diff --git a/24.01/Develop.postman_environment.json b/24.01/Develop.postman_environment.json new file mode 100644 index 0000000..8c24924 --- /dev/null +++ b/24.01/Develop.postman_environment.json @@ -0,0 +1,238 @@ +{ + "id": "18e95f62-58ae-4fc0-8350-f84b45b006af", + "name": "Develop", + "values": [ + { + "key": "qgw_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "qgw_port", + "value": "9999", + "enabled": true + }, + { + "key": "druid_ip", + "value": "192.168.44.12", + "type": "default", + "enabled": true + }, + { + "key": "druid_port", + "value": "8089", + "enabled": true + }, + { + "key": "hbase_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "hbase_port", + "value": "50070", + "enabled": true + }, + { + "key": "hos_token", + "value": "c21f969b5f03d33d43e04f8f136e7682", + "type": "secret", + "enabled": true + }, + { + "key": "hos_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "hos_port", + "value": "9098", + "enabled": true + }, + { + "key": "clickhouse_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "clickhouse_port", + "value": "8123", + "enabled": true + }, + { + "key": "clickhouse_database", + "value": "tsg_galaxy_v3", + "enabled": true + }, + { + "key": "clickhouse_user", + "value": "default", + "enabled": true + }, + { + "key": "clickhouse_password", + "value": "galaxy2019", + "type": "secret", + "enabled": true + }, + { + "key": "arango_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "arango_port", + "value": "8529", + "enabled": true + }, + { + "key": "kafka_load_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "kafka_monitor_port", + "value": "9991", + "enabled": true + }, + { + "key": "kafka_merge_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "Last 5 Minutes Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300)", + "enabled": true + }, + { + "key": "now", + "value": "now()", + "enabled": true + }, + { + "key": "Last 1 Hour Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-3600)", + "enabled": true + }, + { + "key": "Last 12 Hour Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-43200)", + "enabled": true + }, + { + "key": "Last 24 Hour Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-86400)", + "enabled": true + }, + { + "key": "Today Start", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now())))", + "enabled": true + }, + { + "key": "Today End", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now()) +86400))", + "enabled": true + }, + { + "key": "Today so far Start", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now())))", + "enabled": true + }, + { + "key": "Yesterday Start", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now()) -86400))", + "enabled": true + }, + { + "key": "Yesterday End", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now())))", + "enabled": true + }, + { + "key": "PT5S_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT5s'))", + "enabled": true + }, + { + "key": "PT30S_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT30S'))", + "enabled": true + }, + { + "key": "PT5M_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT5M'))", + "enabled": true + }, + { + "key": "PT30M_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT30M'))", + "enabled": true + }, + { + "key": "PT1H_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT1H'))", + "enabled": true + }, + { + "key": "P1D_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'P1D'))", + "enabled": true + }, + { + "key": "PT5S_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5s'))", + "enabled": true + }, + { + "key": "PT30S_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S'))", + "enabled": true + }, + { + "key": "PT1M_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M'))", + "enabled": true + }, + { + "key": "PT5M_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M'))", + "enabled": true + }, + { + "key": "PT30M_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30M'))", + "enabled": true + }, + { + "key": "PT1H_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1H'))", + "enabled": true + }, + { + "key": "P1D_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'P1D'))", + "enabled": true + }, + { + "key": "report_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "report_port", + "value": "9093", + "enabled": true + }, + { + "key": "job_id", + "value": "", + "type": "any", + "enabled": true + } + ], + "_postman_variable_scope": "environment", + "_postman_exported_at": "2023-12-12T08:53:52.025Z", + "_postman_exported_using": "Postman/10.21.2" +} \ No newline at end of file diff --git a/24.01/TSG OLAP API V24.01.postman_collection.json b/24.01/TSG OLAP API V24.01.postman_collection.json new file mode 100644 index 0000000..416eba8 --- /dev/null +++ b/24.01/TSG OLAP API V24.01.postman_collection.json @@ -0,0 +1,14190 @@ +{ + "info": { + "_postman_id": "4a92abcb-8edf-485a-9067-69ef14ec0741", + "name": "TSG OLAP API V24.01", + "description": "# galaxy-troubleshooting-api\n\n使用Postman组件,基于Rest API接口对TSG OLAP 进行功能验证。包括组件健康检查,功能集成测试及故障诊断。\n\n## Release 24.01 (31 JAN 2024)\n\n###### New Features\n\n- 依据OLAP API 组织接口\n \n- 接口进行重构,不再兼容23.10及之前版本\n \n\n## Release 23.10 (30 OCT 2023)\n\n###### Update\n\n- 会话日志增加毫米级时间戳字段common_start_timestamp_ms, common_end_timestamp_ms\n- 会话日志增加操作系统指纹common_client_os_name,common_server_os_name\n \n\n## Release 23.09 (30 SEP 2023)\n\n###### Update\n\n- metrics 修改表名由statistics_object改为object_statistics\n- Flags统计增加Bidirectional标识\n- Closed Session Records 增加http_status_code, ssl_esni_flag, ssl_ech_flag\n- 删除Kafka Topics 目录\n \n\n## Release 23.08 (21 AUG 2023)\n\n###### New Features\n\n- Metrics增加Statistics Policy 相关接口\n- Metrics增加Statistics Object 相关接口\n- Metrics增加Statistics rule 命中计数接口\n \n\n###### Update\n\n- 会话日志查询,增加重命名字段common_out_link_id、common_in_link_id\n \n\n## Release 23.07 (21 JUL 2023)\n\n###### Update\n\n- 修复Network Throughput Active Sessions计算错误,不除时间粒度\n \n\n## Release 23.06 (21 JUN 2023)\n\n###### Update\n\n- 优化Limit返回值\n \n\n## Release 23.05 (28 MAY 2023)\n\n###### New Features\n\n- 增加Service chaining统计接口\n- QGW增加嵌套子查询接口,用于验证高级搜索\n \n\n###### Update\n\n- Main Dashboard统计接口重构,更改统计源\n- Live Traffic Chart 接口重构,更改统计源\n- 原代理日志拆分为Intercept和Manipulation\n- 相关Metrics的Schema更改为重构后的数据源\n \n\n## Release 23.04 (28 APR 2023)\n\n###### New Features\n\n- 增加数据写入延迟接口Session Insert Latency Distribution\n- 增加数据写入Kafka延迟接口 Session Ingestion Latency Distribution\n \n\n###### Update\n\n- 重构 Security Policy Hits Metrics 统计\n- 重构 Traffic Shaping Metrics 统计\n \n\n## Release 23.03 (28 MAR 2023)\n\n###### New Features\n\n- 目录整体重构,重新梳理功能,便于Newman CLI运行\n- ClickHouse目录下增加慢查询故障诊断语句\n- 参数与API接口统一改为英文,避免中文编码执行异常\n- 加密环境变量密码、token等敏感信息\n- 定义全局动态变量:时间范围、随机IP、随机域名等\n \n\n###### Update\n\n- Flags 添加C2S与S2C标志位标签\n \n\n## Release 23.02 (28 FEB 2023)\n\n###### New Features\n\n- 增加Traffic Shaping 相关统计接口\n \n\n###### Update\n\n- 会话日志增加列common_shaping_rule_ids\n- 会话与安全事件日志增加列common_server_domain\n- 会话与安全事件日志增加列common_flags_identify_info\n \n\n## Release 23.01 (31 JAN 2023)\n\n###### Update\n\n- 会话与安全事件日志增加列common_server_fqdn\n- 会话与安全事件日志增加列common_app_full_path\n \n\n## Release 22.12 (30 DEC 2022)\n\n###### New Features\n\n- 新增Dashboards-增加App推荐\n- 新增系统报告-会话日志Flags统计\n- 新增系统报告-会话日志Flags占比\n \n\n###### Update\n\n- 会话与安全事件日志增加common_flags列\n- 自定义IP映射-增加对ASN函数\n \n\n## Release 22.1 (30 NOV 2022)\n\n###### New Features\n\n###### Update\n\n- 会话与安全事件日志增加ssl_ja3s_hash列\n \n\n## Release 22.10 (30 OCT 2022)\n\n###### New Features\n\n- 06其它-功能验证-Traffic Summary增加Throughput接口\n \n ###### Update\n \n- 更新原有查询,将VSYS ID作为默认查询条件\n \n\n## Release 22.09 (30 SEP 2022)\n\n###### Update\n\n- 会话与安全事件日志增加common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc,dtls_sni 列\n \n\n## Release 22.08 (31 AUG 2022)\n\n###### New Features\n\n- 其它-查询网关-Live Charts 总带宽流量校验\n- 增加检查数据流-SQL执行计划\n- 增加检查数据流-SQL查看表结构\n- 增加检查数据推荐-推荐IMSI到TEID关系\n- 增加检查数据推荐-推荐IMEI到TEID关系\n- 增加检查数据推荐-推荐Phone Number到TEID关系\n- 增加检查数据推荐-推荐apn到TEID关系\n- 增加检查数据推荐-实时查询任务-提交查询任务(实时统计)\n- 增加检查数据推荐-实时查询任务-获取任务结果(实时统计)\n- 增加检查数据推荐-知识库列表\n- 增加预处理检查-检测预处理延迟\n- 增加预处理检查-已关闭会话日志延迟分布\n \n ###### Update\n \n\n## Release 22.07 (30 JUL 2022)\n\n###### New Features\n\n- 增加检查数据推荐-Top Server IP流量概况评估\n- 增加检查数据推荐-Top SNI 流量概况评估\n \n ###### Update\n \n\n## Release 22.06 (30 JUE 2022)\n\n###### New Features\n\n- 检查数据流-增加存储配额一致性检查\n \n ###### Update\n \n- 系统报告检查-增加与CM默认VSYSID=1参数\n \n\n## Release 22.05 (31 MAY 2022)\n\n###### New Features\n\n###### Update\n\n- 检查日志-会话日志/安全事件日志增加RDP类型校验\n \n\n## Release 22.04 (29 APR 2022)\n\n###### New Features\n\n###### Update\n\n- 预处理检查-是否有数据验证,改为通过console后台打印日志\n- Dashboards Top部分功能增加device_group, data_center维度校验\n \n\n## Release 22.03 (8 APR 2022)\n\n###### New Features\n\n- 增加数据预处理检查,为每类日志增加多个测试用例,区分功能或无数据问题\n \n ###### Update\n \n- 其它-评估日志预处理,增加ETL处理时延和写入Kafka时延指标\n- 检查日志模块对会话,安全和代理事件日志基于具体字段查询\n \n\n###### Delete\n\n- 删除检查数据流,关于Topic的测试用例\n \n\n## Release 22.02 (8 MAR 2022)\n\n###### New Features\n\n- 检查数据流-元数据检查 增加schema评价文件事件日志\n \n\n## Release 22.01 (27 JAN 2022)\n\n###### New Features\n\n- 检查数据流-TopN计算 增加Application接口验证\n \n\n###### Update\n\n- 重新梳理分类,删除无用接口\n- 重新排列分类,将系统自检放到首位\n \n\n## Release 21.12 (1 Dec 2021)\n\n###### New Features\n\n- 新增数据推荐查询-实时查询任务\n- 新增数据推荐查询-推荐Subscriber ID 到IP关系\n- 新增数据推荐查询-推荐APP活跃客户端IP\n- 新增数据推荐查询-推荐TopN Server IP\n- 新增数据推荐查询-推荐TopN SNI\n- 新增常用快捷功能-查询网关,增加优化查询测试集\n - Top 查询优化\n - Calcite 缓存查询\n - 自定义时间函数补全功能\n\n###### Update\n\n- Dashboard 查询,代理策略命中动作增加Edit Element 统计\n \n\n## Release 21.11 (5 Nov 2021)\n\n###### New Features\n\n- Delete\n- Update\n- 修改报告查询接口(由查询mariadb方式变更为API接口)\n- 修改规范“数据推荐查询”所有接口的命名\n \n\n## Release 21.10 (28 OCT 2021)\n\n###### New Features\n\n- 新增HOS健康状态检测接口\n- Delete\n- 删除原ClickHouse/Druid/ArangoDB 状态检查接口\n \n\n## Release 21.09 (23 SEP 2021)\n\n###### New Features\n\n- Update\n- 删除分布式调度任务,5分钟TOPN校验,交由FLink统计\n- 原始日志表名进行重命名,相关查询接口更新\n- 修正DNS分析的SQL数据集\n \n\n## Release 21.08 (15 AUG 2021)\n\n###### New Features\n\n- 新增“Dashboard查询-DoS Threat Map”功能列表,显示DoS检测地图接口\n- 新增“原始日志查询-DoS事件日志”,显示DoS攻击检测日志\n- 新增“原始日志查询-DoS事件日志-Summary”,显示DoS攻击趋势统计\n- 新增“原始日志查询-DoS事件日志-Destination IP Traffic Trend”,显示受害者IP历史流量趋势\n- Update\n- 迁移“Dashboard查询”liveCharts接口,放到“Live Charts”目录中统一管理。\n- 对DNS分析,增加一些查询样例\n \n\n## Release 21.07 (5 JUL 2021)\n\n###### New Features\n\n- 增加”常用快捷功能-基数统计“,用于分析日志分布情况\n- 增加”常用快捷功能-DNS放大攻击“,查询特征数据集\n- 增加”通用检查-对象存储-获取某个文件“,用于文件获取验证\n \n\n###### Update\n\n- 为所有接口增加Tests脚本,对接口进行批量验证测试\n- 修正部分接口查询异常\n \n\n## Release 21.06 (7 JUN 2021)\n\n###### New Features\n\n- Environments 增加环境变量domain、client_ip、server_ip、l7_protocol和PT1M_TIME\n- 常用快捷功能增加某域名下钻、某IP下钻、协议下钻和DNS分析功能\n \n\n###### Update\n\n- 原始日志查询,基于Druid近1小时日志变化粒度从5分钟改为1分钟。包含通联、策略和代理日志。\n \n\n## Release 21.05 (6 MAY 2021)\n\n###### New Features\n\n- 新增“GTP-C日志”功能,辅助故障诊断\n- 新增“事务日志”功能,辅助故障诊断\n- 新增“活跃会话日志”功能,辅助故障诊断\n- 新增“07.常用快捷功能-评估写入日志量”,查看当前系统的吞吐\n \n\n###### Update\n\n- 修改\"01.通用检查-数据存储检查\",增加事务、活跃及GTP-C 检测\n \n\n## Release 21.04 (3 APR 2021)\n\n###### New Features\n\n- 增加“VoIP日志”功能,辅助故障诊断\n- 增加“元数据检查”分类目录\n- 增加“HOS对象存储”目录,用于定位对象存储\n \n\n###### Update\n\n- 修改“SQL语法检查”为“SQL语法验证”,支持SQL语句的静态分析和数据库语义验证\n- 迁移功能项位置,方便问题定位\n \n\n###### Delete\n\n- 删除“系统检查-查询引擎SQL测试集\\[过时\\]”功能,由“故障诊断-sql性能测试”替代。\n \n\n## Release 21.03 (2 MAR 2021)\n\n###### New Features\n\n- 增加故障诊断-元数据功能,可分析日志字段是否与schema一致\n- 增加故障诊断-sql性能测试,可对查询引擎进行功能性验证和POC性能测试\n \n\n###### Update\n\n- 对查询引擎SQL测试集标记过时\n \n\n## Release 21.02 (1 FEB 2021)\n\n###### Update\n\n- 改善内部测试集,应对新的功能修改\n \n\n## Release 20.11.rc3 (11 DEC 2020)\n\n###### New Features\n\n- 增加常用快捷功能- 安装证书独立客户端IP数据趋势\n- 增加常用快捷功能-访问速度最慢TOP20 域名\n- 增加常用快捷功能-报告预置Metrics\n- 增加原始日志查询-安全策略-动作命中计数\n- 增加原始日志查询-代理策略-动作命中计数\n- 增加原始日志查询-通联-流量计数(now)\n \n\n###### Update\n\n- 改善Dashboard查询-基础统计-新建、活跃(计数)-now\n- 改善Dashboard查询-新建、活跃(趋势)\n- 目录增加编号,便于管理\n- 修改分布式调度任务-5分钟TOPN-hot表验证表名\n- 部分Action为post 改为 get,便于导出命令行", + "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", + "_exporter_id": "8105037" + }, + "item": [ + { + "name": "Tools(Deprecated)", + "item": [ + { + "name": "Execute SQL(Deprecated)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/sql/?query=select MEDIAN_HDR(in_latency_ms_sketch) from statistics_rule limit 1", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "sql", + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select MEDIAN_HDR(in_latency_ms_sketch) from statistics_rule limit 1" + } + ] + } + }, + "response": [] + }, + { + "name": "SQL Syntax Validation", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/sql/?option=syntax_validation&query=SELECT\n\tsum(\"Sessions\") AS \"Sessions\",\n\tsum(\"Client IP\") AS \"Client IP\",\n\tsum(\"Server IP\") AS \"Server IP\"\nFROM\n\t(\n\tSELECT\n\t\tssl_sni AS \"SSL.SNI\",\n\t\tcount(client_ip) AS \"Client IP\",\n\t\tcount(server_ip) AS \"Server IP\",\n\t\tcount(1) AS \"Sessions\"\n\tFROM\n\t\t(\n\t\tSELECT\n\t\t\t*\n\t\tFROM\n\t\t\ttsg_galaxy_v3.security_event\n\t\tLIMIT 100) AS security_event\n\tWHERE\n\t\t1 = 1\n\tGROUP BY\n\t\t\"SSL.SNI\") ORDER BY \"Sessions\" DESC, \"Client IP\" DESC, \"Server IP\" DESC LIMIT 50 ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "sql", + "" + ], + "query": [ + { + "key": "option", + "value": "syntax_validation" + }, + { + "key": "query", + "value": "SELECT\n\tsum(\"Sessions\") AS \"Sessions\",\n\tsum(\"Client IP\") AS \"Client IP\",\n\tsum(\"Server IP\") AS \"Server IP\"\nFROM\n\t(\n\tSELECT\n\t\tssl_sni AS \"SSL.SNI\",\n\t\tcount(client_ip) AS \"Client IP\",\n\t\tcount(server_ip) AS \"Server IP\",\n\t\tcount(1) AS \"Sessions\"\n\tFROM\n\t\t(\n\t\tSELECT\n\t\t\t*\n\t\tFROM\n\t\t\ttsg_galaxy_v3.security_event\n\t\tLIMIT 100) AS security_event\n\tWHERE\n\t\t1 = 1\n\tGROUP BY\n\t\t\"SSL.SNI\") ORDER BY \"Sessions\" DESC, \"Client IP\" DESC, \"Server IP\" DESC LIMIT 50 " + } + ] + } + }, + "response": [] + }, + { + "name": "SQL Syntax Parse", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/sql/?option=syntax_parse&query=select common_client_ip from session_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "sql", + "" + ], + "query": [ + { + "key": "option", + "value": "syntax_parse" + }, + { + "key": "query", + "value": "select common_client_ip from session_record" + } + ] + } + }, + "response": [] + }, + { + "name": "Knowledge Bases Lists", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge_base/v1", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "knowledge_base", + "v1" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Others(Deprecated)", + "item": [ + { + "name": "Reporting Dashboards", + "item": [ + { + "name": "Traffic Summary", + "item": [ + { + "name": "Throughput of Traffic Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(in_pkts + out_pkts)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(in_bytes + out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(closed_sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\ttraffic_general_stat\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(in_pkts + out_pkts)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(in_bytes + out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(closed_sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\ttraffic_general_stat\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time" + } + ] + } + }, + "response": [] + }, + { + "name": "Throughput of Protocol Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(in_pkts + out_pkts)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(in_bytes + out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\tapplication_protocol_stat\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and protocol_stack_id='ETHERNET'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(in_pkts + out_pkts)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(in_bytes + out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\tapplication_protocol_stat\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and protocol_stack_id='ETHERNET'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time" + } + ] + } + }, + "response": [] + }, + { + "name": "Throughput of closed sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\n\tround(SUM(common_c2s_pkt_num + common_s2c_pkt_num)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_num + common_s2c_byte_num)/1024/1024/1024,2) as bytes_GB,\n\tround(SUM(common_sessions)/1000/1000,2) as sessions_M\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\t", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\n\tround(SUM(common_c2s_pkt_num + common_s2c_pkt_num)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_num + common_s2c_byte_num)/1024/1024/1024,2) as bytes_GB,\n\tround(SUM(common_sessions)/1000/1000,2) as sessions_M\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\t" + } + ] + } + }, + "response": [] + }, + { + "name": "Throughput of interim sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select stat_time, sum(packets_M) as packets_M, sum(bytes_GB) as byets_GB from (SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\tunion all SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tinterim_session_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time) group by stat_time order by stat_time\t", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select stat_time, sum(packets_M) as packets_M, sum(bytes_GB) as byets_GB from (SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\tunion all SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tinterim_session_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time) group by stat_time order by stat_time\t" + } + ] + } + }, + "response": [] + }, + { + "name": "ClickHouse Uncategorized Traffic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT round(SUM(common_c2s_byte_num+common_s2c_byte_num)/1024/1024,2) as uncategorized_bytes_mb FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') AND common_app_label= 'unknown'", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT round(SUM(common_c2s_byte_num+common_s2c_byte_num)/1024/1024,2) as uncategorized_bytes_mb FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') AND common_app_label= 'unknown'" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Duplicate logs Assessment", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1)" + } + ] + } + }, + "response": [] + }, + { + "name": "Traffic Summary for Reporting", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select \n COUNT(DISTINCT(device_id)) as device_num,\n sum(sum_bytes) as total_bytes_transferred,\n sum(sum_pkts) as total_packets_transferred,\n sum(sum_sessions) as total_new_sessions ,\n sum(sum_closed_sessions) as total_closed_sessions,\n sum(sum_sessions)/86400 as avg_new_sessions_per_second,\n sum(sum_bytes)*8/86400as avg_bits_per_second,\n sum(sum_pkts)/86400 as avg_packets_per_second,\n sum(avg_active_sessions) as avg_active_sessions,\n round(CASE WHEN sum(sum_closed_sessions) = 0 THEN 0 ELSE sum(sum_asymmetric_flows) * 1.0 / sum(sum_closed_sessions) END, 4) * 100 as percent_asymmetric_flows\n from\n ( select\n device_id,\n vsys_id,\n sum(in_bytes + out_bytes) as sum_bytes,\n sum(in_pkts + out_pkts) as sum_pkts,\n sum(sessions) as sum_sessions,\n sum(closed_sessions) as sum_closed_sessions,\n avg(active_sessions) as avg_active_sessions,\n sum(asymmetric_c2s_flows+asymmetric_s2c_flows) as sum_asymmetric_flows\n from \n traffic_general_stat \n where\n __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by\n device_id, vsys_id\n ) ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select \n COUNT(DISTINCT(device_id)) as device_num,\n sum(sum_bytes) as total_bytes_transferred,\n sum(sum_pkts) as total_packets_transferred,\n sum(sum_sessions) as total_new_sessions ,\n sum(sum_closed_sessions) as total_closed_sessions,\n sum(sum_sessions)/86400 as avg_new_sessions_per_second,\n sum(sum_bytes)*8/86400as avg_bits_per_second,\n sum(sum_pkts)/86400 as avg_packets_per_second,\n sum(avg_active_sessions) as avg_active_sessions,\n round(CASE WHEN sum(sum_closed_sessions) = 0 THEN 0 ELSE sum(sum_asymmetric_flows) * 1.0 / sum(sum_closed_sessions) END, 4) * 100 as percent_asymmetric_flows\n from\n ( select\n device_id,\n vsys_id,\n sum(in_bytes + out_bytes) as sum_bytes,\n sum(in_pkts + out_pkts) as sum_pkts,\n sum(sessions) as sum_sessions,\n sum(closed_sessions) as sum_closed_sessions,\n avg(active_sessions) as avg_active_sessions,\n sum(asymmetric_c2s_flows+asymmetric_s2c_flows) as sum_asymmetric_flows\n from \n traffic_general_stat \n where\n __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by\n device_id, vsys_id\n ) " + } + ] + } + }, + "response": [] + }, + { + "name": "Traffic in Bits/s for Reporting", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) \norder by stat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) \norder by stat_time asc\nlimit 1000" + } + ] + } + }, + "response": [] + }, + { + "name": "New Sessions/s for Reporting", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_sessions)/30 as avg_sessions_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(sessions) as sum_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_sessions)/30 as avg_sessions_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(sessions) as sum_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000" + } + ] + } + }, + "response": [] + }, + { + "name": "Traffic by Session Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\t{{PT30S_RECV_TIME}} as stat_time,\n\tround(sum(common_c2s_byte_num)*8/30/1000/1000,2) as Bytes_Sent_Mbps,\n\tround(sum(common_s2c_byte_num)*8/30/1000/1000,2) as Bytes_Received_Mbps,\n\tround(sum(common_c2s_byte_num + common_s2c_byte_num)*8/30/1000/1000,2) as Mbps,\n\tround(sum(common_c2s_pkt_num + common_s2c_pkt_num)/30/1000,2) as Kpps,\n\tround(sum(common_sessions)/30/1000,2) as \"Ksessions/s\"\nfrom\n\tsession_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select {{Last 5 Minutes Start}} as start_time, {{now}} as end_time, sum(common_sessions) as sessions,\n sum(if(common_stream_dir <> 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n" + } + ] + } + }, + "response": [] + }, + { + "name": "Uniq Client IPs For pinning", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\tstat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\t(\n\tselect\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time, \n\t\tcommon_client_ip, \n\t\tcount(*) as hits\n\tfrom\n\t\tproxy_event\n\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 10 )\ngroup by\n\tstat_time\norder by\n\tstat_time", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select\n\tstat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\t(\n\tselect\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time, \n\t\tcommon_client_ip, \n\t\tcount(*) as hits\n\tfrom\n\t\tproxy_event\n\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 10 )\ngroup by\n\tstat_time\norder by\n\tstat_time" + } + ] + } + }, + "response": [] + }, + { + "name": "Top frequent elements in FQDN Category", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\titem,\n\tsum(count) as count\nfrom\n\t(\n\tselect\n\t\tarrayJoin(items) as item,\n\t\tcount\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tcommon_service_category as items,\n\t\t\tcount(*) as count\n\t\tfrom\n\t\t\tsession_record sr\n\t\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP(now())-86400\n and common_recv_time= UNIX_TIMESTAMP(now())-86400\n and common_recv_time= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 100\norder by\n\tports_num desc limit 50", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "\nselect\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tif(notEmpty(ports),length(ports),0) as ports_num\nfrom\n\tsession_record crl\nwhere \tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 100\norder by\n\tports_num desc limit 50" + } + ] + } + }, + "response": [] + }, + { + "name": "Validate Session Index Tables", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query= select 'Total' as type, count(*) as logs from session_record where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all \nselect 'Client IP' as type, count(*) as logs from session_record_common_client_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Server IP' as type, count(*) as logs from session_record_common_server_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Domain' as type, count(*) as logs from session_record_common_server_domain where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": " select 'Total' as type, count(*) as logs from session_record where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all \nselect 'Client IP' as type, count(*) as logs from session_record_common_client_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Server IP' as type, count(*) as logs from session_record_common_server_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Domain' as type, count(*) as logs from session_record_common_server_domain where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Cardinality Estimation", + "item": [ + { + "name": "Total", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tround(tcp_logs / logs, 2) as \"TCP Percentage\",\n\tround(udp_logs / logs, 2) as \"UDP Percentage\",\n\tround(egress_bytes / bytes, 2) as \"Egress Percentage\",\n\tround(ingress_bytes / bytes, 2) as \"Ingress Percentage\",\n\ttcp_logs as \"TCP Logs\",\n\tudp_logs as \"UDP Logs\",\n\tlogs as \"Logs\",\n\tegress_bytes as \"Egress Bytes\",\n\tingress_bytes as \"Ingress Bytes\",\n\tbytes as \"Bytes\"\nfrom\n\t(select\n\tsum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs,\n\tsum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs,\n\tsum(if(common_direction = 69, common_c2s_byte_num, common_s2c_byte_num)) as egress_bytes,\n\tsum(if(common_direction = 73, common_c2s_byte_num, common_s2c_byte_num)) as ingress_bytes,\n\tcount(*) as logs,\n\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = toDateTime('2022-07-19 00:00:00'))\n\t\tAND (common_recv_time < toDateTime('2022-07-20 00:00:00'))\n\tGROUP BY\n\t\tstat_time, common_app_label\n) group by common_app_label order by \"AVG Mbits / s\" desc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n common_app_label,\t\n round(median(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"Medain Mbits/s\",\n\tround(avg(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"AVG Mbits / s\",\n\tround(QUANTILE(traffic_bytes, 0.95) * 8 / 1000 / 1000 / 300,2) as \"P95 Mbits / s\"\nFROM\n\t(\n\tSELECT\n\t common_app_label,\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300) * 300) as stat_time,\n\t\tround(sum(common_c2s_byte_num + common_s2c_byte_num)/ uniq(common_server_ip),2) as traffic_bytes\n\tFROM\n\t\tsession_record as ss\n\tWHERE\n\t\t(common_recv_time >= toDateTime('2022-07-19 00:00:00'))\n\t\tAND (common_recv_time < toDateTime('2022-07-20 00:00:00'))\n\tGROUP BY\n\t\tstat_time, common_app_label\n) group by common_app_label order by \"AVG Mbits / s\" desc" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Domain Drill Down", + "item": [ + { + "name": "Domain Entity", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" , groupUniqArray(common_l7_protocol) as protocols,FROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" , median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes, any(common_server_location) as Location from session_record where common_server_domain='{{domain}}' and common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n\tdns_qname,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS server ip", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS IP Conversations With Highest Errors", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Requests With Highes Erros", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "DNS Resolver Amplification Attack", + "item": [ + { + "name": "DNS Resolvers", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolver Amlif Times", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolver Metrics trend", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolver rcode", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolvers by Victim IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=SELECT\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tany(common_server_location) as server_location\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "\nselect\n\tcount(*) as ips,\n\tsum(if(byte_ratio <= 1, 1, 0)) as \"1 times\",\n\tsum(if(byte_ratio > 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)" + } + ] + } + }, + "response": [] + }, + { + "name": "Ampli Attack Country Distribution", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "DNS NXDOMAIN Flood", + "item": [ + { + "name": "DNS Proxy Server", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') AND vsys_id IN (1) ORDER BY recv_time DESC LIMIT 20\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Total count of Session Record", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select count(*) as events from session_record where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') )\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Session Duration Distribution", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select min(duration) min_sec, median(duration) as median_sec, round(avg(duration),2) as avg_sec,round(QUANTILE(duration,0.8),2) as P80_sec, round(QUANTILE(duration,0.95),2) as P95_sec, round(QUANTILE(duration,0.99),2) as P99_sec, max(duration) as max_sec from ( select (toUnixTimestamp64Milli(end_timestamp_ms)-toUnixTimestamp64Milli(start_timestamp_ms))/1000 as duration FROM session_record WHERE recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') )\" , \"exec_mode\":\"oneshot\",\"output_mode\":\"json\"\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Security Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, security_mirrored_pkts, security_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, bgp_message_type, bgp_messages, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc FROM security_event AS security_record WHERE recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') AND vsys_id IN (1) ORDER BY recv_time DESC LIMIT 20\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Security Policy Rule Hits by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select security_action as action, count(*) as hits, sum(sent_bytes ) as bytes_sent, sum(received_bytes ) as bytes_received, sum(sent_bytes+received_bytes ) as bytes,sum(sent_pkts ) as packets_sent, sum(received_pkts ) as packets_received, sum(sent_pkts+received_pkts ) as packets from security_event where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time = FROM_UNIXTIME(UNIX_TIMESTAMP(now())-3600) and action=128 and vsys_id in (1,2,3,4) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M')),'shunt' union all select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M')) as stat_time, 'allow' as type, sum(hit_count) as events from security_rule_hits where __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-3600) and action=96 and vsys_id in (1,2,3,4) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M')),'allow' union all select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M')) as stat_time, 'deny' as type, sum(hit_count) as events from security_rule_hits where __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-3600) and action=16 and vsys_id in (1,2,3,4) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M')),'deny' union all select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M')) as stat_time, 'monitor' as type, sum(hit_count) as events from security_rule_hits where __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-3600) and action=1 and vsys_id in (1,2,3,4) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M')),'monitor' union all select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M')) as stat_time, 'intercept' as type, sum(hit_count) as events from security_rule_hits where __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-3600) and action=2 and vsys_id in (1,2,3,4) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M')), 'intercept'\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Security Hit Distribution of Logs by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time,'PT5M')) as stat_time, security_action as type, count(*) as events from security_event where recv_time > FROM_UNIXTIME(UNIX_TIMESTAMP(now())-3600) and vsys_id in (1,2,3,4) group by stat_time, security_action order by stat_time asc\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Total Security Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select count(*) as events from security_event where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') AND vsys_id IN (1) ORDER BY recv_time DESC LIMIT 20\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Transaction Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"SELECT recv_time, log_id, decoded_as, session_id, ingestion_time, processing_time, insert_time, address_type, vsys_id, client_ip, client_port, server_ip, server_port, sent_pkts, received_pkts, sent_bytes, received_bytes, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye FROM transaction_record AS transaction_record WHERE recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') AND vsys_id IN (1) ORDER BY recv_time DESC LIMIT 20\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "VoIP Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, security_mirrored_pkts, security_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, decoded_path, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc FROM voip_record AS voip_record WHERE recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') AND vsys_id IN (1) ORDER BY recv_time DESC LIMIT 20\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "DoS Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select vsys_id, recv_time, log_id, profile_id, start_time, end_time, attack_type, severity, conditions, destination_ip, destination_country, source_ip_list, source_country_list, session_rate, packet_rate, bit_rate FROM dos_event AS dos_event WHERE recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') AND vsys_id IN (1) ORDER BY recv_time DESC LIMIT 20\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "First and Last Insert", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select * from (select 'Session Records' as type, from_unixtime(min(recv_time) ) as first_time, from_unixtime(max(recv_time) ) as last_time from session_record where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Transaction Records' as type, from_unixtime(min(recv_time) ) as first_time, from_unixtime(max(recv_time) ) as last_time from transaction_record where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Security Event' as type, from_unixtime(min(recv_time) ) as first_time, from_unixtime(max(recv_time) ) as last_time from security_event where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Proxy Event' as type, from_unixtime(min(recv_time) ) as first_time, from_unixtime(max(recv_time) ) as last_time from proxy_event where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Monitor Events' as type, from_unixtime(min(recv_time) ) as first_time, from_unixtime(max(recv_time) ) as last_time from monitor_event where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') ) order by type\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "ETL and Insert Latency", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select 'Session Record' as type, round(count(*)/300,0) as \\\"logs/sec\\\", round(avg(processing_time-ingestion_time),2) as \\\"avg_etl_latency(s)\\\", round(avg(insert_time-ingestion_time),2) as \\\"avg_insert_latency(s)\\\" from session_record crl where recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}}) and recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Transaction Record' as type, round(count(*)/300,0) as \\\"logs/sec\\\", round(avg(processing_time-ingestion_time),2) as \\\"etl_latency(s)\\\", round(avg(insert_time-ingestion_time),2) as \\\"avg_insert_latency(s)\\\" from transaction_record crl where recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}}) and recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Security Event' as type, round(count(*)/300,0) as \\\"logs/sec\\\", round(avg(processing_time-ingestion_time),2) as \\\"avg_etl_latency(s)\\\", round(avg(insert_time-ingestion_time),2) as \\\"avg_insert_latency(s)\\\" from security_event crl where recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}}) and recv_time < UNIX_TIMESTAMP({{now}})\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Current Traffic Metrics by Session Records", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select sum(received_bytes)* 8 / 300 as trafficReceivedBits, sum(sent_bytes)* 8 / 300 as trafficSentBits, sum(received_bytes + sent_bytes)* 8 / 300 as trafficTotalBits, sum(received_pkts)/ 300 as trafficReceivedPackets, sum(sent_pkts)/ 300 as trafficSentPackets, sum(received_pkts + sent_pkts)/ 300 as trafficTotalPackets, count(1)/ 300 as sessions from session_record where recv_time >= UNIX_TIMESTAMP(now())-300 and vsys_id in (1,2,3,4,5,6,7,8)\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Traffic Distribution of Logs by Schema Type", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time,'PT5M')) as stat_time, decoded_as as type, count(1) as sessions, sum(sent_bytes + received_bytes) as bytes, sum(sent_pkts + received_pkts) as packets from session_record where recv_time > FROM_UNIXTIME(UNIX_TIMESTAMP(now())-3600) and vsys_id in (1,2,3,4) group by stat_time, decoded_as order by stat_time asc\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Proxy Intercept Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(recv_time) as recv_time, vsys_id,* from session_record where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4,5) and notEmpty(proxy_rule_list) order by recv_time desc limit 0 , 20\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Proxy Manipulation Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(recv_time) as recv_time, vsys_id,* from proxy_event where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4,5) order by recv_time desc limit 0 , 20\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Proxy Policy Rule Hits by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select proxy_action , count(*) as hits from proxy_event where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4,5) group by proxy_action\" ,\n \"exec_mode\":\"oneshot\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Total Proxy Events", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select count(*) as hit_count from proxy_event where recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time =FROM_UNIXTIME(UNIX_TIMESTAMP(now())-30) and __time= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S')) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 10000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Network Throughput in Bps", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time , avg(sum_in_bytes)/30 as avg_in_bytes_per_sec, avg(sum_out_bytes)/30 as avg_out_bytes_per_sec, avg(sum_bytes)/30 as avg_bytes_per_sec, max(sum_in_bytes)/30 as max_in_bytes_per_sec, max(sum_out_bytes)/30 as max_out_bytes_per_sec, max(sum_bytes)/30 as max_bytes_per_sec, min(sum_in_bytes)/30 as min_in_bytes_per_sec, min(sum_out_bytes)/30 as min_out_bytes_per_sec, min(sum_bytes)/30 as min_bytes_per_sec from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time, sum(in_bytes) as sum_in_bytes, sum(out_bytes) as sum_out_bytes, sum(in_bytes + out_bytes) as sum_bytes from traffic_general_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S')) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 10000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Network Throughput in pkts/s", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " ", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time , avg(sum_in_pkts)/30 as avg_in_pkts_per_sec, avg(sum_out_pkts)/30 as avg_out_pkts_per_sec, avg(sum_pkts)/30 as avg_pkts_per_sec, max(sum_in_pkts)/30 as max_in_pkts_per_sec, max(sum_out_pkts)/30 as max_out_pkts_per_sec, max(sum_pkts)/30 as max_pkts_per_sec, min(sum_in_pkts)/30 as min_in_pkts_per_sec, min(sum_out_pkts)/30 as min_out_pkts_per_sec, min(sum_pkts)/30 as min_pkts_per_sec from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time, sum(in_pkts) as sum_in_pkts, sum(out_pkts) as sum_out_pkts, sum(in_pkts + out_pkts) as sum_pkts from traffic_general_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S')) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Network Throughput in sessions/s", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " ", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time , avg(sum_sessions)/30 as avg_sessions_per_sec, max(sum_sessions)/30 as max_sessions_per_sec, min(sum_sessions)/30 as min_sessions_per_sec from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time, sum(sessions) as sum_sessions from traffic_general_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S')) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Network Throughput Active Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " ", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time, avg(sum_active_sessions) as avg_active_sessions, max(sum_active_sessions) as max_active_sessions, min(sum_active_sessions) as min_active_sessions from ( select stat_time, sum(max_active_sessions) sum_active_sessions from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time, device_id, vsys_id, max(active_sessions) as max_active_sessions from traffic_general_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'), device_id, vsys_id ) group by stat_time ) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Total Security Policy Rule Hits by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " ", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"SELECT (CASE WHEN action = 1 THEN 'Monitor' WHEN action = 2 THEN 'Intercept' WHEN action = 16 THEN 'Deny' WHEN action = 48 THEN 'Manipulation' WHEN action = 96 THEN 'Allow' WHEN action = 128 THEN 'Shunt' ELSE concat(action) END) as action, SUM(hit_count) as hit_count, SUM(in_bytes + out_bytes) as bytes, SUM(in_pkts + out_pkts) as packets from security_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) GROUP BY action order by action\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Security Policy Rule Hits Trend by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " ", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time, (CASE WHEN action = 1 THEN 'Monitor' WHEN action = 2 THEN 'Intercept' WHEN action = 16 THEN 'Deny' WHEN action = 48 THEN 'Manipulation' WHEN action = 96 THEN 'Allow' WHEN action = 128 THEN 'Shunt' ELSE concat(action) END) as action, sum(hit_count) as hit_count, sum(in_bytes + out_bytes) as bytes, SUM(in_pkts + out_pkts) as packets from security_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) , action order by stat_time limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Security Policy Rule Hits", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " ", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select rule_id, action, sum(hit_count) as hits from security_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by rule_id, action order by hits desc limit 100\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Total Proxy Manipulate Rule Hits by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select sub_action, sum(hit_count) as hits from proxy_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and action = 48 group by sub_action order by sub_action\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Proxy Manipulate Rule Hits Trend by Action", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time, sub_action, sum(hit_count) as hits from proxy_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and action = 48 group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) , sub_action order by stat_time asc limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Proxy Policy Hits", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select rule_id, sub_action, sum(hit_count) as hits from proxy_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and vsys_id in (1,2,3,4,5) and action = 48 group by rule_id, sub_action order by hits desc limit 100\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Proxy SSL Intercept Pinning", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time, (CASE WHEN pinning_status = 0 THEN 'not_pinning_num' WHEN pinning_status = 1 THEN 'pinning_num' WHEN pinning_status = 2 THEN 'maybe_pinning_num' ELSE concat(pinning_status) END) as type, SUM(hit_count) as hits from proxy_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and action = 2 group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) , (CASE WHEN pinning_status = 0 THEN 'not_pinning_num' WHEN pinning_status = 1 THEN 'pinning_num' WHEN pinning_status = 2 THEN 'maybe_pinning_num' ELSE concat(pinning_status) END) order by stat_time asc limit 100\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Application and Protocol", + "item": [ + { + "name": "application-and-protocol-summary", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"application-and-protocol-summary\",\n \"granularity\": \"PT5M\",\n \"filter\": \"vsys_id in (1,2,3,4,5)\",\n \"intervals\": [\"{{start_time}}/{{end_time}}\"],\n \"exec_mode\" : \"oneshot\"\n \n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/dsl", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "dsl" + ] + } + }, + "response": [] + }, + { + "name": "application-and-protocol-tree-composition", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"application-and-protocol-tree-composition\",\n \"filter\": \"vsys_id in (1,2,3,4,5)\",\n \"intervals\": [\"{{start_time}}/{{end_time}}\"],\n \"exec_mode\" : \"oneshot\"\n \n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/dsl", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "dsl" + ] + } + }, + "response": [] + }, + { + "name": "application-and-protocol-tree-throughput", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"application-and-protocol-tree-throughput\",\n \"granularity\":\"PT15s\",\n \"filter\": \"vsys_id in (1,2,3,4,5) AND (protocol_stack_id = 'ETHERNET' OR (protocol_stack_id LIKE 'ETHERNET.%' AND NOT CONTAINS_STRING(REPLACE(protocol_stack_id, 'ETHERNET.', ''), '.')))\",\n \"intervals\": [\"{{start_time}}/{{end_time}}\"],\n \"exec_mode\" : \"oneshot\"\n \n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/dsl", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "dsl" + ] + } + }, + "response": [] + }, + { + "name": "application-and-protocol-top-apps", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"application-and-protocol-top-apps\",\n \"filter\": \"vsys_id in (1,2,3,4,5)\",\n \"intervals\": [\"{{start_time}}/{{end_time}}\"],\n \"exec_mode\" : \"oneshot\"\n \n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/dsl", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "dsl" + ] + } + }, + "response": [] + }, + { + "name": "application-and-protocol-app-related-internal-ips", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"application-and-protocol-app-related-internal-ips\",\n \"filter\": \"vsys_id in (1,2,3,4,5) and app in ('http')\",\n \"intervals\": [\"{{start_time}}/{{end_time}}\"],\n \"exec_mode\" : \"oneshot\",\n \"limit\" : 10\n \n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/dsl", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "dsl" + ] + } + }, + "response": [] + }, + { + "name": "application-and-protocol-app-throughput", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"application-and-protocol-app-throughput\",\n \"granularity\": \"PT30S\",\n \"filter\": \"vsys_id in (1,2,3,4,5) and app_name in ('http')\",\n \"intervals\": [\"{{start_time}}/{{end_time}}\"],\n \"exec_mode\" : \"oneshot\"\n \n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/dsl", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "dsl" + ] + } + }, + "response": [] + }, + { + "name": "application-and-protocol-app-summary", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"application-and-protocol-app-summary\",\n \"filter\": \"vsys_id in (1,2,3,4,5) and app_name in ('http')\",\n \"intervals\": [\"{{start_time}}/{{end_time}}\"],\n \"exec_mode\" : \"oneshot\"\n \n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/dsl", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "dsl" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Top Metric", + "item": [ + { + "name": "Top Client IPs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " ", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select client_ip as client_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_client_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'sessions' group by client_ip order by sessions desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Client IPs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select client_ip as client_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets,sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_client_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric='packets' group by client_ip order by packets desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Client IPs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select client_ip as client_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_client_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'bytes' group by client_ip order by bytes desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Server IPs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select server_ip as server_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_server_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'sessions' group by server_ip order by sessions desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Server IPs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select server_ip as server_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_server_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'packets' group by server_ip order by packets desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Server IPs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select server_ip as server_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_server_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'bytes' group by server_ip order by bytes desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Internal IPs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select internal_ip as internal_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_internal_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'sessions' group by internal_ip order by sessions desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Internal IPs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select internal_ip as internal_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_internal_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'packets' group by internal_ip order by packets desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Internal IPs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select internal_ip as internal_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_internal_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'bytes' group by internal_ip order by bytes desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top External IPs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select external_ip as external_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_external_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'sessions' group by external_ip order by sessions desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top External IPs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select external_ip as external_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_external_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'packets' group by external_ip order by packets desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top External IPs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select external_ip as external_ip, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_external_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'bytes' group by external_ip order by bytes desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Server Domains in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select domain, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_server_domains where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'sessions' group by domain order by sessions desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Server Domains in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select domain, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_server_domains where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'packets' group by domain order by packets desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Server Domains in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select domain, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_server_domains where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'bytes' group by domain order by bytes desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Server FQDNs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select fqdn, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_server_fqdns where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'sessions' group by fqdn order by sessions desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Server FQDNs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select fqdn, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_server_fqdns where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'packets' group by fqdn order by packets desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Server FQDNs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select fqdn, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_server_fqdns where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'bytes' group by fqdn order by bytes desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Subscriber IDs in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select subscriber_id, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_subscribers where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'sessions' group by subscriber_id order by sessions desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Subscriber IDs in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select subscriber_id, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_subscribers where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'packets' group by subscriber_id order by packets desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Subscriber IDs in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select subscriber_id, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from top_subscribers where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and metric = 'bytes' group by subscriber_id order by bytes desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Apps in Packets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select app_name, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from application_protocol_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and app_name IS NOT NUll group by app_name order by packets desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Apps in Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select app_name, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from application_protocol_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and app_name IS NOT NUll group by app_name order by bytes desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top Apps in Sessions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select app_name, sum(sessions) as sessions, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(in_bytes + out_bytes) as bytes, sum(in_pkts) as in_packets , sum(out_pkts) as out_packets, sum(in_pkts + out_pkts) as packets from application_protocol_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and app_name IS NOT NUll group by app_name order by sessions desc limit 10\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Traffic Shaping", + "item": [ + { + "name": "Shaping Profiles Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select profile_id, sum(in_bytes+out_bytes) as bytes, sum(in_pkts+out_pkts) as packets, sum(in_drop_pkts+out_drop_pkts) as drops, max(in_max_latency_us+out_max_latency_us) as max_latency_us, avg(in_queue_len+out_queue_len) as avg_q, max(in_queue_len+out_queue_len) as max_q from traffic_shaping_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by profile_id\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Shaping Rule Summary", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select rule_id,DATE_FORMAT(max(__time) ,'%Y-%m-%d %H:%i:%s') as last_used,DATE_FORMAT(min(__time) ,'%Y-%m-%d %H:%i:%s') as first_used, sum(in_bytes+out_bytes) as total_bytes from traffic_shaping_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) and rule_id in (1,2,103,273) group by rule_id\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Shaping Profile Summary", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select profile_id, DATE_FORMAT(max(__time) ,'%Y-%m-%d %H:%i:%s') as last_used, DATE_FORMAT(min(__time) ,'%Y-%m-%d %H:%i:%s') as first_used, sum(in_drop_pkts+out_drop_pkts) as drops from traffic_shaping_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) and profile_id in (1,2,103,273) group by profile_id\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Shaping Profile Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select sum(bytes)*8/10 as bps, sum(packets)/10 as pps, max(max_latency_us) as max_latency_us, avg(avg_q) as avg_q, max(max_q) as max_q from ( select device_id, vsys_id, sum(in_bytes+out_bytes) as bytes, sum(in_pkts+out_pkts) as packets, max(in_max_latency_us+out_max_latency_us) as max_latency_us, avg(in_queue_len+out_queue_len) as avg_q, max(in_queue_len+out_queue_len) as max_q from traffic_shaping_rule_hits where __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-10) and vsys_id in (1,2,3,4,5) and profile_id =1 group by device_id, vsys_id )\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Shaping Rule/Profile Throughput", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1s', 'zero')) as stat_time, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes from traffic_shaping_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and profile_id=273 group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1s', 'zero')) order by stat_time asc limit 100\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Service Chaining", + "item": [ + { + "name": "Chaining Rule or Function Throuphput Trend", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1s', 'zero')) as stat_time, sum(sent_bytes) as sent_bytes, sum(recv_bytes) as received_bytes from service_chaining_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and ( rule_id in (1,2,3,4,5) or sff_profile_id in (1,2,3,4,5) or sf_profile_id in (1,2,3,4,5)) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1s', 'zero')) order by stat_time asc limit 100\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Chaining Rule Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select rule_id, sum(sent_bytes) as sent_bytes, sum(recv_bytes) as received_bytes, sum(sent_pkts) as sent_packets, sum(recv_pkts) as received_packets from service_chaining_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and rule_id in (1,2,3,4,5) group by rule_id\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Function Forwarder Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select sff_profile_id, sum(sent_bytes) as sent_bytes, sum(recv_bytes) as received_bytes, sum(sent_pkts) as sent_packets, sum(recv_pkts) as received_packets from service_chaining_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and sff_profile_id in (1,2,3,4,5) group by sff_profile_id\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Function Profile Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select sf_profile_id, sum(sent_bytes) as sent_bytes, sum(recv_bytes) as received_bytes, sum(sent_pkts) as sent_packets, sum(recv_pkts) as received_packets from service_chaining_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and sf_profile_id in (1,2,3,4,5) group by sf_profile_id\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Function Profile Status", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"SELECT sf_profile_id, sf_status, CASE WHEN last_active_time = 0 THEN '' ELSE FROM_UNIXTIME(last_active_time) END AS last_active_time, CASE WHEN last_inactive_time = 0 THEN '' ELSE FROM_UNIXTIME(last_inactive_time) END AS last_inactive_time FROM ( SELECT sf_profile_id, LATEST(sf_status) as sf_status, MAX(CASE WHEN sf_status = 1 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_active_time, MAX(CASE WHEN sf_status = 0 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_inactive_time from service_function_status where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and sf_profile_id in (1,2,3,4,5) group by sf_profile_id)\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Object Statistics", + "item": [ + { + "name": "Top 30 Objects by Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select object_id, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(bytes) as bytes, sum(new_in_sessions) as new_in_sessions, sum(new_out_sessions) as new_out_sessions, sum(sessions) as sessions from object_statistics where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by object_id order by bytes desc limit 30\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Parent Level Object Stat", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(bytes) as bytes, sum(new_in_sessions) as new_in_sessions, sum(new_out_sessions) as new_out_sessions, sum(sessions) as sessions from object_statistics where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and object_id > 0\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Top 30 Items by Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select item_id, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(bytes) as bytes, sum(new_in_sessions) as new_in_sessions, sum(new_out_sessions) as new_out_sessions, sum(sessions) as sessions from object_statistics where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by item_id order by bytes desc limit 30\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Object Traffic Stat Trend", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time , sum(in_bytes) as in_bytes, avg(in_bytes)* 8 / 30 as avg_in_bits_per_sec, sum(out_bytes) as out_bytes, avg(out_bytes)* 8 / 30 as avg_out_bits_per_sec, sum(bytes) as bytes, avg(bytes)* 8 / 30 as avg_bits_per_sec, sum(new_in_sessions) as new_in_sessions, avg(new_in_sessions)/ 30 as avg_new_in_sessions_per_sec, sum(new_out_sessions) as new_out_sessions, avg(new_out_sessions)/ 30 as avg_new_out_sessions_per_sec, sum(sessions) as sessions, avg(sessions)/ 30 as avg_sessions_per_sec from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S') as stat_time, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(bytes) as bytes, sum(new_in_sessions) as new_in_sessions, sum(new_out_sessions) as new_out_sessions, sum(sessions) as sessions from object_statistics where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and object_id = 1 group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S')) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Item Traffic Stat Trend", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time , sum(in_bytes) as in_bytes, avg(in_bytes)* 8 / 30 as avg_in_bits_per_sec, sum(out_bytes) as out_bytes, avg(out_bytes)* 8 / 30 as avg_out_bits_per_sec, sum(bytes) as bytes, avg(bytes)* 8 / 30 as avg_bits_per_sec, sum(new_in_sessions) as new_in_sessions, avg(new_in_sessions)/ 30 as avg_new_in_sessions_per_sec, sum(new_out_sessions) as new_out_sessions, avg(new_out_sessions)/ 30 as avg_new_out_sessions_per_sec, sum(sessions) as sessions, avg(sessions)/ 30 as avg_sessions_per_sec from (select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S') as stat_time, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(bytes) as bytes, sum(new_in_sessions) as new_in_sessions, sum(new_out_sessions) as new_out_sessions, sum(sessions) as sessions from object_statistics where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and item_id = 1 group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S')) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Statistics Rule", + "item": [ + { + "name": "Incoming Bytes, Outgoing Bytes and Bytes", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time , sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(bytes) as bytes from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(bytes) as bytes from statistics_rule where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and version=1 group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT15S')) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Average Incoming bits/s, Average Outgoing bits/s and Average bits/s", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time, avg(in_bytes)*8/30 as avg_in_bits_per_sec, avg(out_bytes)*8/30 as avg_out_bits_per_sec, avg(bytes)*8/30 as avg_bits_per_sec from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time, sum(in_bytes) as in_bytes, sum(out_bytes) as out_bytes, sum(bytes) as bytes from statistics_rule where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT15S')) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Unique Client IPs and Unique Server IPs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time, APPROX_COUNT_DISTINCT_HLLD(client_ip_sketch) as unique_client_ips, APPROX_COUNT_DISTINCT_HLLD(server_ip_sketch) as unique_server_ips from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time, HLLD(client_ip_sketch) as client_ip_sketch, HLLD(server_ip_sketch) as server_ip_sketch from statistics_rule where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S')) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "95th TCP Latency (ms) and 99th TCP Latency (ms)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time, QUANTILE_HDR(latency_ms_sketch,0.95) as p95th_tcp_latency_ms, QUANTILE_HDR(latency_ms_sketch,0.99) as p99th_tcp_latency_ms from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time, HDR_HISTOGRAM(latency_ms_sketch) as latency_ms_sketch from statistics_rule where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S')) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Histogram TCP Latency (ms)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select PERCENTILES_HDR(latency_ms_sketch) as histogram_tcp_latency_ms,HDR_GET_QUANTILES(HDR_HISTOGRAM(latency_ms_sketch), 0.5,0.95,0.99) as tcp_latency_quantiles from statistics_rule where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and rule_id=1\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Bytes and Sessions Distributed by Application", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select application, sum(bytes) as bytes, sum(sessions) as sessions from statistics_rule where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by application order by bytes desc limit 1024\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Bytes and Sessions Distributed by Server IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select server_ip, sum(bytes) as bytes, sum(sessions) as sessions from statistics_rule where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by server_ip order by bytes desc limit 1024\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Bytes and Sessions Distributed by FQDN Category", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select fqdn_category, sum(bytes) as bytes, sum(sessions) as sessions from statistics_rule where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by fqdn_category order by bytes desc limit 1024\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Multi-value Raw Column Distribution of FQDN Category", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select MV_TO_STRING(fqdn_category,',') , sum(bytes) as bytes, sum(sessions) as sessions from statistics_rule where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and fqdn_category is not null group by MV_TO_STRING(fqdn_category,',') order by bytes desc limit 1024\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Multi-value Distribution of FQDN Category", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select fqdn_category , sum(bytes) as bytes, sum(sessions) as sessions from statistics_rule where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) and fqdn_category is not null group by fqdn_category order by bytes desc limit 1024\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "New Unestablished Sessions Distributed by Client IP and Server IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select client_ip, server_ip, sum(new_unestablished_sessions) as new_unestablished_sessions from statistics_rule where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by client_ip, server_ip order by new_unestablished_sessions desc limit 100\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Statistics Rule Throughput", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time , avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec, avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec, avg(sum_bytes)*8/30 as avg_bits_per_sec, sum(sum_in_bytes) as total_in_bytes, sum(sum_out_bytes) as total_out_bytes, sum(sum_bytes) as total_bytes from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time, sum(in_bytes) as sum_in_bytes, sum(out_bytes) as sum_out_bytes, sum(in_bytes + out_bytes) as sum_bytes from statistics_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S')) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) order by stat_time asc limit 1000\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "DoS Threat Map", + "item": [ + { + "name": "dos-threat-map-top-source-countries", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\":\"select arrayJoin(splitByString(',',source_country_list)) as source_country, count(*) as count from dos_event where start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time = UNIX_TIMESTAMP('{{start_time}}') and start_time = UNIX_TIMESTAMP('{{start_time}}') and start_time = UNIX_TIMESTAMP('{{start_time}}') and start_time = UNIX_TIMESTAMP('{{start_time}}')and start_time = UNIX_TIMESTAMP('{{start_time}}') and start_time = UNIX_TIMESTAMP('{{start_time}}') and start_time =UNIX_TIMESTAMP('{{start_time}}') and recv_time <=UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4,5,6,7,8)\",\n \"custom.field_discovery.metric\": \"sessions\",\n \"custom.field_discovery.metric.fn\": \"sum\",\n \"custom.field_discovery.fields\": [\n \"log_id\",\n \"security_action\",\n \"app\",\n \"client_ip\",\n \"server_ip\",\n \"client_port\",\n \"server_port\",\n \"decoded_as\",\n \"server_domain\"\n ]\n \n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/dsl", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "dsl" + ] + } + }, + "response": [] + }, + { + "name": "field-discovery-session-record-result", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " postman.clearEnvironmentVariable(\"fd_job_id\");", + "", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/x-www-form-urlencoded", + "type": "text" + } + ], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/job/{{fd_job_id}}/result", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "job", + "{{fd_job_id}}", + "result" + ] + } + }, + "response": [] + }, + { + "name": "field-discovery-statistics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " postman.setEnvironmentVariable(\"fd_statistics_job_id\", JSON.parse(responseBody).job.job_id);", + "", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" :\"select client_ip,count(*) as count from session_record where recv_time >=UNIX_TIMESTAMP('{{start_time}}') and recv_time <=UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4,5) group by client_ip order by count asc limit 10\"\n \n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "field-discovery-statistics-result", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " postman.clearEnvironmentVariable(\"fd_job_id\");", + "", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/x-www-form-urlencoded", + "type": "text" + } + ], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/job/{{fd_statistics_job_id}}/result", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "job", + "{{fd_statistics_job_id}}", + "result" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "IP Learning", + "item": [ + { + "name": "ip-learning-fqdn-relate-ips", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"name\": \"ip-learning-fqdn-relate-ips\",\r\n \"filter\" : \"vsys_id in (1,2,3,4,5) AND protocol in ('SSL', 'HTTP','DNS') AND depth=1 and uniq_cip > 12 AND fqdn_name in ('google.com', 'itunes.apple.com') \",\r\n \"intervals\":[\"{{start_time}}/{{end_time}}\"],\r\n \"limit\": 100,\r\n \"exec_mode\": \"oneshot\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/dsl", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "dsl" + ] + } + }, + "response": [] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "First and Last Found of Metric Sources", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\": \"select 'General Metrics' as type, min(__time) as first_time, max(__time) as last_time from traffic_general_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'Security Policy Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from security_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'Proxy Policy Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from proxy_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'Traffic Shaping Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from traffic_shaping_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'Service Chaining Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from service_chaining_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'Internal IPs' as type, min(__time) as first_time, max(__time) as last_time from top_internal_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'External IPs' as type, min(__time) as first_time, max(__time) as last_time from top_external_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'Subscriber IDs' as type, min(__time) as first_time, max(__time) as last_time from top_subscribers where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'Client IPs' as type, min(__time) as first_time, max(__time) as last_time from top_client_ips union all select 'Server IPs' as type, min(__time) as first_time, max(__time) as last_time from top_server_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'Server Domains' as type, min(__time) as first_time, max(__time) as last_time from top_server_domains where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'Server FQDNs' as type, min(__time) as first_time, max(__time) as last_time from top_server_fqdns where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'Application Protocol Stat' as type, min(__time) as first_time, max(__time) as last_time from application_protocol_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8) union all select 'Storage Quota' as type, min(__time) as first_time, max(__time) as last_time from sys_storage_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5,6,7,8)\" ,\n \"output_mode\":\"json\",\n \"exec_mode\":\"oneshot\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + } + ], + "description": "# Dashboard 业务\n\nDashboard 为预聚合计数操作,接入数据源有四处(KAFKA TOPIC):\n\n* TRAFFIC-METRICS-LOG : 功能端5秒输出一次\n* CONNECTION-RECORD-COMPLETE-LOG: 数据平台接收CONNECTION-RECORD-LOG 补全后实时输出。\n* PROXY/SECURITY-EVENT-COMPLETE-LOG: 数据平台接收PROXY/SECURITY 命中策略日志补全后实时输出。\n\n## 流量计数Metrics \n\n**功能端 - Kafka(TRAFFIC-METRICS-LOG 每5秒 ) - Druid** \n\n所有基础Metrics(非内容级别的统计)都为功能端提前预聚合输出到TRAFFIC-METRICS-LOG 中,最终数据平台写入Druid 中,供API查询。具体包含:\n\n* System Overview (Traffic 、New、Live)\n* Policy Hits by Action(Security)\n* Policy Hits by Action (proxy) 、Pinning\n\n## TOPN 计算\n\n**流程1:功能端 - Kafka(原始日志) - 补全 - Druid** // 统计安全策略与代理策略结果,每1分钟\n\n**流程2:功能端 - Kafka(原始日志) - 补全 - Druid - 调度任务 - kafka -Druid ** // TOPN 计算,每5分钟\n\n所有内容级别,为数据平台进行实时统计,将指标输出到Druid中,供API进行查询。具体包含:\n\n* Top Hits (security) - 流程1\n\n* Top Hits (proxy) - 流程1\n\n* Endpoints (Active Client/Server/Internal/External , Top Domains, Active Subscriber ID,Top urls) - 流程2\n\n ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Create SQL Query", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " // Set an environment variable", + " postman.setEnvironmentVariable(\"normal_job_id\", JSON.parse(responseBody).job.job_id);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, security_mirrored_pkts, security_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, fqdn_category_list, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, bgp_message_type, bgp_messages, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, tunnels, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc FROM session_record AS session_record WHERE recv_time >= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') AND vsys_id IN (1) ORDER BY recv_time DESC LIMIT 20\" ,\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Create SQL Explain Query", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200); ", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"explain select min(duration) min, median(duration) as median,avg(duration) as avg, round(QUANTILE(duration,0.8),2) as p80, round(QUANTILE(duration,0.95),2) as p95, round(QUANTILE(duration,0.99),2) as p99, max(duration) as max from ( select (processing_time-recv_time) as duration FROM session_record WHERE recv_time >= UNIX_TIMESTAMP(now())-86400 and recv_time= UNIX_TIMESTAMP('{{start_time}}') and recv_time < UNIX_TIMESTAMP('{{end_time}}') AND vsys_id IN (1) ORDER BY recv_time DESC LIMIT 20\" ,\n \"exec_mode\":\"blocking\",\n \"output_mode\":\"json\"\n\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/query/sql", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "query", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Create Saved SQL Query", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + " // Set an environment variable", + " postman.setEnvironmentVariable(\"saved_query_job_id\", JSON.parse(responseBody).job.job_id);", + "});", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "followOriginalHttpMethod": false, + "followRedirects": false + }, + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"statement\" : \"select uniq(common_client_ip) as \\\"Client IPs\\\", uniq(common_server_ip) as \\\"Server IPs\\\",uniq(common_internal_ip) as \\\"Internal IPs\\\",uniq(common_external_ip) as \\\"External IPs\\\",uniq(http_domain) as \\\"Domains\\\",uniq(http_host) as \\\"Hosts\\\", uniq(ssl_sni) as \\\"SNIs\\\" from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time = UNIX_TIMESTAMP('{{start_time}}') and recv_time (now()-86400)\n and event_time < now()\norder by\n event_time desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n initial_query_id,\n type as error_type,\n query_start_time,\n intDiv(query_duration_ms,1000) as query_duration_s ,\n query ,\n exception,\n initial_user ,\n http_user_agent ,\n initial_address\nFROM\n system.query_log_cluster\nwhere\n type IN ('ExceptionBeforeStart', 'ExceptionWhileProcessing')\n and initial_query_id = query_id\n and event_time > (now()-86400)\n and event_time < now()\norder by\n event_time desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Historical Slow Queries", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n databases,\n initial_query_id ,\n query,\n event_time,\n intDiv(query_duration_ms,1000) as query_duration_s,\n read_rows ,\n read_bytes ,\n initial_user,\n http_user_agent,\n initial_address\n from\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\norder by\n query_duration_ms desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n databases,\n initial_query_id ,\n query,\n event_time,\n intDiv(query_duration_ms,1000) as query_duration_s,\n read_rows ,\n read_bytes ,\n initial_user,\n http_user_agent,\n initial_address\n from\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\norder by\n query_duration_ms desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Most Frequent Query Columns", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n arrayJoin(columns) as used_columns,\n count() as columns_num\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\ngroup by\n used_columns\norder by\n columns_num desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n arrayJoin(columns) as used_columns,\n count() as columns_num\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\ngroup by\n used_columns\norder by\n columns_num desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Aggregate Queries Latency Statistics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n intDiv(max(query_duration_ms),1000) as max_query_duration_s,\n QUANTILE(query_duration_ms, 0.95)/1000 as p95_query_duration_s, \n max(read_rows) ,\n anyLast(http_user_agent) as last_http_user_agent,\n used_aggregate_functions,\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_query_duration_s desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n intDiv(max(query_duration_ms),1000) as max_query_duration_s,\n QUANTILE(query_duration_ms, 0.95)/1000 as p95_query_duration_s, \n max(read_rows) ,\n anyLast(http_user_agent) as last_http_user_agent,\n used_aggregate_functions,\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_query_duration_s desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Aggregate Queries Resource Usage Statistics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n toInt64(avg(memory_usage))/1024/1024 as avg_memory_MB,\n used_aggregate_functions,\navg(ProfileEvents%5B'FileOpen'%5D)%20as%20FileOpen%2C%0A%20%20%20%20avg(ProfileEvents%5B'DiskReadElapsedMicroseconds'%5D)%2F1000000%20as%20DiskRead_s%2C\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id != query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_memory_MB desc\nlimit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n toInt64(avg(memory_usage))/1024/1024 as avg_memory_MB,\n used_aggregate_functions,\navg(ProfileEvents%5B'FileOpen'%5D)%20as%20FileOpen%2C%0A%20%20%20%20avg(ProfileEvents%5B'DiskReadElapsedMicroseconds'%5D)%2F1000000%20as%20DiskRead_s%2C\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id != query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_memory_MB desc\nlimit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "Top 10 Queries using the most CPU and memory", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n type,\n event_time,\n initial_query_id,\n formatReadableSize(memory_usage) AS memory,\n %60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'UserTimeMicroseconds')%5D%20AS%20userCPU%2C%0A%20%20%20%20%60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'SystemTimeMicroseconds')%5D%20AS%20systemCPU%2C\n normalizedQueryHash(query) AS normalized_query_hash\nFROM system.query_log_cluster where query_start_time>(now()-86400)\nORDER BY memory_usage DESC\nLIMIT 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n type,\n event_time,\n initial_query_id,\n formatReadableSize(memory_usage) AS memory,\n %60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'UserTimeMicroseconds')%5D%20AS%20userCPU%2C%0A%20%20%20%20%60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'SystemTimeMicroseconds')%5D%20AS%20systemCPU%2C\n normalizedQueryHash(query) AS normalized_query_hash\nFROM system.query_log_cluster where query_start_time>(now()-86400)\nORDER BY memory_usage DESC\nLIMIT 10" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Apache Druid", + "item": [ + { + "name": "used_size", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT SUM(curr_size)/1024/1024/1024 AS curr_size_GB FROM sys.servers WHERE server_type = 'historical'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "max_size", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT SUM(max_size)/1024/1024/1024 AS max_size_GB FROM sys.servers WHERE server_type = 'historical'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Report and Metrics", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\"query\":\"SELECT used_size/1024/1024/1024 as used_size_GB FROM sys_storage_log WHERE log_type = 'Report and Metrics' ORDER BY __time DESC LIMIT 1\",\"context\":{\"skipEmptyBuckets\":\"false\"},\"resultFormat\":\"object\"}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "The Latest Ingestion Date for Druid", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\"query\":\"SELECT version FROM sys.segments WHERE version LIKE '2%' ORDER BY version DESC LIMIT 1\"}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "The Earliest Ingestion Date for Druid", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT \\\"start\\\" FROM sys.segments order by \\\"start\\\" limit 1\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "Druid Tables", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT datasource FROM sys.tasks group by datasource\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "password-generator", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "password", + "value": "1234", + "type": "text" + }, + { + "key": "salt", + "value": "galaxy", + "type": "text" + } + ] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/util/password_generator", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "util", + "password_generator" + ] + } + }, + "response": [] + }, + { + "name": "sql-parser", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "urlencoded", + "urlencoded": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/util/sql_parser?sql=select * from session_record limit 1", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "util", + "sql_parser" + ], + "query": [ + { + "key": "sql", + "value": "select * from session_record limit 1" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Troubleshooting", + "item": [ + { + "name": "component-health-status", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/troubleshooting/component/status", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "troubleshooting", + "component", + "status" + ] + }, + "description": "查询数据引擎引用的数据库健康状态及目前的配置。" + }, + "response": [] + }, + { + "name": "ttl-consistency-test", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/troubleshooting/sanity?test=ttl_consistency", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "troubleshooting", + "sanity" + ], + "query": [ + { + "key": "test", + "value": "ttl_consistency" + } + ] + } + }, + "response": [] + }, + { + "name": "sql-benchmark-test", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/troubleshooting/benchmark?test=sql_validation&category=traffic_general_stat&is_saved=0", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "troubleshooting", + "benchmark" + ], + "query": [ + { + "key": "test", + "value": "sql_validation" + }, + { + "key": "category", + "value": "traffic_general_stat" + }, + { + "key": "is_saved", + "value": "0" + } + ] + } + }, + "response": [] + }, + { + "name": "apache-druid-task-status", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + "", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/indexer/v1/supervisor?state=true", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "indexer", + "v1", + "supervisor" + ], + "query": [ + { + "key": "state", + "value": "true" + } + ] + }, + "description": "1. 将环境切换至 druid\r\n\r\n2. 执行此接口,如果接口正常返回数据,代表druid服务运行正常" + }, + "response": [] + }, + { + "name": "saved-query-scheduler-status", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{report_ip}}:{{report_port}}/monitor", + "protocol": "http", + "host": [ + "{{report_ip}}" + ], + "port": "{{report_port}}", + "path": [ + "monitor" + ] + } + }, + "response": [] + }, + { + "name": "hos-status", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{hos_ip}}:{{hos_port}}/admin/verification", + "protocol": "http", + "host": [ + "{{hos_ip}}" + ], + "port": "{{hos_port}}", + "path": [ + "admin", + "verification" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "HOS", + "item": [ + { + "name": "Get File List", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/x-www-form-urlencoded", + "type": "text" + } + ], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/v1/hos/pcap_file_bucket?prefix=1", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "v1", + "hos", + "pcap_file_bucket" + ], + "query": [ + { + "key": "prefix", + "value": "1" + } + ] + } + }, + "response": [] + }, + { + "name": "Test All Buckets", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Token", + "type": "text", + "value": "{{hos_token}}" + } + ], + "url": { + "raw": "http://{{hos_ip}}:{{hos_port}}/hos/", + "protocol": "http", + "host": [ + "{{hos_ip}}" + ], + "port": "{{hos_port}}", + "path": [ + "hos", + "" + ], + "query": [ + { + "key": "AccessKey", + "value": "default", + "disabled": true + } + ] + } + }, + "response": [] + }, + { + "name": "Test List Objects", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Token", + "type": "text", + "value": "{{hos_token}}" + } + ], + "url": { + "raw": "http://{{hos_ip}}:{{hos_port}}/hos/pcap_file_bucket/?max-keys=100", + "protocol": "http", + "host": [ + "{{hos_ip}}" + ], + "port": "{{hos_port}}", + "path": [ + "hos", + "pcap_file_bucket", + "" + ], + "query": [ + { + "key": "AccessKey", + "value": "default", + "disabled": true + }, + { + "key": "max-keys", + "value": "100" + } + ] + } + }, + "response": [] + }, + { + "name": "Test Get Object Metadata", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Token", + "type": "text", + "value": "{{hos_token}}" + } + ], + "url": { + "raw": "http://{{hos_ip}}:{{hos_port}}/hos/default/galaxy-hos.txt?metadata=", + "protocol": "http", + "host": [ + "{{hos_ip}}" + ], + "port": "{{hos_port}}", + "path": [ + "hos", + "default", + "galaxy-hos.txt" + ], + "query": [ + { + "key": "metadata", + "value": "" + }, + { + "key": "AccessKey", + "value": "default", + "disabled": true + } + ] + } + }, + "response": [] + }, + { + "name": "Test Get a File", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Token", + "type": "text", + "value": "{{hos_token}}" + } + ], + "url": { + "raw": "http://{{hos_ip}}:{{hos_port}}/hos/default/galaxy-hos.txt", + "protocol": "http", + "host": [ + "{{hos_ip}}" + ], + "port": "{{hos_port}}", + "path": [ + "hos", + "default", + "galaxy-hos.txt" + ], + "query": [ + { + "key": "AccessKey", + "value": "default", + "disabled": true + } + ] + } + }, + "response": [] + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "var startDate = new Date(Date.now()-86400000);", + "var start_time = startDate.getFullYear().toString() + \"-\" +", + " (startDate.getMonth() + 1).toString().padStart(2, '0') + \"-\" +", + " startDate.getDate().toString().padStart(2, '0') + \" \" +", + " startDate.getHours().toString().padStart(2, '0') + \":\" +", + " startDate.getMinutes().toString().padStart(2, '0') + \":\" +", + " startDate.getSeconds().toString().padStart(2, '0');", + "", + "pm.globals.set(\"start_time\", start_time);", + "var endDate = new Date(Date.now());", + "var end_time = endDate.getFullYear().toString() + \"-\" +", + " (endDate.getMonth() + 1).toString().padStart(2, '0') + \"-\" +", + " endDate.getDate().toString().padStart(2, '0') + \" \" +", + " endDate.getHours().toString().padStart(2, '0') + \":\" +", + " endDate.getMinutes().toString().padStart(2, '0') + \":\" +", + " endDate.getSeconds().toString().padStart(2, '0'); ", + "pm.globals.set(\"end_time\", end_time);", + "pm.globals.set(\"domain\",pm.variables.replaceIn('{{$randomDomainName}}'));", + "pm.globals.set(\"client_ip\",pm.variables.replaceIn('{{$randomIP}}'));", + "pm.globals.set(\"server_ip\",pm.variables.replaceIn('{{$randomIP}}'));", + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] +} \ No newline at end of file diff --git a/24.01/Test.postman_environment.json b/24.01/Test.postman_environment.json new file mode 100644 index 0000000..2791db7 --- /dev/null +++ b/24.01/Test.postman_environment.json @@ -0,0 +1,226 @@ +{ + "id": "b3e1e379-56c2-46b8-a9bf-ed68e1460469", + "name": "Test", + "values": [ + { + "key": "qgw_ip", + "value": "192.168.44.67", + "enabled": true + }, + { + "key": "qgw_port", + "value": "9999", + "enabled": true + }, + { + "key": "druid_ip", + "value": "192.168.44.67", + "enabled": true + }, + { + "key": "druid_port", + "value": "8089", + "enabled": true + }, + { + "key": "hbase_ip", + "value": "192.168.44.11", + "enabled": true + }, + { + "key": "hbase_port", + "value": "50070", + "enabled": true + }, + { + "key": "hos_ip", + "value": "192.168.44.67", + "enabled": true + }, + { + "key": "hos_port", + "value": "9098", + "enabled": true + }, + { + "key": "hos_token", + "value": "c21f969b5f03d33d43e04f8f136e7682", + "type": "secret", + "enabled": true + }, + { + "key": "report_ip", + "value": "192.168.44.67", + "enabled": true + }, + { + "key": "report_port", + "value": "9093", + "enabled": true + }, + { + "key": "clickhouse_ip", + "value": "192.168.44.67", + "enabled": true + }, + { + "key": "clickhouse_port", + "value": "8124", + "enabled": true + }, + { + "key": "clickhouse_database", + "value": "tsg_galaxy_v3", + "enabled": true + }, + { + "key": "clickhouse_user", + "value": "default", + "enabled": true + }, + { + "key": "clickhouse_password", + "value": "galaxy2019", + "type": "secret", + "enabled": true + }, + { + "key": "arango_ip", + "value": "192.168.44.13", + "enabled": true + }, + { + "key": "arango_port", + "value": "8529", + "enabled": true + }, + { + "key": "kafka_ip", + "value": "192.168.44.11", + "enabled": true + }, + { + "key": "kafka_monitor_port", + "value": "9901", + "enabled": true + }, + { + "key": "Last 5 Minutes Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300)", + "enabled": true + }, + { + "key": "now", + "value": "now()", + "enabled": true + }, + { + "key": "Last 1 Hour Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-3600)", + "enabled": true + }, + { + "key": "Last 12 Hour Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-43200)", + "enabled": true + }, + { + "key": "Last 24 Hour Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-86400)", + "enabled": true + }, + { + "key": "Today Start", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now())))", + "enabled": true + }, + { + "key": "Today End", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now()) +86400))", + "enabled": true + }, + { + "key": "Today so far Start", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now())))", + "enabled": true + }, + { + "key": "Yesterday Start", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now()) -86400))", + "enabled": true + }, + { + "key": "Yesterday End", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now())))", + "enabled": true + }, + { + "key": "PT5S_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT5s'))", + "enabled": true + }, + { + "key": "PT30S_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT30S'))", + "enabled": true + }, + { + "key": "PT5M_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT5M'))", + "enabled": true + }, + { + "key": "PT30M_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT30M'))", + "enabled": true + }, + { + "key": "PT1H_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT1H'))", + "enabled": true + }, + { + "key": "P1D_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'P1D'))", + "enabled": true + }, + { + "key": "PT5S_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5s'))", + "enabled": true + }, + { + "key": "PT30S_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S'))", + "enabled": true + }, + { + "key": "PT1M_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M'))", + "enabled": true + }, + { + "key": "PT5M_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M'))", + "enabled": true + }, + { + "key": "PT30M_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30M'))", + "enabled": true + }, + { + "key": "PT1H_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1H'))", + "enabled": true + }, + { + "key": "P1D_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'P1D'))", + "enabled": true + } + ], + "_postman_variable_scope": "environment", + "_postman_exported_at": "2023-12-12T08:54:00.516Z", + "_postman_exported_using": "Postman/10.21.2" +} \ No newline at end of file diff --git a/24.01/postman_globals.json b/24.01/postman_globals.json new file mode 100644 index 0000000..badb560 --- /dev/null +++ b/24.01/postman_globals.json @@ -0,0 +1,39 @@ +{ + "id": "146e52f0-fd32-4814-8e58-8a3c0f4d5eb7", + "values": [ + { + "key": "start_time", + "value": "", + "type": "any", + "enabled": true + }, + { + "key": "end_time", + "value": "", + "type": "any", + "enabled": true + }, + { + "key": "domain", + "value": "", + "type": "any", + "enabled": true + }, + { + "key": "client_ip", + "value": "", + "type": "any", + "enabled": true + }, + { + "key": "server_ip", + "value": "", + "type": "any", + "enabled": true + } + ], + "name": "My Workspace Globals", + "_postman_variable_scope": "globals", + "_postman_exported_at": "2023-09-19T01:50:15.705Z", + "_postman_exported_using": "Postman/10.17.3" +} \ No newline at end of file