gfwleak/galaxy-platform-galaxy-troubleshooting-api
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
1b8a3e5cbf6efab1b9f30e72d74a0b92e261ea25
galaxy-platform-galaxy-trou…/23.09/Galaxy Trouble Shooting API V23.09.postman_collection.json
doufenghu b75a3a5e3e update add 23.09
2023-09-19 17:24:51 +08:00

12737 lines
586 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"info": {
"_postman_id": "868bc69c-c241-4552-859c-24b9f0ad19b4",
"name": "Galaxy Trouble Shooting API V23.09",
"description": "# galaxy-troubleshooting-api\n\n使用Postman组件基于Rest API接口对TSG OLAP 进行功能验证。包括组件健康检查,功能集成测试及故障诊断。\n## Release 23.09 (30 SEP 2023)\n\n###### Update\n* metrics 修改表名由statistics_object改为object_statistics\n* Flags统计增加Bidirectional标识\n* Closed Session Records 增加http_status_code, ssl_esni_flag, ssl_ech_flag\n* 删除Kafka Topics 目录\n\n## Release 23.08 (21 AUG 2023)\n\n###### New Features\n* Metrics增加Statistics Policy 相关接口\n* Metrics增加Statistics Object 相关接口\n* Metrics增加Statistics rule 命中计数接口\n\n###### Update\n* 会话日志查询增加重命名字段common_out_link_id、common_in_link_id \n\n## Release 23.07 (21 JUL 2023)\n###### Update\n* 修复Network Throughput Active Sessions计算错误不除时间粒度\n\n## Release 23.06 (21 JUN 2023)\n###### Update\n* 优化Limit返回值\n\n## Release 23.05 (28 MAY 2023)\n###### New Features\n* 增加Service chaining统计接口\n* QGW增加嵌套子查询接口用于验证高级搜索\n\n###### Update\n* Main Dashboard统计接口重构更改统计源\n* Live Traffic Chart 接口重构,更改统计源\n* 原代理日志拆分为Intercept和Manipulation\n* 相关Metrics的Schema更改为重构后的数据源\n\n\n## Release 23.04 (28 APR 2023)\n###### New Features\n* 增加数据写入延迟接口Session Insert Latency Distribution\n* 增加数据写入Kafka延迟接口 Session Ingestion Latency Distribution\n\n###### Update\n* 重构 Security Policy Hits Metrics 统计\n* 重构 Traffic Shaping Metrics 统计\n\n## Release 23.03 (28 MAR 2023)\n\n###### New Features\n* 目录整体重构重新梳理功能便于Newman CLI运行\n* ClickHouse目录下增加慢查询故障诊断语句\n* 参数与API接口统一改为英文避免中文编码执行异常\n* 加密环境变量密码、token等敏感信息\n* 定义全局动态变量时间范围、随机IP、随机域名等\n\n###### Update\n\n* Flags 添加C2S与S2C标志位标签\n\n\n## Release 23.02 (28 FEB 2023)\n\n###### New Features\n* 增加Traffic Shaping 相关统计接口\n\n###### Update\n* 会话日志增加列common_shaping_rule_ids\n* 会话与安全事件日志增加列common_server_domain\n*会话与安全事件日志增加列common_flags_identify_info\n\n## Release 23.01 (31 JAN 2023)\n###### Update\n* 会话与安全事件日志增加列common_server_fqdn\n* 会话与安全事件日志增加列common_app_full_path\n\n\n## Release 22.12 (30 DEC 2022)\n###### New Features\n* 新增Dashboards-增加App推荐\n* 新增系统报告-会话日志Flags统计\n* 新增系统报告-会话日志Flags占比\n\n###### Update\n* 会话与安全事件日志增加common_flags列\n* 自定义IP映射-增加对ASN函数\n\n\n## Release 22.1 (30 NOV 2022)\n###### New Features\n\n###### Update\n* 会话与安全事件日志增加ssl_ja3s_hash列\n\n\n## Release 22.10 (30 OCT 2022)\n###### New Features\n* 06其它-功能验证-Traffic Summary增加Throughput接口 \n###### Update\n* 更新原有查询将VSYS ID作为默认查询条件\n\n## Release 22.09 (30 SEP 2022)\n\n###### Update\n* 会话与安全事件日志增加common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc,dtls_sni 列\n\n## Release 22.08 (31 AUG 2022)\n\n###### New Features\n* 其它-查询网关-Live Charts 总带宽流量校验\n* 增加检查数据流-SQL执行计划\n* 增加检查数据流-SQL查看表结构\n* 增加检查数据推荐-推荐IMSI到TEID关系\n* 增加检查数据推荐-推荐IMEI到TEID关系\n* 增加检查数据推荐-推荐Phone Number到TEID关系\n* 增加检查数据推荐-推荐apn到TEID关系\n* 增加检查数据推荐-实时查询任务-提交查询任务(实时统计)\n* 增加检查数据推荐-实时查询任务-获取任务结果(实时统计)\n* 增加检查数据推荐-知识库列表\n* 增加预处理检查-检测预处理延迟\n* 增加预处理检查-已关闭会话日志延迟分布\n###### Update\n\n\n## Release 22.07 (30 JUL 2022)\n\n###### New Features\n* 增加检查数据推荐-Top Server IP流量概况评估\n* 增加检查数据推荐-Top SNI 流量概况评估\n###### Update\n\n\n## Release 22.06 (30 JUE 2022)\n\n###### New Features\n* 检查数据流-增加存储配额一致性检查\n###### Update\n* 系统报告检查-增加与CM默认VSYSID=1参数\n\n\n## Release 22.05 (31 MAY 2022)\n\n###### New Features\n\n###### Update\n* 检查日志-会话日志/安全事件日志增加RDP类型校验\n\n\n## Release 22.04 (29 APR 2022)\n\n###### New Features\n\n###### Update\n* 预处理检查-是否有数据验证改为通过console后台打印日志\n* Dashboards Top部分功能增加device_group, data_center维度校验\n\n\n## Release 22.03 (8 APR 2022)\n\n###### New Features\n* 增加数据预处理检查,为每类日志增加多个测试用例,区分功能或无数据问题\n###### Update\n* 其它-评估日志预处理增加ETL处理时延和写入Kafka时延指标\n* 检查日志模块对会话,安全和代理事件日志基于具体字段查询\n\n###### Delete\n* 删除检查数据流关于Topic的测试用例\n\n## Release 22.02 (8 MAR 2022)\n\n###### New Features\n\n* 检查数据流-元数据检查 增加schema评价文件事件日志\n \n \n\n## Release 22.01 (27 JAN 2022)\n\n###### New Features\n\n* 检查数据流-TopN计算 增加Application接口验证\n \n\n###### Update\n\n* 重新梳理分类,删除无用接口\n* 重新排列分类,将系统自检放到首位\n \n\n## Release 21.12 (1 Dec 2021)\n\n###### New Features\n\n* 新增数据推荐查询-实时查询任务\n* 新增数据推荐查询-推荐Subscriber ID 到IP关系\n* 新增数据推荐查询-推荐APP活跃客户端IP\n* 新增数据推荐查询-推荐TopN Server IP\n* 新增数据推荐查询-推荐TopN SNI\n* 新增常用快捷功能-查询网关,增加优化查询测试集\n * Top 查询优化\n * Calcite 缓存查询\n * 自定义时间函数补全功能\n\n###### Update\n\n* Dashboard 查询代理策略命中动作增加Edit Element 统计\n \n\n## Release 21.11 (5 Nov 2021)\n\n###### New Features\n\n* Delete\n* Update\n* 修改报告查询接口(由查询mariadb方式变更为API接口)\n* 修改规范“数据推荐查询”所有接口的命名\n \n\n## Release 21.10 (28 OCT 2021)\n\n###### New Features\n\n* 新增HOS健康状态检测接口\n* Delete\n* 删除原ClickHouse/Druid/ArangoDB 状态检查接口\n \n\n## Release 21.09 (23 SEP 2021)\n\n###### New Features\n\n* Update\n* 删除分布式调度任务5分钟TOPN校验交由FLink统计\n* 原始日志表名进行重命名,相关查询接口更新\n* 修正DNS分析的SQL数据集\n \n\n## Release 21.08 (15 AUG 2021)\n\n###### New Features\n\n* 新增“Dashboard查询-DoS Threat Map”功能列表显示DoS检测地图接口\n* 新增“原始日志查询-DoS事件日志”显示DoS攻击检测日志\n* 新增“原始日志查询-DoS事件日志-Summary”显示DoS攻击趋势统计\n* 新增“原始日志查询-DoS事件日志-Destination IP Traffic Trend”显示受害者IP历史流量趋势\n* Update\n* 迁移“Dashboard查询”liveCharts接口放到“Live Charts”目录中统一管理。\n* 对DNS分析增加一些查询样例\n \n\n## Release 21.07 (5 JUL 2021)\n\n###### New Features\n\n* 增加”常用快捷功能-基数统计“,用于分析日志分布情况\n* 增加”常用快捷功能-DNS放大攻击“查询特征数据集\n* 增加”通用检查-对象存储-获取某个文件“,用于文件获取验证\n \n\n###### Update\n\n* 为所有接口增加Tests脚本对接口进行批量验证测试\n* 修正部分接口查询异常\n \n\n## Release 21.06 (7 JUN 2021)\n\n###### New Features\n\n* Environments 增加环境变量domain、client_ip、server_ip、l7_protocol和PT1M_TIME\n* 常用快捷功能增加某域名下钻、某IP下钻、协议下钻和DNS分析功能\n \n\n###### Update\n\n* 原始日志查询基于Druid近1小时日志变化粒度从5分钟改为1分钟。包含通联、策略和代理日志。\n \n\n## Release 21.05 (6 MAY 2021)\n\n###### New Features\n\n* 新增“GTP-C日志”功能辅助故障诊断\n* 新增“事务日志”功能,辅助故障诊断\n* 新增“活跃会话日志”功能,辅助故障诊断\n* 新增“07.常用快捷功能-评估写入日志量”,查看当前系统的吞吐\n \n\n###### Update\n\n* 修改\"01.通用检查-数据存储检查\"增加事务、活跃及GTP-C 检测\n \n\n## Release 21.04 (3 APR 2021)\n\n###### New Features\n\n* 增加“VoIP日志”功能辅助故障诊断\n* 增加“元数据检查”分类目录\n* 增加“HOS对象存储”目录用于定位对象存储\n \n\n###### Update\n\n* 修改“SQL语法检查”为“SQL语法验证”支持SQL语句的静态分析和数据库语义验证\n* 迁移功能项位置,方便问题定位\n \n\n###### Delete\n\n* 删除“系统检查-查询引擎SQL测试集\\[过时\\]”功能,由“故障诊断-sql性能测试”替代。\n \n\n## Release 21.03 (2 MAR 2021)\n\n###### New Features\n\n* 增加故障诊断-元数据功能可分析日志字段是否与schema一致\n* 增加故障诊断-sql性能测试可对查询引擎进行功能性验证和POC性能测试\n \n\n###### Update\n\n* 对查询引擎SQL测试集标记过时\n \n\n## Release 21.02 (1 FEB 2021)\n\n###### Update\n\n* 改善内部测试集,应对新的功能修改\n \n\n## Release 20.11.rc3 (11 DEC 2020)\n\n###### New Features\n\n* 增加常用快捷功能- 安装证书独立客户端IP数据趋势\n* 增加常用快捷功能-访问速度最慢TOP20 域名\n* 增加常用快捷功能-报告预置Metrics\n* 增加原始日志查询-安全策略-动作命中计数\n* 增加原始日志查询-代理策略-动作命中计数\n* 增加原始日志查询-通联-流量计数(now)\n \n\n###### Update\n\n* 改善Dashboard查询-基础统计-新建、活跃(计数)-now\n* 改善Dashboard查询-新建、活跃(趋势)\n* 目录增加编号,便于管理\n* 修改分布式调度任务-5分钟TOPN-hot表验证表名\n* 部分Action为post 改为 get便于导出命令行",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "System",
"item": [
{
"name": "Versions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/monitor/info",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"monitor",
"info"
]
},
"description": "查询数据平台各个组件的版本号"
},
"response": []
},
{
"name": "Status",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/monitor/health",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"monitor",
"health"
]
},
"description": "查询数据引擎引用的数据库健康状态及目前的配置。"
},
"response": []
},
{
"name": "Metadata",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/metadata",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"diagnosis",
"metadata"
]
}
},
"response": []
},
{
"name": "Log Type Retention Status",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/sys/storage/consistency",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"sys",
"storage",
"consistency"
]
}
},
"response": []
},
{
"name": "Apache Druid Task Status",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
"",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/indexer/v1/supervisor?state=true",
"protocol": "http",
"host": [
"{{druid_ip}}"
],
"port": "{{druid_port}}",
"path": [
"druid",
"indexer",
"v1",
"supervisor"
],
"query": [
{
"key": "state",
"value": "true"
}
]
},
"description": "1. 将环境切换至 druid\r\n\r\n2. 执行此接口,如果接口正常返回数据,代表druid服务运行正常"
},
"response": []
},
{
"name": "Report Service Status",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{report_ip}}:{{report_port}}/monitor",
"protocol": "http",
"host": [
"{{report_ip}}"
],
"port": "{{report_port}}",
"path": [
"monitor"
]
}
},
"response": []
},
{
"name": "HOS Status",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{hos_ip}}:{{hos_port}}/admin/verification",
"protocol": "http",
"host": [
"{{hos_ip}}"
],
"port": "{{hos_port}}",
"path": [
"admin",
"verification"
]
}
},
"response": []
}
]
},
{
"name": "TSG",
"item": [
{
"name": "Schemas",
"item": [
{
"name": "ClickHouse Tables",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/tables/tsg_galaxy_v3",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"tables",
"tsg_galaxy_v3"
]
}
},
"response": []
},
{
"name": "Closed Session Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/session_record",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"session_record"
]
}
},
"response": []
},
{
"name": "Interim Session Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/interim_session_record",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"interim_session_record"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Transaction Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/transaction_record",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"transaction_record"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Security Events",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/security_event",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"security_event"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Proxy Events",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/proxy_event",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"proxy_event"
]
},
"description": "proxy_event_log"
},
"response": []
},
{
"name": "VoIP Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/voip_record",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"voip_record"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "DoS Events",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/dos_event",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"dos_event"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "GTP-C Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/gtpc_record",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"gtpc_record"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Assessment Events",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/assessment_event",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"assessment_event"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Apache Druid Tables",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/tables/druid",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"tables",
"druid"
]
}
},
"response": []
},
{
"name": "Traffic General Metrics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/traffic_general_stat",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"traffic_general_stat"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Application Protocol Stat",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/application_protocol_stat",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"application_protocol_stat"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Security Policy Rule Hits",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/security_rule_hits",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"security_rule_hits"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Statistics Rule Hits",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/statistics_rule_hits",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"statistics_rule_hits"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Proxy Policy Rule Hits",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/proxy_rule_hits",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"proxy_rule_hits"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Traffic Shaping Rule Hits",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/traffic_shaping_rule_hits",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"traffic_shaping_rule_hits"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Service Chaining Rule Hits",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/service_chaining_rule_hits",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"service_chaining_rule_hits"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Statistics Rule",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/statistics_rule",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"statistics_rule"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Object Statistics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/object_statistics",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"object_statistics"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Top Client IPs",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_client_ips",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"top_client_ips"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Top Server IPs",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_server_ips",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"top_server_ips"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Top Internal IPs",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_internal_ips",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"top_internal_ips"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Top External IPs",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_external_ips",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"top_external_ips"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Top Subscribers",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_subscribers",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"top_subscribers"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Top Server Domains",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_server_domains",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"top_server_domains"
]
},
"description": "security_event_log"
},
"response": []
},
{
"name": "Top Server FQDNs",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_server_fqdns",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"top_server_fqdns"
]
},
"description": "security_event_log"
},
"response": []
}
]
},
{
"name": "Logs",
"item": [
{
"name": "First and Last Insert",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select * from (select 'Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Interim Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Transaction Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Security Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Proxy Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Radius' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'GTPC Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) order by type",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select * from (select 'Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Interim Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Transaction Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Security Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Proxy Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Radius' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'GTPC Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) order by type"
}
]
},
"description": "验证原始日志是否有最新的数据"
},
"response": []
},
{
"name": "ETL and Ingestion Latency",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select 'Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Interim Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tinterim_session_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Transaction Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"etl_latency(s)\" , round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\n\tfrom transaction_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Security Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsecurity_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all select 'Proxy Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tproxy_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n union all select 'Radius Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tradius_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'gtpc_record' as type, round(count(*)/300,0) as \"logs/sec\",round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\"\nfrom\n\tgtpc_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select 'Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Interim Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tinterim_session_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Transaction Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"etl_latency(s)\" , round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\n\tfrom transaction_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Security Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsecurity_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all select 'Proxy Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tproxy_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n union all select 'Radius Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tradius_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'gtpc_record' as type, round(count(*)/300,0) as \"logs/sec\",round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\"\nfrom\n\tgtpc_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})"
}
]
}
},
"response": []
},
{
"name": "Session Ingestion Latency Distribution",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as p80_sec,\n\tround(QUANTILE(duration,0.95),2) as p95_sec,\n\tround(QUANTILE(duration,0.99),2) as p99_sec,\n\tmax(duration) as MAX\nfrom\n\t(\n\tselect\n\t\t(common_ingestion_time-common_end_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and \n common_recv_time < UNIX_TIMESTAMP('{{end_time}}') )",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as p80_sec,\n\tround(QUANTILE(duration,0.95),2) as p95_sec,\n\tround(QUANTILE(duration,0.99),2) as p99_sec,\n\tmax(duration) as MAX\nfrom\n\t(\n\tselect\n\t\t(common_ingestion_time-common_end_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and \n common_recv_time < UNIX_TIMESTAMP('{{end_time}}') )"
}
]
}
},
"response": []
},
{
"name": "Session Insert Latency Distribution",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as P80_sec,\n\tround(QUANTILE(duration,0.95),2) as P95_sec,\n\tround(QUANTILE(duration,0.99),2) as P99_sec,\n\tmax(duration) as max_sec\nfrom\n\t(\n\tselect\n\t\t(common_insert_time-common_recv_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and \n common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) ",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as P80_sec,\n\tround(QUANTILE(duration,0.95),2) as P95_sec,\n\tround(QUANTILE(duration,0.99),2) as P99_sec,\n\tmax(duration) as max_sec\nfrom\n\t(\n\tselect\n\t\t(common_insert_time-common_recv_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and \n common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) "
}
]
}
},
"response": []
},
{
"name": "Session Duration Distribution",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as P80_sec,\n\tround(QUANTILE(duration,0.95),2) as P95_sec,\n\tround(QUANTILE(duration,0.99),2) as P99_sec,\n\tmax(duration) as max_sec\nfrom\n\t(\n\tselect\n\t\t(common_end_time-common_start_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\ncommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') )",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\tmin(duration) min_sec,\n\tmedian(duration) as median_sec,\n\tround(avg(duration),2) as avg_sec,\n\tround(QUANTILE(duration,0.8),2) as P80_sec,\n\tround(QUANTILE(duration,0.95),2) as P95_sec,\n\tround(QUANTILE(duration,0.99),2) as P99_sec,\n\tmax(duration) as max_sec\nfrom\n\t(\n\tselect\n\t\t(common_end_time-common_start_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\ncommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') )"
}
]
}
},
"response": []
},
{
"name": "Closed Session Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
},
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_vsys_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time,common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc, common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain, common_app_full_path,common_shaping_rule_ids, common_in_link_id,common_out_link_id,http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, http_status_code, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_cname,dns_rr, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_sni ,quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools,stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_vsys_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time,common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc, common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain, common_app_full_path,common_shaping_rule_ids, common_in_link_id,common_out_link_id,http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, http_status_code, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_cname,dns_rr, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_sni ,quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools,stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response": []
},
{
"name": "Current Traffic Metrics by Session Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(common_s2c_byte_num)* 8 / 300 as trafficInBits,\n\tsum(common_c2s_byte_num)* 8 / 300 as trafficOutBits,\n\tsum(common_s2c_byte_num + common_c2s_byte_num)* 8 / 300 as trafficTotalBits,\n\tsum(common_s2c_pkt_num)/ 300 as trafficInPackets,\n\tsum(common_c2s_pkt_num)/ 300 as trafficOutPackets,\n\tsum(common_s2c_pkt_num + common_c2s_pkt_num)/ 300 as trafficTotalPackets,\n\tsum(common_sessions)/ 300 as sessions\nfrom\n\t session_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP(now())-300 and common_vsys_id in (1,2,3,4) ",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\tsum(common_s2c_byte_num)* 8 / 300 as trafficInBits,\n\tsum(common_c2s_byte_num)* 8 / 300 as trafficOutBits,\n\tsum(common_s2c_byte_num + common_c2s_byte_num)* 8 / 300 as trafficTotalBits,\n\tsum(common_s2c_pkt_num)/ 300 as trafficInPackets,\n\tsum(common_c2s_pkt_num)/ 300 as trafficOutPackets,\n\tsum(common_s2c_pkt_num + common_c2s_pkt_num)/ 300 as trafficTotalPackets,\n\tsum(common_sessions)/ 300 as sessions\nfrom\n\t session_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP(now())-300 and common_vsys_id in (1,2,3,4) "
}
]
}
},
"response": []
},
{
"name": "Traffic Distribution of Logs by Schema Type",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n sum(common_sessions) as sessions,\n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\nfrom\n session_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_schema_type order by stat_time asc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n sum(common_sessions) as sessions,\n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\nfrom\n session_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_schema_type order by stat_time asc"
}
]
}
},
"response": []
},
{
"name": "Total Closed Session Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) ",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select count(*) as events from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) "
}
]
}
},
"response": []
},
{
"name": "Transaction Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response": []
},
{
"name": "Total Interim Session Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname,dns_cname,dns_rr, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname,dns_cname,dns_rr, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response": []
},
{
"name": "Security Events",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_policy_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_action, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_error, common_stream_trace_id, common_packet_capture_file, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, common_mirrored_pkts, common_mirrored_bytes, common_tunnel_endpoint_a_desc,common_tunnel_endpoint_b_desc,common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain,common_app_full_path,common_shaping_rule_ids,http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_san, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_passthrough_reason, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, dtls_sni, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_policy_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_action, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_error, common_stream_trace_id, common_packet_capture_file, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, common_mirrored_pkts, common_mirrored_bytes, common_tunnel_endpoint_a_desc,common_tunnel_endpoint_b_desc,common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain,common_app_full_path,common_shaping_rule_ids,http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_san, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_passthrough_reason, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, dtls_sni, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response": []
},
{
"name": "Security Hit Distribution of Summary by Action",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, 'shunt' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=128 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'shunt'\nunion all select {{PT1M_TIME}} as stat_time, 'allow' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=96 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'allow'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'deny' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=16 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'deny'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'monitor' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=1 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'monitor'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'intercept' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=2 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, 'intercept'",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select {{PT1M_TIME}} as stat_time, 'shunt' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=128 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'shunt'\nunion all select {{PT1M_TIME}} as stat_time, 'allow' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=96 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'allow'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'deny' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=16 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'deny'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'monitor' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=1 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'monitor'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'intercept' as type, sum(hit_count) as events from security_rule_hits where __time >= {{Last 1 Hour Start}} and action=2 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, 'intercept'"
}
]
}
},
"response": []
},
{
"name": "Security Hit Distribution of Logs by Action",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n (CASE\n WHEN common_action = 1 THEN 'Monitor'\n WHEN common_action = 2 THEN 'Intercept'\n WHEN common_action = 16 THEN 'Deny'\n WHEN common_action = 48 THEN 'Manipulation'\n WHEN common_action = 96 THEN 'Allow' WHEN common_action = 128 THEN 'Allow(Deprecated)' \n ELSE 'None'\n END) as type,\n count(*) as events\nfrom\n security_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_action order by stat_time asc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n (CASE\n WHEN common_action = 1 THEN 'Monitor'\n WHEN common_action = 2 THEN 'Intercept'\n WHEN common_action = 16 THEN 'Deny'\n WHEN common_action = 48 THEN 'Manipulation'\n WHEN common_action = 96 THEN 'Allow' WHEN common_action = 128 THEN 'Allow(Deprecated)' \n ELSE 'None'\n END) as type,\n count(*) as events\nfrom\n security_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_action order by stat_time asc"
}
]
}
},
"response": []
},
{
"name": "Total Security Events",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5)",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select count(*) as events from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5)"
}
]
}
},
"response": []
},
{
"name": "Security Policy Rule Hits by Action",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select (CASE WHEN common_action=1 THEN 'Monitor' WHEN common_action=2 THEN 'Intercept' WHEN common_action=16 THEN 'Deny' WHEN common_action=48 THEN 'Manipulation' WHEN common_action=96 THEN 'Allow' WHEN common_action=128 THEN 'Allow(Deprecated)' ELSE 'None' END) as action,\n count(*) as hits,\n sum(common_c2s_byte_num ) as bytes_sent,\n sum(common_s2c_byte_num ) as bytes_received,\n sum(common_c2s_byte_num+common_s2c_byte_num ) as bytes,sum(common_c2s_pkt_num ) as packets_sent,\n sum(common_s2c_pkt_num ) as packets_received,\n sum(common_c2s_pkt_num+common_s2c_pkt_num ) as packets from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) group by common_action",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select (CASE WHEN common_action=1 THEN 'Monitor' WHEN common_action=2 THEN 'Intercept' WHEN common_action=16 THEN 'Deny' WHEN common_action=48 THEN 'Manipulation' WHEN common_action=96 THEN 'Allow' WHEN common_action=128 THEN 'Allow(Deprecated)' ELSE 'None' END) as action,\n count(*) as hits,\n sum(common_c2s_byte_num ) as bytes_sent,\n sum(common_s2c_byte_num ) as bytes_received,\n sum(common_c2s_byte_num+common_s2c_byte_num ) as bytes,sum(common_c2s_pkt_num ) as packets_sent,\n sum(common_s2c_pkt_num ) as packets_received,\n sum(common_c2s_pkt_num+common_s2c_pkt_num ) as packets from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) group by common_action"
}
]
}
},
"response": []
},
{
"name": "Proxy Intercept Events",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, common_vsys_id,FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) and common_action in (2, 3) order by common_recv_time desc limit 0 , 20",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, common_vsys_id,FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) and common_action in (2, 3) order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response": []
},
{
"name": "Intercept Proxy Event distribution by Schema Type",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as events\nfrom\n proxy_event\nwhere\n common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4,5) \n and common_action in (2, 3)\ngroup by\n stat_time,\n common_schema_type",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": " select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as events\nfrom\n proxy_event\nwhere\n common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4,5) \n and common_action in (2, 3)\ngroup by\n stat_time,\n common_schema_type"
}
]
}
},
"response": []
},
{
"name": "Proxy Manipulation Events",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, common_vsys_id,FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) and common_action in (48) order by common_recv_time desc limit 0 , 20",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, common_vsys_id,FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) and common_action in (48) order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response": []
},
{
"name": "Proxy Policy Rule Hits by Action",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select common_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) group by common_action",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": " select common_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5) group by common_action"
}
]
}
},
"response": []
},
{
"name": "Proxy Manipulation Policy Rule Hits by Sub Action",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select common_sub_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) group by common_sub_action",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": " select common_sub_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) group by common_sub_action"
}
]
}
},
"response": []
},
{
"name": "Proxy Manipulation Hit Distribution of Summary by Action",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='allow' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='monitor' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='deny' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='redirect' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='replace' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='hijack' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='insert' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='allow' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='monitor' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='deny' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='redirect' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='replace' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='hijack' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hit_count) as events from proxy_rule_hits where __time >= {{Last 1 Hour Start}} and sub_action='insert' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\n"
}
]
}
},
"response": []
},
{
"name": "Proxy Manipulation Hit Distribution of Logs by Action",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_sub_action as type,\n count(*) as hit_count\nfrom\n proxy_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4,5)\ngroup by\n stat_time,\n common_sub_action order by stat_time asc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_sub_action as type,\n count(*) as hit_count\nfrom\n proxy_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4,5)\ngroup by\n stat_time,\n common_sub_action order by stat_time asc"
}
]
}
},
"response": []
},
{
"name": "Total Proxy Events",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as hit_count from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5)",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select count(*) as hit_count from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4,5)"
}
]
}
},
"response": []
},
{
"name": "Radius Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response": []
},
{
"name": "GTP-C Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response": []
},
{
"name": "VoIP Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from voip_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from voip_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
}
]
}
},
"response": []
},
{
"name": "VoIP Distribution of Logs by Schema Type",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as count\nfrom\n voip_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n common_schema_type order by stat_time asc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as count\nfrom\n voip_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n common_schema_type order by stat_time asc"
}
]
}
},
"response": []
},
{
"name": "DoS Events",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n log_id,\n profile_id,\n attack_type,\n source_country_list,\n source_ip_list,\n destination_ip,\n destination_country,\n severity, \n start_time,\n end_time,\n conditions,\n bit_rate,\n packet_rate,\n session_rate from dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\norder by start_time desc \nlimit 0,20",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n log_id,\n profile_id,\n attack_type,\n source_country_list,\n source_ip_list,\n destination_ip,\n destination_country,\n severity, \n start_time,\n end_time,\n conditions,\n bit_rate,\n packet_rate,\n session_rate from dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\norder by start_time desc \nlimit 0,20"
}
]
}
},
"response": []
},
{
"name": "DoS Distribution of Logs by Attack Type",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(start_time,'PT10M')) as stat_time,\n attack_type as type,\n count(*) as count\nfrom\n dos_event\nwhere start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n attack_type\norder by stat_time asc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(start_time,'PT10M')) as stat_time,\n attack_type as type,\n count(*) as count\nfrom\n dos_event\nwhere start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n attack_type\norder by stat_time asc"
}
]
}
},
"response": []
}
]
},
{
"name": "Metrics",
"item": [
{
"name": "DoS Threat Map",
"item": [
{
"name": "Top Source Countries",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n arrayJoin(splitByString(',',source_country_list)) as source_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \n and notEmpty(source_country_list) and vsys_id in (1,2,3,4)\ngroup by arrayJoin(splitByString(',',source_country_list)) order by count desc limit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n arrayJoin(splitByString(',',source_country_list)) as source_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \n and notEmpty(source_country_list) and vsys_id in (1,2,3,4)\ngroup by arrayJoin(splitByString(',',source_country_list)) order by count desc limit 10"
}
]
}
},
"response": []
},
{
"name": "Top Destination Countries",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n destination_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_country\norder by count desc limit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n destination_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_country\norder by count desc limit 10"
}
]
}
},
"response": []
},
{
"name": "Top Victims",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n destination_ip,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_ip\norder by count desc limit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n destination_ip,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_ip\norder by count desc limit 10"
}
]
}
},
"response": []
},
{
"name": "Attack Type",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n attack_type,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by attack_type\norder by attack_type",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n attack_type,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by attack_type\norder by attack_type"
}
]
}
},
"response": []
},
{
"name": "Severity",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n severity,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by severity\norder by severity",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n severity,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by severity\norder by severity"
}
]
}
},
"response": []
},
{
"name": "Destination IP Distribution",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n destination_ip, IP_TO_GEO(destination_ip) as destination_geo,\n any(destination_country) as destination_country,\n groupUniqArray(arrayJoin(splitByString(',',source_country_list))) as source_coutries,\n max(bit_rate) as max_bit_rate,\n max(packet_rate) as max_packet_rate,\n max(session_rate) as max_session_rate,\n min(start_time) as first_active_time,\n max(end_time) as last_active_time,\n MAX_DURATION(end_time, 600) as max_duration,\n groupUniqArray(attack_type) as attack_type,\n count(*) as count\nfrom dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_ip \norder by count desc limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n destination_ip, IP_TO_GEO(destination_ip) as destination_geo,\n any(destination_country) as destination_country,\n groupUniqArray(arrayJoin(splitByString(',',source_country_list))) as source_coutries,\n max(bit_rate) as max_bit_rate,\n max(packet_rate) as max_packet_rate,\n max(session_rate) as max_session_rate,\n min(start_time) as first_active_time,\n max(end_time) as last_active_time,\n MAX_DURATION(end_time, 600) as max_duration,\n groupUniqArray(attack_type) as attack_type,\n count(*) as count\nfrom dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_ip \norder by count desc limit 100"
}
]
}
},
"response": []
},
{
"name": "DoS Attack Connection",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n start_time,\n destination_ip,\n IP_TO_GEO(destination_ip) as destination_geo,\n destination_country,\n source_country_list,\n attack_type,\n severity,bit_rate, packet_rate, session_rate from dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4) order by start_time asc limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n start_time,\n destination_ip,\n IP_TO_GEO(destination_ip) as destination_geo,\n destination_country,\n source_country_list,\n attack_type,\n severity,bit_rate, packet_rate, session_rate from dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4) order by start_time asc limit 100"
}
]
}
},
"response": []
}
]
},
{
"name": "Live Traffic Chart",
"item": [
{
"name": "Network Traffic Overview",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"clientId\":null,\n \"query\":{\n \"queryType\":\"networkOverviewSummary\",\n \"dataSource\":\"application_protocol_stat\",\n \"parameters\":{\n \"range\": [\n {\n \"type\": \"eq\",\n \"fieldKey\": \"vsys_id\",\n \"fieldValues\": [\n 1,2,3,4,5\n ]\n }\n ],\n \"intervals\":[\n \"{{start_time}}/{{end_time}}\"\n ]\n }\n }\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/traffic/v1/?protocol=",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"traffic",
"v1",
""
],
"query": [
{
"key": "protocol",
"value": ""
}
]
}
},
"response": []
},
{
"name": "Protocol Tree Statistics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"clientId\":null,\n \"query\":{\n \"queryType\":\"protocolTreeSummary\",\n \"dataSource\":\"application_protocol_stat\",\n \"parameters\":{\n \"range\": [\n {\n \"type\": \"eq\",\n \"fieldKey\": \"vsys_id\",\n \"fieldValues\": [\n 1,2,3,4,5\n ]\n }\n ],\n \"intervals\":[\n \"{{start_time}}/{{end_time}}\"\n ]\n }\n }\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/traffic/v1/?protocol=",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"traffic",
"v1",
""
],
"query": [
{
"key": "protocol",
"value": ""
}
]
}
},
"response": []
},
{
"name": "Ethernet Throughput",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"clientId\":null,\n \"query\":{\n \"queryType\":\"protocolDataRateSummary\",\n \"dataSource\":\"application_protocol_stat\",\n \"parameters\":{\n \"granularity\":\"PT15s\",\n \"match\":[\n {\n \"type\":\"prefix\",\n \"fieldKey\":\"protocol_stack_id\",\n \"fieldValues\":[\n \"Protocols/ETHERNET,*\"\n ]\n }\n ],\"range\": [\n {\n \"type\": \"eq\",\n \"fieldKey\": \"vsys_id\",\n \"fieldValues\": [\n 1,2,3,4,5\n ]\n }\n ],\n \"intervals\":[\n \"{{start_time}}/{{end_time}}\"\n ]\n }\n }\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/traffic/v1/?protocol=",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"traffic",
"v1",
""
],
"query": [
{
"key": "protocol",
"value": ""
}
]
}
},
"response": []
},
{
"name": "App Rank",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"clientId\":null,\n \"query\":{\n \"queryType\":\"appDataSummary\",\n \"dataSource\":\"application_protocol_stat\",\n \"limit\":\"100\",\n \"offset\":\"1\",\n \"parameters\":{\n \"granularity\": \"PT15S\",\n \"range\": [\n {\n \"type\": \"eq\",\n \"fieldKey\": \"vsys_id\",\n \"fieldValues\": [\n 1,2,3,4,5\n ]\n }\n ],\n \"intervals\":[\n \"{{start_time}}/{{end_time}}\"\n ]\n }\n }\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/traffic/v1/?app",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"traffic",
"v1",
""
],
"query": [
{
"key": "app",
"value": null
}
]
}
},
"response": []
},
{
"name": "App Throughput",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"clientId\": null,\n \"query\": {\n \"queryType\": \"appDataRateSummary\",\n \"dataSource\": \"application_protocol_stat\",\n \"parameters\": {\n \"granularity\": \"PT30S\",\n \"match\": [\n {\n \"type\": \"exactly\",\n \"fieldKey\": \"app_name\",\n \"fieldValues\": [\n \"https\"\n ]\n }\n ],\n \"range\": [\n {\n \"type\": \"eq\",\n \"fieldKey\": \"vsys_id\",\n \"fieldValues\": [\n 1,\n 2,3,4,5\n ]\n }\n ],\n \"intervals\": [\n \"{{start_time}}/{{end_time}}\"\n ]\n }\n }\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/traffic/v1/?app",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"traffic",
"v1",
""
],
"query": [
{
"key": "app",
"value": null
}
]
}
},
"response": []
},
{
"name": "App Traffic Statistics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"clientId\": null,\n \"query\": {\n \"queryType\": \"appTrafficSummary\",\n \"dataSource\": \"application_protocol_stat\",\n \"parameters\": {\n \"match\": [\n {\n \"type\": \"exactly\",\n \"fieldKey\": \"app_name\",\n \"fieldValues\": [\n \"https\"\n ]\n }\n ],\n \"range\": [\n {\n \"type\": \"eq\",\n \"fieldKey\": \"vsys_id\",\n \"fieldValues\": [\n 1,\n 2\n ]\n }\n ],\n \"intervals\": [\n \"{{start_time}}/{{end_time}}\"\n ]\n }\n }\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/traffic/v1/?app",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"traffic",
"v1",
""
],
"query": [
{
"key": "app",
"value": null
}
]
}
},
"response": []
},
{
"name": "Relate Internal Ips of App",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"clientId\": null,\n \"query\": {\n \"queryType\": \"internalIPDataSummary\",\n \"dataSource\": \"session_record\",\n \"limit\": \"10\",\n \"offset\": \"20\",\n \"parameters\": {\n \"match\": [\n {\n \"type\": \"exactly\",\n \"fieldKey\": \"app_name\",\n \"fieldValues\": [\n \"https\"\n ]\n }\n ],\n \"range\": [\n {\n \"type\": \"eq\",\n \"fieldKey\": \"vsys_id\",\n \"fieldValues\": [\n 1,\n 2,3,4,5\n ]\n }\n ],\n \"intervals\": [\n \"{{start_time}}/{{end_time}}\"\n ]\n }\n }\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/traffic/v1/?app",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"traffic",
"v1",
""
],
"query": [
{
"key": "app",
"value": null
}
]
}
},
"response": []
}
]
},
{
"name": "Traffic Shaping",
"item": [
{
"name": "Shaping Profiles Metrics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n profile_id,\n sum(in_bytes+out_bytes) as bytes,\n sum(in_pkts+out_pkts) as packets,\n sum(in_drop_pkts+out_drop_pkts) as drops,\n max(in_max_latency_us+out_max_latency_us) as max_latency_us,\n avg(in_queue_len+out_queue_len) as avg_q,\n max(in_queue_len+out_queue_len) as max_q\n from traffic_shaping_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,3,4)\ngroup by profile_id",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n profile_id,\n sum(in_bytes+out_bytes) as bytes,\n sum(in_pkts+out_pkts) as packets,\n sum(in_drop_pkts+out_drop_pkts) as drops,\n max(in_max_latency_us+out_max_latency_us) as max_latency_us,\n avg(in_queue_len+out_queue_len) as avg_q,\n max(in_queue_len+out_queue_len) as max_q\n from traffic_shaping_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,3,4)\ngroup by profile_id"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Shaping Rule Summary",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select%0A%20%20%20rule_id%2C%0A%20%20%20DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C sum(in_bytes+out_bytes) as total_bytes\nfrom traffic_shaping_rule_hits where \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and rule_id in (1,2,103,273)\ngroup by rule_id",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select%0A%20%20%20rule_id%2C%0A%20%20%20DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C sum(in_bytes+out_bytes) as total_bytes\nfrom traffic_shaping_rule_hits where \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and rule_id in (1,2,103,273)\ngroup by rule_id"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Shaping Profile Summary",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n profile_id,\n DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C\n sum(in_drop_pkts+out_drop_pkts) as drops\nfrom traffic_shaping_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,103,273)\ngroup by profile_id ",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n profile_id,\n DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C\n sum(in_drop_pkts+out_drop_pkts) as drops\nfrom traffic_shaping_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,103,273)\ngroup by profile_id "
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Shaping Profile Metrics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n sum(bytes)*8/10 as bps,\n sum(packets)/10 as pps,\n max(max_latency_us) as max_latency_us,\n avg(avg_q) as avg_q,\n max(max_q) as max_q\n from\n (\n select\n device_id,\n vsys_id,\n sum(in_bytes+out_bytes) as bytes,\n sum(in_pkts+out_pkts) as packets,\n max(in_max_latency_us+out_max_latency_us) as max_latency_us,\n avg(in_queue_len+out_queue_len) as avg_q,\n max(in_queue_len+out_queue_len) as max_q\n from\n traffic_shaping_rule_hits\n where\n __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-10)\n and vsys_id in (1,2,3,4,5)\n and profile_id =1\n group by device_id, vsys_id\n )",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n sum(bytes)*8/10 as bps,\n sum(packets)/10 as pps,\n max(max_latency_us) as max_latency_us,\n avg(avg_q) as avg_q,\n max(max_q) as max_q\n from\n (\n select\n device_id,\n vsys_id,\n sum(in_bytes+out_bytes) as bytes,\n sum(in_pkts+out_pkts) as packets,\n max(in_max_latency_us+out_max_latency_us) as max_latency_us,\n avg(in_queue_len+out_queue_len) as avg_q,\n max(in_queue_len+out_queue_len) as max_q\n from\n traffic_shaping_rule_hits\n where\n __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-10)\n and vsys_id in (1,2,3,4,5)\n and profile_id =1\n group by device_id, vsys_id\n )"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Shaping Rule/Profile Throughput",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) as stat_time,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes \nfrom traffic_shaping_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id=273\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) order by stat_time asc limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) as stat_time,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes \nfrom traffic_shaping_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id=273\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) order by stat_time asc limit 100"
}
]
},
"description": "最近5分钟"
},
"response": []
}
]
},
{
"name": "Service Chaining",
"item": [
{
"name": "Chaining Rule or Function Throuphput Trend",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) as stat_time,\n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes \nfrom service_chaining_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and ( rule_id in (1,2,3,4,5) or sff_profile_id in (1,2,3,4,5) or sf_profile_id in (1,2,3,4,5)) \n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) order by stat_time asc limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) as stat_time,\n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes \nfrom service_chaining_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and ( rule_id in (1,2,3,4,5) or sff_profile_id in (1,2,3,4,5) or sf_profile_id in (1,2,3,4,5)) \n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) order by stat_time asc limit 100"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Chaining Rule Metrics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n rule_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and rule_id in (1,2,3,4,5)\ngroup by rule_id",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n rule_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and rule_id in (1,2,3,4,5)\ngroup by rule_id"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Function Forwarder Metrics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n sff_profile_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sff_profile_id in (1,2,3,4,5)\ngroup by sff_profile_id",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n sff_profile_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sff_profile_id in (1,2,3,4,5)\ngroup by sff_profile_id"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Function Profile Metrics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n sf_profile_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sf_profile_id in (1,2,3,4,5)\ngroup by sf_profile_id",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n sf_profile_id, \n sum(sent_bytes) as sent_bytes,\n sum(recv_bytes) as received_bytes,\n sum(sent_pkts) as sent_packets,\n sum(recv_pkts) as received_packets \n from service_chaining_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sf_profile_id in (1,2,3,4,5)\ngroup by sf_profile_id"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Function Profile Status",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n sf_profile_id,\n sf_status,\n CASE WHEN last_active_time = 0 THEN '' ELSE FROM_UNIXTIME(last_active_time) END AS last_active_time,\n CASE WHEN last_inactive_time = 0 THEN '' ELSE FROM_UNIXTIME(last_inactive_time) END AS last_inactive_time\nFROM\n (\n SELECT\n sf_profile_id,\n LATEST(sf_status) as sf_status,\n MAX(CASE WHEN sf_status = 1 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_active_time,\n MAX(CASE WHEN sf_status = 0 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_inactive_time\n from\n service_function_status\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sf_profile_id in (1,2,3,4,5)\n group by\n sf_profile_id)",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "SELECT\n sf_profile_id,\n sf_status,\n CASE WHEN last_active_time = 0 THEN '' ELSE FROM_UNIXTIME(last_active_time) END AS last_active_time,\n CASE WHEN last_inactive_time = 0 THEN '' ELSE FROM_UNIXTIME(last_inactive_time) END AS last_inactive_time\nFROM\n (\n SELECT\n sf_profile_id,\n LATEST(sf_status) as sf_status,\n MAX(CASE WHEN sf_status = 1 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_active_time,\n MAX(CASE WHEN sf_status = 0 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_inactive_time\n from\n service_function_status\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and sf_profile_id in (1,2,3,4,5)\n group by\n sf_profile_id)"
}
]
},
"description": "最近5分钟"
},
"response": []
}
]
},
{
"name": "Object Statistics",
"item": [
{
"name": "Top 30 Objects by Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n object_id, \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\ngroup by\n object_id\norder by bytes desc\nlimit 30",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n object_id, \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\ngroup by\n object_id\norder by bytes desc\nlimit 30"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Parent Level Object Stat",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) and object_id > 0\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) and object_id > 0\n"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Top 30 Items by Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n item_id, \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\ngroup by\n item_id\norder by bytes desc\nlimit 30",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n item_id, \n sum(in_bytes) as in_bytes, \n sum(out_bytes) as out_bytes, \n sum(bytes) as bytes,\n sum(new_in_sessions) as new_in_sessions, \n sum(new_out_sessions) as new_out_sessions, \n sum(sessions) as sessions\nfrom\n object_statistics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\ngroup by\n item_id\norder by bytes desc\nlimit 30"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Object Traffic Stat Trend",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tavg(in_bytes)* 8 / 30 as avg_in_bits_per_sec,\n\tsum(out_bytes) as out_bytes,\n\tavg(out_bytes)* 8 / 30 as avg_out_bits_per_sec,\n\tsum(bytes) as bytes,\n\tavg(bytes)* 8 / 30 as avg_bits_per_sec,\n\tsum(new_in_sessions) as new_in_sessions,\n\tavg(new_in_sessions)/ 30 as avg_new_in_sessions_per_sec,\n\tsum(new_out_sessions) as new_out_sessions,\n\tavg(new_out_sessions)/ 30 as avg_new_out_sessions_per_sec,\n\tsum(sessions) as sessions,\n\tavg(sessions)/ 30 as avg_sessions_per_sec\nfrom\t(\tselect\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S') as stat_time,\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes,\n\t\tsum(new_in_sessions) as new_in_sessions,\n\t\tsum(new_out_sessions) as new_out_sessions,\n\t\tsum(sessions) as sessions\n\tfrom\n\t\tobject_statistics\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n\t\tand object_id = 1\n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tavg(in_bytes)* 8 / 30 as avg_in_bits_per_sec,\n\tsum(out_bytes) as out_bytes,\n\tavg(out_bytes)* 8 / 30 as avg_out_bits_per_sec,\n\tsum(bytes) as bytes,\n\tavg(bytes)* 8 / 30 as avg_bits_per_sec,\n\tsum(new_in_sessions) as new_in_sessions,\n\tavg(new_in_sessions)/ 30 as avg_new_in_sessions_per_sec,\n\tsum(new_out_sessions) as new_out_sessions,\n\tavg(new_out_sessions)/ 30 as avg_new_out_sessions_per_sec,\n\tsum(sessions) as sessions,\n\tavg(sessions)/ 30 as avg_sessions_per_sec\nfrom\t(\tselect\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S') as stat_time,\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes,\n\t\tsum(new_in_sessions) as new_in_sessions,\n\t\tsum(new_out_sessions) as new_out_sessions,\n\t\tsum(sessions) as sessions\n\tfrom\n\t\tobject_statistics\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n\t\tand object_id = 1\n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Item Traffic Stat Trend",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tavg(in_bytes)* 8 / 30 as avg_in_bits_per_sec,\n\tsum(out_bytes) as out_bytes,\n\tavg(out_bytes)* 8 / 30 as avg_out_bits_per_sec,\n\tsum(bytes) as bytes,\n\tavg(bytes)* 8 / 30 as avg_bits_per_sec,\n\tsum(new_in_sessions) as new_in_sessions,\n\tavg(new_in_sessions)/ 30 as avg_new_in_sessions_per_sec,\n\tsum(new_out_sessions) as new_out_sessions,\n\tavg(new_out_sessions)/ 30 as avg_new_out_sessions_per_sec,\n\tsum(sessions) as sessions,\n\tavg(sessions)/ 30 as avg_sessions_per_sec\nfrom\n\t(select\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S') as stat_time,\tsum(in_bytes) as in_bytes,\tsum(out_bytes) as out_bytes,\t\tsum(bytes) as bytes,\n\t\tsum(new_in_sessions) as new_in_sessions,\n\t\tsum(new_out_sessions) as new_out_sessions,\n\t\tsum(sessions) as sessions\n\tfrom\n\t\tobject_statistics\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n\t\tand item_id = 1\n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tavg(in_bytes)* 8 / 30 as avg_in_bits_per_sec,\n\tsum(out_bytes) as out_bytes,\n\tavg(out_bytes)* 8 / 30 as avg_out_bits_per_sec,\n\tsum(bytes) as bytes,\n\tavg(bytes)* 8 / 30 as avg_bits_per_sec,\n\tsum(new_in_sessions) as new_in_sessions,\n\tavg(new_in_sessions)/ 30 as avg_new_in_sessions_per_sec,\n\tsum(new_out_sessions) as new_out_sessions,\n\tavg(new_out_sessions)/ 30 as avg_new_out_sessions_per_sec,\n\tsum(sessions) as sessions,\n\tavg(sessions)/ 30 as avg_sessions_per_sec\nfrom\n\t(select\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S') as stat_time,\tsum(in_bytes) as in_bytes,\tsum(out_bytes) as out_bytes,\t\tsum(bytes) as bytes,\n\t\tsum(new_in_sessions) as new_in_sessions,\n\t\tsum(new_out_sessions) as new_out_sessions,\n\t\tsum(sessions) as sessions\n\tfrom\n\t\tobject_statistics\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n\t\tand item_id = 1\n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000"
}
]
},
"description": "最近5分钟"
},
"response": []
}
]
},
{
"name": "Statistics Policy",
"item": [
{
"name": "Incoming Bytes, Outgoing Bytes and Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tsum(out_bytes) as out_bytes,\n\tsum(bytes) as bytes\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) and version=1\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n\tsum(in_bytes) as in_bytes,\n\tsum(out_bytes) as out_bytes,\n\tsum(bytes) as bytes\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) and version=1\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Average Incoming bits/s, Average Outgoing bits/s and Average bits/s",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n avg(in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(bytes)*8/30 as avg_bits_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes\n from\n statistics_rule\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT15S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n avg(in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(bytes)*8/30 as avg_bits_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tsum(in_bytes) as in_bytes,\n\t\tsum(out_bytes) as out_bytes,\n\t\tsum(bytes) as bytes\n from\n statistics_rule\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT15S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Unique Client IPs and Unique Server IPs",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n\tAPPROX_COUNT_DISTINCT_HLLD(client_ip_sketch) as unique_client_ips,\n\tAPPROX_COUNT_DISTINCT_HLLD(server_ip_sketch) as unique_server_ips\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tHLLD(client_ip_sketch) as client_ip_sketch,\n\t\tHLLD(server_ip_sketch) as server_ip_sketch\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) \n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n\tAPPROX_COUNT_DISTINCT_HLLD(client_ip_sketch) as unique_client_ips,\n\tAPPROX_COUNT_DISTINCT_HLLD(server_ip_sketch) as unique_server_ips\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tHLLD(client_ip_sketch) as client_ip_sketch,\n\t\tHLLD(server_ip_sketch) as server_ip_sketch\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) \n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "95th TCP Latency (ms) and 99th TCP Latency (ms)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n\tAPPROX_QUANTILE_HDR(latency_ms_sketch,0.95) as p95th_tcp_latency_ms,\n APPROX_QUANTILE_HDR(latency_ms_sketch,0.99) as p99th_tcp_latency_ms\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tHDR_HISTOGRAM(latency_ms_sketch) as latency_ms_sketch\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) \n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n\tAPPROX_QUANTILE_HDR(latency_ms_sketch,0.95) as p95th_tcp_latency_ms,\n APPROX_QUANTILE_HDR(latency_ms_sketch,0.99) as p99th_tcp_latency_ms\nfrom\n\t(\n\tselect\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S') as stat_time,\n\t\tHDR_HISTOGRAM(latency_ms_sketch) as latency_ms_sketch\n\tfrom\n\t\tstatistics_rule\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time < '{{end_time}}'\n\t\tand vsys_id in (1, 2, 3, 4, 5) \n\tgroup by\n\t\tTIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT15S'))\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by\n\tstat_time asc\nlimit 1000"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Histogram TCP Latency (ms)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n HDR_GET_PERCENTILES(HDR_HISTOGRAM(latency_ms_sketch)) as histogram_tcp_latency_ms,HDR_GET_QUANTILES(HDR_HISTOGRAM(latency_ms_sketch), 0.5,0.95,0.99) as tcp_latency_quantiles\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n and __time < '{{end_time}}'\n and vsys_id in (1, 2, 3, 4, 5)\n and rule_id=1",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n HDR_GET_PERCENTILES(HDR_HISTOGRAM(latency_ms_sketch)) as histogram_tcp_latency_ms,HDR_GET_QUANTILES(HDR_HISTOGRAM(latency_ms_sketch), 0.5,0.95,0.99) as tcp_latency_quantiles\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n and __time < '{{end_time}}'\n and vsys_id in (1, 2, 3, 4, 5)\n and rule_id=1"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Bytes and Sessions Distributed by Application",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n application,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5) \ngroup by \n application \norder by bytes desc\nlimit 1024",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n application,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5) \ngroup by \n application \norder by bytes desc\nlimit 1024"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Bytes and Sessions Distributed by Server IP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n server_ip,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n server_ip \norder by bytes desc\nlimit 1024",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n server_ip,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n server_ip \norder by bytes desc\nlimit 1024"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Bytes and Sessions Distributed by FQDN Category",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n fqdn_category,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n fqdn_category \norder by bytes desc\nlimit 1024",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n fqdn_category,\n sum(bytes) as bytes,\n sum(sessions) as sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n fqdn_category \norder by bytes desc\nlimit 1024"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "New Unestablished Sessions Distributed by Client IP and Server IP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n client_ip,\n server_ip,\n sum(new_unestablished_sessions) as new_unestablished_sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n client_ip, server_ip \norder by new_unestablished_sessions desc\nlimit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select \n client_ip,\n server_ip,\n sum(new_unestablished_sessions) as new_unestablished_sessions\nfrom\n statistics_rule\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand vsys_id in (1, 2, 3, 4, 5)\ngroup by \n client_ip, server_ip \norder by new_unestablished_sessions desc\nlimit 100"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Statistics Rule Throughput",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec,\n sum(sum_in_bytes) as total_in_bytes,\n\tsum(sum_out_bytes) as total_out_bytes,\n\tsum(sum_bytes) as total_bytes \nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n statistics_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec,\n sum(sum_in_bytes) as total_in_bytes,\n\tsum(sum_out_bytes) as total_out_bytes,\n\tsum(sum_bytes) as total_bytes \nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n statistics_rule_hits\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000"
}
]
}
},
"response": []
}
]
},
{
"name": "Current Network Throughput",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n sum(sum_in_bytes)*8/15 as avg_in_bits_per_sec,\n sum(sum_out_bytes)*8/15 as avg_out_bits_per_sec,\n sum(sum_in_bytes+sum_out_bytes)*8/15 as avg_bits_per_sec,\n sum(sum_in_bytes)/15 as avg_in_bytes_per_sec,\n sum(sum_out_bytes)/15 as avg_out_bytes_per_sec,\n sum(sum_in_bytes+sum_out_bytes)/15 as avg_bytes_per_sec,\n sum(sum_in_pkts)/15 as avg_in_pkts_per_sec,\n sum(sum_out_pkts)/15 as avg_out_pkts_per_sec,\n sum(sum_in_pkts+sum_out_pkts)/15 as avg_pkts_per_sec,\n sum(sum_sessions)/15 as avg_sessions_per_sec,\n sum(max_active_sessions) as active_sessions\nfrom \n (\n select\n device_id,\n vsys_id,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_pkts) as sum_in_pkts,\n sum(out_pkts) as sum_out_pkts,\n sum(sessions) as sum_sessions,\n max(active_sessions) as max_active_sessions\n from traffic_general_stat\nwhere \n __time>=FROM_UNIXTIME(UNIX_TIMESTAMP(now())-30)\n and __time<FROM_UNIXTIME(UNIX_TIMESTAMP(now())-15)\n and vsys_id in (1,2,3,4,5)\ngroup by device_id, vsys_id\n \n)",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n sum(sum_in_bytes)*8/15 as avg_in_bits_per_sec,\n sum(sum_out_bytes)*8/15 as avg_out_bits_per_sec,\n sum(sum_in_bytes+sum_out_bytes)*8/15 as avg_bits_per_sec,\n sum(sum_in_bytes)/15 as avg_in_bytes_per_sec,\n sum(sum_out_bytes)/15 as avg_out_bytes_per_sec,\n sum(sum_in_bytes+sum_out_bytes)/15 as avg_bytes_per_sec,\n sum(sum_in_pkts)/15 as avg_in_pkts_per_sec,\n sum(sum_out_pkts)/15 as avg_out_pkts_per_sec,\n sum(sum_in_pkts+sum_out_pkts)/15 as avg_pkts_per_sec,\n sum(sum_sessions)/15 as avg_sessions_per_sec,\n sum(max_active_sessions) as active_sessions\nfrom \n (\n select\n device_id,\n vsys_id,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_pkts) as sum_in_pkts,\n sum(out_pkts) as sum_out_pkts,\n sum(sessions) as sum_sessions,\n max(active_sessions) as max_active_sessions\n from traffic_general_stat\nwhere \n __time>=FROM_UNIXTIME(UNIX_TIMESTAMP(now())-30)\n and __time<FROM_UNIXTIME(UNIX_TIMESTAMP(now())-15)\n and vsys_id in (1,2,3,4,5)\ngroup by device_id, vsys_id\n \n)"
}
]
},
"description": "最近5分钟"
},
"response": []
},
{
"name": "Network Throughput in bps",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec,\n max(sum_in_bytes)*8/30 as max_in_bits_per_sec,\n max(sum_out_bytes)*8/30 as max_out_bits_per_sec,\n max(sum_bytes)*8/30 as max_bits_per_sec,\n min(sum_in_bytes)*8/30 as min_in_bits_per_sec,\n min(sum_out_bytes)*8/30 as min_out_bits_per_sec,\n min(sum_bytes)*8/30 as min_bits_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec,\n max(sum_in_bytes)*8/30 as max_in_bits_per_sec,\n max(sum_out_bytes)*8/30 as max_out_bits_per_sec,\n max(sum_bytes)*8/30 as max_bits_per_sec,\n min(sum_in_bytes)*8/30 as min_in_bits_per_sec,\n min(sum_out_bytes)*8/30 as min_out_bits_per_sec,\n min(sum_bytes)*8/30 as min_bits_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000"
}
]
}
},
"response": []
},
{
"name": "Network Throughput in Bps",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)/30 as avg_in_bytes_per_sec,\n avg(sum_out_bytes)/30 as avg_out_bytes_per_sec,\n avg(sum_bytes)/30 as avg_bytes_per_sec,\n max(sum_in_bytes)/30 as max_in_bytes_per_sec,\n max(sum_out_bytes)/30 as max_out_bytes_per_sec,\n max(sum_bytes)/30 as max_bytes_per_sec,\n min(sum_in_bytes)/30 as min_in_bytes_per_sec,\n min(sum_out_bytes)/30 as min_out_bytes_per_sec,\n min(sum_bytes)/30 as min_bytes_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)/30 as avg_in_bytes_per_sec,\n avg(sum_out_bytes)/30 as avg_out_bytes_per_sec,\n avg(sum_bytes)/30 as avg_bytes_per_sec,\n max(sum_in_bytes)/30 as max_in_bytes_per_sec,\n max(sum_out_bytes)/30 as max_out_bytes_per_sec,\n max(sum_bytes)/30 as max_bytes_per_sec,\n min(sum_in_bytes)/30 as min_in_bytes_per_sec,\n min(sum_out_bytes)/30 as min_out_bytes_per_sec,\n min(sum_bytes)/30 as min_bytes_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000"
}
]
}
},
"response": []
},
{
"name": "Network Throughput in pkts/s",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_pkts)/30 as avg_in_pkts_per_sec,\n avg(sum_out_pkts)/30 as avg_out_pkts_per_sec,\n avg(sum_pkts)/30 as avg_pkts_per_sec,\n max(sum_in_pkts)/30 as max_in_pkts_per_sec,\n max(sum_out_pkts)/30 as max_out_pkts_per_sec,\n max(sum_pkts)/30 as max_pkts_per_sec,\n min(sum_in_pkts)/30 as min_in_pkts_per_sec,\n min(sum_out_pkts)/30 as min_out_pkts_per_sec,\n min(sum_pkts)/30 as min_pkts_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_pkts) as sum_in_pkts,\n sum(out_pkts) as sum_out_pkts,\n sum(in_pkts + out_pkts) as sum_pkts \n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_pkts)/30 as avg_in_pkts_per_sec,\n avg(sum_out_pkts)/30 as avg_out_pkts_per_sec,\n avg(sum_pkts)/30 as avg_pkts_per_sec,\n max(sum_in_pkts)/30 as max_in_pkts_per_sec,\n max(sum_out_pkts)/30 as max_out_pkts_per_sec,\n max(sum_pkts)/30 as max_pkts_per_sec,\n min(sum_in_pkts)/30 as min_in_pkts_per_sec,\n min(sum_out_pkts)/30 as min_out_pkts_per_sec,\n min(sum_pkts)/30 as min_pkts_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(in_pkts) as sum_in_pkts,\n sum(out_pkts) as sum_out_pkts,\n sum(in_pkts + out_pkts) as sum_pkts \n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000"
}
]
}
},
"response": []
},
{
"name": "Network Throughput in sessions/s",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_sessions)/30 as avg_sessions_per_sec,\n max(sum_sessions)/30 as max_sessions_per_sec,\n min(sum_sessions)/30 as min_sessions_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(sessions) as sum_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": " select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_sessions)/30 as avg_sessions_per_sec,\n max(sum_sessions)/30 as max_sessions_per_sec,\n min(sum_sessions)/30 as min_sessions_per_sec\nfrom\n (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n sum(sessions) as sum_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000"
}
]
}
},
"response": []
},
{
"name": "Network Throughput Active Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n avg(sum_active_sessions) as avg_active_sessions,\n max(sum_active_sessions) as max_active_sessions,\n min(sum_active_sessions) as min_active_sessions\nfrom (\n select\n stat_time,\n sum(max_active_sessions) sum_active_sessions\n from (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n device_id,\n vsys_id,\n max(active_sessions) as max_active_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'), device_id, vsys_id\n )\n group by stat_time )\n group by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc limit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time,\n avg(sum_active_sessions) as avg_active_sessions,\n max(sum_active_sessions) as max_active_sessions,\n min(sum_active_sessions) as min_active_sessions\nfrom (\n select\n stat_time,\n sum(max_active_sessions) sum_active_sessions\n from (\n select\n TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S') as stat_time,\n device_id,\n vsys_id,\n max(active_sessions) as max_active_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5S'), device_id, vsys_id\n )\n group by stat_time )\n group by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc limit 1000"
}
]
}
},
"response": []
},
{
"name": "Total Security Policy Rule Hits by Action",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n (CASE\n WHEN action = 1 THEN 'Monitor'\n WHEN action = 2 THEN 'Intercept'\n WHEN action = 16 THEN 'Deny'\n WHEN action = 48 THEN 'Manipulation'\n WHEN action = 96 THEN 'Allow'\n WHEN action = 128 THEN 'Shunt'\n ELSE concat(action)\n END) as action,\n SUM(hit_count) as hit_count,\n SUM(in_bytes + out_bytes) as bytes,\n SUM(in_pkts + out_pkts) as packets\nfrom\n security_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\nGROUP BY\n action\norder by\n action",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "SELECT\n (CASE\n WHEN action = 1 THEN 'Monitor'\n WHEN action = 2 THEN 'Intercept'\n WHEN action = 16 THEN 'Deny'\n WHEN action = 48 THEN 'Manipulation'\n WHEN action = 96 THEN 'Allow'\n WHEN action = 128 THEN 'Shunt'\n ELSE concat(action)\n END) as action,\n SUM(hit_count) as hit_count,\n SUM(in_bytes + out_bytes) as bytes,\n SUM(in_pkts + out_pkts) as packets\nfrom\n security_rule_hits\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\nGROUP BY\n action\norder by\n action"
}
]
}
},
"response": []
},
{
"name": "Security Policy Rule Hits Trend by Action",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,\n (CASE\n WHEN action = 1 THEN 'Monitor'\n WHEN action = 2 THEN 'Intercept'\n WHEN action = 16 THEN 'Deny'\n WHEN action = 48 THEN 'Manipulation'\n WHEN action = 96 THEN 'Allow'\n WHEN action = 128 THEN 'Shunt'\n ELSE concat(action)\n END) as action,\n sum(hit_count) as hit_count,\n sum(in_bytes + out_bytes) as bytes,\n SUM(in_pkts + out_pkts) as packets\nfrom\n security_rule_hits\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) ,\n action\norder by\n stat_time\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,\n (CASE\n WHEN action = 1 THEN 'Monitor'\n WHEN action = 2 THEN 'Intercept'\n WHEN action = 16 THEN 'Deny'\n WHEN action = 48 THEN 'Manipulation'\n WHEN action = 96 THEN 'Allow'\n WHEN action = 128 THEN 'Shunt'\n ELSE concat(action)\n END) as action,\n sum(hit_count) as hit_count,\n sum(in_bytes + out_bytes) as bytes,\n SUM(in_pkts + out_pkts) as packets\nfrom\n security_rule_hits\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) ,\n action\norder by\n stat_time\nlimit 1000"
}
]
}
},
"response": []
},
{
"name": "Top Security Policy Rule Hits",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select\n rule_id,\n action,\n sum(hit_count) as hits\nfrom\n security_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) \ngroup by\n rule_id,\n action\norder by\n hits desc\nlimit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": " select\n rule_id,\n action,\n sum(hit_count) as hits\nfrom\n security_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) \ngroup by\n rule_id,\n action\norder by\n hits desc\nlimit 100"
}
]
}
},
"response": []
},
{
"name": "Top Client IPs in Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n client_ip\norder by\n sessions desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n client_ip\norder by\n sessions desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Client IPs in Packets",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n client_ip\norder by\n packets desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n client_ip\norder by\n packets desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Client IPs in Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n client_ip\norder by\n bytes desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n client_ip as client_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_client_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n client_ip\norder by\n bytes desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Server IPs in Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n server_ip\norder by\n sessions desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n server_ip\norder by\n sessions desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Server IPs in Packets",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n server_ip\norder by\n packets desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n server_ip\norder by\n packets desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Server IPs in Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n server_ip\norder by\n bytes desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n server_ip as server_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n server_ip\norder by\n bytes desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Internal IPs in Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'sessions'\ngroup by\n internal_ip\norder by\n sessions desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'sessions'\ngroup by\n internal_ip\norder by\n sessions desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Internal IPs in Packets",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'packets'\ngroup by\n internal_ip\norder by\n packets desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'packets'\ngroup by\n internal_ip\norder by\n packets desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Internal IPs in Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'bytes'\ngroup by\n internal_ip\norder by\n bytes desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n internal_ip as internal_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_internal_ips\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5) \n and metric = 'bytes'\ngroup by\n internal_ip\norder by\n bytes desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top External IPs in Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n external_ip\norder by\n sessions desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n external_ip\norder by\n sessions desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top External IPs in Packets",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n external_ip\norder by\n packets desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n external_ip\norder by\n packets desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top External IPs in Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n external_ip\norder by\n bytes desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n external_ip as external_ip,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_external_ips\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n external_ip\norder by\n bytes desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Server Domains in Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n domain\norder by\n sessions desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n domain\norder by\n sessions desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Server Domains in Packets",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n domain\norder by\n packets desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n domain\norder by\n packets desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Server Domains in Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n domain\norder by\n bytes desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n domain,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_domains\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n domain\norder by\n bytes desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Server FQDNs in Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n fqdn\norder by\n sessions desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'sessions'\ngroup by\n fqdn\norder by\n sessions desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Server FQDNs in Packets",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n fqdn\norder by\n packets desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'packets'\ngroup by\n fqdn\norder by\n packets desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Server FQDNs in Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n fqdn\norder by\n bytes desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n fqdn,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_server_fqdns\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n and metric = 'bytes'\ngroup by\n fqdn\norder by\n bytes desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Subscriber IDs in Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'sessions'\ngroup by\n subscriber_id\norder by\n sessions desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'sessions'\ngroup by\n subscriber_id\norder by\n sessions desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Subscriber IDs in Packets",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'packets'\ngroup by\n subscriber_id\norder by\n packets desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'packets'\ngroup by\n subscriber_id\norder by\n packets desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Subscriber IDs in Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'bytes'\ngroup by\n subscriber_id\norder by\n bytes desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n subscriber_id,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n top_subscribers\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5) \n and metric = 'bytes'\ngroup by\n subscriber_id\norder by\n bytes desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Apps in Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n sessions desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n sessions desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Apps in Packets",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n packets desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n packets desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top Apps in Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n bytes desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n bytes desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Total Proxy Manipulate Rule Hits by Action",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 48\ngroup by\n sub_action\norder by\n sub_action",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 48\ngroup by\n sub_action\norder by\n sub_action"
}
]
}
},
"response": []
},
{
"name": "Proxy Manipulate Rule Hits Trend by Action",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time,\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 48\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) ,\n sub_action\norder by\n stat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time,\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 48\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) ,\n sub_action\norder by\n stat_time asc\nlimit 1000"
}
]
}
},
"response": []
},
{
"name": "Top Proxy Policy Hits",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n rule_id,\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) \n and action = 48\ngroup by\n rule_id,\n sub_action\norder by\n hits desc\nlimit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n rule_id,\n sub_action,\n sum(hit_count) as hits\nfrom\n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) \n and action = 48\ngroup by\n rule_id,\n sub_action\norder by\n hits desc\nlimit 100"
}
]
}
},
"response": []
},
{
"name": "Proxy SSL Intercept Pinning",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time,\n (CASE\n WHEN pinning_status = 0 THEN 'not_pinning_num'\n WHEN pinning_status = 1 THEN 'pinning_num'\n WHEN pinning_status = 2 THEN 'maybe_pinning_num'\n ELSE concat(pinning_status)\n END) as type,\n SUM(hit_count) as hits\nfrom \n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 2\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) ,\n (CASE\n WHEN pinning_status = 0 THEN 'not_pinning_num'\n WHEN pinning_status = 1 THEN 'pinning_num'\n WHEN pinning_status = 2 THEN 'maybe_pinning_num'\n ELSE concat(pinning_status)\n END)\norder by\n stat_time asc\nlimit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": " select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time,\n (CASE\n WHEN pinning_status = 0 THEN 'not_pinning_num'\n WHEN pinning_status = 1 THEN 'pinning_num'\n WHEN pinning_status = 2 THEN 'maybe_pinning_num'\n ELSE concat(pinning_status)\n END) as type,\n SUM(hit_count) as hits\nfrom \n proxy_rule_hits\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and action = 2\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) ,\n (CASE\n WHEN pinning_status = 0 THEN 'not_pinning_num'\n WHEN pinning_status = 1 THEN 'pinning_num'\n WHEN pinning_status = 2 THEN 'maybe_pinning_num'\n ELSE concat(pinning_status)\n END)\norder by\n stat_time asc\nlimit 100"
}
]
}
},
"response": []
},
{
"name": "First and Last Found of Metric Sources",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select 'General Metrics' as type, min(__time) as first_time, max(__time) as last_time from traffic_general_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Security Policy Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from security_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Proxy Policy Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from proxy_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Shaping Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from traffic_shaping_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Service Chaining Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from service_chaining_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Internal IPs' as type, min(__time) as first_time, max(__time) as last_time from top_internal_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'External IPs' as type, min(__time) as first_time, max(__time) as last_time from top_external_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Subscriber IDs' as type, min(__time) as first_time, max(__time) as last_time from top_subscribers where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Client IPs' as type, min(__time) as first_time, max(__time) as last_time from top_client_ips union all select 'Server IPs' as type, min(__time) as first_time, max(__time) as last_time from top_server_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Server Domains' as type, min(__time) as first_time, max(__time) as last_time from top_server_domains where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Server FQDNs' as type, min(__time) as first_time, max(__time) as last_time from top_server_fqdns where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Application Protocol Stat' as type, min(__time) as first_time, max(__time) as last_time from application_protocol_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Storage Quota' as type, min(__time) as first_time, max(__time) as last_time from sys_storage_log where __time >= '{{start_time}}' and __time < '{{end_time}}'",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select 'General Metrics' as type, min(__time) as first_time, max(__time) as last_time from traffic_general_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Security Policy Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from security_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Proxy Policy Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from proxy_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Shaping Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from traffic_shaping_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Service Chaining Rule Hits' as type, min(__time) as first_time, max(__time) as last_time from service_chaining_rule_hits where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Internal IPs' as type, min(__time) as first_time, max(__time) as last_time from top_internal_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'External IPs' as type, min(__time) as first_time, max(__time) as last_time from top_external_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Subscriber IDs' as type, min(__time) as first_time, max(__time) as last_time from top_subscribers where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Client IPs' as type, min(__time) as first_time, max(__time) as last_time from top_client_ips union all select 'Server IPs' as type, min(__time) as first_time, max(__time) as last_time from top_server_ips where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Server Domains' as type, min(__time) as first_time, max(__time) as last_time from top_server_domains where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Server FQDNs' as type, min(__time) as first_time, max(__time) as last_time from top_server_fqdns where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Application Protocol Stat' as type, min(__time) as first_time, max(__time) as last_time from application_protocol_stat where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Storage Quota' as type, min(__time) as first_time, max(__time) as last_time from sys_storage_log where __time >= '{{start_time}}' and __time < '{{end_time}}'"
}
]
},
"description": "验证Apache Druid 统计表是否有最新的数据"
},
"response": []
}
],
"description": "# Dashboard 业务\n\nDashboard 为预聚合计数操作接入数据源有四处KAFKA TOPIC\n\n* TRAFFIC-METRICS-LOG 功能端5秒输出一次\n* CONNECTION-RECORD-COMPLETE-LOG: 数据平台接收CONNECTION-RECORD-LOG 补全后实时输出。\n* PROXY/SECURITY-EVENT-COMPLETE-LOG: 数据平台接收PROXY/SECURITY 命中策略日志补全后实时输出。\n\n## 流量计数Metrics \n\n**功能端 - KafkaTRAFFIC-METRICS-LOG 每5秒 ) - Druid** \n\n所有基础Metrics非内容级别的统计都为功能端提前预聚合输出到TRAFFIC-METRICS-LOG 中最终数据平台写入Druid 中供API查询。具体包含\n\n* System Overview Traffic 、New、Live\n* Policy Hits by Action(Security)\n* Policy Hits by Action (proxy) 、Pinning\n\n## TOPN 计算\n\n**流程1功能端 - Kafka原始日志 - 补全 - Druid** // 统计安全策略与代理策略结果每1分钟\n\n**流程2功能端 - Kafka原始日志 - 补全 - Druid - 调度任务 - kafka -Druid ** // TOPN 计算每5分钟\n\n所有内容级别为数据平台进行实时统计将指标输出到Druid中供API进行查询。具体包含\n\n* Top Hits (security) - 流程1\n\n* Top Hits (proxy) - 流程1\n\n* Endpoints (Active Client/Server/Internal/External , Top Domains, Active Subscriber ID,Top urls) - 流程2\n\n ",
"event": [
{
"listen": "prerequest",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
},
{
"listen": "test",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
}
]
},
{
"name": "Settings",
"item": [
{
"name": "System Storage Quata",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/sys/storage/deletion",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"sys",
"storage",
"deletion"
]
}
},
"response": []
}
]
},
{
"name": "Relations",
"item": [
{
"name": "Ad-Hoc Query",
"item": [
{
"name": "提交查询任务(字段发现)",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "{\r\n \"query.type\": \"field_discovery\",\r\n \"query.data_source\": \"session_record\",\r\n \"query.sample_ratio\": \"1\",\r\n \"custom.field_discovery.fields\": [\r\n \"common_log_id\",\r\n \"common_action\",\r\n \"common_app_label\",\r\n \"common_client_ip\",\r\n \"common_server_ip\",\r\n \"common_client_port\",\r\n \"common_server_port\",\r\n \"common_internal_ip\",\r\n \"common_external_ip\",\r\n \"common_schema_type\",\r\n \"http_url\",\r\n \"http_domain\"\r\n\r\n ],\r\n \"custom.field_discovery.filter\": \"common_recv_time >=UNIX_TIMESTAMP('2022-09-30 00:00:00') and common_recv_time <=UNIX_TIMESTAMP('2022-10-01 00:00:00') and common_vsys_id in (1,2,3,4,5)\"\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"admin",
"query",
"jobs"
]
}
},
"response": []
},
{
"name": "获取任务结果(字段发现)",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs/ed25bab143d786d0-4ae6835358276d04/field_discovery",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"admin",
"query",
"jobs",
"ed25bab143d786d0-4ae6835358276d04",
"field_discovery"
]
}
},
"response": []
},
{
"name": "提交查询任务(实时统计)",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "{\r\n \"query.type\": \"statistics\",\r\n \"query.data_source\": \"session_record\",\r\n \"custom.statistics.sql\":\"select common_client_ip,count(*) as count from session_record where common_recv_time >=UNIX_TIMESTAMP('2022-09-30 00:00:00') and common_recv_time <=UNIX_TIMESTAMP('2022-10-01 00:00:00') and common_vsys_id in (1,2,3,4,5) group by common_client_ip order by count asc limit 10\"\r\n\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"admin",
"query",
"jobs"
]
}
},
"response": []
},
{
"name": "获取任务结果(实时统计)",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs/79b5124d876951f9-9e27cba1ce5c8eab/statistics",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"admin",
"query",
"jobs",
"79b5124d876951f9-9e27cba1ce5c8eab",
"statistics"
]
}
},
"response": []
},
{
"name": "取消正在查询任务(实时统计)",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs/79b5124d876951f9-9e27cba1ce5c8eab/statistics",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"admin",
"query",
"jobs",
"79b5124d876951f9-9e27cba1ce5c8eab",
"statistics"
]
}
},
"response": []
}
]
},
{
"name": "IP Learning",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"queryType\": \"iplearning\",\r\n \"dataSource\": \"IP_LEARNING_VIEW\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"substring\",\r\n \"fieldKey\": \"FQDN_NAME\",\r\n \"fieldValues\": [\"google.com\",\"baidu.com\"]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"PROTOCOL\",\r\n \"fieldValues\": [\r\n \"TLS\",\r\n \"HTTP\",\r\n \"DNS\"\r\n ]\r\n },\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"DEPTH\",\r\n \"fieldValues\": [\r\n 1\r\n ]\r\n },\r\n {\r\n \"type\": \"ge\",\r\n \"fieldKey\": \"UNIQ_CIP\",\r\n \"fieldValues\": [\r\n 1\r\n ]\r\n },{\r\n \"type\":\"eq\",\r\n \"fieldKey\":\"vsys_id\",\r\n \"fieldValues\":[1,2,3,4,5]\r\n }\r\n ],\r\n \"intervals\": [\r\n \"{{start_time}}/{{end_time}}\"\r\n ],\r\n \"limit\": 100\r\n }\r\n }\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge/v1/?iplearning=",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"knowledge",
"v1",
""
],
"query": [
{
"key": "iplearning",
"value": ""
}
]
}
},
"response": []
},
{
"name": "IP Address Pools",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"queryType\": \"ippool\",\r\n \"dataSource\": \"IP_VIEW\",\r\n \"parameters\": {\r\n \"range\": [\r\n {\r\n \"type\":\"eq\",\r\n \"fieldKey\":\"vsys_id\",\r\n \"fieldValues\":[1,2,3,4,5]\r\n }\r\n ],\r\n \"sort\": [\r\n {\r\n \"type\": \"desc\",\r\n \"fieldKey\": \"BYTES_TOTAL\"\r\n },\r\n {\r\n \"type\": \"desc\",\r\n \"fieldKey\": \"LAST_FOUND_TIME\"\r\n }\r\n ]\r\n }\r\n }\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge/v1/?ippool=",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"knowledge",
"v1",
""
],
"query": [
{
"key": "ippool",
"value": ""
}
]
}
},
"response": []
},
{
"name": "Recommend Subscriber IDs",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"queryType\": \"subscriberidpool\",\r\n \"dataSource\": \"SUBSCRIBER_ID_VIEW\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"exactly\",\r\n \"fieldKey\": \"SUBSCRIBER_ID\",\r\n \"fieldValues\": [\"test1\",\"test0223\"]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\":\"eq\",\r\n \"fieldKey\":\"vsys_id\",\r\n \"fieldValues\":[1,2,3,4,5]\r\n }\r\n ],\r\n \"limit\": \"100\"\r\n }\r\n }\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge/v1/?subscriberidpool",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"knowledge",
"v1",
""
],
"query": [
{
"key": "subscriberidpool",
"value": null
}
]
}
},
"response": []
},
{
"name": "Subscriber ID to IP",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"AnalysisEngine\",\r\n \"dataSource\": \"SUBSCRIBER_ID_VIEW\",\r\n \"limit\": \"100\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"prefix\",\r\n \"fieldKey\": \"SUBSCRIBER_ID\",\r\n \"fieldValues\": [\"test\",\"test0249\"]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?subscriberidpool=",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"relation",
"v1",
""
],
"query": [
{
"key": "subscriberidpool",
"value": ""
}
]
}
},
"response": []
},
{
"name": "Active Client IPs by App",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"BusinessEngine\",\r\n \"dataSource\": \"session_record\",\r\n \"limit\":\"15\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"exactly\",\r\n \"fieldKey\": \"common_app_label\",\r\n \"fieldValues\": [\r\n \"Psiphon3\"\r\n ]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ],\r\n \"intervals\": [\r\n \"{{start_time}}/{{end_time}}\"\r\n ]\r\n }\r\n }\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/entity/v1/?activeclientip",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"entity",
"v1",
""
],
"query": [
{
"key": "activeclientip",
"value": null
}
]
}
},
"response": []
},
{
"name": "Recommend Top Server IPs",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"BusinessEngine\",\r\n \"dataSource\": \"session_record\",\r\n \"limit\": \"100\",\r\n \"parameters\": {\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"common_vsys_id\",\r\n \"fieldValues\": [\r\n 1\r\n ]\r\n }\r\n ],\r\n \"intervals\": [\r\n \"{{start_time}}/{{end_time}}\"\r\n ]\r\n }\r\n }\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/entity/v1/?topserverip",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"entity",
"v1",
""
],
"query": [
{
"key": "topserverip",
"value": null
}
]
}
},
"response": []
},
{
"name": "Recommend Top SNIs",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"BusinessEngine\",\r\n \"dataSource\":\"session_record\",\r\n \"limit\":\"20000\",\r\n \"parameters\":{\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"common_vsys_id\",\r\n \"fieldValues\": [\r\n 1,2\r\n ]\r\n }\r\n ],\r\n \"intervals\":[\r\n \"{{start_time}}/{{end_time}}\"\r\n ]\r\n }\r\n }\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/entity/v1/?topsni",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"entity",
"v1",
""
],
"query": [
{
"key": "topsni",
"value": null
}
]
}
},
"response": []
},
{
"name": "IMSI to TEID",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"AnalysisEngine\",\r\n \"dataSource\": \"gtpc_knowledge_base\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"regex\",\r\n \"fieldKey\": \"imsi\",\r\n \"fieldValues\": [\r\n \"57051531092359*\",\r\n \"$570415210923520\"\r\n ]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"relation",
"v1",
""
],
"query": [
{
"key": "gtpc",
"value": null
}
]
}
},
"response": []
},
{
"name": "IMEI to TEID",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "\t\r\n{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"AnalysisEngine\",\r\n \"dataSource\":\"gtpc_knowledge_base\",\r\n \"parameters\":{\r\n \"match\":[\r\n {\r\n \"type\":\"regex\",\r\n \"fieldKey\":\"imei\",\r\n \"fieldValues\":[\r\n \"6491009423*\", \"$35491009423782\"\r\n ]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"relation",
"v1",
""
],
"query": [
{
"key": "gtpc",
"value": null
}
]
}
},
"response": []
},
{
"name": "Phone Number to TEID",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "\t\r\n{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"AnalysisEngine\",\r\n \"dataSource\":\"gtpc_knowledge_base\",\r\n \"parameters\":{\r\n \"match\":[\r\n {\r\n \"type\":\"regex\",\r\n \"fieldKey\":\"phone_number\",\r\n \"fieldValues\":[\r\n \"$8613259856152\"\r\n ]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"relation",
"v1",
""
],
"query": [
{
"key": "gtpc",
"value": null
}
]
}
},
"response": []
},
{
"name": "APN to TEID",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "\t\r\n{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"AnalysisEngine\",\r\n \"dataSource\":\"gtpc_knowledge_base\",\r\n \"parameters\":{\r\n \"match\":[\r\n {\r\n \"type\":\"regex\",\r\n \"fieldKey\":\"apn\",\r\n \"fieldValues\":[\r\n \"*335434\", \"$2126345434\"\r\n ]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"relation",
"v1",
""
],
"query": [
{
"key": "gtpc",
"value": null
}
]
}
},
"response": []
},
{
"name": "Top Server IPs Stat",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "urlencoded",
"urlencoded": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/entity?option=topserverip",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"diagnosis",
"entity"
],
"query": [
{
"key": "option",
"value": "topserverip"
}
]
}
},
"response": []
},
{
"name": "Top SNIs Stat",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/entity?option=topsni",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"diagnosis",
"entity"
],
"query": [
{
"key": "option",
"value": "topsni"
}
]
}
},
"response": []
}
],
"event": [
{
"listen": "prerequest",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
},
{
"listen": "test",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
}
]
}
]
},
{
"name": "Tools",
"item": [
{
"name": "ClickHouse",
"item": [
{
"name": "ClickHouse Endpoints",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201; "
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"url": {
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT DISTINCT concat(host_address,':','8123') as endpoint FROM system.clusters FORMAT JSONEachRow;",
"protocol": "http",
"host": [
"{{clickhouse_ip}}"
],
"port": "{{clickhouse_port}}",
"query": [
{
"key": "database",
"value": "{{clickhouse_database}}"
},
{
"key": "user",
"value": "{{clickhouse_user}}"
},
{
"key": "password",
"value": "{{clickhouse_password}}"
},
{
"key": "query",
"value": "SELECT DISTINCT concat(host_address,':','8123') as endpoint FROM system.clusters FORMAT JSONEachRow;"
}
]
}
},
"response": []
},
{
"name": "Total Space",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"url": {
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT SUM(`total_space`)/1024/1024/1024/1024 as TB FROM system.disks_cluster format JSONEachRow",
"protocol": "http",
"host": [
"{{clickhouse_ip}}"
],
"port": "{{clickhouse_port}}",
"query": [
{
"key": "database",
"value": "{{clickhouse_database}}"
},
{
"key": "user",
"value": "{{clickhouse_user}}"
},
{
"key": "password",
"value": "{{clickhouse_password}}"
},
{
"key": "query",
"value": "SELECT SUM(`total_space`)/1024/1024/1024/1024 as TB FROM system.disks_cluster format JSONEachRow"
}
]
}
},
"response": []
},
{
"name": "ClickHouse Tables",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"url": {
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT DISTINCT(name) FROM system.tables_cluster WHERE database = 'tsg_galaxy_v3' AND engine in ('MergeTree','ReplicatedMergeTree') FORMAT JSONEachRow;",
"protocol": "http",
"host": [
"{{clickhouse_ip}}"
],
"port": "{{clickhouse_port}}",
"query": [
{
"key": "database",
"value": "{{clickhouse_database}}"
},
{
"key": "user",
"value": "{{clickhouse_user}}"
},
{
"key": "password",
"value": "{{clickhouse_password}}"
},
{
"key": "query",
"value": "SELECT DISTINCT(name) FROM system.tables_cluster WHERE database = 'tsg_galaxy_v3' AND engine in ('MergeTree','ReplicatedMergeTree') FORMAT JSONEachRow;"
}
]
},
"description": "根据不同的ip查询所有clickhouse的表"
},
"response": []
},
{
"name": "View which settings have been changed from the default",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"url": {
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT\n name,\n value\nFROM system.settings\nWHERE changed FORMAT JSONEachRow",
"protocol": "http",
"host": [
"{{clickhouse_ip}}"
],
"port": "{{clickhouse_port}}",
"query": [
{
"key": "database",
"value": "{{clickhouse_database}}"
},
{
"key": "user",
"value": "{{clickhouse_user}}"
},
{
"key": "password",
"value": "{{clickhouse_password}}"
},
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "SELECT\n name,\n value\nFROM system.settings\nWHERE changed FORMAT JSONEachRow"
}
]
}
},
"response": []
},
{
"name": "Show disk storage, number of parts",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"url": {
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT\n database,\n table,\n partition,\n count() AS parts,\n formatReadableSize(sum(bytes_on_disk)) AS bytes_on_disk, \n formatReadableQuantity(sum(rows)) AS rows,\n sum(marks) AS marks\nFROM system.parts_cluster pc \nWHERE (database != 'system') AND active\nGROUP BY\n database,\n table,\n partition\nORDER BY database ASC FORMAT JSONEachRow",
"protocol": "http",
"host": [
"{{clickhouse_ip}}"
],
"port": "{{clickhouse_port}}",
"query": [
{
"key": "database",
"value": "{{clickhouse_database}}"
},
{
"key": "user",
"value": "{{clickhouse_user}}"
},
{
"key": "password",
"value": "{{clickhouse_password}}"
},
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "SELECT\n database,\n table,\n partition,\n count() AS parts,\n formatReadableSize(sum(bytes_on_disk)) AS bytes_on_disk, \n formatReadableQuantity(sum(rows)) AS rows,\n sum(marks) AS marks\nFROM system.parts_cluster pc \nWHERE (database != 'system') AND active\nGROUP BY\n database,\n table,\n partition\nORDER BY database ASC FORMAT JSONEachRow"
}
]
}
},
"response": []
},
{
"name": "Get the size of all your tables",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"url": {
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=\nSELECT \n\ttable,\n formatReadableSize(sum(bytes)) as size\n FROM system.parts_cluster pc\n WHERE active\nGROUP BY table FORMAT JSONEachRow",
"protocol": "http",
"host": [
"{{clickhouse_ip}}"
],
"port": "{{clickhouse_port}}",
"query": [
{
"key": "database",
"value": "{{clickhouse_database}}"
},
{
"key": "user",
"value": "{{clickhouse_user}}"
},
{
"key": "password",
"value": "{{clickhouse_password}}"
},
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "\nSELECT \n\ttable,\n formatReadableSize(sum(bytes)) as size\n FROM system.parts_cluster pc\n WHERE active\nGROUP BY table FORMAT JSONEachRow"
}
]
}
},
"response": []
},
{
"name": "Row count and average day size of your table",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"url": {
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=\nSELECT\n table, formatReadableSize(size) AS size,\n rows,\n days,\n formatReadableSize(avgDaySize) AS avgDaySize\nFROM\n(\n SELECT\n table,\n sum(bytes) AS size,\n sum(rows) AS rows,\n min(min_date) AS min_date,\n max(max_date) AS max_date,\n max_date - min_date AS days,\n size / (max_date - min_date) AS avgDaySize\n FROM system.parts_cluster pc\n WHERE active\n GROUP BY table\n ORDER BY rows DESC\n) FORMAT JSONEachRow",
"protocol": "http",
"host": [
"{{clickhouse_ip}}"
],
"port": "{{clickhouse_port}}",
"query": [
{
"key": "database",
"value": "{{clickhouse_database}}"
},
{
"key": "user",
"value": "{{clickhouse_user}}"
},
{
"key": "password",
"value": "{{clickhouse_password}}"
},
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "\nSELECT\n table, formatReadableSize(size) AS size,\n rows,\n days,\n formatReadableSize(avgDaySize) AS avgDaySize\nFROM\n(\n SELECT\n table,\n sum(bytes) AS size,\n sum(rows) AS rows,\n min(min_date) AS min_date,\n max(max_date) AS max_date,\n max_date - min_date AS days,\n size / (max_date - min_date) AS avgDaySize\n FROM system.parts_cluster pc\n WHERE active\n GROUP BY table\n ORDER BY rows DESC\n) FORMAT JSONEachRow"
}
]
}
},
"response": []
},
{
"name": "Compression columns percentage",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"url": {
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT\n parts.*,\n columns.compressed_size,\n columns.uncompressed_size,\n columns.compression_ratio,\n columns.compression_percentage\nFROM\n(\n SELECT\n table,\n formatReadableSize(sum(data_uncompressed_bytes)) AS uncompressed_size,\n formatReadableSize(sum(data_compressed_bytes)) AS compressed_size,\n round(sum(data_compressed_bytes) / sum(data_uncompressed_bytes), 3) AS compression_ratio,\n round(100 - ((sum(data_compressed_bytes) * 100) / sum(data_uncompressed_bytes)), 3) AS compression_percentage\n FROM system.columns_cluster cc\n GROUP BY table\n) AS columns\nRIGHT JOIN\n(\n SELECT\n table,\n sum(rows) AS rows,\n max(modification_time) AS latest_modification,\n formatReadableSize(sum(bytes)) AS disk_size,\n formatReadableSize(sum(primary_key_bytes_in_memory)) AS primary_keys_size,\n any(engine) AS engine,\n sum(bytes) AS bytes_size\n FROM system.parts_cluster pc\n WHERE active\n GROUP BY\n database,\n table\n) AS parts ON columns.table = parts.table\nORDER BY parts.bytes_size DESC FORMAT JSONEachRow",
"protocol": "http",
"host": [
"{{clickhouse_ip}}"
],
"port": "{{clickhouse_port}}",
"query": [
{
"key": "database",
"value": "{{clickhouse_database}}"
},
{
"key": "user",
"value": "{{clickhouse_user}}"
},
{
"key": "password",
"value": "{{clickhouse_password}}"
},
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "SELECT\n parts.*,\n columns.compressed_size,\n columns.uncompressed_size,\n columns.compression_ratio,\n columns.compression_percentage\nFROM\n(\n SELECT\n table,\n formatReadableSize(sum(data_uncompressed_bytes)) AS uncompressed_size,\n formatReadableSize(sum(data_compressed_bytes)) AS compressed_size,\n round(sum(data_compressed_bytes) / sum(data_uncompressed_bytes), 3) AS compression_ratio,\n round(100 - ((sum(data_compressed_bytes) * 100) / sum(data_uncompressed_bytes)), 3) AS compression_percentage\n FROM system.columns_cluster cc\n GROUP BY table\n) AS columns\nRIGHT JOIN\n(\n SELECT\n table,\n sum(rows) AS rows,\n max(modification_time) AS latest_modification,\n formatReadableSize(sum(bytes)) AS disk_size,\n formatReadableSize(sum(primary_key_bytes_in_memory)) AS primary_keys_size,\n any(engine) AS engine,\n sum(bytes) AS bytes_size\n FROM system.parts_cluster pc\n WHERE active\n GROUP BY\n database,\n table\n) AS parts ON columns.table = parts.table\nORDER BY parts.bytes_size DESC FORMAT JSONEachRow"
}
]
}
},
"response": []
},
{
"name": "Find queries that are stuck",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT elapsed, initial_user, client_name, hostname(), query_id, query FROM system.processes AS pc ORDER BY elapsed DESC format JSONEachRow",
"protocol": "http",
"host": [
"{{clickhouse_ip}}"
],
"port": "{{clickhouse_port}}",
"query": [
{
"key": "database",
"value": "{{clickhouse_database}}"
},
{
"key": "user",
"value": "{{clickhouse_user}}"
},
{
"key": "password",
"value": "{{clickhouse_password}}"
},
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "SELECT elapsed, initial_user, client_name, hostname(), query_id, query FROM system.processes AS pc ORDER BY elapsed DESC format JSONEachRow"
}
]
}
},
"response": []
},
{
"name": "Errors in SQL Queries",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n initial_query_id,\n type as error_type,\n query_start_time,\n intDiv(query_duration_ms,1000) as query_duration_s ,\n query ,\n exception,\n initial_user ,\n http_user_agent ,\n initial_address\nFROM\n system.query_log_cluster\nwhere\n type IN ('ExceptionBeforeStart', 'ExceptionWhileProcessing')\n and initial_query_id = query_id\n and event_time > (now()-86400)\n and event_time < now()\norder by\n event_time desc\nlimit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "SELECT\n initial_query_id,\n type as error_type,\n query_start_time,\n intDiv(query_duration_ms,1000) as query_duration_s ,\n query ,\n exception,\n initial_user ,\n http_user_agent ,\n initial_address\nFROM\n system.query_log_cluster\nwhere\n type IN ('ExceptionBeforeStart', 'ExceptionWhileProcessing')\n and initial_query_id = query_id\n and event_time > (now()-86400)\n and event_time < now()\norder by\n event_time desc\nlimit 100"
}
]
}
},
"response": []
},
{
"name": "Historical Slow Queries",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n databases,\n initial_query_id ,\n query,\n event_time,\n intDiv(query_duration_ms,1000) as query_duration_s,\n read_rows ,\n read_bytes ,\n initial_user,\n http_user_agent,\n initial_address\n from\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\norder by\n query_duration_ms desc\nlimit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n databases,\n initial_query_id ,\n query,\n event_time,\n intDiv(query_duration_ms,1000) as query_duration_s,\n read_rows ,\n read_bytes ,\n initial_user,\n http_user_agent,\n initial_address\n from\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\norder by\n query_duration_ms desc\nlimit 100"
}
]
}
},
"response": []
},
{
"name": "Most Frequent Query Columns",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n arrayJoin(columns) as used_columns,\n count() as columns_num\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\ngroup by\n used_columns\norder by\n columns_num desc\nlimit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n arrayJoin(columns) as used_columns,\n count() as columns_num\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\ngroup by\n used_columns\norder by\n columns_num desc\nlimit 100"
}
]
}
},
"response": []
},
{
"name": "Aggregate Queries Latency Statistics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n intDiv(max(query_duration_ms),1000) as max_query_duration_s,\n QUANTILE(query_duration_ms, 0.95)/1000 as p95_query_duration_s, \n max(read_rows) ,\n anyLast(http_user_agent) as last_http_user_agent,\n used_aggregate_functions,\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_query_duration_s desc\nlimit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n intDiv(max(query_duration_ms),1000) as max_query_duration_s,\n QUANTILE(query_duration_ms, 0.95)/1000 as p95_query_duration_s, \n max(read_rows) ,\n anyLast(http_user_agent) as last_http_user_agent,\n used_aggregate_functions,\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_query_duration_s desc\nlimit 100"
}
]
}
},
"response": []
},
{
"name": "Aggregate Queries Resource Usage Statistics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n toInt64(avg(memory_usage))/1024/1024 as avg_memory_MB,\n used_aggregate_functions,\navg(ProfileEvents%5B'FileOpen'%5D)%20as%20FileOpen%2C%0A%20%20%20%20avg(ProfileEvents%5B'DiskReadElapsedMicroseconds'%5D)%2F1000000%20as%20DiskRead_s%2C\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id != query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_memory_MB desc\nlimit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n toInt64(avg(memory_usage))/1024/1024 as avg_memory_MB,\n used_aggregate_functions,\navg(ProfileEvents%5B'FileOpen'%5D)%20as%20FileOpen%2C%0A%20%20%20%20avg(ProfileEvents%5B'DiskReadElapsedMicroseconds'%5D)%2F1000000%20as%20DiskRead_s%2C\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id != query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_memory_MB desc\nlimit 100"
}
]
}
},
"response": []
},
{
"name": "Top 10 Queries using the most CPU and memory",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n type,\n event_time,\n initial_query_id,\n formatReadableSize(memory_usage) AS memory,\n %60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'UserTimeMicroseconds')%5D%20AS%20userCPU%2C%0A%20%20%20%20%60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'SystemTimeMicroseconds')%5D%20AS%20systemCPU%2C\n normalizedQueryHash(query) AS normalized_query_hash\nFROM system.query_log_cluster where query_start_time>(now()-86400)\nORDER BY memory_usage DESC\nLIMIT 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "SELECT\n type,\n event_time,\n initial_query_id,\n formatReadableSize(memory_usage) AS memory,\n %60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'UserTimeMicroseconds')%5D%20AS%20userCPU%2C%0A%20%20%20%20%60ProfileEvents.Values%60%5BindexOf(%60ProfileEvents.Names%60%2C%20'SystemTimeMicroseconds')%5D%20AS%20systemCPU%2C\n normalizedQueryHash(query) AS normalized_query_hash\nFROM system.query_log_cluster where query_start_time>(now()-86400)\nORDER BY memory_usage DESC\nLIMIT 10"
}
]
}
},
"response": []
}
]
},
{
"name": "Apache Druid",
"item": [
{
"name": "used_size",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\r\n \"query\": \"SELECT SUM(curr_size)/1024/1024/1024 AS curr_size_GB FROM sys.servers WHERE server_type = 'historical'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
"protocol": "http",
"host": [
"{{druid_ip}}"
],
"port": "{{druid_port}}",
"path": [
"druid",
"v2",
"sql"
]
}
},
"response": []
},
{
"name": "max_size",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\r\n \"query\": \"SELECT SUM(max_size)/1024/1024/1024 AS max_size_GB FROM sys.servers WHERE server_type = 'historical'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
"protocol": "http",
"host": [
"{{druid_ip}}"
],
"port": "{{druid_port}}",
"path": [
"druid",
"v2",
"sql"
]
}
},
"response": []
},
{
"name": "Report and Metrics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\"query\":\"SELECT used_size/1024/1024/1024 as used_size_GB FROM sys_storage_log WHERE log_type = 'Report and Metrics' ORDER BY __time DESC LIMIT 1\",\"context\":{\"skipEmptyBuckets\":\"false\"},\"resultFormat\":\"object\"}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
"protocol": "http",
"host": [
"{{druid_ip}}"
],
"port": "{{druid_port}}",
"path": [
"druid",
"v2",
"sql"
]
}
},
"response": []
},
{
"name": "The Latest Ingestion Date for Druid",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\"query\":\"SELECT version FROM sys.segments WHERE version LIKE '2%' ORDER BY version DESC LIMIT 1\"}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
"protocol": "http",
"host": [
"{{druid_ip}}"
],
"port": "{{druid_port}}",
"path": [
"druid",
"v2",
"sql"
]
}
},
"response": []
},
{
"name": "The Earliest Ingestion Date for Druid",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\r\n \"query\": \"SELECT \\\"start\\\" FROM sys.segments order by \\\"start\\\" limit 1\"\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
"protocol": "http",
"host": [
"{{druid_ip}}"
],
"port": "{{druid_port}}",
"path": [
"druid",
"v2",
"sql"
]
}
},
"response": []
},
{
"name": "Druid Tables",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\r\n \"query\": \"SELECT datasource FROM sys.tasks group by datasource\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
"protocol": "http",
"host": [
"{{druid_ip}}"
],
"port": "{{druid_port}}",
"path": [
"druid",
"v2",
"sql"
]
}
},
"response": []
}
]
},
{
"name": "Unified Query Gateway",
"item": [
{
"name": "TopK Query with RBO",
"item": [
{
"name": "Standard Group By (Optimized)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as median_byte_num,min(common_c2s_byte_num) as min_byte_num,sum(common_c2s_byte_num+common_s2c_byte_num) as bytes FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as median_byte_num,min(common_c2s_byte_num) as min_byte_num,sum(common_c2s_byte_num+common_s2c_byte_num) as bytes FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100"
}
]
}
},
"response": []
},
{
"name": "Sub Query (Optimized)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip ,\n\tcount,\n\tnum\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip ,\n\t\tcount(*) AS count,\n\t\tmedian(common_c2s_byte_num) as num\n\tFROM\n\t\ttsg_galaxy_v3.session_record AS session_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tGROUP BY\n\t\tcommon_server_ip\n\tORDER BY\n\t\tcount DESC\n\tLIMIT 100) \n\torder by num desc \n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\tcommon_server_ip ,\n\tcount,\n\tnum\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip ,\n\t\tcount(*) AS count,\n\t\tmedian(common_c2s_byte_num) as num\n\tFROM\n\t\ttsg_galaxy_v3.session_record AS session_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tGROUP BY\n\t\tcommon_server_ip\n\tORDER BY\n\t\tcount DESC\n\tLIMIT 100) \n\torder by num desc \n"
}
]
}
},
"response": []
},
{
"name": "Aggregate Function not Alias(Optimized)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) as count, median(common_c2s_byte_num) FROM session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "SELECT common_server_ip ,count(*) as count, median(common_c2s_byte_num) FROM session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100"
}
]
}
},
"response": []
},
{
"name": "Sub Query Not Order by(Not Optimized)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip ,\n\tcount,\n\tnum\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip ,\n\t\tcount(*) AS count,\n\t\tmedian(common_c2s_byte_num) as num\n\tFROM\n\t\ttsg_galaxy_v3.session_record AS session_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tGROUP BY\n\t\tcommon_server_ip) \n\torder by num desc limit 100\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\tcommon_server_ip ,\n\tcount,\n\tnum\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip ,\n\t\tcount(*) AS count,\n\t\tmedian(common_c2s_byte_num) as num\n\tFROM\n\t\ttsg_galaxy_v3.session_record AS session_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tGROUP BY\n\t\tcommon_server_ip) \n\torder by num desc limit 100\n"
}
]
}
},
"response": []
},
{
"name": "Order by with Aggregate Function(Not Optimized)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as num FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY sum(common_sessions) DESC LIMIT 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as num FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY sum(common_sessions) DESC LIMIT 100"
}
]
}
},
"response": []
},
{
"name": "Not Support Function(Not Optimized)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) AS count, uniq(common_client_ip) as client_ips FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "SELECT common_server_ip ,count(*) AS count, uniq(common_client_ip) as client_ips FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100"
}
]
}
},
"response": []
},
{
"name": "Not Order By(Not Optimized)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as num FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip LIMIT 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as num FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip LIMIT 100"
}
]
}
},
"response": []
}
]
},
{
"name": "Nested Subqueries For Advanced Query",
"item": [
{
"name": "Top frequent elements in Long(Bit)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\titem,\n\tsum(count) as count\nfrom\n\t(\n\tselect\n\t\tarrayJoin(items) as item,\n\t\tcount\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tbitmaskToArray(common_flags) as items,\n\t\t\tcount(*) as count\n\t\tfrom\n\t\t\tsession_record as sr\n\t\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tgroup by\n\t\t\tcommon_flags\n))\ngroup by\n\titem\norder by\n\tcount desc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select\n\titem,\n\tsum(count) as count\nfrom\n\t(\n\tselect\n\t\tarrayJoin(items) as item,\n\t\tcount\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tbitmaskToArray(common_flags) as items,\n\t\t\tcount(*) as count\n\t\tfrom\n\t\t\tsession_record as sr\n\t\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tgroup by\n\t\t\tcommon_flags\n))\ngroup by\n\titem\norder by\n\tcount desc"
}
]
}
},
"response": []
},
{
"name": "Top frequent elements in String(Array)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n item,\n sum(count) as count\nfrom\n (\n select\n arrayJoin(items) as item,\n count\n from\n (\n \n select\n splitByString('.',common_protocol_label) as items,\n count(*) as count\n from\n session_record as sr\n where \n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and notEmpty(common_protocol_label)\n group by common_protocol_label ))\ngroup by\n item\norder by\n count desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select\n item,\n sum(count) as count\nfrom\n (\n select\n arrayJoin(items) as item,\n count\n from\n (\n \n select\n splitByString('.',common_protocol_label) as items,\n count(*) as count\n from\n session_record as sr\n where \n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and notEmpty(common_protocol_label)\n group by common_protocol_label ))\ngroup by\n item\norder by\n count desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Top frequent elements in Array",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n item,\n sum(count) as count\nfrom\n (\n select\n arrayJoin(items) as item,\n count\n from\n (\n \n select\n common_service_category as items,\n count(*) as count\n from\n session_record as sr\n where \n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and notEmpty(common_service_category)\n group by common_service_category ))\ngroup by\n item\norder by\n count desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select\n item,\n sum(count) as count\nfrom\n (\n select\n arrayJoin(items) as item,\n count\n from\n (\n \n select\n common_service_category as items,\n count(*) as count\n from\n session_record as sr\n where \n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and notEmpty(common_service_category)\n group by common_service_category ))\ngroup by\n item\norder by\n count desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "Nested Json Parser by App ID",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\tcommon_app_id,\n\tJSONExtract(common_app_id, 'Tuple(UNKNOWN Nested(app_name String, app_id UInt32),THIRD Nested(app_name String, app_id UInt32),USER_DEFINE Nested(app_name String, app_id UInt32) )') as parsed_json,\n\ttupleElement(tupleElement(parsed_json,'THIRD'),'app_name') THIRD_app_name,\n\ttupleElement(tupleElement(parsed_json,'USER_DEFINE'),'app_name') USER_DEFINE_app_name\nfrom\n\tsession_record sr\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') \n\tand notEmpty(common_app_id)\n\tand has(THIRD_app_name,'ssl')\ngroup by\n\tcommon_app_id",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select\n\tcommon_app_id,\n\tJSONExtract(common_app_id, 'Tuple(UNKNOWN Nested(app_name String, app_id UInt32),THIRD Nested(app_name String, app_id UInt32),USER_DEFINE Nested(app_name String, app_id UInt32) )') as parsed_json,\n\ttupleElement(tupleElement(parsed_json,'THIRD'),'app_name') THIRD_app_name,\n\ttupleElement(tupleElement(parsed_json,'USER_DEFINE'),'app_name') USER_DEFINE_app_name\nfrom\n\tsession_record sr\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') \n\tand notEmpty(common_app_id)\n\tand has(THIRD_app_name,'ssl')\ngroup by\n\tcommon_app_id"
}
]
}
},
"response": []
}
]
},
{
"name": "Federation Query by Calcite",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select * from (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT1h','zero')) as stat_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time limit 10000) limit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select * from (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT1h','zero')) as stat_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time limit 10000) limit 10"
}
]
}
},
"response": []
},
{
"name": "TIME FLOOR WITH FILL(UDF)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT30m','zero')) as stat_time, count(*) as count from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time limit 10000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT30m','zero')) as stat_time, count(*) as count from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time limit 10000"
}
]
}
},
"response": []
},
{
"name": "IP Lookup(UDF)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_server_ip, IP_TO_GEO(common_server_ip) as geo,IP_TO_COUNTRY(common_server_ip) as country, IP_TO_CITY(common_server_ip) as city,IP_TO_ASN(common_server_ip) as as_number ,IP_TO_ASN_ORG(common_server_ip) as as_name from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') limit 50",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select common_server_ip, IP_TO_GEO(common_server_ip) as geo,IP_TO_COUNTRY(common_server_ip) as country, IP_TO_CITY(common_server_ip) as city,IP_TO_ASN(common_server_ip) as as_number ,IP_TO_ASN_ORG(common_server_ip) as as_name from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') limit 50"
}
]
}
},
"response": []
}
]
},
{
"name": "HOS",
"item": [
{
"name": "All Buckets",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [
{
"key": "Token",
"type": "text",
"value": "{{hos_token}}"
}
],
"url": {
"raw": "http://{{hos_ip}}:{{hos_port}}/hos/",
"protocol": "http",
"host": [
"{{hos_ip}}"
],
"port": "{{hos_port}}",
"path": [
"hos",
""
],
"query": [
{
"key": "AccessKey",
"value": "default",
"disabled": true
}
]
}
},
"response": []
},
{
"name": "Get Objects",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [
{
"key": "Token",
"type": "text",
"value": "{{hos_token}}"
}
],
"url": {
"raw": "http://{{hos_ip}}:{{hos_port}}/hos/firewall_hos_bucket/?max-keys=10",
"protocol": "http",
"host": [
"{{hos_ip}}"
],
"port": "{{hos_port}}",
"path": [
"hos",
"firewall_hos_bucket",
""
],
"query": [
{
"key": "AccessKey",
"value": "default",
"disabled": true
},
{
"key": "max-keys",
"value": "10"
}
]
}
},
"response": []
},
{
"name": "Get Object Metadata",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [
{
"key": "Token",
"type": "text",
"value": "{{hos_token}}"
}
],
"url": {
"raw": "http://{{hos_ip}}:{{hos_port}}/hos/default/galaxy-hos.txt?metadata=",
"protocol": "http",
"host": [
"{{hos_ip}}"
],
"port": "{{hos_port}}",
"path": [
"hos",
"default",
"galaxy-hos.txt"
],
"query": [
{
"key": "metadata",
"value": ""
},
{
"key": "AccessKey",
"value": "default",
"disabled": true
}
]
}
},
"response": []
},
{
"name": "Get a File",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [
{
"key": "Token",
"type": "text",
"value": "{{hos_token}}"
}
],
"url": {
"raw": "http://{{hos_ip}}:{{hos_port}}/hos/default/galaxy-hos.txt",
"protocol": "http",
"host": [
"{{hos_ip}}"
],
"port": "{{hos_port}}",
"path": [
"hos",
"default",
"galaxy-hos.txt"
],
"query": [
{
"key": "AccessKey",
"value": "default",
"disabled": true
}
]
}
},
"response": []
}
]
},
{
"name": "Execute SQL",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) from session_record",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select count(*) from session_record"
}
]
}
},
"response": []
},
{
"name": "SQL Syntax Validation",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?option=syntax-validation&query=SELECT\n\tsum(\"Sessions\") AS \"Sessions\",\n\tsum(\"Client IP\") AS \"Client IP\",\n\tsum(\"Server IP\") AS \"Server IP\"\nFROM\n\t(\n\tSELECT\n\t\tssl_sni AS \"SSL.SNI\",\n\t\tcount(common_client_ip) AS \"Client IP\",\n\t\tcount(common_server_ip) AS \"Server IP\",\n\t\tcount(common_sessions) AS \"Sessions\"\n\tFROM\n\t\t(\n\t\tSELECT\n\t\t\t*\n\t\tFROM\n\t\t\ttsg_galaxy_v3.security_event\n\t\tLIMIT 100) AS security_event\n\tWHERE\n\t\t1 = 1\n\t\tAND ((common_policy_id = 121040))\n\t\tOR 1 = 1\n\tGROUP BY\n\t\t\"SSL.SNI\")\nORDER BY\n\t\"Sessions\" DESC,\n\t\"Client IP\" DESC,\n\t\"Server IP\" DESC\nLIMIT 50 ",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "option",
"value": "syntax-validation"
},
{
"key": "query",
"value": "SELECT\n\tsum(\"Sessions\") AS \"Sessions\",\n\tsum(\"Client IP\") AS \"Client IP\",\n\tsum(\"Server IP\") AS \"Server IP\"\nFROM\n\t(\n\tSELECT\n\t\tssl_sni AS \"SSL.SNI\",\n\t\tcount(common_client_ip) AS \"Client IP\",\n\t\tcount(common_server_ip) AS \"Server IP\",\n\t\tcount(common_sessions) AS \"Sessions\"\n\tFROM\n\t\t(\n\t\tSELECT\n\t\t\t*\n\t\tFROM\n\t\t\ttsg_galaxy_v3.security_event\n\t\tLIMIT 100) AS security_event\n\tWHERE\n\t\t1 = 1\n\t\tAND ((common_policy_id = 121040))\n\t\tOR 1 = 1\n\tGROUP BY\n\t\t\"SSL.SNI\")\nORDER BY\n\t\"Sessions\" DESC,\n\t\"Client IP\" DESC,\n\t\"Server IP\" DESC\nLIMIT 50 "
}
]
}
},
"response": []
},
{
"name": "SQL Syntax Parse",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?option=syntax-parse&query=select common_client_ip from session_record",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "option",
"value": "syntax-parse"
},
{
"key": "query",
"value": "select common_client_ip from session_record"
}
]
}
},
"response": []
},
{
"name": "SQL Explain",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=explain select\n\tmin(duration) min,\n\tmedian(duration) as median,avg(duration) as avg, round(QUANTILE(duration,0.8),2) as p80,\n\tround(QUANTILE(duration,0.95),2) as p95,\n\tround(QUANTILE(duration,0.99),2) as p99,\n max(duration) as max\n\t\nfrom\n\t(\n\tselect\n\t\t(common_processing_time-common_recv_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP(now())-86400 and common_recv_time<UNIX_TIMESTAMP(now()) )",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "explain select\n\tmin(duration) min,\n\tmedian(duration) as median,avg(duration) as avg, round(QUANTILE(duration,0.8),2) as p80,\n\tround(QUANTILE(duration,0.95),2) as p95,\n\tround(QUANTILE(duration,0.99),2) as p99,\n max(duration) as max\n\t\nfrom\n\t(\n\tselect\n\t\t(common_processing_time-common_recv_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP(now())-86400 and common_recv_time<UNIX_TIMESTAMP(now()) )"
}
]
},
"description": "执行计划返回结果进行Base64转码\n* OriginalSQL 输入的原始SQL\n* transformedSQL 查询网关优化后SQL\n可通过echo \"YWJjCg==\" | base64 -D 解码"
},
"response": []
},
{
"name": "Describe Table",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=describe session_record",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "describe session_record"
}
]
}
},
"response": []
},
{
"name": "Schema of Log Type",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/session_record",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"metadata",
"schema",
"v1",
"fields",
"session_record"
]
}
},
"response": []
},
{
"name": "SQL Benchmark",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/runSql?option=validation",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"diagnosis",
"runSql"
],
"query": [
{
"key": "option",
"value": "validation"
}
]
}
},
"response": []
},
{
"name": "Knowledge Bases Lists",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge_base/v1",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
"knowledge_base",
"v1"
]
}
},
"response": []
}
]
},
{
"name": "Others",
"item": [
{
"name": "Reporting Dashboards",
"item": [
{
"name": "Traffic Summary",
"item": [
{
"name": "Throughput of Traffic Metrics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(in_pkts + out_pkts)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(in_bytes + out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(closed_sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\ttraffic_general_stat\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(in_pkts + out_pkts)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(in_bytes + out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(closed_sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\ttraffic_general_stat\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time"
}
]
}
},
"response": []
},
{
"name": "Throughput of Protocol Metrics",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(in_pkts + out_pkts)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(in_bytes + out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\tapplication_protocol_stat\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and protocol_stack_id='ETHERNET'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(in_pkts + out_pkts)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(in_bytes + out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\tapplication_protocol_stat\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and protocol_stack_id='ETHERNET'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time"
}
]
}
},
"response": []
},
{
"name": "Throughput of closed sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\n\tround(SUM(common_c2s_pkt_num + common_s2c_pkt_num)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_num + common_s2c_byte_num)/1024/1024/1024,2) as bytes_GB,\n\tround(SUM(common_sessions)/1000/1000,2) as sessions_M\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\t",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\n\tround(SUM(common_c2s_pkt_num + common_s2c_pkt_num)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_num + common_s2c_byte_num)/1024/1024/1024,2) as bytes_GB,\n\tround(SUM(common_sessions)/1000/1000,2) as sessions_M\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\t"
}
]
}
},
"response": []
},
{
"name": "Throughput of interim sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select stat_time, sum(packets_M) as packets_M, sum(bytes_GB) as byets_GB from (SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\tunion all SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tinterim_session_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time) group by stat_time order by stat_time\t",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select stat_time, sum(packets_M) as packets_M, sum(bytes_GB) as byets_GB from (SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\tunion all SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tinterim_session_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time) group by stat_time order by stat_time\t"
}
]
}
},
"response": []
},
{
"name": "ClickHouse Uncategorized Traffic",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT round(SUM(common_c2s_byte_num+common_s2c_byte_num)/1024/1024,2) as uncategorized_bytes_mb FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') AND common_app_label= 'unknown'",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "SELECT round(SUM(common_c2s_byte_num+common_s2c_byte_num)/1024/1024,2) as uncategorized_bytes_mb FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') AND common_app_label= 'unknown'"
}
]
}
},
"response": []
}
]
},
{
"name": "Duplicate logs Assessment",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1)",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1)"
}
]
}
},
"response": []
},
{
"name": "Traffic Summary for Reporting",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select \n COUNT(DISTINCT(device_id)) as device_num,\n sum(sum_bytes) as total_bytes_transferred,\n sum(sum_pkts) as total_packets_transferred,\n sum(sum_sessions) as total_new_sessions ,\n sum(sum_closed_sessions) as total_closed_sessions,\n sum(sum_sessions)/86400 as avg_new_sessions_per_second,\n sum(sum_bytes)*8/86400as avg_bits_per_second,\n sum(sum_pkts)/86400 as avg_packets_per_second,\n sum(avg_active_sessions) as avg_active_sessions,\n round(CASE WHEN sum(sum_closed_sessions) = 0 THEN 0 ELSE sum(sum_asymmetric_flows) * 1.0 / sum(sum_closed_sessions) END, 4) * 100 as percent_asymmetric_flows\n from\n ( select\n device_id,\n vsys_id,\n sum(in_bytes + out_bytes) as sum_bytes,\n sum(in_pkts + out_pkts) as sum_pkts,\n sum(sessions) as sum_sessions,\n sum(closed_sessions) as sum_closed_sessions,\n avg(active_sessions) as avg_active_sessions,\n sum(asymmetric_c2s_flows+asymmetric_s2c_flows) as sum_asymmetric_flows\n from \n traffic_general_stat \n where\n __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by\n device_id, vsys_id\n ) ",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select \n COUNT(DISTINCT(device_id)) as device_num,\n sum(sum_bytes) as total_bytes_transferred,\n sum(sum_pkts) as total_packets_transferred,\n sum(sum_sessions) as total_new_sessions ,\n sum(sum_closed_sessions) as total_closed_sessions,\n sum(sum_sessions)/86400 as avg_new_sessions_per_second,\n sum(sum_bytes)*8/86400as avg_bits_per_second,\n sum(sum_pkts)/86400 as avg_packets_per_second,\n sum(avg_active_sessions) as avg_active_sessions,\n round(CASE WHEN sum(sum_closed_sessions) = 0 THEN 0 ELSE sum(sum_asymmetric_flows) * 1.0 / sum(sum_closed_sessions) END, 4) * 100 as percent_asymmetric_flows\n from\n ( select\n device_id,\n vsys_id,\n sum(in_bytes + out_bytes) as sum_bytes,\n sum(in_pkts + out_pkts) as sum_pkts,\n sum(sessions) as sum_sessions,\n sum(closed_sessions) as sum_closed_sessions,\n avg(active_sessions) as avg_active_sessions,\n sum(asymmetric_c2s_flows+asymmetric_s2c_flows) as sum_asymmetric_flows\n from \n traffic_general_stat \n where\n __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by\n device_id, vsys_id\n ) "
}
]
}
},
"response": []
},
{
"name": "Traffic in Bits/s for Reporting",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) \norder by stat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_in_bytes)*8/30 as avg_in_bits_per_sec,\n avg(sum_out_bytes)*8/30 as avg_out_bits_per_sec,\n avg(sum_bytes)*8/30 as avg_bits_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(in_bytes) as sum_in_bytes,\n sum(out_bytes) as sum_out_bytes,\n sum(in_bytes + out_bytes) as sum_bytes\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) \norder by stat_time asc\nlimit 1000"
}
]
}
},
"response": []
},
{
"name": "New Sessions/s for Reporting",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_sessions)/30 as avg_sessions_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(sessions) as sum_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero')) as stat_time ,\n avg(sum_sessions)/30 as avg_sessions_per_sec\nfrom\n (\n select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) as stat_time,\n sum(sessions) as sum_sessions\n from\n traffic_general_stat\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}'\n and vsys_id in (1,2,3,4,5)\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')))\ngroup by\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT30S', 'zero'))\norder by stat_time asc\nlimit 1000"
}
]
}
},
"response": []
},
{
"name": "Traffic by Session Records",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\t{{PT30S_RECV_TIME}} as stat_time,\n\tround(sum(common_c2s_byte_num)*8/30/1000/1000,2) as Bytes_Sent_Mbps,\n\tround(sum(common_s2c_byte_num)*8/30/1000/1000,2) as Bytes_Received_Mbps,\n\tround(sum(common_c2s_byte_num + common_s2c_byte_num)*8/30/1000/1000,2) as Mbps,\n\tround(sum(common_c2s_pkt_num + common_s2c_pkt_num)/30/1000,2) as Kpps,\n\tround(sum(common_sessions)/30/1000,2) as \"Ksessions/s\"\nfrom\n\tsession_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\tstat_time\norder by\n\tstat_time asc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n\t{{PT30S_RECV_TIME}} as stat_time,\n\tround(sum(common_c2s_byte_num)*8/30/1000/1000,2) as Bytes_Sent_Mbps,\n\tround(sum(common_s2c_byte_num)*8/30/1000/1000,2) as Bytes_Received_Mbps,\n\tround(sum(common_c2s_byte_num + common_s2c_byte_num)*8/30/1000/1000,2) as Mbps,\n\tround(sum(common_c2s_pkt_num + common_s2c_pkt_num)/30/1000,2) as Kpps,\n\tround(sum(common_sessions)/30/1000,2) as \"Ksessions/s\"\nfrom\n\tsession_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\tstat_time\norder by\n\tstat_time asc"
}
]
}
},
"response": []
},
{
"name": "Asymmetric Traffic",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select {{Last 5 Minutes Start}} as start_time, {{now}} as end_time, sum(common_sessions) as sessions,\n sum(if(common_stream_dir <> 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select {{Last 5 Minutes Start}} as start_time, {{now}} as end_time, sum(common_sessions) as sessions,\n sum(if(common_stream_dir <> 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n"
}
]
}
},
"response": []
},
{
"name": "Uniq Client IPs For pinning",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\tstat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\t(\n\tselect\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time, \n\t\tcommon_client_ip, \n\t\tcount(*) as hits\n\tfrom\n\t\tproxy_event\n\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and\n\t\tcommon_action = 2\n\t\tand intercept_pinning_status = 0\n\tgroup by\n\t\tstat_time, common_client_ip\n\thaving\n\t\thits > 10 )\ngroup by\n\tstat_time\norder by\n\tstat_time",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select\n\tstat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\t(\n\tselect\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time, \n\t\tcommon_client_ip, \n\t\tcount(*) as hits\n\tfrom\n\t\tproxy_event\n\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and\n\t\tcommon_action = 2\n\t\tand intercept_pinning_status = 0\n\tgroup by\n\t\tstat_time, common_client_ip\n\thaving\n\t\thits > 10 )\ngroup by\n\tstat_time\norder by\n\tstat_time"
}
]
}
},
"response": []
},
{
"name": "Top frequent elements in Flags(With Label)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select \n\t flag,\n\t sum(sessions) as sessions\n\tfrom (\n\t\tselect \n\t\t arrayJoin(array(\n\t\t\t if(bitAnd(common_flags, 1)= 1, 'Asymmetric', ''),\n\t\t\t if(bitAnd(common_flags, 2)= 2, 'Bulky', ''),\n\t\t\t if(bitAnd(common_flags, 4)= 4, 'CBR Streaming', ''),\n\t\t\t if(bitAnd(common_flags, 8)= 8, 'Client is Local', ''),\n\t\t\t if(bitAnd(common_flags, 16)= 16, 'Server is Local', ''),\n\t\t\t if(bitAnd(common_flags, 32)= 32, 'Download', ''),\n\t\t\t if(bitAnd(common_flags, 64)= 64, 'Interactive', ''),\n\t\t\t if(bitAnd(common_flags, 128)= 128, 'Inbound', ''),\n\t\t\t if(bitAnd(common_flags, 256)= 256, 'Outbound', ''),\n\t\t\t if(bitAnd(common_flags, 512)= 512, 'Pseudo Unidirectional', ''),\n\t\t\t if(bitAnd(common_flags, 1024)= 1024, 'Streaming', ''),\n\t\t\t if(bitAnd(common_flags, 2048)= 2048, 'Unidirectional', ''),\n\t\t\t if(bitAnd(common_flags, 4096)= 4096, 'Random looking', ''), \n\t\t\t if(bitAnd(common_flags, 8192)= 8192, 'C2S', ''), \n\t\t\t if(bitAnd(common_flags, 16384)= 16384, 'S2C', ''), if(bitAnd(common_flags, 32768)= 32768, 'Bidirectional', ''), \n\t\t\t if(common_flags=0, 'N/A', '')\n\t\t\t )) as flag , bytes, packets, sessions\n\t\t\t from (\n\t\t\t\n\t\tselect\n\t\t\t\tcommon_flags,\n\t\t\t\tcount(*) as sessions,\n\t\t\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t\t\tsum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\n\t\t\tfrom\n\t\t\t\tsession_record as sr\n\t\t\twhere\n\t\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tgroup by\n\t\t\t\tcommon_flags )\n\t ) where notEmpty(flag) group by flag order by sessions desc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select \n\t flag,\n\t sum(sessions) as sessions\n\tfrom (\n\t\tselect \n\t\t arrayJoin(array(\n\t\t\t if(bitAnd(common_flags, 1)= 1, 'Asymmetric', ''),\n\t\t\t if(bitAnd(common_flags, 2)= 2, 'Bulky', ''),\n\t\t\t if(bitAnd(common_flags, 4)= 4, 'CBR Streaming', ''),\n\t\t\t if(bitAnd(common_flags, 8)= 8, 'Client is Local', ''),\n\t\t\t if(bitAnd(common_flags, 16)= 16, 'Server is Local', ''),\n\t\t\t if(bitAnd(common_flags, 32)= 32, 'Download', ''),\n\t\t\t if(bitAnd(common_flags, 64)= 64, 'Interactive', ''),\n\t\t\t if(bitAnd(common_flags, 128)= 128, 'Inbound', ''),\n\t\t\t if(bitAnd(common_flags, 256)= 256, 'Outbound', ''),\n\t\t\t if(bitAnd(common_flags, 512)= 512, 'Pseudo Unidirectional', ''),\n\t\t\t if(bitAnd(common_flags, 1024)= 1024, 'Streaming', ''),\n\t\t\t if(bitAnd(common_flags, 2048)= 2048, 'Unidirectional', ''),\n\t\t\t if(bitAnd(common_flags, 4096)= 4096, 'Random looking', ''), \n\t\t\t if(bitAnd(common_flags, 8192)= 8192, 'C2S', ''), \n\t\t\t if(bitAnd(common_flags, 16384)= 16384, 'S2C', ''), if(bitAnd(common_flags, 32768)= 32768, 'Bidirectional', ''), \n\t\t\t if(common_flags=0, 'N/A', '')\n\t\t\t )) as flag , bytes, packets, sessions\n\t\t\t from (\n\t\t\t\n\t\tselect\n\t\t\t\tcommon_flags,\n\t\t\t\tcount(*) as sessions,\n\t\t\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t\t\tsum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\n\t\t\tfrom\n\t\t\t\tsession_record as sr\n\t\t\twhere\n\t\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tgroup by\n\t\t\t\tcommon_flags )\n\t ) where notEmpty(flag) group by flag order by sessions desc"
}
]
}
},
"response": []
},
{
"name": "Top frequent elements in Flags",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\titem,sum(count) as count\nfrom\n\t(\n\tselect\n\t\tarrayJoin(items) as item,\tcount from\n\t\t(\n\t\tselect\n\t\t\tbitmaskToArray(common_flags) as items,count(*) as count\n\t\tfrom session_record as sr where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tgroup by common_flags\n))\ngroup by item\norder by count desc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select\n\titem,sum(count) as count\nfrom\n\t(\n\tselect\n\t\tarrayJoin(items) as item,\tcount from\n\t\t(\n\t\tselect\n\t\t\tbitmaskToArray(common_flags) as items,count(*) as count\n\t\tfrom session_record as sr where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tgroup by common_flags\n))\ngroup by item\norder by count desc"
}
]
}
},
"response": []
},
{
"name": "Top frequent elements in FQDN Category",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\titem,\n\tsum(count) as count\nfrom\n\t(\n\tselect\n\t\tarrayJoin(items) as item,\n\t\tcount\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tcommon_service_category as items,\n\t\t\tcount(*) as count\n\t\tfrom\n\t\t\tsession_record sr\n\t\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and notEmpty(common_service_category) group by common_service_category \n))\ngroup by\n\titem\norder by\n\tcount desc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select\n\titem,\n\tsum(count) as count\nfrom\n\t(\n\tselect\n\t\tarrayJoin(items) as item,\n\t\tcount\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tcommon_service_category as items,\n\t\t\tcount(*) as count\n\t\tfrom\n\t\t\tsession_record sr\n\t\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and notEmpty(common_service_category) group by common_service_category \n))\ngroup by\n\titem\norder by\n\tcount desc"
}
]
}
},
"response": []
},
{
"name": "Flags Percentile",
"event": [
{
"listen": "test",
"script": {
"exec": [
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=\n\tselect \n\t sum(sessions) as total_sessions,\n\t round(sum(if(bitAnd(common_flags, 1)= 1, sessions, 0))/total_sessions,4) as \"Asymmetric \",\n\t round(sum(if(bitAnd(common_flags, 2)= 2, sessions, 0))/ total_sessions,4) as \"Bulky\",\n\t round(sum(if(bitAnd(common_flags, 4)= 4, sessions, 0))/total_sessions,4) as \"CBR Streaming\",\n\t round(sum(if(bitAnd(common_flags, 8)= 8, sessions, 0))/total_sessions,4) as \"Client is Local\",\n\t round(sum(if(bitAnd(common_flags, 16)= 16, sessions, 0))/total_sessions,4) as \"Server is Local\",\n\t round(sum(if(bitAnd(common_flags, 32)= 32, sessions, 0))/total_sessions,4) as \"Download\",\n\t round(sum(if(bitAnd(common_flags, 64)= 64, sessions, 0))/total_sessions,4) as \"Interactive\",\n\t round(sum(if(bitAnd(common_flags, 128)= 128, sessions, 0))/total_sessions,4) as \"Inbound\",\n\t round(sum(if(bitAnd(common_flags, 256)= 256, sessions, 0))/total_sessions,4) as \"Outbound\",\n\t round(sum(if(bitAnd(common_flags, 512)= 512, sessions, 0))/total_sessions,4) as \"Pseudo Unidirectional\",\n\t round(sum(if(bitAnd(common_flags, 1024)= 1024, sessions, 0))/total_sessions,4) as \"Streaming\",\n\t round(sum(if(bitAnd(common_flags, 2048)= 2048, sessions, 0))/total_sessions,4) as \"Unidirectional\",\n\t round(sum(if(bitAnd(common_flags, 4096)= 4096, sessions, 0))/total_sessions,4) as \"Random looking\",\n\t round(sum(if(bitAnd(common_flags, 8192)= 8192, sessions, 0))/total_sessions,4) as \"C2S\",\n\t round(sum(if(bitAnd(common_flags, 16384)= 16384, sessions, 0))/total_sessions,4) as \"S2C\", round(sum(if(bitAnd(common_flags, 32768)= 32768, sessions, 0))/total_sessions,4) as \"Bidirectional\",\n\t sum(if(common_flags=0, sessions, 0)) as \"N/A\"\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tcommon_flags,\n\t\t\tcount(*) as sessions,\n\t\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t\tsum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\n\t\tfrom\n\t\t\tsession_record as sr\n\t\twhere\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tgroup by\n\t\t\tcommon_flags \n\t\t)\n\t\t",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "\n\tselect \n\t sum(sessions) as total_sessions,\n\t round(sum(if(bitAnd(common_flags, 1)= 1, sessions, 0))/total_sessions,4) as \"Asymmetric \",\n\t round(sum(if(bitAnd(common_flags, 2)= 2, sessions, 0))/ total_sessions,4) as \"Bulky\",\n\t round(sum(if(bitAnd(common_flags, 4)= 4, sessions, 0))/total_sessions,4) as \"CBR Streaming\",\n\t round(sum(if(bitAnd(common_flags, 8)= 8, sessions, 0))/total_sessions,4) as \"Client is Local\",\n\t round(sum(if(bitAnd(common_flags, 16)= 16, sessions, 0))/total_sessions,4) as \"Server is Local\",\n\t round(sum(if(bitAnd(common_flags, 32)= 32, sessions, 0))/total_sessions,4) as \"Download\",\n\t round(sum(if(bitAnd(common_flags, 64)= 64, sessions, 0))/total_sessions,4) as \"Interactive\",\n\t round(sum(if(bitAnd(common_flags, 128)= 128, sessions, 0))/total_sessions,4) as \"Inbound\",\n\t round(sum(if(bitAnd(common_flags, 256)= 256, sessions, 0))/total_sessions,4) as \"Outbound\",\n\t round(sum(if(bitAnd(common_flags, 512)= 512, sessions, 0))/total_sessions,4) as \"Pseudo Unidirectional\",\n\t round(sum(if(bitAnd(common_flags, 1024)= 1024, sessions, 0))/total_sessions,4) as \"Streaming\",\n\t round(sum(if(bitAnd(common_flags, 2048)= 2048, sessions, 0))/total_sessions,4) as \"Unidirectional\",\n\t round(sum(if(bitAnd(common_flags, 4096)= 4096, sessions, 0))/total_sessions,4) as \"Random looking\",\n\t round(sum(if(bitAnd(common_flags, 8192)= 8192, sessions, 0))/total_sessions,4) as \"C2S\",\n\t round(sum(if(bitAnd(common_flags, 16384)= 16384, sessions, 0))/total_sessions,4) as \"S2C\", round(sum(if(bitAnd(common_flags, 32768)= 32768, sessions, 0))/total_sessions,4) as \"Bidirectional\",\n\t sum(if(common_flags=0, sessions, 0)) as \"N/A\"\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tcommon_flags,\n\t\t\tcount(*) as sessions,\n\t\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t\tsum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\n\t\tfrom\n\t\t\tsession_record as sr\n\t\twhere\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tgroup by\n\t\t\tcommon_flags \n\t\t)\n\t\t"
}
]
}
},
"response": []
},
{
"name": "Top 20 Slowest Domains",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\tcommon_server_domain as domain, round(avg(common_establish_latency_ms),0) avg_establish_latency\nfrom\n\tsession_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand notEmpty(common_server_domain)\ngroup by\n\tcommon_server_domain\norder by\n\tavg_establish_latency desc\nlimit 20",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "select\n\tcommon_server_domain as domain, round(avg(common_establish_latency_ms),0) avg_establish_latency\nfrom\n\tsession_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand notEmpty(common_server_domain)\ngroup by\n\tcommon_server_domain\norder by\n\tavg_establish_latency desc\nlimit 20"
}
]
}
},
"response": []
},
{
"name": "Session Records Rate by Device Group",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query= select common_device_group,max(session_rate) as max_session_rate,avg(session_rate) as avg_session_rate,min(session_rate) as min_session_rate from (select \n\t{{PT5M_RECV_TIME}} as stat_time,common_device_group,\n\tsum(common_sessions)/300 as session_rate\nfrom\n\tsession_record sr\nwhere\n common_recv_time >= UNIX_TIMESTAMP(now())-86400\n and common_recv_time<UNIX_TIMESTAMP(now())\ngroup by\n\tstat_time, common_device_group) group by common_device_group",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": " select common_device_group,max(session_rate) as max_session_rate,avg(session_rate) as avg_session_rate,min(session_rate) as min_session_rate from (select \n\t{{PT5M_RECV_TIME}} as stat_time,common_device_group,\n\tsum(common_sessions)/300 as session_rate\nfrom\n\tsession_record sr\nwhere\n common_recv_time >= UNIX_TIMESTAMP(now())-86400\n and common_recv_time<UNIX_TIMESTAMP(now())\ngroup by\n\tstat_time, common_device_group) group by common_device_group"
}
]
}
},
"response": []
},
{
"name": "UDP Flood Detecton",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=\nselect\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tif(notEmpty(ports),length(ports),0) as ports_num\nfrom\n\tsession_record crl\nwhere \tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\nand common_l4_protocol in ('IPv4_UDP','IPv6_UDP') and common_s2c_pkt_num =0\ngroup by\n\tcommon_server_ip\nhaving ports_num > 100\norder by\n\tports_num desc limit 50",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": "\nselect\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tif(notEmpty(ports),length(ports),0) as ports_num\nfrom\n\tsession_record crl\nwhere \tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\nand common_l4_protocol in ('IPv4_UDP','IPv6_UDP') and common_s2c_pkt_num =0\ngroup by\n\tcommon_server_ip\nhaving ports_num > 100\norder by\n\tports_num desc limit 50"
}
]
}
},
"response": []
},
{
"name": "Validate Session Index Tables",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query= select 'Total' as type, count(*) as logs from session_record where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all \nselect 'Client IP' as type, count(*) as logs from session_record_common_client_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Server IP' as type, count(*) as logs from session_record_common_server_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Domain' as type, count(*) as logs from session_record_common_server_domain where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"query": [
{
"key": "query",
"value": " select 'Total' as type, count(*) as logs from session_record where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all \nselect 'Client IP' as type, count(*) as logs from session_record_common_client_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Server IP' as type, count(*) as logs from session_record_common_server_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Domain' as type, count(*) as logs from session_record_common_server_domain where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n"
}
]
}
},
"response": []
}
]
},
{
"name": "Cardinality Estimation",
"item": [
{
"name": "Total",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tround(tcp_logs / logs, 2) as \"TCP Percentage\",\n\tround(udp_logs / logs, 2) as \"UDP Percentage\",\n\tround(egress_bytes / bytes, 2) as \"Egress Percentage\",\n\tround(ingress_bytes / bytes, 2) as \"Ingress Percentage\",\n\ttcp_logs as \"TCP Logs\",\n\tudp_logs as \"UDP Logs\",\n\tlogs as \"Logs\",\n\tegress_bytes as \"Egress Bytes\",\n\tingress_bytes as \"Ingress Bytes\",\n\tbytes as \"Bytes\"\nfrom\n\t(select\n\tsum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs,\n\tsum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs,\n\tsum(if(common_direction = 69, common_c2s_byte_num, common_s2c_byte_num)) as egress_bytes,\n\tsum(if(common_direction = 73, common_c2s_byte_num, common_s2c_byte_num)) as ingress_bytes,\n\tcount(*) as logs,\n\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t)",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tround(tcp_logs / logs, 2) as \"TCP Percentage\",\n\tround(udp_logs / logs, 2) as \"UDP Percentage\",\n\tround(egress_bytes / bytes, 2) as \"Egress Percentage\",\n\tround(ingress_bytes / bytes, 2) as \"Ingress Percentage\",\n\ttcp_logs as \"TCP Logs\",\n\tudp_logs as \"UDP Logs\",\n\tlogs as \"Logs\",\n\tegress_bytes as \"Egress Bytes\",\n\tingress_bytes as \"Ingress Bytes\",\n\tbytes as \"Bytes\"\nfrom\n\t(select\n\tsum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs,\n\tsum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs,\n\tsum(if(common_direction = 69, common_c2s_byte_num, common_s2c_byte_num)) as egress_bytes,\n\tsum(if(common_direction = 73, common_c2s_byte_num, common_s2c_byte_num)) as ingress_bytes,\n\tcount(*) as logs,\n\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t)"
}
]
}
},
"response": []
},
{
"name": "Log Type",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tround(base_logs / total_logs, 2) as \"BASE Percentage\",\n\tround(http_logs / total_logs, 2) as \"HTTP Percentage\",\n\tround(ssl_logs / total_logs, 2) as \"SSL Percentage\",\n\tround(dns_logs / total_logs, 2) as \"DNS Percentage\",\n\tround(mail_logs / total_logs, 2) as \"MAIL Percentage\",\n\tround(rtp_logs / total_logs, 2) as \"RTP Percentage\",\n\tround(sip_logs / total_logs, 2) as \"SIP Percentage\",\n\tround(ftp_logs / total_logs, 2) as \"FTP Percentage\",\n\tbase_logs as \"BASE Logs\",\n\thttp_logs as \"HTTP Logs\",\n\tssl_logs as \"SSL Logs\",\n\tdns_logs as \"DNS Logs\",\n\tmail_logs as \"MAIL Logs\",\n\trtp_logs as \"RTP Logs\",\n\tsip_logs as \"SIP Logs\",\n\tftp_logs as \"FTP Logs\",\n\ttotal_logs as \"Total Logs\"\nfrom\n\t(\n\tselect\n\t\tsum(if(common_schema_type='BASE', 1, 0)) as base_logs,\n\t\tsum(if(common_schema_type='HTTP', 1, 0)) as http_logs,\n\t\tsum(if(common_schema_type='SSL', 1, 0)) as ssl_logs,\n\t\tsum(if(common_schema_type='DNS', 1, 0)) as dns_logs,\n\t\tsum(if(common_schema_type='MAIL', 1, 0)) as mail_logs,\n\t\tsum(if(common_schema_type='RTP', 1, 0)) as rtp_logs,\n\t\tsum(if(common_schema_type='SIP', 1, 0)) as sip_logs,\n\t\tsum(if(common_schema_type='FTP', 1, 0)) as ftp_logs,\n\t\tcount(*) as total_logs\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t)\n\t\t",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tround(base_logs / total_logs, 2) as \"BASE Percentage\",\n\tround(http_logs / total_logs, 2) as \"HTTP Percentage\",\n\tround(ssl_logs / total_logs, 2) as \"SSL Percentage\",\n\tround(dns_logs / total_logs, 2) as \"DNS Percentage\",\n\tround(mail_logs / total_logs, 2) as \"MAIL Percentage\",\n\tround(rtp_logs / total_logs, 2) as \"RTP Percentage\",\n\tround(sip_logs / total_logs, 2) as \"SIP Percentage\",\n\tround(ftp_logs / total_logs, 2) as \"FTP Percentage\",\n\tbase_logs as \"BASE Logs\",\n\thttp_logs as \"HTTP Logs\",\n\tssl_logs as \"SSL Logs\",\n\tdns_logs as \"DNS Logs\",\n\tmail_logs as \"MAIL Logs\",\n\trtp_logs as \"RTP Logs\",\n\tsip_logs as \"SIP Logs\",\n\tftp_logs as \"FTP Logs\",\n\ttotal_logs as \"Total Logs\"\nfrom\n\t(\n\tselect\n\t\tsum(if(common_schema_type='BASE', 1, 0)) as base_logs,\n\t\tsum(if(common_schema_type='HTTP', 1, 0)) as http_logs,\n\t\tsum(if(common_schema_type='SSL', 1, 0)) as ssl_logs,\n\t\tsum(if(common_schema_type='DNS', 1, 0)) as dns_logs,\n\t\tsum(if(common_schema_type='MAIL', 1, 0)) as mail_logs,\n\t\tsum(if(common_schema_type='RTP', 1, 0)) as rtp_logs,\n\t\tsum(if(common_schema_type='SIP', 1, 0)) as sip_logs,\n\t\tsum(if(common_schema_type='FTP', 1, 0)) as ftp_logs,\n\t\tcount(*) as total_logs\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t)\n\t\t"
}
]
}
},
"response": []
},
{
"name": "Entities",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')"
}
]
}
},
"response": []
},
{
"name": "Entities of TCP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')"
}
]
}
},
"response": []
},
{
"name": "Entities of UDP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')"
}
]
}
},
"response": []
},
{
"name": "Sources",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server Hits\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External Hits\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server Hits\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External Hits\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')"
}
]
}
},
"response": []
},
{
"name": "Sources of TCP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\n\t\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\n\t\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')"
}
]
}
},
"response": []
},
{
"name": "Sources of UDP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\t\nfrom session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\t\nfrom session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')"
}
]
}
},
"response": []
},
{
"name": "Destinations",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')"
}
]
}
},
"response": []
},
{
"name": "Destinations of TCP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')"
}
]
}
},
"response": []
},
{
"name": "Destinations of UDP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')"
}
]
}
},
"response": []
},
{
"name": "Destinations of DNS",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip) as \"Server IPs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_port=53",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tuniq(common_server_ip) as \"Server IPs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_port=53"
}
]
}
},
"response": []
},
{
"name": "Bytes Distribution of TCP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response": []
},
{
"name": "Bytes Distribution of UDP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response": []
},
{
"name": "Sessions Distribution of TCP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response": []
},
{
"name": "Sessions Distribution of UDP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response": []
},
{
"name": "Clients Distribution of TCP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response": []
},
{
"name": "Clients Distribution of UDP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\t\n\tgroup by\n\t\tcommon_server_ip \n)\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\t\n\tgroup by\n\t\tcommon_server_ip \n)\n"
}
]
}
},
"response": []
},
{
"name": "TopK Server of TCP by Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )"
}
]
}
},
"response": []
},
{
"name": "TopK Server of UDP by Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )"
}
]
}
},
"response": []
},
{
"name": "TopK Server of TCP by Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n"
}
]
}
},
"response": []
},
{
"name": "TopK Server of UDP by Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n"
}
]
}
},
"response": []
},
{
"name": "TopK Server of TCP by Clients",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)\n"
}
]
}
},
"response": []
},
{
"name": "TopK Server of UDP by Clients",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)"
}
]
}
},
"response": []
},
{
"name": "TopK SNI by Sessions",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(sessions) sessions,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by sessions desc limit 100\n )",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tsum(sessions) sessions,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by sessions desc limit 100\n )"
}
]
}
},
"response": []
},
{
"name": "TopK SNI by Bytes",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(bytes) as bytes,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by bytes desc limit 100\n )\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tsum(bytes) as bytes,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by bytes desc limit 100\n )\n"
}
]
}
},
"response": []
},
{
"name": "URLs Length Distribution",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(max(url_length),2) as max,\n round(QUANTILE(url_length,0.9999),2) as p9999,\n\tround(QUANTILE(url_length,0.99),2) as p99,\n\tround(QUANTILE(url_length,0.95),2) as p95,\n\tround(QUANTILE(url_length,0.90),2) as p90,\n\tround(median(url_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(http_url) as url_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_schema_type='HTTP'\n)",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n round(max(url_length),2) as max,\n round(QUANTILE(url_length,0.9999),2) as p9999,\n\tround(QUANTILE(url_length,0.99),2) as p99,\n\tround(QUANTILE(url_length,0.95),2) as p95,\n\tround(QUANTILE(url_length,0.90),2) as p90,\n\tround(median(url_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(http_url) as url_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_schema_type='HTTP'\n)"
}
]
}
},
"response": []
},
{
"name": "SSL SAN Length Distribution",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(max(san_length),2) as max,\n round(QUANTILE(san_length,0.9999),2) as p9999,\n\tround(QUANTILE(san_length,0.99),2) as p99,\n\tround(QUANTILE(san_length,0.95),2) as p95,\n\tround(QUANTILE(san_length,0.90),2) as p90,\n\tround(median(san_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(ssl_san) as san_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_schema_type='SSL'\n)",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n round(max(san_length),2) as max,\n round(QUANTILE(san_length,0.9999),2) as p9999,\n\tround(QUANTILE(san_length,0.99),2) as p99,\n\tround(QUANTILE(san_length,0.95),2) as p95,\n\tround(QUANTILE(san_length,0.90),2) as p90,\n\tround(median(san_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(ssl_san) as san_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_schema_type='SSL'\n)"
}
]
}
},
"response": []
},
{
"name": "APP Bitrate per Server IP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n common_app_label,\t\n round(median(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"Medain Mbits/s\",\n\tround(avg(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"AVG Mbits / s\",\n\tround(QUANTILE(traffic_bytes, 0.95) * 8 / 1000 / 1000 / 300,2) as \"P95 Mbits / s\"\nFROM\n\t(\n\tSELECT\n\t common_app_label,\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300) * 300) as stat_time,\n\t\tround(sum(common_c2s_byte_num + common_s2c_byte_num)/ uniq(common_server_ip),2) as traffic_bytes\n\tFROM\n\t\tsession_record as ss\n\tWHERE\n\t\t(common_recv_time >= toDateTime('2022-07-19 00:00:00'))\n\t\tAND (common_recv_time < toDateTime('2022-07-20 00:00:00'))\n\tGROUP BY\n\t\tstat_time, common_app_label\n) group by common_app_label order by \"AVG Mbits / s\" desc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "SELECT\n common_app_label,\t\n round(median(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"Medain Mbits/s\",\n\tround(avg(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"AVG Mbits / s\",\n\tround(QUANTILE(traffic_bytes, 0.95) * 8 / 1000 / 1000 / 300,2) as \"P95 Mbits / s\"\nFROM\n\t(\n\tSELECT\n\t common_app_label,\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300) * 300) as stat_time,\n\t\tround(sum(common_c2s_byte_num + common_s2c_byte_num)/ uniq(common_server_ip),2) as traffic_bytes\n\tFROM\n\t\tsession_record as ss\n\tWHERE\n\t\t(common_recv_time >= toDateTime('2022-07-19 00:00:00'))\n\t\tAND (common_recv_time < toDateTime('2022-07-20 00:00:00'))\n\tGROUP BY\n\t\tstat_time, common_app_label\n) group by common_app_label order by \"AVG Mbits / s\" desc"
}
]
}
},
"response": []
}
]
},
{
"name": "Domain Drill Down",
"item": [
{
"name": "Domain Entity",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" , groupUniqArray(common_l7_protocol) as protocols,FROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" , median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes, any(common_server_location) as Location from session_record where common_server_domain='{{domain}}' and common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select FROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" , groupUniqArray(common_l7_protocol) as protocols,FROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" , median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes, any(common_server_location) as Location from session_record where common_server_domain='{{domain}}' and common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')"
}
]
}
},
"response": []
},
{
"name": "Domain Access Trend",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'P1D')) as stat_time, count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes from session_record where common_server_domain='{{domain}}' and common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time order by stat_time limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'P1D')) as stat_time, count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes from session_record where common_server_domain='{{domain}}' and common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time order by stat_time limit 100"
}
]
}
},
"response": []
},
{
"name": "Client",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip as \"Client IP\" , avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\", count(1) as Responses,any(common_client_location) as Location from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"Client IP\" order by Responses desc limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select common_client_ip as \"Client IP\" , avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\", count(1) as Responses,any(common_client_location) as Location from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"Client IP\" order by Responses desc limit 100"
}
]
}
},
"response": []
},
{
"name": "Server",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_server_ip as \"Server IP\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes,any(common_server_location) as Location from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"Server IP\" order by bytes desc limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select common_server_ip as \"Server IP\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes,any(common_server_location) as Location from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"Server IP\" order by bytes desc limit 100"
}
]
}
},
"response": []
},
{
"name": "URI",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select http_url as \"URI\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"URI\" order by Responses desc limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select http_url as \"URI\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"URI\" order by Responses desc limit 100"
}
]
}
},
"response": []
}
]
},
{
"name": "IP Drill Down",
"item": [
{
"name": "IP Entity",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" ,\n\tFROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" ,\n\tcount(1) as Sessions,\n\tsum(if(common_client_ip = '{{client_ip}}', 1, 0)) as \"Clients\", sum(if(common_server_ip='{{server_ip}}', 1, 0)) as \"Servers\",\n\tany(common_server_location) as Location\nfrom\n\tsession_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')and\n\t(common_server_ip = '{{client_ip}}'\n\tor common_client_ip = '{{server_ip}}')",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tFROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" ,\n\tFROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" ,\n\tcount(1) as Sessions,\n\tsum(if(common_client_ip = '{{client_ip}}', 1, 0)) as \"Clients\", sum(if(common_server_ip='{{server_ip}}', 1, 0)) as \"Servers\",\n\tany(common_server_location) as Location\nfrom\n\tsession_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')and\n\t(common_server_ip = '{{client_ip}}'\n\tor common_client_ip = '{{server_ip}}')"
}
]
}
},
"response": []
},
{
"name": "Domain",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select http_domain as \"Domain\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes,uniq(common_client_ip) as \"Client IPs\" from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_ip='{{server_ip}}' group by \"Domain\" order by \"Client IPs\" desc limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select http_domain as \"Domain\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes,uniq(common_client_ip) as \"Client IPs\" from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_ip='{{server_ip}}' group by \"Domain\" order by \"Client IPs\" desc limit 100"
}
]
}
},
"response": []
},
{
"name": "Client Access Domain",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select http_domain as \"Domain\", median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_client_ip='{{client_ip}}' group by \"Domain\" order by Bytes desc limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select http_domain as \"Domain\", median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_client_ip='{{client_ip}}' group by \"Domain\" order by Bytes desc limit 100"
}
]
}
},
"response": []
},
{
"name": "Client to Server",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip as \"Client IP\" , common_server_ip as \"Server IP\", groupUniqArray(concat(common_l7_protocol, '/' , toString(common_server_port))) as \"Applicaiton Protocol\",count(1) as Sessions,any(common_client_location) as \"Client Location\",any(common_client_location) as \"Serever Location\" from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and (common_server_ip = '{{server_ip}}'\n\tor common_client_ip = '{{client_ip}}') group by \"Client IP\", \"Server IP\" order by Sessions desc limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select common_client_ip as \"Client IP\" , common_server_ip as \"Server IP\", groupUniqArray(concat(common_l7_protocol, '/' , toString(common_server_port))) as \"Applicaiton Protocol\",count(1) as Sessions,any(common_client_location) as \"Client Location\",any(common_client_location) as \"Serever Location\" from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and (common_server_ip = '{{server_ip}}'\n\tor common_client_ip = '{{client_ip}}') group by \"Client IP\", \"Server IP\" order by Sessions desc limit 100"
}
]
}
},
"response": []
},
{
"name": "Server QoS & Throutput Trend",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT1H_RECV_TIME}} as stat_time,\n sum(common_c2s_byte_num) as bytes_sent, sum(common_s2c_byte_num) as bytes_received, \n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets,sum(common_sessions) as sessions,avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\"\nfrom\n session_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_ip='{{server_ip}}'\ngroup by\n stat_time order by stat_time asc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n {{PT1H_RECV_TIME}} as stat_time,\n sum(common_c2s_byte_num) as bytes_sent, sum(common_s2c_byte_num) as bytes_received, \n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets,sum(common_sessions) as sessions,avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\"\nfrom\n session_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_ip='{{server_ip}}'\ngroup by\n stat_time order by stat_time asc"
}
]
}
},
"response": []
}
]
},
{
"name": "DNS Analysis",
"item": [
{
"name": "DNS qtype",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,count(1) as requests,\nsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\nsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets\nfrom transaction_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type = 'DNS'\ngroup by dns_qtype\norder by requests desc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,count(1) as requests,\nsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\nsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets\nfrom transaction_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type = 'DNS'\ngroup by dns_qtype\norder by requests desc"
}
]
}
},
"response": []
},
{
"name": "DNS rcode",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other'\n\tEND) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff + common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff + common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_rcode\norder by\n\trequests desc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other'\n\tEND) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff + common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff + common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_rcode\norder by\n\trequests desc"
}
]
}
},
"response": []
},
{
"name": "DNS qnames",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n transaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n transaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50"
}
]
}
},
"response": []
},
{
"name": "DNS qnames by erros",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdns_qname,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tdns_qname,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n"
}
]
}
},
"response": []
},
{
"name": "DNS server ip",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc\nlimit 50\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc\nlimit 50\n"
}
]
}
},
"response": []
},
{
"name": "DNS server ip by erros",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n"
}
]
}
},
"response": []
},
{
"name": "DNS IP Conversations With Highest Errors",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n"
}
]
}
},
"response": []
},
{
"name": "DNS Requests With Highes Erros",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type='DNS' and dns_rcode>0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type='DNS' and dns_rcode>0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50"
}
]
}
},
"response": []
}
]
},
{
"name": "DNS Resolver Amplification Attack",
"item": [
{
"name": "DNS Resolvers",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc"
}
]
}
},
"response": []
},
{
"name": "DNS Resolver Amlif Times",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') \n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "",
"value": ""
},
{
"key": "query",
"value": "\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') \n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n"
}
]
}
},
"response": []
},
{
"name": "DNS Resolver Metrics trend",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "",
"value": ""
},
{
"key": "query",
"value": "\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n"
}
]
}
},
"response": []
},
{
"name": "DNS Resolver rcode",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS' \n\tand common_server_ip = '60.13.217.234'\ngroup by\n\tdns_rcode\norder by\n\trequests desc\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "",
"value": ""
},
{
"key": "query",
"value": "select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS' \n\tand common_server_ip = '60.13.217.234'\ngroup by\n\tdns_rcode\norder by\n\trequests desc\n"
}
]
}
},
"response": []
},
{
"name": "DNS Resolver qname",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '117.145.34.90'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "",
"value": ""
},
{
"key": "query",
"value": "select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '117.145.34.90'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50"
}
]
}
},
"response": []
},
{
"name": "DNS Resolver qtype",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,\ncount(1) as requests,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets,\nmax(common_c2s_byte_diff) as max_request_bytes,\nmax(common_s2c_byte_diff) as max_response_bytes,\navg(common_c2s_byte_diff) as avg_request_bytes,\navg(common_s2c_byte_diff) as avg_response_bytes,\nmedian(common_c2s_byte_diff) as median_request_bytes,\nmedian(common_s2c_byte_diff) as median_response_bytes\nfrom transaction_record where\ncommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type = 'DNS'\nand common_server_ip = '117.145.34.90'\ngroup by dns_qtype\norder by requests desc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "",
"value": ""
},
{
"key": "query",
"value": "select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,\ncount(1) as requests,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets,\nmax(common_c2s_byte_diff) as max_request_bytes,\nmax(common_s2c_byte_diff) as max_response_bytes,\navg(common_c2s_byte_diff) as avg_request_bytes,\navg(common_s2c_byte_diff) as avg_response_bytes,\nmedian(common_c2s_byte_diff) as median_request_bytes,\nmedian(common_s2c_byte_diff) as median_response_bytes\nfrom transaction_record where\ncommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type = 'DNS'\nand common_server_ip = '117.145.34.90'\ngroup by dns_qtype\norder by requests desc"
}
]
}
},
"response": []
},
{
"name": "Victim Clients",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10"
}
]
}
},
"response": []
},
{
"name": "DNS Resolvers by Victim IP",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=SELECT\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tany(common_server_location) as server_location\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_client_ip = '123.101.255.253' \n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "",
"value": ""
},
{
"key": "query",
"value": "SELECT\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tany(common_server_location) as server_location\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_client_ip = '123.101.255.253' \n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc"
}
]
}
},
"response": []
},
{
"name": "Amlif Times Distribution",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect\n\tcount(*) as ips,\n\tsum(if(byte_ratio <= 1, 1, 0)) as \"1 times\",\n\tsum(if(byte_ratio > 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "",
"value": ""
},
{
"key": "query",
"value": "\nselect\n\tcount(*) as ips,\n\tsum(if(byte_ratio <= 1, 1, 0)) as \"1 times\",\n\tsum(if(byte_ratio > 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)"
}
]
}
},
"response": []
},
{
"name": "Ampli Attack Country Distribution",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "",
"value": ""
},
{
"key": "query",
"value": "SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc"
}
]
}
},
"response": []
}
]
},
{
"name": "DNS NXDOMAIN Flood",
"item": [
{
"name": "DNS Proxy Server",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_schema_type = 'DNS'\n\tand dns_rcode = 3\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc limit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select \n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_schema_type = 'DNS'\n\tand dns_rcode = 3\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc limit 100"
}
]
}
},
"response": []
},
{
"name": "Client IP Highest Erros",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"body": {
"mode": "formdata",
"formdata": []
},
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_schema_type = 'DNS'\n\tand common_server_ip = '202.106.196.115'\n\tand dns_rcode in (2, 3, 8)\ngroup by\n\tcommon_client_ip\norder by\n\trequests desc\nlimit 100",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "option",
"value": "long-term",
"disabled": true
},
{
"key": "resultId",
"value": "129494",
"disabled": true
},
{
"key": "query",
"value": "select\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_schema_type = 'DNS'\n\tand common_server_ip = '202.106.196.115'\n\tand dns_rcode in (2, 3, 8)\ngroup by\n\tcommon_client_ip\norder by\n\trequests desc\nlimit 100"
}
]
}
},
"response": []
}
]
}
]
},
{
"name": "Test",
"item": [
{
"name": "Test Query",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(\"Status code is 200\", function () {",
" pm.response.to.have.status(200);",
"});"
],
"type": "text/javascript"
}
},
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n bytes desc\nlimit 10\n",
"protocol": "http",
"host": [
"{{qgw_ip}}"
],
"port": "{{qgw_port}}",
"path": [
""
],
"query": [
{
"key": "query",
"value": "select\n app_name,\n sum(sessions) as sessions,\n sum(in_bytes) as in_bytes,\n sum(out_bytes) as out_bytes,\n sum(in_bytes + out_bytes) as bytes,\n sum(in_pkts) as in_packets ,\n sum(out_pkts) as out_packets,\n sum(in_pkts + out_pkts) as packets\nfrom\n application_protocol_stat\nwhere\n __time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n and app_name IS NOT NUll\ngroup by\n app_name\norder by \n bytes desc\nlimit 10\n"
}
]
}
},
"response": []
}
]
}
],
"event": [
{
"listen": "prerequest",
"script": {
"type": "text/javascript",
"exec": [
"var startDate = new Date(Date.now()-86400000);",
"var start_time = startDate.getFullYear().toString() + \"-\" +",
" (startDate.getMonth() + 1).toString().padStart(2, '0') + \"-\" +",
" startDate.getDate().toString().padStart(2, '0') + \" \" +",
" startDate.getHours().toString().padStart(2, '0') + \":\" +",
" startDate.getMinutes().toString().padStart(2, '0') + \":\" +",
" startDate.getSeconds().toString().padStart(2, '0');",
"",
"pm.globals.set(\"start_time\", start_time);",
"var endDate = new Date(Date.now());",
"var end_time = endDate.getFullYear().toString() + \"-\" +",
" (endDate.getMonth() + 1).toString().padStart(2, '0') + \"-\" +",
" endDate.getDate().toString().padStart(2, '0') + \" \" +",
" endDate.getHours().toString().padStart(2, '0') + \":\" +",
" endDate.getMinutes().toString().padStart(2, '0') + \":\" +",
" endDate.getSeconds().toString().padStart(2, '0'); ",
"pm.globals.set(\"end_time\", end_time);",
"pm.globals.set(\"domain\",pm.variables.replaceIn('{{$randomDomainName}}'));",
"pm.globals.set(\"client_ip\",pm.variables.replaceIn('{{$randomIP}}'));",
"pm.globals.set(\"server_ip\",pm.variables.replaceIn('{{$randomIP}}'));",
""
]
}
},
{
"listen": "test",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink