_server_fqdns" + ] + }, + "description": "security_event_log" + }, + "response": [] + } + ] + }, + { + "name": "Logs", + "item": [ + { + "name": "First and Last Insert", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select * from (select 'Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Interim Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Transaction Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Security Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Proxy Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Radius' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'GTPC Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) order by type", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select * from (select 'Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Interim Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Transaction Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Security Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Proxy Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Radius' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'GTPC Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) order by type" + } + ] + }, + "description": "验证原始日志是否有最新的数据" + }, + "response": [] + }, + { + "name": "ETL and Ingestion Latency", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select 'Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Interim Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tinterim_session_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Transaction Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"etl_latency(s)\" , round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\n\tfrom transaction_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Security Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsecurity_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all select 'Proxy Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tproxy_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n union all select 'Radius Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tradius_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'gtpc_record' as type, round(count(*)/300,0) as \"logs/sec\",round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\"\nfrom\n\tgtpc_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select 'Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Interim Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tinterim_session_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Transaction Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"etl_latency(s)\" , round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\n\tfrom transaction_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Security Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsecurity_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all select 'Proxy Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tproxy_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n union all select 'Radius Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tradius_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'gtpc_record' as type, round(count(*)/300,0) as \"logs/sec\",round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\"\nfrom\n\tgtpc_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})" + } + ] + } + }, + "response": [] + }, + { + "name": "Session Ingestion Latency Distribution", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as p80_sec,\n\tround(QUANTILE(duration,0.95),2) as p95_sec,\n\tround(QUANTILE(duration,0.99),2) as p99_sec,\n\tmax(duration) as MAX\nfrom\n\t(\n\tselect\n\t\t(common_ingestion_time-common_end_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and \n common_recv_time < UNIX_TIMESTAMP('{{end_time}}') )", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as p80_sec,\n\tround(QUANTILE(duration,0.95),2) as p95_sec,\n\tround(QUANTILE(duration,0.99),2) as p99_sec,\n\tmax(duration) as MAX\nfrom\n\t(\n\tselect\n\t\t(common_ingestion_time-common_end_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and \n common_recv_time < UNIX_TIMESTAMP('{{end_time}}') )" + } + ] + } + }, + "response": [] + }, + { + "name": "Session Insert Latency Distribution", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as P80_sec,\n\tround(QUANTILE(duration,0.95),2) as P95_sec,\n\tround(QUANTILE(duration,0.99),2) as P99_sec,\n\tmax(duration) as max_sec\nfrom\n\t(\n\tselect\n\t\t(common_insert_time-common_recv_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and \n common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as P80_sec,\n\tround(QUANTILE(duration,0.95),2) as P95_sec,\n\tround(QUANTILE(duration,0.99),2) as P99_sec,\n\tmax(duration) as max_sec\nfrom\n\t(\n\tselect\n\t\t(common_insert_time-common_recv_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and \n common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) " + } + ] + } + }, + "response": [] + }, + { + "name": "Session Duration Distribution", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as P80_sec,\n\tround(QUANTILE(duration,0.95),2) as P95_sec,\n\tround(QUANTILE(duration,0.99),2) as P99_sec,\n\tmax(duration) as max_sec\nfrom\n\t(\n\tselect\n\t\t(common_end_time-common_start_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\ncommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') )", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as P80_sec,\n\tround(QUANTILE(duration,0.95),2) as P95_sec,\n\tround(QUANTILE(duration,0.99),2) as P99_sec,\n\tmax(duration) as max_sec\nfrom\n\t(\n\tselect\n\t\t(common_end_time-common_start_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\ncommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') )" + } + ] + } + }, + "response": [] + }, + { + "name": "Closed Session Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_vsys_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_start_timestamp_ms, common_end_timestamp_ms,common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time,common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc, common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain, common_client_os_name, common_server_os_name,common_app_full_path,common_shaping_rule_ids, common_in_link_id,common_out_link_id,http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, http_status_code, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_cname,dns_rr, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_sni ,quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools,stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_vsys_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_start_timestamp_ms, common_end_timestamp_ms,common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time,common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc, common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain, common_client_os_name, common_server_os_name,common_app_full_path,common_shaping_rule_ids, common_in_link_id,common_out_link_id,http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, http_status_code, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_cname,dns_rr, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_sni ,quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools,stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "Current Traffic Metrics by Session Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(common_s2c_byte_num)* 8 / 300 as trafficInBits,\n\tsum(common_c2s_byte_num)* 8 / 300 as trafficOutBits,\n\tsum(common_s2c_byte_num + common_c2s_byte_num)* 8 / 300 as trafficTotalBits,\n\tsum(common_s2c_pkt_num)/ 300 as trafficInPackets,\n\tsum(common_c2s_pkt_num)/ 300 as trafficOutPackets,\n\tsum(common_s2c_pkt_num + common_c2s_pkt_num)/ 300 as trafficTotalPackets,\n\tsum(common_sessions)/ 300 as sessions\nfrom\n\t session_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP(now())-300 and common_vsys_id in (1,2,3,4) ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tsum(common_s2c_byte_num)* 8 / 300 as trafficInBits,\n\tsum(common_c2s_byte_num)* 8 / 300 as trafficOutBits,\n\tsum(common_s2c_byte_num + common_c2s_byte_num)* 8 / 300 as trafficTotalBits,\n\tsum(common_s2c_pkt_num)/ 300 as trafficInPackets,\n\tsum(common_c2s_pkt_num)/ 300 as trafficOutPackets,\n\tsum(common_s2c_pkt_num + common_c2s_pkt_num)/ 300 as trafficTotalPackets,\n\tsum(common_sessions)/ 300 as sessions\nfrom\n\t session_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP(now())-300 and common_vsys_id in (1,2,3,4) " + } + ] + } + }, + "response": [] + }, + { + "name": "Traffic Distribution of Logs by Schema Type", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n sum(common_sessions) as sessions,\n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\nfrom\n session_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_schema_type order by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n sum(common_sessions) as sessions,\n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\nfrom\n session_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_schema_type order by stat_time asc" + } + ] + } + }, + "response": [] + }, + { + "name": "Total Closed Session Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "Total Interim Session Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname,dns_cname,dns_rr, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname,dns_cname,dns_rr, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "Security Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_policy_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_action, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_error, common_stream_trace_id, common_packet_capture_file, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, common_mirrored_pkts, common_mirrored_bytes, common_tunnel_endpoint_a_desc,common_tunnel_endpoint_b_desc,common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain,common_app_full_path,common_shaping_rule_ids,http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_san, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_passthrough_reason, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, dtls_sni, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_policy_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_action, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_error, common_stream_trace_id, common_packet_capture_file, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, common_mirrored_pkts, common_mirrored_bytes, common_tunnel_endpoint_a_desc,common_tunnel_endpoint_b_desc,common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain,common_app_full_path,common_shaping_rule_ids,http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_san, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_passthrough_reason, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, dtls_sni, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "Security Hit Distribution of Summary by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, 'shunt' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=128 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'shunt'\nunion all select {{PT1M_TIME}} as stat_time, 'allow' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=96 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'allow'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'deny' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=16 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'deny'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'monitor' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=1 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'monitor'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'intercept' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=2 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, 'intercept'", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select {{PT1M_TIME}} as stat_time, 'shunt' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=128 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'shunt'\nunion all select {{PT1M_TIME}} as stat_time, 'allow' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=96 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'allow'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'deny' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=16 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'deny'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'monitor' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=1 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'monitor'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'intercept' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=2 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, 'intercept'" + } + ] + } + }, + "response": [] + }, + { + "name": "Security Hit Distribution of Logs by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n (CASE\n WHEN common_action = 1 THEN 'Monitor'\n WHEN common_action = 2 THEN 'Intercept'\n WHEN common_action = 16 THEN 'Deny'\n WHEN common_action = 48 THEN 'Manipulation'\n WHEN common_action = 96 THEN 'Allow' WHEN common_action = 128 THEN 'Allow(Deprecated)' \n ELSE 'None'\n END) as type,\n count(*) as events\nfrom\n security_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_action order by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n (CASE\n WHEN common_action = 1 THEN 'Monitor'\n WHEN common_action = 2 THEN 'Intercept'\n WHEN common_action = 16 THEN 'Deny'\n WHEN common_action = 48 THEN 'Manipulation'\n WHEN common_action = 96 THEN 'Allow' WHEN common_action = 128 THEN 'Allow(Deprecated)' \n ELSE 'None'\n END) as type,\n count(*) as events\nfrom\n security_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_action order by stat_time asc" + } + ] + } + }, + "response": [] + }, + { + "name": "Total Security Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) and common_action in (2, 3) order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, common_vsys_id,FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) and common_action in (2, 3) order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "Intercept Proxy Event distribution by Schema Type", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as events\nfrom\n proxy_event\nwhere\n common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4,5) \n and common_action in (2, 3)\ngroup by\n stat_time,\n common_schema_type", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": " select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as events\nfrom\n proxy_event\nwhere\n common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4,5) \n and common_action in (2, 3)\ngroup by\n stat_time,\n common_schema_type" + } + ] + } + }, + "response": [] + }, + { + "name": "Proxy Manipulation Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, common_vsys_id,FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) and common_action in (48) order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, common_vsys_id,FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) and common_action in (48) order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "Proxy Policy Rule Hits by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select common_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) group by common_action", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": " select common_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) group by common_action" + } + ] + } + }, + "response": [] + }, + { + "name": "Proxy Manipulation Policy Rule Hits by Sub Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select common_sub_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) group by common_sub_action", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": " select common_sub_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) group by common_sub_action" + } + ] + } + }, + "response": [] + }, + { + "name": "Proxy Manipulation Hit Distribution of Summary by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='allow' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='monitor' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='deny' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='redirect' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='replace' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='hijack' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='insert' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='allow' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='monitor' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='deny' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='redirect' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='replace' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='hijack' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='insert' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\n" + } + ] + } + }, + "response": [] + }, + { + "name": "Proxy Manipulation Hit Distribution of Logs by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_sub_action as type,\n count(*) as hit_count\nfrom\n proxy_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4,5)\ngroup by\n stat_time,\n common_sub_action order by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_sub_action as type,\n count(*) as hit_count\nfrom\n proxy_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4,5)\ngroup by\n stat_time,\n common_sub_action order by stat_time asc" + } + ] + } + }, + "response": [] + }, + { + "name": "Total Proxy Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as hit_count from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "GTP-C Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "VoIP Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from voip_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from voip_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "VoIP Distribution of Logs by Schema Type", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as count\nfrom\n voip_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n common_schema_type order by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as count\nfrom\n voip_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n common_schema_type order by stat_time asc" + } + ] + } + }, + "response": [] + }, + { + "name": "DoS Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n log_id,\n profile_id,\n attack_type,\n source_country_list,\n source_ip_list,\n destination_ip,\n destination_country,\n severity, \n start_time,\n end_time,\n conditions,\n bit_rate,\n packet_rate,\n session_rate from dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\norder by start_time desc \nlimit 0,20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n log_id,\n profile_id,\n attack_type,\n source_country_list,\n source_ip_list,\n destination_ip,\n destination_country,\n severity, \n start_time,\n end_time,\n conditions,\n bit_rate,\n packet_rate,\n session_rate from dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\norder by start_time desc \nlimit 0,20" + } + ] + } + }, + "response": [] + }, + { + "name": "DoS Distribution of Logs by Attack Type", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(start_time,'PT10M')) as stat_time,\n attack_type as type,\n count(*) as count\nfrom\n dos_event\nwhere start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n attack_type\norder by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(start_time,'PT10M')) as stat_time,\n attack_type as type,\n count(*) as count\nfrom\n dos_event\nwhere start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n attack_type\norder by stat_time asc" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Metrics", + "item": [ + { + "name": "DoS Threat Map", + "item": [ + { + "name": "Top Source Countries", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n arrayJoin(splitByString(',',source_country_list)) as source_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,3,4)\ngroup by profile_id", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n profile_id,\n sum(in_bytes+out_bytes) as bytes,\n sum(in_pkts+out_pkts) as packets,\n sum(in_drop_pkts+out_drop_pkts) as drops,\n max(in_max_latency_us+out_max_latency_us) as max_latency_us,\n avg(in_queue_len+out_queue_len) as avg_q,\n max(in_queue_len+out_queue_len) as max_q\n from traffic_shaping_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,3,4)\ngroup by profile_id" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Shaping Rule Summary", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select%0A%20%20%20rule_id%2C%0A%20%20%20DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C sum(in_bytes+out_bytes) as total_bytes\nfrom traffic_shaping_rule_hits where \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and rule_id in (1,2,103,273)\ngroup by rule_id", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select%0A%20%20%20rule_id%2C%0A%20%20%20DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C sum(in_bytes+out_bytes) as total_bytes\nfrom traffic_shaping_rule_hits where \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and rule_id in (1,2,103,273)\ngroup by rule_id" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Shaping Profile Summary", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n profile_id,\n DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C\n sum(in_drop_pkts+out_drop_pkts) as drops\nfrom traffic_shaping_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,103,273)\ngroup by profile_id ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n profile_id,\n DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C\n sum(in_drop_pkts+out_drop_pkts) as drops\nfrom traffic_shaping_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,103,273)\ngroup by profile_id " + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Shaping Profile Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n sum(bytes)*8/10 as bps,\n sum(packets)/10 as pps,\n max(max_latency_us) as max_latency_us,\n avg(avg_q) as avg_q,\n max(max_q) as max_q\n from\n (\n select\n device_id,\n vsys_id,\n sum(in_bytes+out_bytes) as bytes,\n sum(in_pkts+out_pkts) as packets,\n max(in_max_latency_us+out_max_latency_us) as max_latency_us,\n avg(in_queue_len+out_queue_len) as avg_q,\n max(in_queue_len+out_queue_len) as max_q\n from\n traffic_shaping_rule_hits\n where\n __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-10)\n and vsys_id in (1,2,3,4,5)\n and profile_id =1\n group by device_id, vsys_id\n )", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n sum(bytes)*8/10 as bps,\n sum(packets)/10 as pps,\n max(max_latency_us) as max_latency_us,\n avg(avg_q) as avg_q,\n max(max_q) as max_q\n from\n (\n select\n device_id,\n vsys_id,\n sum(in_bytes+out_bytes) as bytes,\n sum(in_pkts+out_pkts) as packets,\n max(in_max_latency_us+out_max_latency_us) as max_latency_us,\n avg(in_queue_len+out_queue_len) as avg_q,\n max(in_queue_len+out_queue_len) as max_q\n from\n traffic_shaping_rule_hits\n where\n __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-10)\n and vsys_id in (1,2,3,4,5)\n and profile_id =1\n group by device_id, vsys_id\n )" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Shaping Rule/Profile Throughput", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) as stat_time,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes \nfrom traffic_shaping_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id=273\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) order by stat_time asc limit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) as stat_time,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes \nfrom traffic_shaping_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id=273\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) order by stat_time asc limit 100" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + } + ] + }, + { + "name": "Service Chaining", + "item": [ + { + "name": "Chaining Rule or Function Throuphput Trend", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) as stat_time,\n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes \nfrom service_chaining_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and ( rule_id in (1,2,3,4,5) or sff_profile_id in (1,2,3,4,5) or sf_profile_id in (1,2,3,4,5)) \n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) order by stat_time asc limit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) as stat_time,\n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes \nfrom service_chaining_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and ( rule_id in (1,2,3,4,5) or sff_profile_id in (1,2,3,4,5) or sf_profile_id in (1,2,3,4,5)) \n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) order by stat_time asc limit 100" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Chaining Rule Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n rule_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and rule_id in (1,2,3,4,5)\ngroup by rule_id", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n rule_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and rule_id in (1,2,3,4,5)\ngroup by rule_id" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Function Forwarder Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n sff_profile_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sff_profile_id in (1,2,3,4,5)\ngroup by sff_profile_id", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n sff_profile_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sff_profile_id in (1,2,3,4,5)\ngroup by sff_profile_id" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Function Profile Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n sf_profile_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sf_profile_id in (1,2,3,4,5)\ngroup by sf_profile_id", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n sf_profile_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sf_profile_id in (1,2,3,4,5)\ngroup by sf_profile_id" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Function Profile Status", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n sf_profile_id,\n sf_status,\n CASE WHEN last_active_time = 0 THEN '' ELSE FROM_UNIXTIME(last_active_time) END AS last_active_time,\n CASE WHEN last_inactive_time = 0 THEN '' ELSE FROM_UNIXTIME(last_inactive_time) END AS last_inactive_time\nFROM\n (\n SELECT\n sf_profile_id,\n LATEST(sf_status) as sf_status,\n MAX(CASE WHEN sf_status = 1 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_active_time,\n MAX(CASE WHEN sf_status = 0 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_inactive_time\n from\n service_function_status\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sf_profile_id in (1,2,3,4,5)\n group by\n sf_profile_id)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT\n sf_profile_id,\n sf_status,\n CASE WHEN last_active_time = 0 THEN '' ELSE FROM_UNIXTIME(last_active_time) END AS last_active_time,\n CASE WHEN last_inactive_time = 0 THEN '' ELSE FROM_UNIXTIME(last_inactive_time) END AS last_inactive_time\nFROM\n (\n SELECT\n sf_profile_id,\n LATEST(sf_status) as sf_status,\n MAX(CASE WHEN sf_status = 1 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_active_time,\n MAX(CASE WHEN sf_status = 0 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_inactive_time\n from\n service_function_status\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sf_profile_id in (1,2,3,4,5)\n group by\n sf_profile_id)" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + } + ] + }, + { + "name": "Object Statistics", + "item": [ + { + "name": "Top 30 Objects by Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n object_id, \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\ngroup by\n object_id\norder by bytes desc\nlimit 30", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n object_id, \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\ngroup by\n object_id\norder by bytes desc\nlimit 30" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Parent Level Object Stat", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) and object_id > 0\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) and object_id > 0\n" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Top 30 Items by Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n item_id, \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\ngroup by\n item_id\norder by bytes desc\nlimit 30", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n item_id, \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\ngroup by\n item_id\norder by bytes desc\nlimit 30" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Object Traffic Stat Trend", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tavg(in_bytes)* 8 / 30 as avg_in_bits_per_sec,\n\tsum(out_bytes) as out_bytes,\n\tavg(out_bytes)* 8 / 30 as avg_out_bits_per_sec,\n\tsum(bytes) as bytes,\n\tavg(bytes)* 8 / 30 as avg_bits_per_sec,\n\tsum(new_in_sessions) as new_in_sessions,\n\tavg(new_in_sessions)/ 30 as avg_new_in_sessions_per_sec,\n\tsum(new_out_sessions) as new_out_sessions,\n\tavg(new_out_sessions)/ 30 as avg_new_out_sessions_per_sec,\n\tsum(sessions) as sessions,\n\tavg(sessions)/ 30 as avg_sessions_per_sec\nfrom\t(\tselect\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S') as stat_time,\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes,\n\t\tsum(new_in_sessions) as new_in_sessions,\n\t\tsum(new_out_sessions) as new_out_sessions,\n\t\tsum(sessions) as sessions\n\tfrom\n\t\tobject_statistics\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n\t\tand object_id = 1\n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tavg(in_bytes)* 8 / 30 as avg_in_bits_per_sec,\n\tsum(out_bytes) as out_bytes,\n\tavg(out_bytes)* 8 / 30 as avg_out_bits_per_sec,\n\tsum(bytes) as bytes,\n\tavg(bytes)* 8 / 30 as avg_bits_per_sec,\n\tsum(new_in_sessions) as new_in_sessions,\n\tavg(new_in_sessions)/ 30 as avg_new_in_sessions_per_sec,\n\tsum(new_out_sessions) as new_out_sessions,\n\tavg(new_out_sessions)/ 30 as avg_new_out_sessions_per_sec,\n\tsum(sessions) as sessions,\n\tavg(sessions)/ 30 as avg_sessions_per_sec\nfrom\t(\tselect\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S') as stat_time,\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes,\n\t\tsum(new_in_sessions) as new_in_sessions,\n\t\tsum(new_out_sessions) as new_out_sessions,\n\t\tsum(sessions) as sessions\n\tfrom\n\t\tobject_statistics\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n\t\tand object_id = 1\n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Item Traffic Stat Trend", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tavg(in_bytes)* 8 / 30 as avg_in_bits_per_sec,\n\tsum(out_bytes) as out_bytes,\n\tavg(out_bytes)* 8 / 30 as avg_out_bits_per_sec,\n\tsum(bytes) as bytes,\n\tavg(bytes)* 8 / 30 as avg_bits_per_sec,\n\tsum(new_in_sessions) as new_in_sessions,\n\tavg(new_in_sessions)/ 30 as avg_new_in_sessions_per_sec,\n\tsum(new_out_sessions) as new_out_sessions,\n\tavg(new_out_sessions)/ 30 as avg_new_out_sessions_per_sec,\n\tsum(sessions) as sessions,\n\tavg(sessions)/ 30 as avg_sessions_per_sec\nfrom\n\t(select\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S') as stat_time,\tsum(in_bytes) as in_bytes,\tsum(out_bytes) as out_bytes,\t\tsum(bytes) as bytes,\n\t\tsum(new_in_sessions) as new_in_sessions,\n\t\tsum(new_out_sessions) as new_out_sessions,\n\t\tsum(sessions) as sessions\n\tfrom\n\t\tobject_statistics\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n\t\tand item_id = 1\n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tavg(in_bytes)* 8 / 30 as avg_in_bits_per_sec,\n\tsum(out_bytes) as out_bytes,\n\tavg(out_bytes)* 8 / 30 as avg_out_bits_per_sec,\n\tsum(bytes) as bytes,\n\tavg(bytes)* 8 / 30 as avg_bits_per_sec,\n\tsum(new_in_sessions) as new_in_sessions,\n\tavg(new_in_sessions)/ 30 as avg_new_in_sessions_per_sec,\n\tsum(new_out_sessions) as new_out_sessions,\n\tavg(new_out_sessions)/ 30 as avg_new_out_sessions_per_sec,\n\tsum(sessions) as sessions,\n\tavg(sessions)/ 30 as avg_sessions_per_sec\nfrom\n\t(select\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S') as stat_time,\tsum(in_bytes) as in_bytes,\tsum(out_bytes) as out_bytes,\t\tsum(bytes) as bytes,\n\t\tsum(new_in_sessions) as new_in_sessions,\n\t\tsum(new_out_sessions) as new_out_sessions,\n\t\tsum(sessions) as sessions\n\tfrom\n\t\tobject_statistics\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n\t\tand item_id = 1\n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + } + ] + }, + { + "name": "Statistics Policy", + "item": [ + { + "name": "Incoming Bytes, Outgoing Bytes and Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tsum(out_bytes) as out_bytes,\n\tsum(bytes) as bytes\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) and version=1\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tsum(out_bytes) as out_bytes,\n\tsum(bytes) as bytes\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) and version=1\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Average Incoming bits/s, Average Outgoing bits/s and Average bits/s", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n avg(in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(bytes)*8/30 as avg_bits_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes\n from\n statistics_rule\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT15S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n avg(in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(bytes)*8/30 as avg_bits_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes\n from\n statistics_rule\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT15S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Unique Client IPs and Unique Server IPs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n\tAPPROX_COUNT_DISTINCT_HLLD(client_ip_sketch) as unique_client_ips,\n\tAPPROX_COUNT_DISTINCT_HLLD(server_ip_sketch) as unique_server_ips\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tHLLD(client_ip_sketch) as client_ip_sketch,\n\t\tHLLD(server_ip_sketch) as server_ip_sketch\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) \n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n\tAPPROX_COUNT_DISTINCT_HLLD(client_ip_sketch) as unique_client_ips,\n\tAPPROX_COUNT_DISTINCT_HLLD(server_ip_sketch) as unique_server_ips\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tHLLD(client_ip_sketch) as client_ip_sketch,\n\t\tHLLD(server_ip_sketch) as server_ip_sketch\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) \n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "95th TCP Latency (ms) and 99th TCP Latency (ms)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n\tAPPROX_QUANTILE_HDR(latency_ms_sketch,0.95) as p95th_tcp_latency_ms,\n APPROX_QUANTILE_HDR(latency_ms_sketch,0.99) as p99th_tcp_latency_ms\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tHDR_HISTOGRAM(latency_ms_sketch) as latency_ms_sketch\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) \n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n\tAPPROX_QUANTILE_HDR(latency_ms_sketch,0.95) as p95th_tcp_latency_ms,\n APPROX_QUANTILE_HDR(latency_ms_sketch,0.99) as p99th_tcp_latency_ms\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tHDR_HISTOGRAM(latency_ms_sketch) as latency_ms_sketch\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) \n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Histogram TCP Latency (ms)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n HDR_GET_PERCENTILES(HDR_HISTOGRAM(latency_ms_sketch)) as histogram_tcp_latency_ms,HDR_GET_QUANTILES(HDR_HISTOGRAM(latency_ms_sketch), 0.5,0.95,0.99) as tcp_latency_quantiles\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n and __time < '{{end_time}}'\n and vsys_id in (1, 2, 3, 4, 5)\n and rule_id=1", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n HDR_GET_PERCENTILES(HDR_HISTOGRAM(latency_ms_sketch)) as histogram_tcp_latency_ms,HDR_GET_QUANTILES(HDR_HISTOGRAM(latency_ms_sketch), 0.5,0.95,0.99) as tcp_latency_quantiles\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n and __time < '{{end_time}}'\n and vsys_id in (1, 2, 3, 4, 5)\n and rule_id=1" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Bytes and Sessions Distributed by Application", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n application,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5) \ngroup by \n application \norder by bytes desc\nlimit 1024", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n application,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5) \ngroup by \n application \norder by bytes desc\nlimit 1024" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Bytes and Sessions Distributed by Server IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n server_ip,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n server_ip \norder by bytes desc\nlimit 1024", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n server_ip,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n server_ip \norder by bytes desc\nlimit 1024" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Bytes and Sessions Distributed by FQDN Category", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n fqdn_category,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n fqdn_category \norder by bytes desc\nlimit 1024", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n fqdn_category,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n fqdn_category \norder by bytes desc\nlimit 1024" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Multi-value Raw Column Distribution of FQDN Category", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n MV_TO_STRING(fqdn_category,',') ,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and fqdn_category is not null\ngroup by \n MV_TO_STRING(fqdn_category,',') \norder by bytes desc\nlimit 1024", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n MV_TO_STRING(fqdn_category,',') ,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and fqdn_category is not null\ngroup by \n MV_TO_STRING(fqdn_category,',') \norder by bytes desc\nlimit 1024" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Multi-value per Item Value Distribution of FQDN Category Copy", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n fqdn_category ,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and fqdn_category is not null\ngroup by \n fqdn_category\norder by bytes desc\nlimit 1024", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n fqdn_category ,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and fqdn_category is not null\ngroup by \n fqdn_category\norder by bytes desc\nlimit 1024" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "New Unestablished Sessions Distributed by Client IP and Server IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n client_ip,\n server_ip,\n sum(new_unestablished_sessions) as new_unestablished_sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n client_ip, server_ip \norder by new_unestablished_sessions desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n client_ip,\n server_ip,\n sum(new_unestablished_sessions) as new_unestablished_sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n client_ip, server_ip \norder by new_unestablished_sessions desc\nlimit 100" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "Statistics Rule Throughput", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec,\n sum(sum_in_bytes) as total_in_bytes,\n\tsum(sum_out_bytes) as total_out_bytes,\n\tsum(sum_bytes) as total_bytes \nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n statistics_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec,\n sum(sum_in_bytes) as total_in_bytes,\n\tsum(sum_out_bytes) as total_out_bytes,\n\tsum(sum_bytes) as total_bytes \nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n statistics_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Current Network Throughput", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n sum(sum_in_bytes)*8/15 as avg_in_bits_per_sec,\n sum(sum_out_bytes)*8/15 as avg_out_bits_per_sec,\n sum(sum_in_bytes+sum_out_bytes)*8/15 as avg_bits_per_sec,\n sum(sum_in_bytes)/15 as avg_in_bytes_per_sec,\n sum(sum_out_bytes)/15 as avg_out_bytes_per_sec,\n sum(sum_in_bytes+sum_out_bytes)/15 as avg_bytes_per_sec,\n sum(sum_in_pkts)/15 as avg_in_pkts_per_sec,\n sum(sum_out_pkts)/15 as avg_out_pkts_per_sec,\n sum(sum_in_pkts+sum_out_pkts)/15 as avg_pkts_per_sec,\n sum(sum_sessions)/15 as avg_sessions_per_sec,\n sum(max_active_sessions) as active_sessions\nfrom \n (\n select\n device_id,\n vsys_id,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_pkts) as sum_in_pkts,\n sum(out_pkts) as sum_out_pkts,\n sum(sessions) as sum_sessions,\n max(active_sessions) as max_active_sessions\n from traffic_general_stat\nwhere \n __time>=FROM_UNIXTIME(UNIX_TIMESTAMP(now())-30)\n and __time=FROM_UNIXTIME(UNIX_TIMESTAMP(now())-30)\n and __time= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec,\n max(sum_in_bytes)*8/30 as max_in_bits_per_sec,\n max(sum_out_bytes)*8/30 as max_out_bits_per_sec,\n max(sum_bytes)*8/30 as max_bits_per_sec,\n min(sum_in_bytes)*8/30 as min_in_bits_per_sec,\n min(sum_out_bytes)*8/30 as min_out_bits_per_sec,\n min(sum_bytes)*8/30 as min_bits_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000" + } + ] + } + }, + "response": [] + }, + { + "name": "Network Throughput in Bps", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)/30 as avg_in_bytes_per_sec,\n avg(sum_out_bytes)/30 as avg_out_bytes_per_sec,\n avg(sum_bytes)/30 as avg_bytes_per_sec,\n max(sum_in_bytes)/30 as max_in_bytes_per_sec,\n max(sum_out_bytes)/30 as max_out_bytes_per_sec,\n max(sum_bytes)/30 as max_bytes_per_sec,\n min(sum_in_bytes)/30 as min_in_bytes_per_sec,\n min(sum_out_bytes)/30 as min_out_bytes_per_sec,\n min(sum_bytes)/30 as min_bytes_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)/30 as avg_in_bytes_per_sec,\n avg(sum_out_bytes)/30 as avg_out_bytes_per_sec,\n avg(sum_bytes)/30 as avg_bytes_per_sec,\n max(sum_in_bytes)/30 as max_in_bytes_per_sec,\n max(sum_out_bytes)/30 as max_out_bytes_per_sec,\n max(sum_bytes)/30 as max_bytes_per_sec,\n min(sum_in_bytes)/30 as min_in_bytes_per_sec,\n min(sum_out_bytes)/30 as min_out_bytes_per_sec,\n min(sum_bytes)/30 as min_bytes_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000" + } + ] + } + }, + "response": [] + }, + { + "name": "Network Throughput in pkts/s", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_pkts)/30 as avg_in_pkts_per_sec,\n avg(sum_out_pkts)/30 as avg_out_pkts_per_sec,\n avg(sum_pkts)/30 as avg_pkts_per_sec,\n max(sum_in_pkts)/30 as max_in_pkts_per_sec,\n max(sum_out_pkts)/30 as max_out_pkts_per_sec,\n max(sum_pkts)/30 as max_pkts_per_sec,\n min(sum_in_pkts)/30 as min_in_pkts_per_sec,\n min(sum_out_pkts)/30 as min_out_pkts_per_sec,\n min(sum_pkts)/30 as min_pkts_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_pkts) as sum_in_pkts,\n sum(out_pkts) as sum_out_pkts,\n sum(in_pkts + out_pkts) as sum_pkts \n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_pkts)/30 as avg_in_pkts_per_sec,\n avg(sum_out_pkts)/30 as avg_out_pkts_per_sec,\n avg(sum_pkts)/30 as avg_pkts_per_sec,\n max(sum_in_pkts)/30 as max_in_pkts_per_sec,\n max(sum_out_pkts)/30 as max_out_pkts_per_sec,\n max(sum_pkts)/30 as max_pkts_per_sec,\n min(sum_in_pkts)/30 as min_in_pkts_per_sec,\n min(sum_out_pkts)/30 as min_out_pkts_per_sec,\n min(sum_pkts)/30 as min_pkts_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_pkts) as sum_in_pkts,\n sum(out_pkts) as sum_out_pkts,\n sum(in_pkts + out_pkts) as sum_pkts \n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000" + } + ] + } + }, + "response": [] + }, + { + "name": "Network Throughput in sessions/s", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_sessions)/30 as avg_sessions_per_sec,\n max(sum_sessions)/30 as max_sessions_per_sec,\n min(sum_sessions)/30 as min_sessions_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(sessions) as sum_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": " select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_sessions)/30 as avg_sessions_per_sec,\n max(sum_sessions)/30 as max_sessions_per_sec,\n min(sum_sessions)/30 as min_sessions_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(sessions) as sum_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000" + } + ] + } + }, + "response": [] + }, + { + "name": "Network Throughput Active Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n avg(sum_active_sessions) as avg_active_sessions,\n max(sum_active_sessions) as max_active_sessions,\n min(sum_active_sessions) as min_active_sessions\nfrom (\n select\n stat_time,\n sum(max_active_sessions) sum_active_sessions\n from (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n device_id,\n vsys_id,\n max(active_sessions) as max_active_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'), device_id, vsys_id\n )\n group by stat_time )\n group by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc limit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n avg(sum_active_sessions) as avg_active_sessions,\n max(sum_active_sessions) as max_active_sessions,\n min(sum_active_sessions) as min_active_sessions\nfrom (\n select\n stat_time,\n sum(max_active_sessions) sum_active_sessions\n from (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n device_id,\n vsys_id,\n max(active_sessions) as max_active_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'), device_id, vsys_id\n )\n group by stat_time )\n group by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc limit 1000" + } + ] + } + }, + "response": [] + }, + { + "name": "Total Security Policy Rule Hits by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n (CASE\n WHEN action = 1 THEN 'Monitor'\n WHEN action = 2 THEN 'Intercept'\n WHEN action = 16 THEN 'Deny'\n WHEN action = 48 THEN 'Manipulation'\n WHEN action = 96 THEN 'Allow'\n WHEN action = 128 THEN 'Shunt'\n ELSE concat(action)\n END) as action,\n SUM(hit_count) as hit_count,\n SUM(in_bytes + out_bytes) as bytes,\n SUM(in_pkts + out_pkts) as packets\nfrom\n security_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\nGROUP BY\n action\norder by\n action", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT\n (CASE\n WHEN action = 1 THEN 'Monitor'\n WHEN action = 2 THEN 'Intercept'\n WHEN action = 16 THEN 'Deny'\n WHEN action = 48 THEN 'Manipulation'\n WHEN action = 96 THEN 'Allow'\n WHEN action = 128 THEN 'Shunt'\n ELSE concat(action)\n END) as action,\n SUM(hit_count) as hit_count,\n SUM(in_bytes + out_bytes) as bytes,\n SUM(in_pkts + out_pkts) as packets\nfrom\n security_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\nGROUP BY\n action\norder by\n action" + } + ] + } + }, + "response": [] + }, + { + "name": "Security Policy Rule Hits Trend by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,\n (CASE\n WHEN action = 1 THEN 'Monitor'\n WHEN action = 2 THEN 'Intercept'\n WHEN action = 16 THEN 'Deny'\n WHEN action = 48 THEN 'Manipulation'\n WHEN action = 96 THEN 'Allow'\n WHEN action = 128 THEN 'Shunt'\n ELSE concat(action)\n END) as action,\n sum(hit_count) as hit_count,\n sum(in_bytes + out_bytes) as bytes,\n SUM(in_pkts + out_pkts) as packets\nfrom\n security_rule_hits\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) ,\n action\norder by\n stat_time\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,\n (CASE\n WHEN action = 1 THEN 'Monitor'\n WHEN action = 2 THEN 'Intercept'\n WHEN action = 16 THEN 'Deny'\n WHEN action = 48 THEN 'Manipulation'\n WHEN action = 96 THEN 'Allow'\n WHEN action = 128 THEN 'Shunt'\n ELSE concat(action)\n END) as action,\n sum(hit_count) as hit_count,\n sum(in_bytes + out_bytes) as bytes,\n SUM(in_pkts + out_pkts) as packets\nfrom\n security_rule_hits\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) ,\n action\norder by\n stat_time\nlimit 1000" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Security Policy Rule Hits", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select\n rule_id,\n action,\n sum(hit_count) as hits\nfrom\n security_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) \ngroup by\n rule_id,\n action\norder by\n hits desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": " select\n rule_id,\n action,\n sum(hit_count) as hits\nfrom\n security_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) \ngroup by\n rule_id,\n action\norder by\n hits desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Client IPs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n client_ip\norder by\n sessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n client_ip\norder by\n sessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Client IPs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n client_ip\norder by\n packets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n client_ip\norder by\n packets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Client IPs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n client_ip\norder by\n bytes desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n client_ip\norder by\n bytes desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Server IPs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n server_ip\norder by\n sessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n server_ip\norder by\n sessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Server IPs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n server_ip\norder by\n packets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n server_ip\norder by\n packets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Server IPs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n server_ip\norder by\n bytes desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n server_ip\norder by\n bytes desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Internal IPs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'sessions'\ngroup by\n internal_ip\norder by\n sessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'sessions'\ngroup by\n internal_ip\norder by\n sessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Internal IPs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'packets'\ngroup by\n internal_ip\norder by\n packets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'packets'\ngroup by\n internal_ip\norder by\n packets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Internal IPs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'bytes'\ngroup by\n internal_ip\norder by\n bytes desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'bytes'\ngroup by\n internal_ip\norder by\n bytes desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top External IPs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n external_ip\norder by\n sessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n external_ip\norder by\n sessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top External IPs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n external_ip\norder by\n packets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n external_ip\norder by\n packets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top External IPs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n external_ip\norder by\n bytes desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n external_ip\norder by\n bytes desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Server Domains in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n domain\norder by\n sessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n domain\norder by\n sessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Server Domains in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n domain\norder by\n packets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n domain\norder by\n packets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Server Domains in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n domain\norder by\n bytes desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n domain\norder by\n bytes desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Server FQDNs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n fqdn\norder by\n sessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n fqdn\norder by\n sessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Server FQDNs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n fqdn\norder by\n packets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n fqdn\norder by\n packets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Server FQDNs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n fqdn\norder by\n bytes desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n fqdn\norder by\n bytes desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Subscriber IDs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'sessions'\ngroup by\n subscriber_id\norder by\n sessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'sessions'\ngroup by\n subscriber_id\norder by\n sessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Subscriber IDs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'packets'\ngroup by\n subscriber_id\norder by\n packets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'packets'\ngroup by\n subscriber_id\norder by\n packets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Subscriber IDs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'bytes'\ngroup by\n subscriber_id\norder by\n bytes desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'bytes'\ngroup by\n subscriber_id\norder by\n bytes desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Apps in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n sessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n sessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Apps in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n packets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n packets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Apps in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n bytes desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n bytes desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "Total Proxy Manipulate Rule Hits by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 48\ngroup by\n sub_action\norder by\n sub_action", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 48\ngroup by\n sub_action\norder by\n sub_action" + } + ] + } + }, + "response": [] + }, + { + "name": "Proxy Manipulate Rule Hits Trend by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time,\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 48\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) ,\n sub_action\norder by\n stat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time,\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 48\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) ,\n sub_action\norder by\n stat_time asc\nlimit 1000" + } + ] + } + }, + "response": [] + }, + { + "name": "Top Proxy Policy Hits", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n rule_id,\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) \n and action = 48\ngroup by\n rule_id,\n sub_action\norder by\n hits desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n rule_id,\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) \n and action = 48\ngroup by\n rule_id,\n sub_action\norder by\n hits desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Proxy SSL Intercept Pinning", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time,\n (CASE\n WHEN pinning_status = 0 THEN 'not_pinning_num'\n WHEN pinning_status = 1 THEN 'pinning_num'\n WHEN pinning_status = 2 THEN 'maybe_pinning_num'\n ELSE concat(pinning_status)\n END) as type,\n SUM(hit_count) as hits\nfrom \n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 2\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) ,\n (CASE\n WHEN pinning_status = 0 THEN 'not_pinning_num'\n WHEN pinning_status = 1 THEN 'pinning_num'\n WHEN pinning_status = 2 THEN 'maybe_pinning_num'\n ELSE concat(pinning_status)\n END)\norder by\n stat_time asc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": " select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time,\n (CASE\n WHEN pinning_status = 0 THEN 'not_pinning_num'\n WHEN pinning_status = 1 THEN 'pinning_num'\n WHEN pinning_status = 2 THEN 'maybe_pinning_num'\n ELSE concat(pinning_status)\n END) as type,\n SUM(hit_count) as hits\nfrom \n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 2\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) ,\n (CASE\n WHEN pinning_status = 0 THEN 'not_pinning_num'\n WHEN pinning_status = 1 THEN 'pinning_num'\n WHEN pinning_status = 2 THEN 'maybe_pinning_num'\n ELSE concat(pinning_status)\n END)\norder by\n stat_time asc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "First and Last Found of Metric Sources", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select 'General Metrics' as type, min(__time) as first_time, max(__time) as last_time from traffic_general_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Security Policy Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from security_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Proxy Policy Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from proxy_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Shaping Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from traffic_shaping_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Service Chaining Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from service_chaining_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Internal IPs' as type, min(__time) as first_time, max(__time) as last_time from top_internal_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'External IPs' as type, min(__time) as first_time, max(__time) as last_time from top_external_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Subscriber IDs' as type, min(__time) as first_time, max(__time) as last_time from top_subscribers where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Client IPs' as type, min(__time) as first_time, max(__time) as last_time from top_client_ips union all select 'Server IPs' as type, min(__time) as first_time, max(__time) as last_time from top_server_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Server Domains' as type, min(__time) as first_time, max(__time) as last_time from top_server_domains where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Server FQDNs' as type, min(__time) as first_time, max(__time) as last_time from top_server_fqdns where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Application Protocol Stat' as type, min(__time) as first_time, max(__time) as last_time from application_protocol_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Storage Quota' as type, min(__time) as first_time, max(__time) as last_time from sys_storage_log where __time >= '{{start_time}}' and __time < '{{end_time}}'", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select 'General Metrics' as type, min(__time) as first_time, max(__time) as last_time from traffic_general_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Security Policy Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from security_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Proxy Policy Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from proxy_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Shaping Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from traffic_shaping_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Service Chaining Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from service_chaining_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Internal IPs' as type, min(__time) as first_time, max(__time) as last_time from top_internal_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'External IPs' as type, min(__time) as first_time, max(__time) as last_time from top_external_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Subscriber IDs' as type, min(__time) as first_time, max(__time) as last_time from top_subscribers where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Client IPs' as type, min(__time) as first_time, max(__time) as last_time from top_client_ips union all select 'Server IPs' as type, min(__time) as first_time, max(__time) as last_time from top_server_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Server Domains' as type, min(__time) as first_time, max(__time) as last_time from top_server_domains where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Server FQDNs' as type, min(__time) as first_time, max(__time) as last_time from top_server_fqdns where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Application Protocol Stat' as type, min(__time) as first_time, max(__time) as last_time from application_protocol_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Storage Quota' as type, min(__time) as first_time, max(__time) as last_time from sys_storage_log where __time >= '{{start_time}}' and __time < '{{end_time}}'" + } + ] + }, + "description": "验证Apache Druid 统计表是否有最新的数据" + }, + "response": [] + } + ], + "description": "# Dashboard 业务\n\nDashboard 为预聚合计数操作,接入数据源有四处(KAFKA TOPIC):\n\n* TRAFFIC-METRICS-LOG : 功能端5秒输出一次\n* CONNECTION-RECORD-COMPLETE-LOG: 数据平台接收CONNECTION-RECORD-LOG 补全后实时输出。\n* PROXY/SECURITY-EVENT-COMPLETE-LOG: 数据平台接收PROXY/SECURITY 命中策略日志补全后实时输出。\n\n## 流量计数Metrics \n\n**功能端 - Kafka(TRAFFIC-METRICS-LOG 每5秒 ) - Druid** \n\n所有基础Metrics(非内容级别的统计)都为功能端提前预聚合输出到TRAFFIC-METRICS-LOG 中,最终数据平台写入Druid 中,供API查询。具体包含:\n\n* System Overview (Traffic 、New、Live)\n* Policy Hits by Action(Security)\n* Policy Hits by Action (proxy) 、Pinning\n\n## TOPN 计算\n\n**流程1:功能端 - Kafka(原始日志) - 补全 - Druid** // 统计安全策略与代理策略结果,每1分钟\n\n**流程2:功能端 - Kafka(原始日志) - 补全 - Druid - 调度任务 - kafka -Druid ** // TOPN 计算,每5分钟\n\n所有内容级别,为数据平台进行实时统计,将指标输出到Druid中,供API进行查询。具体包含:\n\n* Top Hits (security) - 流程1\n\n* Top Hits (proxy) - 流程1\n\n* Endpoints (Active Client/Server/Internal/External , Top Domains, Active Subscriber ID,Top urls) - 流程2\n\n ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Settings", + "item": [ + { + "name": "System Storage Quata", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/sys/storage/deletion", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "sys", + "storage", + "deletion" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Relations", + "item": [ + { + "name": "Ad-Hoc Query", + "item": [ + { + "name": "提交查询任务(字段发现)", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"query.type\": \"field_discovery\",\r\n \"query.data_source\": \"session_record\",\r\n \"query.sample_ratio\": \"1\",\r\n \"custom.field_discovery.fields\": [\r\n \"common_log_id\",\r\n \"common_action\",\r\n \"common_app_label\",\r\n \"common_client_ip\",\r\n \"common_server_ip\",\r\n \"common_client_port\",\r\n \"common_server_port\",\r\n \"common_internal_ip\",\r\n \"common_external_ip\",\r\n \"common_schema_type\",\r\n \"http_url\",\r\n \"http_domain\"\r\n\r\n ],\r\n \"custom.field_discovery.filter\": \"common_recv_time >=UNIX_TIMESTAMP('2022-09-30 00:00:00') and common_recv_time <=UNIX_TIMESTAMP('2022-10-01 00:00:00') and common_vsys_id in (1,2,3,4,5)\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "admin", + "query", + "jobs" + ] + } + }, + "response": [] + }, + { + "name": "获取任务结果(字段发现)", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs/ed25bab143d786d0-4ae6835358276d04/field_discovery", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "admin", + "query", + "jobs", + "ed25bab143d786d0-4ae6835358276d04", + "field_discovery" + ] + } + }, + "response": [] + }, + { + "name": "提交查询任务(实时统计)", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"query.type\": \"statistics\",\r\n \"query.data_source\": \"session_record\",\r\n \"custom.statistics.sql\":\"select common_client_ip,count(*) as count from session_record where common_recv_time >=UNIX_TIMESTAMP('2022-09-30 00:00:00') and common_recv_time <=UNIX_TIMESTAMP('2022-10-01 00:00:00') and common_vsys_id in (1,2,3,4,5) group by common_client_ip order by count asc limit 10\"\r\n\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "admin", + "query", + "jobs" + ] + } + }, + "response": [] + }, + { + "name": "获取任务结果(实时统计)", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs/79b5124d876951f9-9e27cba1ce5c8eab/statistics", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "admin", + "query", + "jobs", + "79b5124d876951f9-9e27cba1ce5c8eab", + "statistics" + ] + } + }, + "response": [] + }, + { + "name": "取消正在查询任务(实时统计)", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs/79b5124d876951f9-9e27cba1ce5c8eab/statistics", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "admin", + "query", + "jobs", + "79b5124d876951f9-9e27cba1ce5c8eab", + "statistics" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "IP Learning", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"queryType\": \"iplearning\",\r\n \"dataSource\": \"IP_LEARNING_VIEW\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"substring\",\r\n \"fieldKey\": \"FQDN_NAME\",\r\n \"fieldValues\": [\"google.com\",\"baidu.com\"]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"PROTOCOL\",\r\n \"fieldValues\": [\r\n \"TLS\",\r\n \"HTTP\",\r\n \"DNS\"\r\n ]\r\n },\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"DEPTH\",\r\n \"fieldValues\": [\r\n 1\r\n ]\r\n },\r\n {\r\n \"type\": \"ge\",\r\n \"fieldKey\": \"UNIQ_CIP\",\r\n \"fieldValues\": [\r\n 1\r\n ]\r\n },{\r\n \"type\":\"eq\",\r\n \"fieldKey\":\"vsys_id\",\r\n \"fieldValues\":[1,2,3,4,5]\r\n }\r\n ],\r\n \"intervals\": [\r\n \"{{start_time}}/{{end_time}}\"\r\n ],\r\n \"limit\": 100\r\n }\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge/v1/?iplearning=", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "knowledge", + "v1", + "" + ], + "query": [ + { + "key": "iplearning", + "value": "" + } + ] + } + }, + "response": [] + }, + { + "name": "IP Address Pools", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"queryType\": \"ippool\",\r\n \"dataSource\": \"IP_VIEW\",\r\n \"parameters\": {\r\n \"range\": [\r\n {\r\n \"type\":\"eq\",\r\n \"fieldKey\":\"vsys_id\",\r\n \"fieldValues\":[1,2,3,4,5]\r\n }\r\n ],\r\n \"sort\": [\r\n {\r\n \"type\": \"desc\",\r\n \"fieldKey\": \"BYTES_TOTAL\"\r\n },\r\n {\r\n \"type\": \"desc\",\r\n \"fieldKey\": \"LAST_FOUND_TIME\"\r\n }\r\n ]\r\n }\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge/v1/?ippool=", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "knowledge", + "v1", + "" + ], + "query": [ + { + "key": "ippool", + "value": "" + } + ] + } + }, + "response": [] + }, + { + "name": "Recommend Subscriber IDs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"queryType\": \"subscriberidpool\",\r\n \"dataSource\": \"SUBSCRIBER_ID_VIEW\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"exactly\",\r\n \"fieldKey\": \"SUBSCRIBER_ID\",\r\n \"fieldValues\": [\"test1\",\"test0223\"]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\":\"eq\",\r\n \"fieldKey\":\"vsys_id\",\r\n \"fieldValues\":[1,2,3,4,5]\r\n }\r\n ],\r\n \"limit\": \"100\"\r\n }\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge/v1/?subscriberidpool", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "knowledge", + "v1", + "" + ], + "query": [ + { + "key": "subscriberidpool", + "value": null + } + ] + } + }, + "response": [] + }, + { + "name": "Subscriber ID to IP", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"AnalysisEngine\",\r\n \"dataSource\": \"SUBSCRIBER_ID_VIEW\",\r\n \"limit\": \"100\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"prefix\",\r\n \"fieldKey\": \"SUBSCRIBER_ID\",\r\n \"fieldValues\": [\"test\",\"test0249\"]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?subscriberidpool=", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "relation", + "v1", + "" + ], + "query": [ + { + "key": "subscriberidpool", + "value": "" + } + ] + } + }, + "response": [] + }, + { + "name": "Active Client IPs by App", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"BusinessEngine\",\r\n \"dataSource\": \"session_record\",\r\n \"limit\":\"15\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"exactly\",\r\n \"fieldKey\": \"common_app_label\",\r\n \"fieldValues\": [\r\n \"Psiphon3\"\r\n ]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ],\r\n \"intervals\": [\r\n \"{{start_time}}/{{end_time}}\"\r\n ]\r\n }\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/entity/v1/?activeclientip", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "entity", + "v1", + "" + ], + "query": [ + { + "key": "activeclientip", + "value": null + } + ] + } + }, + "response": [] + }, + { + "name": "Recommend Top Server IPs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"BusinessEngine\",\r\n \"dataSource\": \"session_record\",\r\n \"limit\": \"100\",\r\n \"parameters\": {\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"common_vsys_id\",\r\n \"fieldValues\": [\r\n 1\r\n ]\r\n }\r\n ],\r\n \"intervals\": [\r\n \"{{start_time}}/{{end_time}}\"\r\n ]\r\n }\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/entity/v1/?topserverip", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "entity", + "v1", + "" + ], + "query": [ + { + "key": "topserverip", + "value": null + } + ] + } + }, + "response": [] + }, + { + "name": "Recommend Top SNIs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"BusinessEngine\",\r\n \"dataSource\":\"session_record\",\r\n \"limit\":\"20000\",\r\n \"parameters\":{\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"common_vsys_id\",\r\n \"fieldValues\": [\r\n 1,2\r\n ]\r\n }\r\n ],\r\n \"intervals\":[\r\n \"{{start_time}}/{{end_time}}\"\r\n ]\r\n }\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/entity/v1/?topsni", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "entity", + "v1", + "" + ], + "query": [ + { + "key": "topsni", + "value": null + } + ] + } + }, + "response": [] + }, + { + "name": "IMSI to TEID", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"AnalysisEngine\",\r\n \"dataSource\": \"gtpc_knowledge_base\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"regex\",\r\n \"fieldKey\": \"imsi\",\r\n \"fieldValues\": [\r\n \"57051531092359*\",\r\n \"$570415210923520\"\r\n ]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "relation", + "v1", + "" + ], + "query": [ + { + "key": "gtpc", + "value": null + } + ] + } + }, + "response": [] + }, + { + "name": "IMEI to TEID", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "\t\r\n{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"AnalysisEngine\",\r\n \"dataSource\":\"gtpc_knowledge_base\",\r\n \"parameters\":{\r\n \"match\":[\r\n {\r\n \"type\":\"regex\",\r\n \"fieldKey\":\"imei\",\r\n \"fieldValues\":[\r\n \"6491009423*\", \"$35491009423782\"\r\n ]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "relation", + "v1", + "" + ], + "query": [ + { + "key": "gtpc", + "value": null + } + ] + } + }, + "response": [] + }, + { + "name": "Phone Number to TEID", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "\t\r\n{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"AnalysisEngine\",\r\n \"dataSource\":\"gtpc_knowledge_base\",\r\n \"parameters\":{\r\n \"match\":[\r\n {\r\n \"type\":\"regex\",\r\n \"fieldKey\":\"phone_number\",\r\n \"fieldValues\":[\r\n \"$8613259856152\"\r\n ]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "relation", + "v1", + "" + ], + "query": [ + { + "key": "gtpc", + "value": null + } + ] + } + }, + "response": [] + }, + { + "name": "APN to TEID", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "\t\r\n{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"AnalysisEngine\",\r\n \"dataSource\":\"gtpc_knowledge_base\",\r\n \"parameters\":{\r\n \"match\":[\r\n {\r\n \"type\":\"regex\",\r\n \"fieldKey\":\"apn\",\r\n \"fieldValues\":[\r\n \"*335434\", \"$2126345434\"\r\n ]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "relation", + "v1", + "" + ], + "query": [ + { + "key": "gtpc", + "value": null + } + ] + } + }, + "response": [] + }, + { + "name": "Top Server IPs Stat", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "urlencoded", + "urlencoded": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/entity?option=topserverip", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "diagnosis", + "entity" + ], + "query": [ + { + "key": "option", + "value": "topserverip" + } + ] + } + }, + "response": [] + }, + { + "name": "Top SNIs Stat", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/entity?option=topsni", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "diagnosis", + "entity" + ], + "query": [ + { + "key": "option", + "value": "topsni" + } + ] + } + }, + "response": [] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ] + }, + { + "name": "Tools", + "item": [ + { + "name": "ClickHouse", + "item": [ + { + "name": "ClickHouse Endpoints", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201; " + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT DISTINCT concat(host_address,':','8123') as endpoint FROM system.clusters FORMAT JSONEachRow;", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "query", + "value": "SELECT DISTINCT concat(host_address,':','8123') as endpoint FROM system.clusters FORMAT JSONEachRow;" + } + ] + } + }, + "response": [] + }, + { + "name": "Total Space", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT SUM(`total_space`)/1024/1024/1024/1024 as TB FROM system.disks_cluster format JSONEachRow", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "query", + "value": "SELECT SUM(`total_space`)/1024/1024/1024/1024 as TB FROM system.disks_cluster format JSONEachRow" + } + ] + } + }, + "response": [] + }, + { + "name": "ClickHouse Tables", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT DISTINCT(name) FROM system.tables_cluster WHERE database = 'tsg_galaxy_v3' AND engine in ('MergeTree','ReplicatedMergeTree') FORMAT JSONEachRow;", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "query", + "value": "SELECT DISTINCT(name) FROM system.tables_cluster WHERE database = 'tsg_galaxy_v3' AND engine in ('MergeTree','ReplicatedMergeTree') FORMAT JSONEachRow;" + } + ] + }, + "description": "根据不同的ip查询所有clickhouse的表" + }, + "response": [] + }, + { + "name": "View which settings have been changed from the default", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT\n name,\n value\nFROM system.settings\nWHERE changed FORMAT JSONEachRow", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n name,\n value\nFROM system.settings\nWHERE changed FORMAT JSONEachRow" + } + ] + } + }, + "response": [] + }, + { + "name": "Show disk storage, number of parts", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT\n database,\n table,\n partition,\n count() AS parts,\n formatReadableSize(sum(bytes_on_disk)) AS bytes_on_disk, \n formatReadableQuantity(sum(rows)) AS rows,\n sum(marks) AS marks\nFROM system.parts_cluster pc \nWHERE (database != 'system') AND active\nGROUP BY\n database,\n table,\n partition\nORDER BY database ASC FORMAT JSONEachRow", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n database,\n table,\n partition,\n count() AS parts,\n formatReadableSize(sum(bytes_on_disk)) AS bytes_on_disk, \n formatReadableQuantity(sum(rows)) AS rows,\n sum(marks) AS marks\nFROM system.parts_cluster pc \nWHERE (database != 'system') AND active\nGROUP BY\n database,\n table,\n partition\nORDER BY database ASC FORMAT JSONEachRow" + } + ] + } + }, + "response": [] + }, + { + "name": "Get the size of all your tables", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=\nSELECT \n\ttable,\n formatReadableSize(sum(bytes)) as size\n FROM system.parts_cluster pc\n WHERE active\nGROUP BY table FORMAT JSONEachRow", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "\nSELECT \n\ttable,\n formatReadableSize(sum(bytes)) as size\n FROM system.parts_cluster pc\n WHERE active\nGROUP BY table FORMAT JSONEachRow" + } + ] + } + }, + "response": [] + }, + { + "name": "Row count and average day size of your table", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=\nSELECT\n table, formatReadableSize(size) AS size,\n rows,\n days,\n formatReadableSize(avgDaySize) AS avgDaySize\nFROM\n(\n SELECT\n table,\n sum(bytes) AS size,\n sum(rows) AS rows,\n min(min_date) AS min_date,\n max(max_date) AS max_date,\n max_date - min_date AS days,\n size / (max_date - min_date) AS avgDaySize\n FROM system.parts_cluster pc\n WHERE active\n GROUP BY table\n ORDER BY rows DESC\n) FORMAT JSONEachRow", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "\nSELECT\n table, formatReadableSize(size) AS size,\n rows,\n days,\n formatReadableSize(avgDaySize) AS avgDaySize\nFROM\n(\n SELECT\n table,\n sum(bytes) AS size,\n sum(rows) AS rows,\n min(min_date) AS min_date,\n max(max_date) AS max_date,\n max_date - min_date AS days,\n size / (max_date - min_date) AS avgDaySize\n FROM system.parts_cluster pc\n WHERE active\n GROUP BY table\n ORDER BY rows DESC\n) FORMAT JSONEachRow" + } + ] + } + }, + "response": [] + }, + { + "name": "Compression columns percentage", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT\n parts.*,\n columns.compressed_size,\n columns.uncompressed_size,\n columns.compression_ratio,\n columns.compression_percentage\nFROM\n(\n SELECT\n table,\n formatReadableSize(sum(data_uncompressed_bytes)) AS uncompressed_size,\n formatReadableSize(sum(data_compressed_bytes)) AS compressed_size,\n round(sum(data_compressed_bytes) / sum(data_uncompressed_bytes), 3) AS compression_ratio,\n round(100 - ((sum(data_compressed_bytes) * 100) / sum(data_uncompressed_bytes)), 3) AS compression_percentage\n FROM system.columns_cluster cc\n GROUP BY table\n) AS columns\nRIGHT JOIN\n(\n SELECT\n table,\n sum(rows) AS rows,\n max(modification_time) AS latest_modification,\n formatReadableSize(sum(bytes)) AS disk_size,\n formatReadableSize(sum(primary_key_bytes_in_memory)) AS primary_keys_size,\n any(engine) AS engine,\n sum(bytes) AS bytes_size\n FROM system.parts_cluster pc\n WHERE active\n GROUP BY\n database,\n table\n) AS parts ON columns.table = parts.table\nORDER BY parts.bytes_size DESC FORMAT JSONEachRow", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n parts.*,\n columns.compressed_size,\n columns.uncompressed_size,\n columns.compression_ratio,\n columns.compression_percentage\nFROM\n(\n SELECT\n table,\n formatReadableSize(sum(data_uncompressed_bytes)) AS uncompressed_size,\n formatReadableSize(sum(data_compressed_bytes)) AS compressed_size,\n round(sum(data_compressed_bytes) / sum(data_uncompressed_bytes), 3) AS compression_ratio,\n round(100 - ((sum(data_compressed_bytes) * 100) / sum(data_uncompressed_bytes)), 3) AS compression_percentage\n FROM system.columns_cluster cc\n GROUP BY table\n) AS columns\nRIGHT JOIN\n(\n SELECT\n table,\n sum(rows) AS rows,\n max(modification_time) AS latest_modification,\n formatReadableSize(sum(bytes)) AS disk_size,\n formatReadableSize(sum(primary_key_bytes_in_memory)) AS primary_keys_size,\n any(engine) AS engine,\n sum(bytes) AS bytes_size\n FROM system.parts_cluster pc\n WHERE active\n GROUP BY\n database,\n table\n) AS parts ON columns.table = parts.table\nORDER BY parts.bytes_size DESC FORMAT JSONEachRow" + } + ] + } + }, + "response": [] + }, + { + "name": "Find queries that are stuck", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT elapsed, initial_user, client_name, hostname(), query_id, query FROM system.processes AS pc ORDER BY elapsed DESC format JSONEachRow", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT elapsed, initial_user, client_name, hostname(), query_id, query FROM system.processes AS pc ORDER BY elapsed DESC format JSONEachRow" + } + ] + } + }, + "response": [] + }, + { + "name": "Errors in SQL Queries", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n initial_query_id,\n type as error_type,\n query_start_time,\n intDiv(query_duration_ms,1000) as query_duration_s ,\n query ,\n exception,\n initial_user ,\n http_user_agent ,\n initial_address\nFROM\n system.query_log_cluster\nwhere\n type IN ('ExceptionBeforeStart', 'ExceptionWhileProcessing')\n and initial_query_id = query_id\n and event_time > (now()-86400)\n and event_time < now()\norder by\n event_time desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n initial_query_id,\n type as error_type,\n query_start_time,\n intDiv(query_duration_ms,1000) as query_duration_s ,\n query ,\n exception,\n initial_user ,\n http_user_agent ,\n initial_address\nFROM\n system.query_log_cluster\nwhere\n type IN ('ExceptionBeforeStart', 'ExceptionWhileProcessing')\n and initial_query_id = query_id\n and event_time > (now()-86400)\n and event_time < now()\norder by\n event_time desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Historical Slow Queries", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n databases,\n initial_query_id ,\n query,\n event_time,\n intDiv(query_duration_ms,1000) as query_duration_s,\n read_rows ,\n read_bytes ,\n initial_user,\n http_user_agent,\n initial_address\n from\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\norder by\n query_duration_ms desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n databases,\n initial_query_id ,\n query,\n event_time,\n intDiv(query_duration_ms,1000) as query_duration_s,\n read_rows ,\n read_bytes ,\n initial_user,\n http_user_agent,\n initial_address\n from\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\norder by\n query_duration_ms desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Most Frequent Query Columns", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n arrayJoin(columns) as used_columns,\n count() as columns_num\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\ngroup by\n used_columns\norder by\n columns_num desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n arrayJoin(columns) as used_columns,\n count() as columns_num\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\ngroup by\n used_columns\norder by\n columns_num desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Aggregate Queries Latency Statistics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n intDiv(max(query_duration_ms),1000) as max_query_duration_s,\n QUANTILE(query_duration_ms, 0.95)/1000 as p95_query_duration_s, \n max(read_rows) ,\n anyLast(http_user_agent) as last_http_user_agent,\n used_aggregate_functions,\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_query_duration_s desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n intDiv(max(query_duration_ms),1000) as max_query_duration_s,\n QUANTILE(query_duration_ms, 0.95)/1000 as p95_query_duration_s, \n max(read_rows) ,\n anyLast(http_user_agent) as last_http_user_agent,\n used_aggregate_functions,\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_query_duration_s desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Aggregate Queries Resource Usage Statistics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n toInt64(avg(memory_usage))/1024/1024 as avg_memory_MB,\n used_aggregate_functions,\navg(ProfileEvents%5B'FileOpen'%5D)%20as%20FileOpen%2C%0A%20%20%20%20avg(ProfileEvents%5B'DiskReadElapsedMicroseconds'%5D)%2F1000000%20as%20DiskRead_s%2C\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id != query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_memory_MB desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n toInt64(avg(memory_usage))/1024/1024 as avg_memory_MB,\n used_aggregate_functions,\navg(ProfileEvents%5B'FileOpen'%5D)%20as%20FileOpen%2C%0A%20%20%20%20avg(ProfileEvents%5B'DiskReadElapsedMicroseconds'%5D)%2F1000000%20as%20DiskRead_s%2C\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id != query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_memory_MB desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Top 10 Queries using the most CPU and memory", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n type,\n event_time,\n initial_query_id,\n formatReadableSize(memory_usage) AS memory,\n %60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'UserTimeMicroseconds')%5D%20AS%20userCPU%2C%0A%20%20%20%20%60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'SystemTimeMicroseconds')%5D%20AS%20systemCPU%2C\n normalizedQueryHash(query) AS normalized_query_hash\nFROM system.query_log_cluster where query_start_time>(now()-86400)\nORDER BY memory_usage DESC\nLIMIT 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n type,\n event_time,\n initial_query_id,\n formatReadableSize(memory_usage) AS memory,\n %60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'UserTimeMicroseconds')%5D%20AS%20userCPU%2C%0A%20%20%20%20%60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'SystemTimeMicroseconds')%5D%20AS%20systemCPU%2C\n normalizedQueryHash(query) AS normalized_query_hash\nFROM system.query_log_cluster where query_start_time>(now()-86400)\nORDER BY memory_usage DESC\nLIMIT 10" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Apache Druid", + "item": [ + { + "name": "used_size", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT SUM(curr_size)/1024/1024/1024 AS curr_size_GB FROM sys.servers WHERE server_type = 'historical'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "max_size", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT SUM(max_size)/1024/1024/1024 AS max_size_GB FROM sys.servers WHERE server_type = 'historical'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Report and Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\"query\":\"SELECT used_size/1024/1024/1024 as used_size_GB FROM sys_storage_log WHERE log_type = 'Report and Metrics' ORDER BY __time DESC LIMIT 1\",\"context\":{\"skipEmptyBuckets\":\"false\"},\"resultFormat\":\"object\"}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "The Latest Ingestion Date for Druid", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\"query\":\"SELECT version FROM sys.segments WHERE version LIKE '2%' ORDER BY version DESC LIMIT 1\"}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "The Earliest Ingestion Date for Druid", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT \\\"start\\\" FROM sys.segments order by \\\"start\\\" limit 1\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Druid Tables", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT datasource FROM sys.tasks group by datasource\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Unified Query Gateway", + "item": [ + { + "name": "TopK Query with RBO", + "item": [ + { + "name": "Standard Group By (Optimized)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as median_byte_num,min(common_c2s_byte_num) as min_byte_num,sum(common_c2s_byte_num+common_s2c_byte_num) as bytes FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP(now())-86400 and common_recv_time= UNIX_TIMESTAMP(now())-86400 and common_recv_time= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(in_pkts + out_pkts)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(in_bytes + out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(closed_sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\ttraffic_general_stat\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time" + } + ] + } + }, + "response": [] + }, + { + "name": "Throughput of Protocol Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(in_pkts + out_pkts)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(in_bytes + out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\tapplication_protocol_stat\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and protocol_stack_id='ETHERNET'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(in_pkts + out_pkts)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(in_bytes + out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\tapplication_protocol_stat\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and protocol_stack_id='ETHERNET'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time" + } + ] + } + }, + "response": [] + }, + { + "name": "Throughput of closed sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\n\tround(SUM(common_c2s_pkt_num + common_s2c_pkt_num)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_num + common_s2c_byte_num)/1024/1024/1024,2) as bytes_GB,\n\tround(SUM(common_sessions)/1000/1000,2) as sessions_M\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\t", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\n\tround(SUM(common_c2s_pkt_num + common_s2c_pkt_num)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_num + common_s2c_byte_num)/1024/1024/1024,2) as bytes_GB,\n\tround(SUM(common_sessions)/1000/1000,2) as sessions_M\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\t" + } + ] + } + }, + "response": [] + }, + { + "name": "Throughput of interim sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select stat_time, sum(packets_M) as packets_M, sum(bytes_GB) as byets_GB from (SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\tunion all SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tinterim_session_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time) group by stat_time order by stat_time\t", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select stat_time, sum(packets_M) as packets_M, sum(bytes_GB) as byets_GB from (SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\tunion all SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tinterim_session_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time) group by stat_time order by stat_time\t" + } + ] + } + }, + "response": [] + }, + { + "name": "ClickHouse Uncategorized Traffic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT round(SUM(common_c2s_byte_num+common_s2c_byte_num)/1024/1024,2) as uncategorized_bytes_mb FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') AND common_app_label= 'unknown'", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT round(SUM(common_c2s_byte_num+common_s2c_byte_num)/1024/1024,2) as uncategorized_bytes_mb FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') AND common_app_label= 'unknown'" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Duplicate logs Assessment", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1)" + } + ] + } + }, + "response": [] + }, + { + "name": "Traffic Summary for Reporting", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select \n COUNT(DISTINCT(device_id)) as device_num,\n sum(sum_bytes) as total_bytes_transferred,\n sum(sum_pkts) as total_packets_transferred,\n sum(sum_sessions) as total_new_sessions ,\n sum(sum_closed_sessions) as total_closed_sessions,\n sum(sum_sessions)/86400 as avg_new_sessions_per_second,\n sum(sum_bytes)*8/86400as avg_bits_per_second,\n sum(sum_pkts)/86400 as avg_packets_per_second,\n sum(avg_active_sessions) as avg_active_sessions,\n round(CASE WHEN sum(sum_closed_sessions) = 0 THEN 0 ELSE sum(sum_asymmetric_flows) * 1.0 / sum(sum_closed_sessions) END, 4) * 100 as percent_asymmetric_flows\n from\n ( select\n device_id,\n vsys_id,\n sum(in_bytes + out_bytes) as sum_bytes,\n sum(in_pkts + out_pkts) as sum_pkts,\n sum(sessions) as sum_sessions,\n sum(closed_sessions) as sum_closed_sessions,\n avg(active_sessions) as avg_active_sessions,\n sum(asymmetric_c2s_flows+asymmetric_s2c_flows) as sum_asymmetric_flows\n from \n traffic_general_stat \n where\n __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by\n device_id, vsys_id\n ) ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select \n COUNT(DISTINCT(device_id)) as device_num,\n sum(sum_bytes) as total_bytes_transferred,\n sum(sum_pkts) as total_packets_transferred,\n sum(sum_sessions) as total_new_sessions ,\n sum(sum_closed_sessions) as total_closed_sessions,\n sum(sum_sessions)/86400 as avg_new_sessions_per_second,\n sum(sum_bytes)*8/86400as avg_bits_per_second,\n sum(sum_pkts)/86400 as avg_packets_per_second,\n sum(avg_active_sessions) as avg_active_sessions,\n round(CASE WHEN sum(sum_closed_sessions) = 0 THEN 0 ELSE sum(sum_asymmetric_flows) * 1.0 / sum(sum_closed_sessions) END, 4) * 100 as percent_asymmetric_flows\n from\n ( select\n device_id,\n vsys_id,\n sum(in_bytes + out_bytes) as sum_bytes,\n sum(in_pkts + out_pkts) as sum_pkts,\n sum(sessions) as sum_sessions,\n sum(closed_sessions) as sum_closed_sessions,\n avg(active_sessions) as avg_active_sessions,\n sum(asymmetric_c2s_flows+asymmetric_s2c_flows) as sum_asymmetric_flows\n from \n traffic_general_stat \n where\n __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by\n device_id, vsys_id\n ) " + } + ] + } + }, + "response": [] + }, + { + "name": "Traffic in Bits/s for Reporting", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) \norder by stat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) \norder by stat_time asc\nlimit 1000" + } + ] + } + }, + "response": [] + }, + { + "name": "New Sessions/s for Reporting", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_sessions)/30 as avg_sessions_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(sessions) as sum_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_sessions)/30 as avg_sessions_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(sessions) as sum_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000" + } + ] + } + }, + "response": [] + }, + { + "name": "Traffic by Session Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\t{{PT30S_RECV_TIME}} as stat_time,\n\tround(sum(common_c2s_byte_num)*8/30/1000/1000,2) as Bytes_Sent_Mbps,\n\tround(sum(common_s2c_byte_num)*8/30/1000/1000,2) as Bytes_Received_Mbps,\n\tround(sum(common_c2s_byte_num + common_s2c_byte_num)*8/30/1000/1000,2) as Mbps,\n\tround(sum(common_c2s_pkt_num + common_s2c_pkt_num)/30/1000,2) as Kpps,\n\tround(sum(common_sessions)/30/1000,2) as \"Ksessions/s\"\nfrom\n\tsession_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select {{Last 5 Minutes Start}} as start_time, {{now}} as end_time, sum(common_sessions) as sessions,\n sum(if(common_stream_dir <> 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n" + } + ] + } + }, + "response": [] + }, + { + "name": "Uniq Client IPs For pinning", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\tstat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\t(\n\tselect\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time, \n\t\tcommon_client_ip, \n\t\tcount(*) as hits\n\tfrom\n\t\tproxy_event\n\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 10 )\ngroup by\n\tstat_time\norder by\n\tstat_time", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select\n\tstat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\t(\n\tselect\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time, \n\t\tcommon_client_ip, \n\t\tcount(*) as hits\n\tfrom\n\t\tproxy_event\n\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 10 )\ngroup by\n\tstat_time\norder by\n\tstat_time" + } + ] + } + }, + "response": [] + }, + { + "name": "Top frequent elements in Flags(With Label)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select \n\t flag,\n\t sum(sessions) as sessions\n\tfrom (\n\t\tselect \n\t\t arrayJoin(array(\n\t\t\t if(bitAnd(common_flags, 1)= 1, 'Asymmetric', ''),\n\t\t\t if(bitAnd(common_flags, 2)= 2, 'Bulky', ''),\n\t\t\t if(bitAnd(common_flags, 4)= 4, 'CBR Streaming', ''),\n\t\t\t if(bitAnd(common_flags, 8)= 8, 'Client is Local', ''),\n\t\t\t if(bitAnd(common_flags, 16)= 16, 'Server is Local', ''),\n\t\t\t if(bitAnd(common_flags, 32)= 32, 'Download', ''),\n\t\t\t if(bitAnd(common_flags, 64)= 64, 'Interactive', ''),\n\t\t\t if(bitAnd(common_flags, 128)= 128, 'Inbound', ''),\n\t\t\t if(bitAnd(common_flags, 256)= 256, 'Outbound', ''),\n\t\t\t if(bitAnd(common_flags, 512)= 512, 'Pseudo Unidirectional', ''),\n\t\t\t if(bitAnd(common_flags, 1024)= 1024, 'Streaming', ''),\n\t\t\t if(bitAnd(common_flags, 2048)= 2048, 'Unidirectional', ''),\n\t\t\t if(bitAnd(common_flags, 4096)= 4096, 'Random looking', ''), \n\t\t\t if(bitAnd(common_flags, 8192)= 8192, 'C2S', ''), \n\t\t\t if(bitAnd(common_flags, 16384)= 16384, 'S2C', ''), if(bitAnd(common_flags, 32768)= 32768, 'Bidirectional', ''), \n\t\t\t if(common_flags=0, 'N/A', '')\n\t\t\t )) as flag , bytes, packets, sessions\n\t\t\t from (\n\t\t\t\n\t\tselect\n\t\t\t\tcommon_flags,\n\t\t\t\tcount(*) as sessions,\n\t\t\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t\t\tsum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\n\t\t\tfrom\n\t\t\t\tsession_record as sr\n\t\t\twhere\n\t\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP(now())-86400\n and common_recv_time= UNIX_TIMESTAMP(now())-86400\n and common_recv_time= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 100\norder by\n\tports_num desc limit 50", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "\nselect\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tif(notEmpty(ports),length(ports),0) as ports_num\nfrom\n\tsession_record crl\nwhere \tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 100\norder by\n\tports_num desc limit 50" + } + ] + } + }, + "response": [] + }, + { + "name": "Validate Session Index Tables", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query= select 'Total' as type, count(*) as logs from session_record where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all \nselect 'Client IP' as type, count(*) as logs from session_record_common_client_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Server IP' as type, count(*) as logs from session_record_common_server_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Domain' as type, count(*) as logs from session_record_common_server_domain where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": " select 'Total' as type, count(*) as logs from session_record where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all \nselect 'Client IP' as type, count(*) as logs from session_record_common_client_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Server IP' as type, count(*) as logs from session_record_common_server_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Domain' as type, count(*) as logs from session_record_common_server_domain where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Cardinality Estimation", + "item": [ + { + "name": "Total", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tround(tcp_logs / logs, 2) as \"TCP Percentage\",\n\tround(udp_logs / logs, 2) as \"UDP Percentage\",\n\tround(egress_bytes / bytes, 2) as \"Egress Percentage\",\n\tround(ingress_bytes / bytes, 2) as \"Ingress Percentage\",\n\ttcp_logs as \"TCP Logs\",\n\tudp_logs as \"UDP Logs\",\n\tlogs as \"Logs\",\n\tegress_bytes as \"Egress Bytes\",\n\tingress_bytes as \"Ingress Bytes\",\n\tbytes as \"Bytes\"\nfrom\n\t(select\n\tsum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs,\n\tsum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs,\n\tsum(if(common_direction = 69, common_c2s_byte_num, common_s2c_byte_num)) as egress_bytes,\n\tsum(if(common_direction = 73, common_c2s_byte_num, common_s2c_byte_num)) as ingress_bytes,\n\tcount(*) as logs,\n\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = toDateTime('2022-07-19 00:00:00'))\n\t\tAND (common_recv_time < toDateTime('2022-07-20 00:00:00'))\n\tGROUP BY\n\t\tstat_time, common_app_label\n) group by common_app_label order by \"AVG Mbits / s\" desc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n common_app_label,\t\n round(median(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"Medain Mbits/s\",\n\tround(avg(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"AVG Mbits / s\",\n\tround(QUANTILE(traffic_bytes, 0.95) * 8 / 1000 / 1000 / 300,2) as \"P95 Mbits / s\"\nFROM\n\t(\n\tSELECT\n\t common_app_label,\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300) * 300) as stat_time,\n\t\tround(sum(common_c2s_byte_num + common_s2c_byte_num)/ uniq(common_server_ip),2) as traffic_bytes\n\tFROM\n\t\tsession_record as ss\n\tWHERE\n\t\t(common_recv_time >= toDateTime('2022-07-19 00:00:00'))\n\t\tAND (common_recv_time < toDateTime('2022-07-20 00:00:00'))\n\tGROUP BY\n\t\tstat_time, common_app_label\n) group by common_app_label order by \"AVG Mbits / s\" desc" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Domain Drill Down", + "item": [ + { + "name": "Domain Entity", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" , groupUniqArray(common_l7_protocol) as protocols,FROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" , median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes, any(common_server_location) as Location from session_record where common_server_domain='{{domain}}' and common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n\tdns_qname,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS server ip", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS IP Conversations With Highest Errors", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Requests With Highes Erros", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "DNS Resolver Amplification Attack", + "item": [ + { + "name": "DNS Resolvers", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolver Amlif Times", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolver Metrics trend", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolver rcode", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolvers by Victim IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=SELECT\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tany(common_server_location) as server_location\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "\nselect\n\tcount(*) as ips,\n\tsum(if(byte_ratio <= 1, 1, 0)) as \"1 times\",\n\tsum(if(byte_ratio > 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)" + } + ] + } + }, + "response": [] + }, + { + "name": "Ampli Attack Country Distribution", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "DNS NXDOMAIN Flood", + "item": [ + { + "name": "DNS Proxy Server", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n bytes desc\nlimit 10\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n bytes desc\nlimit 10\n" + } + ] + } + }, + "response": [] + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "var startDate = new Date(Date.now()-86400000);", + "var start_time = startDate.getFullYear().toString() + \"-\" +", + " (startDate.getMonth() + 1).toString().padStart(2, '0') + \"-\" +", + " startDate.getDate().toString().padStart(2, '0') + \" \" +", + " startDate.getHours().toString().padStart(2, '0') + \":\" +", + " startDate.getMinutes().toString().padStart(2, '0') + \":\" +", + " startDate.getSeconds().toString().padStart(2, '0');", + "", + "pm.globals.set(\"start_time\", start_time);", + "var endDate = new Date(Date.now());", + "var end_time = endDate.getFullYear().toString() + \"-\" +", + " (endDate.getMonth() + 1).toString().padStart(2, '0') + \"-\" +", + " endDate.getDate().toString().padStart(2, '0') + \" \" +", + " endDate.getHours().toString().padStart(2, '0') + \":\" +", + " endDate.getMinutes().toString().padStart(2, '0') + \":\" +", + " endDate.getSeconds().toString().padStart(2, '0'); ", + "pm.globals.set(\"end_time\", end_time);", + "pm.globals.set(\"domain\",pm.variables.replaceIn('{{$randomDomainName}}'));", + "pm.globals.set(\"client_ip\",pm.variables.replaceIn('{{$randomIP}}'));", + "pm.globals.set(\"server_ip\",pm.variables.replaceIn('{{$randomIP}}'));", + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] +} \ No newline at end of file