12905 lines
641 KiB
JSON
12905 lines
641 KiB
JSON
{
|
||
"info": {
|
||
"_postman_id": "868bc69c-c241-4552-859c-24b9f0ad19b4",
|
||
"name": "Galaxy Trouble Shooting API V23.03",
|
||
"description": "# galaxy-troubleshooting-api\n\n使用Postman组件,基于Rest API接口对TSG OLAP 进行功能验证。包括组件健康检查,功能集成测试及故障诊断。\n\n## Release 23.03 (28 MAR 2023)\n\n###### New Features\n* 目录整体重构,重新梳理功能,便于Newman CLI运行\n* ClickHouse目录下增加慢查询故障诊断语句\n* 参数与API接口统一改为英文,避免中文编码执行异常\n* 加密环境变量密码、token等敏感信息\n* 定义全局动态变量:时间范围、随机IP、随机域名等\n\n###### Update\n\n* Flags 添加C2S与S2C标志位标签\n\n\n## Release 23.02 (28 FEB 2023)\n\n###### New Features\n* 增加Traffic Shaping 相关统计接口\n\n###### Update\n* 会话日志增加列common_shaping_rule_ids\n* 会话与安全事件日志增加列common_server_domain\n*会话与安全事件日志增加列common_flags_identify_info\n\n## Release 23.01 (31 JAN 2023)\n###### Update\n* 会话与安全事件日志增加列common_server_fqdn\n* 会话与安全事件日志增加列common_app_full_path\n\n\n## Release 22.12 (30 DEC 2022)\n###### New Features\n* 新增Dashboards-增加App推荐\n* 新增系统报告-会话日志Flags统计\n* 新增系统报告-会话日志Flags占比\n\n###### Update\n* 会话与安全事件日志增加common_flags列\n* 自定义IP映射-增加对ASN函数\n\n\n## Release 22.1 (30 NOV 2022)\n###### New Features\n\n###### Update\n* 会话与安全事件日志增加ssl_ja3s_hash列\n\n\n## Release 22.10 (30 OCT 2022)\n###### New Features\n* 06其它-功能验证-Traffic Summary增加Throughput接口 \n###### Update\n* 更新原有查询,将VSYS ID作为默认查询条件\n\n## Release 22.09 (30 SEP 2022)\n\n###### Update\n* 会话与安全事件日志增加common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc,dtls_sni 列\n\n## Release 22.08 (31 AUG 2022)\n\n###### New Features\n* 其它-查询网关-Live Charts 总带宽流量校验\n* 增加检查数据流-SQL执行计划\n* 增加检查数据流-SQL查看表结构\n* 增加检查数据推荐-推荐IMSI到TEID关系\n* 增加检查数据推荐-推荐IMEI到TEID关系\n* 增加检查数据推荐-推荐Phone Number到TEID关系\n* 增加检查数据推荐-推荐apn到TEID关系\n* 增加检查数据推荐-实时查询任务-提交查询任务(实时统计)\n* 增加检查数据推荐-实时查询任务-获取任务结果(实时统计)\n* 增加检查数据推荐-知识库列表\n* 增加预处理检查-检测预处理延迟\n* 增加预处理检查-已关闭会话日志延迟分布\n###### Update\n\n\n## Release 22.07 (30 JUL 2022)\n\n###### New Features\n* 增加检查数据推荐-Top Server IP流量概况评估\n* 增加检查数据推荐-Top SNI 流量概况评估\n###### Update\n\n\n## Release 22.06 (30 JUE 2022)\n\n###### New Features\n* 检查数据流-增加存储配额一致性检查\n###### Update\n* 系统报告检查-增加与CM默认VSYSID=1参数\n\n\n## Release 22.05 (31 MAY 2022)\n\n###### New Features\n\n###### Update\n* 检查日志-会话日志/安全事件日志增加RDP类型校验\n\n\n## Release 22.04 (29 APR 2022)\n\n###### New Features\n\n###### Update\n* 预处理检查-是否有数据验证,改为通过console后台打印日志\n* Dashboards Top部分功能增加device_group, data_center维度校验\n\n\n## Release 22.03 (8 APR 2022)\n\n###### New Features\n* 增加数据预处理检查,为每类日志增加多个测试用例,区分功能或无数据问题\n###### Update\n* 其它-评估日志预处理,增加ETL处理时延和写入Kafka时延指标\n* 检查日志模块对会话,安全和代理事件日志基于具体字段查询\n\n###### Delete\n* 删除检查数据流,关于Topic的测试用例\n\n## Release 22.02 (8 MAR 2022)\n\n###### New Features\n\n* 检查数据流-元数据检查 增加schema评价文件事件日志\n \n \n\n## Release 22.01 (27 JAN 2022)\n\n###### New Features\n\n* 检查数据流-TopN计算 增加Application接口验证\n \n\n###### Update\n\n* 重新梳理分类,删除无用接口\n* 重新排列分类,将系统自检放到首位\n \n\n## Release 21.12 (1 Dec 2021)\n\n###### New Features\n\n* 新增数据推荐查询-实时查询任务\n* 新增数据推荐查询-推荐Subscriber ID 到IP关系\n* 新增数据推荐查询-推荐APP活跃客户端IP\n* 新增数据推荐查询-推荐TopN Server IP\n* 新增数据推荐查询-推荐TopN SNI\n* 新增常用快捷功能-查询网关,增加优化查询测试集\n * Top 查询优化\n * Calcite 缓存查询\n * 自定义时间函数补全功能\n\n###### Update\n\n* Dashboard 查询,代理策略命中动作增加Edit Element 统计\n \n\n## Release 21.11 (5 Nov 2021)\n\n###### New Features\n\n* Delete\n* Update\n* 修改报告查询接口(由查询mariadb方式变更为API接口)\n* 修改规范“数据推荐查询”所有接口的命名\n \n\n## Release 21.10 (28 OCT 2021)\n\n###### New Features\n\n* 新增HOS健康状态检测接口\n* Delete\n* 删除原ClickHouse/Druid/ArangoDB 状态检查接口\n \n\n## Release 21.09 (23 SEP 2021)\n\n###### New Features\n\n* Update\n* 删除分布式调度任务,5分钟TOPN校验,交由FLink统计\n* 原始日志表名进行重命名,相关查询接口更新\n* 修正DNS分析的SQL数据集\n \n\n## Release 21.08 (15 AUG 2021)\n\n###### New Features\n\n* 新增“Dashboard查询-DoS Threat Map”功能列表,显示DoS检测地图接口\n* 新增“原始日志查询-DoS事件日志”,显示DoS攻击检测日志\n* 新增“原始日志查询-DoS事件日志-Summary”,显示DoS攻击趋势统计\n* 新增“原始日志查询-DoS事件日志-Destination IP Traffic Trend”,显示受害者IP历史流量趋势\n* Update\n* 迁移“Dashboard查询”liveCharts接口,放到“Live Charts”目录中统一管理。\n* 对DNS分析,增加一些查询样例\n \n\n## Release 21.07 (5 JUL 2021)\n\n###### New Features\n\n* 增加”常用快捷功能-基数统计“,用于分析日志分布情况\n* 增加”常用快捷功能-DNS放大攻击“,查询特征数据集\n* 增加”通用检查-对象存储-获取某个文件“,用于文件获取验证\n \n\n###### Update\n\n* 为所有接口增加Tests脚本,对接口进行批量验证测试\n* 修正部分接口查询异常\n \n\n## Release 21.06 (7 JUN 2021)\n\n###### New Features\n\n* Environments 增加环境变量domain、client_ip、server_ip、l7_protocol和PT1M_TIME\n* 常用快捷功能增加某域名下钻、某IP下钻、协议下钻和DNS分析功能\n \n\n###### Update\n\n* 原始日志查询,基于Druid近1小时日志变化粒度从5分钟改为1分钟。包含通联、策略和代理日志。\n \n\n## Release 21.05 (6 MAY 2021)\n\n###### New Features\n\n* 新增“GTP-C日志”功能,辅助故障诊断\n* 新增“事务日志”功能,辅助故障诊断\n* 新增“活跃会话日志”功能,辅助故障诊断\n* 新增“07.常用快捷功能-评估写入日志量”,查看当前系统的吞吐\n \n\n###### Update\n\n* 修改\"01.通用检查-数据存储检查\",增加事务、活跃及GTP-C 检测\n \n\n## Release 21.04 (3 APR 2021)\n\n###### New Features\n\n* 增加“VoIP日志”功能,辅助故障诊断\n* 增加“元数据检查”分类目录\n* 增加“HOS对象存储”目录,用于定位对象存储\n \n\n###### Update\n\n* 修改“SQL语法检查”为“SQL语法验证”,支持SQL语句的静态分析和数据库语义验证\n* 迁移功能项位置,方便问题定位\n \n\n###### Delete\n\n* 删除“系统检查-查询引擎SQL测试集\\[过时\\]”功能,由“故障诊断-sql性能测试”替代。\n \n\n## Release 21.03 (2 MAR 2021)\n\n###### New Features\n\n* 增加故障诊断-元数据功能,可分析日志字段是否与schema一致\n* 增加故障诊断-sql性能测试,可对查询引擎进行功能性验证和POC性能测试\n \n\n###### Update\n\n* 对查询引擎SQL测试集标记过时\n \n\n## Release 21.02 (1 FEB 2021)\n\n###### Update\n\n* 改善内部测试集,应对新的功能修改\n \n\n## Release 20.11.rc3 (11 DEC 2020)\n\n###### New Features\n\n* 增加常用快捷功能- 安装证书独立客户端IP数据趋势\n* 增加常用快捷功能-访问速度最慢TOP20 域名\n* 增加常用快捷功能-报告预置Metrics\n* 增加原始日志查询-安全策略-动作命中计数\n* 增加原始日志查询-代理策略-动作命中计数\n* 增加原始日志查询-通联-流量计数(now)\n \n\n###### Update\n\n* 改善Dashboard查询-基础统计-新建、活跃(计数)-now\n* 改善Dashboard查询-新建、活跃(趋势)\n* 目录增加编号,便于管理\n* 修改分布式调度任务-5分钟TOPN-hot表验证表名\n* 部分Action为post 改为 get,便于导出命令行",
|
||
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
|
||
},
|
||
"item": [
|
||
{
|
||
"name": "System",
|
||
"item": [
|
||
{
|
||
"name": "Versions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/monitor/info",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"monitor",
|
||
"info"
|
||
]
|
||
},
|
||
"description": "查询数据平台各个组件的版本号"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Status",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/monitor/health",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"monitor",
|
||
"health"
|
||
]
|
||
},
|
||
"description": "查询数据引擎引用的数据库健康状态及目前的配置。"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Metadata",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/metadata",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"diagnosis",
|
||
"metadata"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Log Type Retention Status",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/sys/storage/consistency",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"sys",
|
||
"storage",
|
||
"consistency"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Apache Druid Task Status",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
"",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/indexer/v1/supervisor?state=true",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{druid_ip}}"
|
||
],
|
||
"port": "{{druid_port}}",
|
||
"path": [
|
||
"druid",
|
||
"indexer",
|
||
"v1",
|
||
"supervisor"
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "state",
|
||
"value": "true"
|
||
}
|
||
]
|
||
},
|
||
"description": "1. 将环境切换至 druid\r\n\r\n2. 执行此接口,如果接口正常返回数据,代表druid服务运行正常"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Report Service Status",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{report_ip}}:{{report_port}}/monitor",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{report_ip}}"
|
||
],
|
||
"port": "{{report_port}}",
|
||
"path": [
|
||
"monitor"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "HOS Status",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{hos_ip}}:{{hos_port}}/admin/verification",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{hos_ip}}"
|
||
],
|
||
"port": "{{hos_port}}",
|
||
"path": [
|
||
"admin",
|
||
"verification"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "TSG",
|
||
"item": [
|
||
{
|
||
"name": "Schemas",
|
||
"item": [
|
||
{
|
||
"name": "ClickHouse Tables",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/tables/tsg_galaxy_v3",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"tables",
|
||
"tsg_galaxy_v3"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Closed Session Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/session_record",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"session_record"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Interim Session Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/interim_session_record",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"interim_session_record"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Transaction Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/transaction_record",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"transaction_record"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Security Events",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/security_event",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"security_event"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Proxy Events",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/proxy_event",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"proxy_event"
|
||
]
|
||
},
|
||
"description": "proxy_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "VoIP Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/voip_record",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"voip_record"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DoS Events",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/dos_event",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"dos_event"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "GTP-C Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/gtpc_record",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"gtpc_record"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Assessment Events",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/assessment_event",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"assessment_event"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Apache Druid Tables",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/tables/druid",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"tables",
|
||
"druid"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Client IPs",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_client_ip_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"top_client_ip_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Server IPs",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_server_ip_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"top_server_ip_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Internal IPs",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_internal_host_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"top_internal_host_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top External IPs",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_external_host_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"top_external_host_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Subscribers",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_user_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"top_user_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Server Domains",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_website_domain_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"top_website_domain_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Hit URLs",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_urls_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"top_urls_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Applications",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/traffic_app_stat_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"traffic_app_stat_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Traffic Metrics",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/traffic_metrics_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"traffic_metrics_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Traffic Summary",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/traffic_summary_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"traffic_summary_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Security Event Hits",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/security_event_hits_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"security_event_hits_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Proxy Event Hits",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/proxy_event_hits_log",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"proxy_event_hits_log"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Traffic Shaping",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/traffic_shaping_metrics",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"traffic_shaping_metrics"
|
||
]
|
||
},
|
||
"description": "security_event_log"
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Logs",
|
||
"item": [
|
||
{
|
||
"name": "First and Last Insert",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select * from (select 'Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Interim Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Transaction Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Security Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Proxy Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Radius' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'GTPC Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) order by type",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select * from (select 'Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Interim Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Transaction Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Security Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Proxy Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Radius' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'GTPC Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) order by type"
|
||
}
|
||
]
|
||
},
|
||
"description": "验证原始日志是否有最新的数据"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "ETL and Ingestion Latency",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select 'Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Interim Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tinterim_session_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Transaction Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"etl_latency(s)\" , round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\n\tfrom transaction_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Security Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsecurity_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all select 'Proxy Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tproxy_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n union all select 'Radius Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tradius_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'gtpc_record' as type, round(count(*)/300,0) as \"logs/sec\",round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\"\nfrom\n\tgtpc_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select 'Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Interim Session Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tinterim_session_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Transaction Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"etl_latency(s)\" , round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\n\tfrom transaction_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'Security Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsecurity_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all select 'Proxy Event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tproxy_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n union all select 'Radius Record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tradius_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'gtpc_record' as type, round(count(*)/300,0) as \"logs/sec\",round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\"\nfrom\n\tgtpc_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Session Ingestion Latency Distribution",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tmin(duration) MIN,\n\tmedian(duration) as MEDIAN,\n\tround(avg(duration),2) as AVG,\n\tround(QUANTILE(duration,0.8),2) as P80,\n\tround(QUANTILE(duration,0.95),2) as P95,\n\tround(QUANTILE(duration,0.99),2) as P99,\n\tmax(duration) as MAX\nfrom\n\t(\n\tselect\n\t\t(common_processing_time-common_recv_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP(now())-86400\n\t\tand common_recv_time<UNIX_TIMESTAMP(now()) )",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tmin(duration) MIN,\n\tmedian(duration) as MEDIAN,\n\tround(avg(duration),2) as AVG,\n\tround(QUANTILE(duration,0.8),2) as P80,\n\tround(QUANTILE(duration,0.95),2) as P95,\n\tround(QUANTILE(duration,0.99),2) as P99,\n\tmax(duration) as MAX\nfrom\n\t(\n\tselect\n\t\t(common_processing_time-common_recv_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP(now())-86400\n\t\tand common_recv_time<UNIX_TIMESTAMP(now()) )"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Session Duration Distribution",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tmin(duration) MIN,\n\tmedian(duration) as MEDIAN,\n\tround(avg(duration),2) as AVG,\n\tround(QUANTILE(duration,0.8),2) as P80,\n\tround(QUANTILE(duration,0.95),2) as P95,\n\tround(QUANTILE(duration,0.99),2) as P99,\n\tmax(duration) as MAX\nfrom\n\t(\n\tselect\n\t\t(common_end_time-common_start_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP(now())-86400\n\t\tand common_recv_time<UNIX_TIMESTAMP(now()) )",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tmin(duration) MIN,\n\tmedian(duration) as MEDIAN,\n\tround(avg(duration),2) as AVG,\n\tround(QUANTILE(duration,0.8),2) as P80,\n\tround(QUANTILE(duration,0.95),2) as P95,\n\tround(QUANTILE(duration,0.99),2) as P99,\n\tmax(duration) as MAX\nfrom\n\t(\n\tselect\n\t\t(common_end_time-common_start_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP(now())-86400\n\t\tand common_recv_time<UNIX_TIMESTAMP(now()) )"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Closed Session Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_vsys_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time,common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc, common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain, common_app_full_path,common_shaping_rule_ids, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_cname,dns_rr, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, dtls_sni ,quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools,stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_vsys_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time,common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc, common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain, common_app_full_path,common_shaping_rule_ids, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_cname,dns_rr, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, dtls_sni ,quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools,stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Current Traffic Metrics by Session Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(common_s2c_byte_num)* 8 / 300 as trafficInBits,\n\tsum(common_c2s_byte_num)* 8 / 300 as trafficOutBits,\n\tsum(common_s2c_byte_num + common_c2s_byte_num)* 8 / 300 as trafficTotalBits,\n\tsum(common_s2c_pkt_num)/ 300 as trafficInPackets,\n\tsum(common_c2s_pkt_num)/ 300 as trafficOutPackets,\n\tsum(common_s2c_pkt_num + common_c2s_pkt_num)/ 300 as trafficTotalPackets,\n\tsum(common_sessions)/ 300 as sessions\nfrom\n\t session_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP(now())-300 and common_vsys_id in (1,2,3,4) ",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsum(common_s2c_byte_num)* 8 / 300 as trafficInBits,\n\tsum(common_c2s_byte_num)* 8 / 300 as trafficOutBits,\n\tsum(common_s2c_byte_num + common_c2s_byte_num)* 8 / 300 as trafficTotalBits,\n\tsum(common_s2c_pkt_num)/ 300 as trafficInPackets,\n\tsum(common_c2s_pkt_num)/ 300 as trafficOutPackets,\n\tsum(common_s2c_pkt_num + common_c2s_pkt_num)/ 300 as trafficTotalPackets,\n\tsum(common_sessions)/ 300 as sessions\nfrom\n\t session_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP(now())-300 and common_vsys_id in (1,2,3,4) "
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Traffic Distribution of Summary by Schema Type",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >={{Last 1 Hour Start}} and schema_type='BASE' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='HTTP' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SSL' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='MAIL' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='DNS' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='APP' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='QUIC' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='FTP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SIP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='RTP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='Stratum' group by {{PT1M_TIME}}, schema_type ",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >={{Last 1 Hour Start}} and schema_type='BASE' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='HTTP' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SSL' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='MAIL' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='DNS' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='APP' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='QUIC' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='FTP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SIP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='RTP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='Stratum' group by {{PT1M_TIME}}, schema_type "
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Traffic Distribution of Logs by Schema Type",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n sum(common_sessions) as sessions,\n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\nfrom\n session_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_schema_type order by stat_time asc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n sum(common_sessions) as sessions,\n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\nfrom\n session_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_schema_type order by stat_time asc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Total Closed Session Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) ",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select count(*) as events from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) "
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Transaction Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Total Interim Session Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname,dns_cname,dns_rr, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname,dns_cname,dns_rr, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Security Events",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_policy_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_action, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_error, common_stream_trace_id, common_packet_capture_file, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, common_mirrored_pkts, common_mirrored_bytes, common_tunnel_endpoint_a_desc,common_tunnel_endpoint_b_desc,common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain,common_app_full_path,common_shaping_rule_ids,http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_san, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_passthrough_reason, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, dtls_sni, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_policy_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_action, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_error, common_stream_trace_id, common_packet_capture_file, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, common_mirrored_pkts, common_mirrored_bytes, common_tunnel_endpoint_a_desc,common_tunnel_endpoint_b_desc,common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain,common_app_full_path,common_shaping_rule_ids,http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_san, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_passthrough_reason, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, dtls_sni, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Security Hit Distribution of Summary by Action",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, 'allow' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=128 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'allow'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'deny' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=16 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'deny'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'monitor' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=1 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'monitor'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'intercept' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=2 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, 'intercept'",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select {{PT1M_TIME}} as stat_time, 'allow' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=128 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'allow'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'deny' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=16 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'deny'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'monitor' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=1 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}},'monitor'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'intercept' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=2 and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, 'intercept'"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Security Hit Distribution of Logs by Action",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n (CASE\n WHEN common_action = 1 THEN 'Monitor'\n WHEN common_action = 2 THEN 'Intercept'\n WHEN common_action = 16 THEN 'Deny'\n WHEN common_action = 48 THEN 'Manipulation'\n WHEN common_action = 128 THEN 'Allow'\n ELSE 'None'\n END) as type,\n count(*) as events\nfrom\n security_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_action order by stat_time asc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n (CASE\n WHEN common_action = 1 THEN 'Monitor'\n WHEN common_action = 2 THEN 'Intercept'\n WHEN common_action = 16 THEN 'Deny'\n WHEN common_action = 48 THEN 'Manipulation'\n WHEN common_action = 128 THEN 'Allow'\n ELSE 'None'\n END) as type,\n count(*) as events\nfrom\n security_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4) \ngroup by\n stat_time,\n common_action order by stat_time asc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Total Security Events",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select count(*) as events from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Security Event Hits by Action",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select (CASE WHEN common_action=1 THEN 'Monitor' WHEN common_action=2 THEN 'Intercept' WHEN common_action=16 THEN 'Deny' WHEN common_action=48 THEN 'Manipulation' WHEN common_action=128 THEN 'Allow' ELSE 'None' END) as action,\n count(*) as hits,\n sum(common_c2s_byte_num ) as bytes_sent,\n sum(common_s2c_byte_num ) as bytes_received,\n sum(common_c2s_byte_num+common_s2c_byte_num ) as bytes,sum(common_c2s_pkt_num ) as packets_sent,\n sum(common_s2c_pkt_num ) as packets_received,\n sum(common_c2s_pkt_num+common_s2c_pkt_num ) as packets from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) group by common_action",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select (CASE WHEN common_action=1 THEN 'Monitor' WHEN common_action=2 THEN 'Intercept' WHEN common_action=16 THEN 'Deny' WHEN common_action=48 THEN 'Manipulation' WHEN common_action=128 THEN 'Allow' ELSE 'None' END) as action,\n count(*) as hits,\n sum(common_c2s_byte_num ) as bytes_sent,\n sum(common_s2c_byte_num ) as bytes_received,\n sum(common_c2s_byte_num+common_s2c_byte_num ) as bytes,sum(common_c2s_pkt_num ) as packets_sent,\n sum(common_s2c_pkt_num ) as packets_received,\n sum(common_c2s_pkt_num+common_s2c_pkt_num ) as packets from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) group by common_action"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Proxy Events",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, common_vsys_id,FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, common_vsys_id,FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Proxy Event Hits by Action",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select common_sub_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) group by common_sub_action",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": " select common_sub_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) group by common_sub_action"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Proxy Hit Distribution of Summary by Action",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='allow' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='monitor' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='deny' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='redirect' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='replace' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='hijack' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='insert' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='allow' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='monitor' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='deny' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='redirect' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='replace' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='hijack' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='insert' and vsys_id in (1,2,3,4) group by {{PT1M_TIME}}, sub_action\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Proxy Hit Distribution of Logs by Action",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_sub_action as type,\n count(*) as events\nfrom\n proxy_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n common_sub_action order by stat_time asc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_sub_action as type,\n count(*) as events\nfrom\n proxy_event where common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n common_sub_action order by stat_time asc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Total Proxy Events",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select count(*) as events from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Radius Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "GTP-C Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "VoIP Records",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from voip_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from voip_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "VoIP Distribution of Logs by Schema Type",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as count\nfrom\n voip_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n common_schema_type order by stat_time asc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as count\nfrom\n voip_record\nwhere common_recv_time > {{Last 1 Hour Start}} and common_vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n common_schema_type order by stat_time asc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DoS Events",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n log_id,\n attack_type,\n source_country_list,\n source_ip_list,\n destination_ip,\n destination_country,\n severity, \n start_time,\n end_time,\n conditions,\n bit_rate,\n packet_rate,\n session_rate from dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\norder by start_time desc \nlimit 0,20",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n log_id,\n attack_type,\n source_country_list,\n source_ip_list,\n destination_ip,\n destination_country,\n severity, \n start_time,\n end_time,\n conditions,\n bit_rate,\n packet_rate,\n session_rate from dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\norder by start_time desc \nlimit 0,20"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DoS Distribution of Logs by Attack Type",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(start_time,'PT10M')) as stat_time,\n attack_type as type,\n count(*) as count\nfrom\n dos_event\nwhere start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n attack_type\norder by stat_time asc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(start_time,'PT10M')) as stat_time,\n attack_type as type,\n count(*) as count\nfrom\n dos_event\nwhere start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by\n stat_time,\n attack_type\norder by stat_time asc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Metrics",
|
||
"item": [
|
||
{
|
||
"name": "DoS Threat Map",
|
||
"item": [
|
||
{
|
||
"name": "Top Source Countries",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n arrayJoin(splitByString(',',source_country_list)) as source_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \n and notEmpty(source_country_list) and vsys_id in (1,2,3,4)\ngroup by arrayJoin(splitByString(',',source_country_list)) order by count desc limit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select \n arrayJoin(splitByString(',',source_country_list)) as source_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') \n and notEmpty(source_country_list) and vsys_id in (1,2,3,4)\ngroup by arrayJoin(splitByString(',',source_country_list)) order by count desc limit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Destination Countries",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n destination_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_country\norder by count desc limit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n destination_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_country\norder by count desc limit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Victims",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n destination_ip,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_ip\norder by count desc limit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n destination_ip,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_ip\norder by count desc limit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Attack Type",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n attack_type,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by attack_type\norder by attack_type",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n attack_type,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by attack_type\norder by attack_type"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Severity",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n severity,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by severity\norder by severity",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n severity,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by severity\norder by severity"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Destination IP Distribution",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n destination_ip, IP_TO_GEO(destination_ip) as destination_geo,\n any(destination_country) as destination_country,\n groupUniqArray(arrayJoin(splitByString(',',source_country_list))) as source_coutries,\n max(bit_rate) as max_bit_rate,\n max(packet_rate) as max_packet_rate,\n max(session_rate) as max_session_rate,\n min(start_time) as first_active_time,\n max(end_time) as last_active_time,\n MAX_DURATION(end_time, 600) as max_duration,\n groupUniqArray(attack_type) as attack_type,\n count(*) as count\nfrom dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_ip \norder by count desc limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n destination_ip, IP_TO_GEO(destination_ip) as destination_geo,\n any(destination_country) as destination_country,\n groupUniqArray(arrayJoin(splitByString(',',source_country_list))) as source_coutries,\n max(bit_rate) as max_bit_rate,\n max(packet_rate) as max_packet_rate,\n max(session_rate) as max_session_rate,\n min(start_time) as first_active_time,\n max(end_time) as last_active_time,\n MAX_DURATION(end_time, 600) as max_duration,\n groupUniqArray(attack_type) as attack_type,\n count(*) as count\nfrom dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4)\ngroup by destination_ip \norder by count desc limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DoS Attack Connection",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n start_time,\n destination_ip,\n IP_TO_GEO(destination_ip) as destination_geo,\n destination_country,\n source_country_list,\n attack_type,\n severity,bit_rate, packet_rate, session_rate from dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4) order by start_time asc limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n start_time,\n destination_ip,\n IP_TO_GEO(destination_ip) as destination_geo,\n destination_country,\n source_country_list,\n attack_type,\n severity,bit_rate, packet_rate, session_rate from dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time <UNIX_TIMESTAMP('{{end_time}}') and vsys_id in (1,2,3,4) order by start_time asc limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Live Traffic Chart",
|
||
"item": [
|
||
{
|
||
"name": "Network Summary",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\n \"clientId\":null,\n \"query\":{\n \"queryType\":\"networkOverviewSummary\",\n \"dataSource\":\"traffic_summary_log\",\n \"parameters\":{\n \"range\": [\n {\n \"type\": \"eq\",\n \"fieldKey\": \"vsys_id\",\n \"fieldValues\": [\n 1,2,3,4,5\n ]\n }\n ],\n \"intervals\":[\n \"{{start_time}}/{{end_time}}\"\n ]\n }\n }\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/traffic/v1/?protocol=",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"traffic",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "protocol",
|
||
"value": ""
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Protocol Stat",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\n \"clientId\":null,\n \"query\":{\n \"queryType\":\"protocolTreeSummary\",\n \"dataSource\":\"traffic_protocol_stat_log\",\n \"parameters\":{\n \"range\": [\n {\n \"type\": \"eq\",\n \"fieldKey\": \"vsys_id\",\n \"fieldValues\": [\n 1,2,3,4,5\n ]\n }\n ],\n \"intervals\":[\n \"{{start_time}}/{{end_time}}\"\n ]\n }\n }\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/traffic/v1/?protocol=",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"traffic",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "protocol",
|
||
"value": ""
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Ethernet Throughput",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\n \"clientId\":null,\n \"query\":{\n \"queryType\":\"protocolDataRateSummary\",\n \"dataSource\":\"traffic_protocol_stat_log\",\n \"parameters\":{\n \"granularity\":\"PT5m\",\n \"match\":[\n {\n \"type\":\"prefix\",\n \"fieldKey\":\"protocol_id\",\n \"fieldValues\":[\n \"Protocols/ETHERNET,*\"\n ]\n }\n ],\"range\": [\n {\n \"type\": \"eq\",\n \"fieldKey\": \"vsys_id\",\n \"fieldValues\": [\n 1,2,3,4,5\n ]\n }\n ],\n \"intervals\":[\n \"{{start_time}}/{{end_time}}\"\n ]\n }\n }\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/traffic/v1/?protocol=",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"traffic",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "protocol",
|
||
"value": ""
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "App stat",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\n \"clientId\":null,\n \"query\":{\n \"queryType\":\"appDataSummary\",\n \"dataSource\":\"traffic_protocol_stat_log\",\n \"limit\":\"100\",\n \"offset\":\"1\",\n \"parameters\":{\n \"granularity\": \"PT15S\",\n \"range\": [\n {\n \"type\": \"eq\",\n \"fieldKey\": \"vsys_id\",\n \"fieldValues\": [\n 1,2,3,4,5\n ]\n }\n ],\n \"intervals\":[\n \"{{start_time}}/{{end_time}}\"\n ]\n }\n }\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/traffic/v1/?app",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"traffic",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "app",
|
||
"value": null
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Traffic Shaping",
|
||
"item": [
|
||
{
|
||
"name": "Shaping Profiles Metrics",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n profile_id,\n sum(in_tx_bytes+out_tx_bytes) as bytes,\n sum(in_tx_pkts+out_tx_pkts) as packets,\n sum(in_drop_pkts+out_drop_pkts) as drops,\n max(in_max_latency_us+out_max_latency_us) as max_latency_us,\n avg(in_queue_len+out_queue_len) as avg_q,\n max(in_queue_len+out_queue_len) as max_q\n from traffic_shaping_metrics\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,103,273)\ngroup by profile_id",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select \n profile_id,\n sum(in_tx_bytes+out_tx_bytes) as bytes,\n sum(in_tx_pkts+out_tx_pkts) as packets,\n sum(in_drop_pkts+out_drop_pkts) as drops,\n max(in_max_latency_us+out_max_latency_us) as max_latency_us,\n avg(in_queue_len+out_queue_len) as avg_q,\n max(in_queue_len+out_queue_len) as max_q\n from traffic_shaping_metrics\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,103,273)\ngroup by profile_id"
|
||
}
|
||
]
|
||
},
|
||
"description": "最近5分钟"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Shaping Rule Summary",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select%0A%20%20%20rule_id%2C%0A%20%20%20DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C%20sum(in_tx_bytes%2Bout_tx_bytes)%20as%20total_bytes\nfrom traffic_shaping_metrics where \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and rule_id in (1,2,103,273)\ngroup by rule_id",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select%0A%20%20%20rule_id%2C%0A%20%20%20DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C%20sum(in_tx_bytes%2Bout_tx_bytes)%20as%20total_bytes\nfrom traffic_shaping_metrics where \n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and rule_id in (1,2,103,273)\ngroup by rule_id"
|
||
}
|
||
]
|
||
},
|
||
"description": "最近5分钟"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Shaping Rule Throughput Trend",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n sum(active_sessions)/10 as active_sessions,\n sum(total_bytes)*8/10 as current_bandwidth_bits\n from\n (\n select\n device_id,\n vsys_id,\n max(active_sessions) as active_sessions, \n sum(in_tx_bytes+out_tx_bytes) as total_bytes\n from\n traffic_shaping_metrics\n where\n __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-10)\n and vsys_id in (1,2,3,4,5)\n and rule_id =1\n group by device_id,vsys_id\n )",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n sum(active_sessions)/10 as active_sessions,\n sum(total_bytes)*8/10 as current_bandwidth_bits\n from\n (\n select\n device_id,\n vsys_id,\n max(active_sessions) as active_sessions, \n sum(in_tx_bytes+out_tx_bytes) as total_bytes\n from\n traffic_shaping_metrics\n where\n __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-10)\n and vsys_id in (1,2,3,4,5)\n and rule_id =1\n group by device_id,vsys_id\n )"
|
||
}
|
||
]
|
||
},
|
||
"description": "最近5分钟"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Shaping Profile Summary",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n profile_id,\n DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C\n sum(in_drop_pkts+out_drop_pkts) as drops\nfrom traffic_shaping_metrics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,103,273)\ngroup by profile_id ",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select \n profile_id,\n DATE_FORMAT(max(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20last_used%2C%0A%20%20%20DATE_FORMAT(min(__time)%20%2C'%25Y-%25m-%25d%20%25H%3A%25i%3A%25s')%20as%20first_used%2C\n sum(in_drop_pkts+out_drop_pkts) as drops\nfrom traffic_shaping_metrics\nwhere\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id in (1,2,103,273)\ngroup by profile_id "
|
||
}
|
||
]
|
||
},
|
||
"description": "最近5分钟"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Shaping Profile Realtime Metrics",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n sum(active_sessions)/10 as active_sessions,\n sum(rx_bytes)*8/10 as rx_bps,\n sum(tx_bytes)*8/10 as tx_bps,\n sum(rx_packets)/10 as rx_pps,\n sum(tx_packets)/10 as tx_pps,\n max(max_latency_us) as max_latency_us,\n avg(avg_q) as avg_q,\n max(max_q) as max_q\n from\n (\n select\n device_id,\n vsys_id,\n max(active_sessions) as active_sessions,\n sum(in_rx_bytes+out_rx_bytes) as rx_bytes,\n sum(in_tx_bytes+out_tx_bytes) as tx_bytes,\n sum(in_rx_pkts+out_rx_pkts) as rx_packets,\n sum(in_tx_pkts+out_tx_pkts) as tx_packets,\n max(in_max_latency_us+out_max_latency_us) as max_latency_us,\n avg(in_queue_len+out_queue_len) as avg_q,\n max(in_queue_len+out_queue_len) as max_q\n from\n traffic_shaping_metrics\n where\n __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-10)\n and vsys_id in (1,2,3,4,5)\n and profile_id =1\n group by device_id, vsys_id\n )",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n sum(active_sessions)/10 as active_sessions,\n sum(rx_bytes)*8/10 as rx_bps,\n sum(tx_bytes)*8/10 as tx_bps,\n sum(rx_packets)/10 as rx_pps,\n sum(tx_packets)/10 as tx_pps,\n max(max_latency_us) as max_latency_us,\n avg(avg_q) as avg_q,\n max(max_q) as max_q\n from\n (\n select\n device_id,\n vsys_id,\n max(active_sessions) as active_sessions,\n sum(in_rx_bytes+out_rx_bytes) as rx_bytes,\n sum(in_tx_bytes+out_tx_bytes) as tx_bytes,\n sum(in_rx_pkts+out_rx_pkts) as rx_packets,\n sum(in_tx_pkts+out_tx_pkts) as tx_packets,\n max(in_max_latency_us+out_max_latency_us) as max_latency_us,\n avg(in_queue_len+out_queue_len) as avg_q,\n max(in_queue_len+out_queue_len) as max_q\n from\n traffic_shaping_metrics\n where\n __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-10)\n and vsys_id in (1,2,3,4,5)\n and profile_id =1\n group by device_id, vsys_id\n )"
|
||
}
|
||
]
|
||
},
|
||
"description": "最近5分钟"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Shaping Rule/Profile Realtime Throughput",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) as stat_time,\n sum(in_tx_bytes) as in_tx_bytes,\n sum(out_tx_bytes) as out_tx_bytes \nfrom traffic_shaping_metrics\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id=273\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) order by stat_time asc limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) as stat_time,\n sum(in_tx_bytes) as in_tx_bytes,\n sum(out_tx_bytes) as out_tx_bytes \nfrom traffic_shaping_metrics\n where\n __time >= '{{start_time}}' and __time < '{{end_time}}' \n and vsys_id in (1,2,3,4,5)\n and profile_id=273\n group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT1s',\n'zero')) order by stat_time asc limit 100"
|
||
}
|
||
]
|
||
},
|
||
"description": "最近5分钟"
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Traffic Throughput",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(total_in_bytes)* 8 / 300 as trafficInBits,\n\tsum(total_out_bytes)* 8 / 300 as trafficOutBits,\n\tsum(total_in_bytes + total_out_bytes)* 8 / 300 as trafficTotalBits,\n\tsum(total_in_packets)/ 300 as trafficInPackets,\n\tsum(total_out_packets)/ 300 as trafficOutPackets,\n\tsum(total_in_packets + total_out_packets)/ 300 as trafficTotalPackets,\n\tsum(new_conn_num)/ 300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300) and vsys_id in (1,2,3,4,5)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsum(total_in_bytes)* 8 / 300 as trafficInBits,\n\tsum(total_out_bytes)* 8 / 300 as trafficOutBits,\n\tsum(total_in_bytes + total_out_bytes)* 8 / 300 as trafficTotalBits,\n\tsum(total_in_packets)/ 300 as trafficInPackets,\n\tsum(total_out_packets)/ 300 as trafficOutPackets,\n\tsum(total_in_packets + total_out_packets)/ 300 as trafficTotalPackets,\n\tsum(new_conn_num)/ 300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300) and vsys_id in (1,2,3,4,5)"
|
||
}
|
||
]
|
||
},
|
||
"description": "最近5分钟"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Total New and Active num",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n sum(new_conn_num)/300 as new_conn_num, \n sum(live_conn_num) as live_conn_num \nfrom (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num \n from traffic_metrics_log \n where __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300) and vsys_id in (1,2,3,4,5)\n group by device_id)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select \n sum(new_conn_num)/300 as new_conn_num, \n sum(live_conn_num) as live_conn_num \nfrom (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num \n from traffic_metrics_log \n where __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300) and vsys_id in (1,2,3,4,5)\n group by device_id)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Traffic Metric Trend",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as statisticsTime,\n\tsum(total_in_bytes) as total_in_bytes,\n\tsum(total_out_bytes) as total_out_bytes,\n\tsum(total_in_bytes + total_out_bytes) as total_all_bytes,\n\tsum(total_in_packets) as total_in_packets,\n\tsum(total_out_packets) as total_out_packets,\n\tsum(total_in_packets + total_out_packets) as total_all_packets,\n\tsum(new_conn_num) as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n\tgroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero'))\nlimit 50000",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as statisticsTime,\n\tsum(total_in_bytes) as total_in_bytes,\n\tsum(total_out_bytes) as total_out_bytes,\n\tsum(total_in_bytes + total_out_bytes) as total_all_bytes,\n\tsum(total_in_packets) as total_in_packets,\n\tsum(total_out_packets) as total_out_packets,\n\tsum(total_in_packets + total_out_packets) as total_all_packets,\n\tsum(new_conn_num) as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n\tgroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero'))\nlimit 50000"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "New and Active num Trend",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select * from (select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,\n'new_conn_num' as type,\nsum(new_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),'new_conn_num' union all select statisticTime, 'live_conn_num' as type,sum(sessions) as sessions from ( select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,device_id,\nmax(established_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),device_id) group by statisticTime,'live_conn_num' ) order by statisticTime asc limit 50000",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select * from (select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,\n'new_conn_num' as type,\nsum(new_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),'new_conn_num' union all select statisticTime, 'live_conn_num' as type,sum(sessions) as sessions from ( select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,device_id,\nmax(established_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),device_id) group by statisticTime,'live_conn_num' ) order by statisticTime asc limit 50000"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Total Security Policy Hits by Action",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n(CASE WHEN action=1 THEN 'Monitor' WHEN action=2 THEN 'Intercept' WHEN action=16 THEN 'Deny' WHEN action=48 THEN 'Manipulation' WHEN action=128 THEN 'Allow' ELSE action END) as action,\nSUM(hits) as hit_count,\nSUM(c2s_byte_num+s2c_byte_num) as bytes,\nSUM(c2s_pkt_num+s2c_pkt_num) as packets\nfrom security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) GROUP BY action\norder by action",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n(CASE WHEN action=1 THEN 'Monitor' WHEN action=2 THEN 'Intercept' WHEN action=16 THEN 'Deny' WHEN action=48 THEN 'Manipulation' WHEN action=128 THEN 'Allow' ELSE action END) as action,\nSUM(hits) as hit_count,\nSUM(c2s_byte_num+s2c_byte_num) as bytes,\nSUM(c2s_pkt_num+s2c_pkt_num) as packets\nfrom security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) GROUP BY action\norder by action"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Security Policy Hits Trend by Action",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S','zero')) as stat_time, (CASE WHEN action=1 THEN 'Monitor' WHEN action=2 THEN 'Intercept' WHEN action=16 THEN 'Deny' WHEN action=48 THEN 'Manipulation' WHEN action=128 THEN 'Allow' ELSE 'None' END) as action,\n\tsum(hits) as hit_count,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes\nfrom\n\tsecurity_event_hits_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')),action\norder by stat_time limit 50000 ",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S','zero')) as stat_time, (CASE WHEN action=1 THEN 'Monitor' WHEN action=2 THEN 'Intercept' WHEN action=16 THEN 'Deny' WHEN action=48 THEN 'Manipulation' WHEN action=128 THEN 'Allow' ELSE 'None' END) as action,\n\tsum(hits) as hit_count,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes\nfrom\n\tsecurity_event_hits_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')),action\norder by stat_time limit 50000 "
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Security Policy Hits",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select policy_id as policyId, sum(hits) as sessions from security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by policy_id order by sessions desc limit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select policy_id as policyId, sum(hits) as sessions from security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by policy_id order by sessions desc limit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Client IPs by Sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as clientIp,\n\tdevice_group as deviceGroup,\n\tdata_center as dataCenter,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsource as clientIp,\n\tdevice_group as deviceGroup,\n\tdata_center as dataCenter,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Client IPs by Packets",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as clientIp,\n\tdevice_group as deviceGroup,\n\tdata_center as dataCenter,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'packets' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalPackets desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsource as clientIp,\n\tdevice_group as deviceGroup,\n\tdata_center as dataCenter,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'packets' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalPackets desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Client IPs by Bytes",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as clientIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'bytes' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalBytes desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsource as clientIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'bytes' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalBytes desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Server IPs by Sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdestination as serverIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_server_ip_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions' and vsys_id in (1,2,3,4,5)\ngroup by \n\tdestination,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tdestination as serverIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_server_ip_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions' and vsys_id in (1,2,3,4,5)\ngroup by \n\tdestination,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Client IPs by Packets",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='packets' and vsys_id in (1,2,3,4,5) group by destination order by totalPackets desc limit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='packets' and vsys_id in (1,2,3,4,5) group by destination order by totalPackets desc limit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Client IPs by Bytes",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' and vsys_id in (1,2,3,4,5) group by destination order by totalBytes desc limit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' and vsys_id in (1,2,3,4,5) group by destination order by totalBytes desc limit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Subscriber IDs by Sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='sessions' and vsys_id in (1,2,3,4,5) group by subscriber_id order by sessions desc limit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='sessions' and vsys_id in (1,2,3,4,5) group by subscriber_id order by sessions desc limit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Subscriber IDs by Packets",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsubscriber_id as subscriberid,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_user_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsubscriber_id,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalPackets desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsubscriber_id as subscriberid,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_user_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsubscriber_id,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalPackets desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Subscriber IDs by Bytes",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' and vsys_id in (1,2,3,4,5) group by subscriber_id order by totalBytes desc limit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' and vsys_id in (1,2,3,4,5) group by subscriber_id order by totalBytes desc limit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top URLs by Hits",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select url,sum(session_num) as sessions from top_urls_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by url order by sessions desc limit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select url,sum(session_num) as sessions from top_urls_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by url order by sessions desc limit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Domains by Sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdomain,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_website_domain_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions' and vsys_id in (1,2,3,4,5)\ngroup by\n\tdomain,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tdomain,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_website_domain_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions' and vsys_id in (1,2,3,4,5)\ngroup by\n\tdomain,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Apps by Sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tapp_name as app_name,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttraffic_app_stat_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by\n\tapp_name,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tapp_name as app_name,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttraffic_app_stat_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\ngroup by\n\tapp_name,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Internal IPs by Sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'sessions' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'sessions' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Internal IPs by Packets",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource\norder by\n\tpackets desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource\norder by\n\tpackets desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Internal IPs by Bytes",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource\norder by\n\tbytes desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes' and vsys_id in (1,2,3,4,5)\ngroup by\n\tsource\norder by\n\tbytes desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top External IPs by Sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions' and vsys_id in (1,2,3,4,5)\ngroup by\n\tdestination\norder by\n\tsessions desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions' and vsys_id in (1,2,3,4,5)\ngroup by\n\tdestination\norder by\n\tsessions desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Internal IPs by Packets",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets' and vsys_id in (1,2,3,4,5)\ngroup by\n\tdestination\norder by\n\tpackets desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets' and vsys_id in (1,2,3,4,5)\ngroup by\n\tdestination\norder by\n\tpackets desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Internal IPs by Bytes",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes' and vsys_id in (1,2,3,4,5)\ngroup by\n\tdestination\norder by\n\tbytes desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes' and vsys_id in (1,2,3,4,5)\ngroup by\n\tdestination\norder by\n\tbytes desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Total Proxy Policy Hits by Action",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n sub_action as action,\n sum(hits) as hit_count\nfrom proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by sub_action order by action",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n sub_action as action,\n sum(hits) as hit_count\nfrom proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by sub_action order by action"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Proxy Policy Hits Trend by Action",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time, sub_action as action, sum(hits) as hit_count\nfrom proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')),sub_action order by stat_time asc limit 50000 ",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as stat_time, sub_action as action, sum(hits) as hit_count\nfrom proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')),sub_action order by stat_time asc limit 50000 "
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Proxy Policy Hits",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select policy_id as policyId, sum(hits) as sessions from proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by policy_id order by sessions desc limit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select policy_id as policyId, sum(hits) as sessions from proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by policy_id order by sessions desc limit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Proxy Policy Pinning(Not)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(not_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(not_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Proxy Policy Pinning(Maybe)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(maybe_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(maybe_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Proxy Policy Pinning(Yes)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and vsys_id in (1,2,3,4,5) group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Average New and Active Rate",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select\n sum(new_conn_num)/300 as new_conn_num,\n sum(live_conn_num) as live_conn_num from (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num from traffic_metrics_log \n where __time >= {{Last 5 Minutes Start}} and vsys_id in (1,2,3,4,5)\n group by device_id) ",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": " select\n sum(new_conn_num)/300 as new_conn_num,\n sum(live_conn_num) as live_conn_num from (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num from traffic_metrics_log \n where __time >= {{Last 5 Minutes Start}} and vsys_id in (1,2,3,4,5)\n group by device_id) "
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Average Traffic Throughput",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=\nselect\n\tsum(total_in_bytes)*8/300 as traffic_in_bits,\n\tsum(total_out_bytes)*8/300 as traffic_out_bits\nfrom\n\ttraffic_metrics_log\nwhere \n\t__time >= {{Last 5 Minutes Start}} and vsys_id in (1,2,3,4,5)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "\nselect\n\tsum(total_in_bytes)*8/300 as traffic_in_bits,\n\tsum(total_out_bytes)*8/300 as traffic_out_bits\nfrom\n\ttraffic_metrics_log\nwhere \n\t__time >= {{Last 5 Minutes Start}} and vsys_id in (1,2,3,4,5)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Average Packet Rate",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=\nselect\n\tsum(total_in_packets)/300 as traffic_in_packets,\n\tsum(total_out_packets)/300 as traffic_out_packets\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} and vsys_id in (1,2,3,4,5)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "\nselect\n\tsum(total_in_packets)/300 as traffic_in_packets,\n\tsum(total_out_packets)/300 as traffic_out_packets\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} and vsys_id in (1,2,3,4,5)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Average Session Rate",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=\nselect\n\tsum(new_conn_num)/300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} and vsys_id in (1,2,3,4,5)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "\nselect\n\tsum(new_conn_num)/300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} and vsys_id in (1,2,3,4,5)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "First and Last Found of Metric Sources",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select 'Traffic Metrics' as type, min(__time) as first_time, max(__time) as last_time from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Security Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Proxy Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Internal IP' as type, min(__time) as first_time, max(__time) as last_time from top_internal_host_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'External IP' as type, min(__time) as first_time, max(__time) as last_time from top_external_host_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Subscriber ID' as type, min(__time) as first_time, max(__time) as last_time from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Client IP' as type, min(__time) as first_time, max(__time) as last_time from top_client_ip_log union all select 'Server IP' as type, min(__time) as first_time, max(__time) as last_time from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Website Domain' as type, min(__time) as first_time, max(__time) as last_time from top_website_domain_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Hit Urls' as type, min(__time) as first_time, max(__time) as last_time from top_urls_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Summary' as type, min(__time) as first_time, max(__time) as last_time from traffic_summary_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Protocol Stat' as type, min(__time) as first_time, max(__time) as last_time from traffic_protocol_stat_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Storage Quota' as type, min(__time) as first_time, max(__time) as last_time from sys_storage_log where __time >= '{{start_time}}' and __time < '{{end_time}}'",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select 'Traffic Metrics' as type, min(__time) as first_time, max(__time) as last_time from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Security Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Proxy Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Internal IP' as type, min(__time) as first_time, max(__time) as last_time from top_internal_host_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'External IP' as type, min(__time) as first_time, max(__time) as last_time from top_external_host_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Subscriber ID' as type, min(__time) as first_time, max(__time) as last_time from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Client IP' as type, min(__time) as first_time, max(__time) as last_time from top_client_ip_log union all select 'Server IP' as type, min(__time) as first_time, max(__time) as last_time from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Website Domain' as type, min(__time) as first_time, max(__time) as last_time from top_website_domain_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Hit Urls' as type, min(__time) as first_time, max(__time) as last_time from top_urls_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Summary' as type, min(__time) as first_time, max(__time) as last_time from traffic_summary_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Protocol Stat' as type, min(__time) as first_time, max(__time) as last_time from traffic_protocol_stat_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Storage Quota' as type, min(__time) as first_time, max(__time) as last_time from sys_storage_log where __time >= '{{start_time}}' and __time < '{{end_time}}'"
|
||
}
|
||
]
|
||
},
|
||
"description": "验证Apache Druid 统计表是否有最新的数据"
|
||
},
|
||
"response": []
|
||
}
|
||
],
|
||
"description": "# Dashboard 业务\n\nDashboard 为预聚合计数操作,接入数据源有四处(KAFKA TOPIC):\n\n* TRAFFIC-METRICS-LOG : 功能端5秒输出一次\n* CONNECTION-RECORD-COMPLETE-LOG: 数据平台接收CONNECTION-RECORD-LOG 补全后实时输出。\n* PROXY/SECURITY-EVENT-COMPLETE-LOG: 数据平台接收PROXY/SECURITY 命中策略日志补全后实时输出。\n\n## 流量计数Metrics \n\n**功能端 - Kafka(TRAFFIC-METRICS-LOG 每5秒 ) - Druid** \n\n所有基础Metrics(非内容级别的统计)都为功能端提前预聚合输出到TRAFFIC-METRICS-LOG 中,最终数据平台写入Druid 中,供API查询。具体包含:\n\n* System Overview (Traffic 、New、Live)\n* Policy Hits by Action(Security)\n* Policy Hits by Action (proxy) 、Pinning\n\n## TOPN 计算\n\n**流程1:功能端 - Kafka(原始日志) - 补全 - Druid** // 统计安全策略与代理策略结果,每1分钟\n\n**流程2:功能端 - Kafka(原始日志) - 补全 - Druid - 调度任务 - kafka -Druid ** // TOPN 计算,每5分钟\n\n所有内容级别,为数据平台进行实时统计,将指标输出到Druid中,供API进行查询。具体包含:\n\n* Top Hits (security) - 流程1\n\n* Top Hits (proxy) - 流程1\n\n* Endpoints (Active Client/Server/Internal/External , Top Domains, Active Subscriber ID,Top urls) - 流程2\n\n ",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"type": "text/javascript",
|
||
"exec": [
|
||
""
|
||
]
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"type": "text/javascript",
|
||
"exec": [
|
||
""
|
||
]
|
||
}
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Settings",
|
||
"item": [
|
||
{
|
||
"name": "System Storage Quata",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/sys/storage/deletion",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"sys",
|
||
"storage",
|
||
"deletion"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Relations",
|
||
"item": [
|
||
{
|
||
"name": "Ad-Hoc Query",
|
||
"item": [
|
||
{
|
||
"name": "提交查询任务(字段发现)",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"query.type\": \"field_discovery\",\r\n \"query.data_source\": \"session_record\",\r\n \"query.sample_ratio\": \"1\",\r\n \"custom.field_discovery.fields\": [\r\n \"common_log_id\",\r\n \"common_action\",\r\n \"common_app_label\",\r\n \"common_client_ip\",\r\n \"common_server_ip\",\r\n \"common_client_port\",\r\n \"common_server_port\",\r\n \"common_internal_ip\",\r\n \"common_external_ip\",\r\n \"common_schema_type\",\r\n \"http_url\",\r\n \"http_domain\"\r\n\r\n ],\r\n \"custom.field_discovery.filter\": \"common_recv_time >=UNIX_TIMESTAMP('2022-09-30 00:00:00') and common_recv_time <=UNIX_TIMESTAMP('2022-10-01 00:00:00') and common_vsys_id in (1,2,3,4,5)\"\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"admin",
|
||
"query",
|
||
"jobs"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "获取任务结果(字段发现)",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs/ed25bab143d786d0-4ae6835358276d04/field_discovery",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"admin",
|
||
"query",
|
||
"jobs",
|
||
"ed25bab143d786d0-4ae6835358276d04",
|
||
"field_discovery"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "提交查询任务(实时统计)",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"query.type\": \"statistics\",\r\n \"query.data_source\": \"session_record\",\r\n \"custom.statistics.sql\":\"select common_client_ip,count(*) as count from session_record where common_recv_time >=UNIX_TIMESTAMP('2022-09-30 00:00:00') and common_recv_time <=UNIX_TIMESTAMP('2022-10-01 00:00:00') and common_vsys_id in (1,2,3,4,5) group by common_client_ip order by count asc limit 10\"\r\n\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"admin",
|
||
"query",
|
||
"jobs"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "获取任务结果(实时统计)",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs/79b5124d876951f9-9e27cba1ce5c8eab/statistics",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"admin",
|
||
"query",
|
||
"jobs",
|
||
"79b5124d876951f9-9e27cba1ce5c8eab",
|
||
"statistics"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "取消正在查询任务(实时统计)",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs/79b5124d876951f9-9e27cba1ce5c8eab/statistics",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"admin",
|
||
"query",
|
||
"jobs",
|
||
"79b5124d876951f9-9e27cba1ce5c8eab",
|
||
"statistics"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "IP Learning",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"queryType\": \"\",\r\n \"dataSource\": \"IP_LEARNING_VIEW\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"substring\",\r\n \"fieldKey\": \"FQDN_NAME\",\r\n \"fieldValues\": [\"google.com\",\"baidu.com\"]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"PROTOCOL\",\r\n \"fieldValues\": [\r\n \"TLS\",\r\n \"HTTP\",\r\n \"DNS\"\r\n ]\r\n },\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"DEPTH\",\r\n \"fieldValues\": [\r\n 1\r\n ]\r\n },\r\n {\r\n \"type\": \"ge\",\r\n \"fieldKey\": \"UNIQ_CIP\",\r\n \"fieldValues\": [\r\n 1\r\n ]\r\n },{\r\n \"type\":\"eq\",\r\n \"fieldKey\":\"vsys_id\",\r\n \"fieldValues\":[1,2,3,4,5]\r\n }\r\n ],\r\n \"intervals\": [\r\n \"{{start_time}}/{{end_time}}\"\r\n ],\r\n \"limit\": 10000\r\n }\r\n }\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge/v1/?iplearning=",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"knowledge",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "iplearning",
|
||
"value": ""
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "IP Address Pools",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text"
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"queryType\": \"ippool\",\r\n \"dataSource\": \"IP_VIEW\",\r\n \"parameters\": {\r\n \"range\": [\r\n {\r\n \"type\":\"eq\",\r\n \"fieldKey\":\"vsys_id\",\r\n \"fieldValues\":[1,2,3,4,5]\r\n }\r\n ],\r\n \"sort\": [\r\n {\r\n \"type\": \"desc\",\r\n \"fieldKey\": \"BYTES_TOTAL\"\r\n },\r\n {\r\n \"type\": \"desc\",\r\n \"fieldKey\": \"LAST_FOUND_TIME\"\r\n }\r\n ]\r\n }\r\n }\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge/v1/?ippool=",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"knowledge",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "ippool",
|
||
"value": ""
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Recommend Subscriber IDs",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text"
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"queryType\": \"subscriberidpool\",\r\n \"dataSource\": \"SUBSCRIBER_ID_VIEW\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"exactly\",\r\n \"fieldKey\": \"SUBSCRIBER_ID\",\r\n \"fieldValues\": [\"test1\",\"test0223\"]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\":\"eq\",\r\n \"fieldKey\":\"vsys_id\",\r\n \"fieldValues\":[1,2,3,4,5]\r\n }\r\n ],\r\n \"limit\": \"100\"\r\n }\r\n }\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge/v1/?ippool=",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"knowledge",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "ippool",
|
||
"value": ""
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Subscriber ID to IP",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"AnalysisEngine\",\r\n \"dataSource\": \"SUBSCRIBER_ID_VIEW\",\r\n \"limit\": \"100\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"prefix\",\r\n \"fieldKey\": \"SUBSCRIBER_ID\",\r\n \"fieldValues\": [\"test\",\"test0249\"]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?subscriberidpool=",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"relation",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "subscriberidpool",
|
||
"value": ""
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Active Client IPs by App",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"BusinessEngine\",\r\n \"dataSource\": \"session_record\",\r\n \"limit\":\"15\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"exactly\",\r\n \"fieldKey\": \"common_app_label\",\r\n \"fieldValues\": [\r\n \"Psiphon3\"\r\n ]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ],\r\n \"intervals\": [\r\n \"{{start_time}}/{{end_time}}\"\r\n ]\r\n }\r\n }\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/entity/v1/?activeclientip",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"entity",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "activeclientip",
|
||
"value": null
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Recommend Top Server IPs",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"BusinessEngine\",\r\n \"dataSource\": \"session_record\",\r\n \"limit\": \"100\",\r\n \"parameters\": {\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"common_vsys_id\",\r\n \"fieldValues\": [\r\n 1\r\n ]\r\n }\r\n ],\r\n \"intervals\": [\r\n \"{{start_time}}/{{end_time}}\"\r\n ]\r\n }\r\n }\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/entity/v1/?topserverip",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"entity",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "topserverip",
|
||
"value": null
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Recommend Top SNIs",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"BusinessEngine\",\r\n \"dataSource\":\"session_record\",\r\n \"limit\":\"20000\",\r\n \"parameters\":{\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"common_vsys_id\",\r\n \"fieldValues\": [\r\n 1,2\r\n ]\r\n }\r\n ],\r\n \"intervals\":[\r\n \"{{start_time}}/{{end_time}}\"\r\n ]\r\n }\r\n }\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/entity/v1/?topsni",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"entity",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "topsni",
|
||
"value": null
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "IMSI to TEID",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"clientId\": null,\r\n \"query\": {\r\n \"dataEngine\": \"AnalysisEngine\",\r\n \"dataSource\": \"gtpc_knowledge_base\",\r\n \"parameters\": {\r\n \"match\": [\r\n {\r\n \"type\": \"regex\",\r\n \"fieldKey\": \"imsi\",\r\n \"fieldValues\": [\r\n \"57051531092359*\",\r\n \"$570415210923520\"\r\n ]\r\n }\r\n ],\r\n \"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"relation",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "gtpc",
|
||
"value": null
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "IMEI to TEID",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "\t\r\n{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"AnalysisEngine\",\r\n \"dataSource\":\"gtpc_knowledge_base\",\r\n \"parameters\":{\r\n \"match\":[\r\n {\r\n \"type\":\"regex\",\r\n \"fieldKey\":\"imei\",\r\n \"fieldValues\":[\r\n \"6491009423*\", \"$35491009423782\"\r\n ]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"relation",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "gtpc",
|
||
"value": null
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Phone Number to TEID",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "\t\r\n{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"AnalysisEngine\",\r\n \"dataSource\":\"gtpc_knowledge_base\",\r\n \"parameters\":{\r\n \"match\":[\r\n {\r\n \"type\":\"regex\",\r\n \"fieldKey\":\"phone_number\",\r\n \"fieldValues\":[\r\n \"$8613259856152\"\r\n ]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"relation",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "gtpc",
|
||
"value": null
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "APN to TEID",
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [
|
||
{
|
||
"key": "Authorization",
|
||
"value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=",
|
||
"type": "text",
|
||
"disabled": true
|
||
}
|
||
],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "\t\r\n{\r\n \"clientId\":null,\r\n \"query\":{\r\n \"dataEngine\":\"AnalysisEngine\",\r\n \"dataSource\":\"gtpc_knowledge_base\",\r\n \"parameters\":{\r\n \"match\":[\r\n {\r\n \"type\":\"regex\",\r\n \"fieldKey\":\"apn\",\r\n \"fieldValues\":[\r\n \"*335434\", \"$2126345434\"\r\n ]\r\n }\r\n ],\"range\": [\r\n {\r\n \"type\": \"eq\",\r\n \"fieldKey\": \"vsys_id\",\r\n \"fieldValues\": [\r\n 1,\r\n 2,\r\n 3,\r\n 4,\r\n 5\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/relation/v1/?gtpc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"relation",
|
||
"v1",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "gtpc",
|
||
"value": null
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top Server IPs Stat",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "urlencoded",
|
||
"urlencoded": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/entity?option=topserverip",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"diagnosis",
|
||
"entity"
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "topserverip"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top SNIs Stat",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/entity?option=topsni",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"diagnosis",
|
||
"entity"
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "topsni"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
],
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"type": "text/javascript",
|
||
"exec": [
|
||
""
|
||
]
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"type": "text/javascript",
|
||
"exec": [
|
||
""
|
||
]
|
||
}
|
||
}
|
||
]
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Tools",
|
||
"item": [
|
||
{
|
||
"name": "ClickHouse",
|
||
"item": [
|
||
{
|
||
"name": "ClickHouse Endpoints",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT DISTINCT concat(host_address,':','8123') as endpoint FROM system.clusters FORMAT JSON;",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{clickhouse_ip}}"
|
||
],
|
||
"port": "{{clickhouse_port}}",
|
||
"query": [
|
||
{
|
||
"key": "database",
|
||
"value": "{{clickhouse_database}}"
|
||
},
|
||
{
|
||
"key": "user",
|
||
"value": "{{clickhouse_user}}"
|
||
},
|
||
{
|
||
"key": "password",
|
||
"value": "{{clickhouse_password}}"
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT DISTINCT concat(host_address,':','8123') as endpoint FROM system.clusters FORMAT JSON;"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Total Space",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT SUM(`total_space`)/1024/1024/1024/1024 as TB FROM system.disks_cluster format JSON",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{clickhouse_ip}}"
|
||
],
|
||
"port": "{{clickhouse_port}}",
|
||
"query": [
|
||
{
|
||
"key": "database",
|
||
"value": "{{clickhouse_database}}"
|
||
},
|
||
{
|
||
"key": "user",
|
||
"value": "{{clickhouse_user}}"
|
||
},
|
||
{
|
||
"key": "password",
|
||
"value": "{{clickhouse_password}}"
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT SUM(`total_space`)/1024/1024/1024/1024 as TB FROM system.disks_cluster format JSON"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "ClickHouse Tables",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT DISTINCT(name) FROM system.tables_cluster WHERE database = 'tsg_galaxy_v3' AND engine in ('MergeTree','ReplicatedMergeTree') FORMAT JSON;",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{clickhouse_ip}}"
|
||
],
|
||
"port": "{{clickhouse_port}}",
|
||
"query": [
|
||
{
|
||
"key": "database",
|
||
"value": "{{clickhouse_database}}"
|
||
},
|
||
{
|
||
"key": "user",
|
||
"value": "{{clickhouse_user}}"
|
||
},
|
||
{
|
||
"key": "password",
|
||
"value": "{{clickhouse_password}}"
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT DISTINCT(name) FROM system.tables_cluster WHERE database = 'tsg_galaxy_v3' AND engine in ('MergeTree','ReplicatedMergeTree') FORMAT JSON;"
|
||
}
|
||
]
|
||
},
|
||
"description": "根据不同的ip查询所有clickhouse的表"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Errors in SQL Queries",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n initial_query_id,\n type as error_type,\n query_start_time,\n intDiv(query_duration_ms,1000) as query_duration_s ,\n query ,\n exception,\n initial_user ,\n http_user_agent ,\n initial_address\nFROM\n system.query_log_cluster\nwhere\n type IN ('ExceptionBeforeStart', 'ExceptionWhileProcessing')\n and initial_query_id = query_id\n and event_time > (now()-86400)\n and event_time < now()\norder by\n event_time desc\nlimit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n initial_query_id,\n type as error_type,\n query_start_time,\n intDiv(query_duration_ms,1000) as query_duration_s ,\n query ,\n exception,\n initial_user ,\n http_user_agent ,\n initial_address\nFROM\n system.query_log_cluster\nwhere\n type IN ('ExceptionBeforeStart', 'ExceptionWhileProcessing')\n and initial_query_id = query_id\n and event_time > (now()-86400)\n and event_time < now()\norder by\n event_time desc\nlimit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Slow Queries",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n databases,\n initial_query_id ,\n query,\n event_time,\n intDiv(query_duration_ms,1000) as query_duration_s,\n read_rows ,\n read_bytes ,\n initial_user,\n http_user_agent,\n initial_address\n from\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\norder by\n query_duration_ms desc\nlimit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n databases,\n initial_query_id ,\n query,\n event_time,\n intDiv(query_duration_ms,1000) as query_duration_s,\n read_rows ,\n read_bytes ,\n initial_user,\n http_user_agent,\n initial_address\n from\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\norder by\n query_duration_ms desc\nlimit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Most Frequent Query Columns",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n arrayJoin(columns) as used_columns,\n count() as columns_num\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\ngroup by\n used_columns\norder by\n columns_num desc\nlimit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n arrayJoin(columns) as used_columns,\n count() as columns_num\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\ngroup by\n used_columns\norder by\n columns_num desc\nlimit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Aggregate Queries Latency Statistics",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n intDiv(max(query_duration_ms),1000) as max_query_duration_s,\n QUANTILE(query_duration_ms, 0.95)/1000 as p95_query_duration_s, \n max(read_rows) ,\n anyLast(http_user_agent) as last_http_user_agent,\n used_aggregate_functions,\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_query_duration_s desc\nlimit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n intDiv(max(query_duration_ms),1000) as max_query_duration_s,\n QUANTILE(query_duration_ms, 0.95)/1000 as p95_query_duration_s, \n max(read_rows) ,\n anyLast(http_user_agent) as last_http_user_agent,\n used_aggregate_functions,\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id = query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_query_duration_s desc\nlimit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Aggregate Queries Resource Usage Statistics",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n toInt64(avg(memory_usage))/1024/1024 as avg_memory_MB,\n used_aggregate_functions,\navg(ProfileEvents%5B'FileOpen'%5D)%20as%20FileOpen%2C%0A%20%20%20%20avg(ProfileEvents%5B'DiskReadElapsedMicroseconds'%5D)%2F1000000%20as%20DiskRead_s%2C\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id != query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_memory_MB desc\nlimit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n anyLast(query) as sql,\n intDiv(avg(query_duration_ms),1000) as avg_query_duration_s,\n toInt64(avg(memory_usage))/1024/1024 as avg_memory_MB,\n used_aggregate_functions,\navg(ProfileEvents%5B'FileOpen'%5D)%20as%20FileOpen%2C%0A%20%20%20%20avg(ProfileEvents%5B'DiskReadElapsedMicroseconds'%5D)%2F1000000%20as%20DiskRead_s%2C\n count() as query_count\nfrom\n system.query_log_cluster\nwhere\n query_kind = 'Select'\n and query_start_time>(now()-86400)\n and initial_query_id != query_id\n and type IN ('QueryFinish')\n and empty(used_aggregate_functions ) = 0\ngroup by\n toString(used_functions),\n toString(used_aggregate_functions ),\n toString(columns)\norder by\n avg_memory_MB desc\nlimit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Apache Druid",
|
||
"item": [
|
||
{
|
||
"name": "used_size",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"query\": \"SELECT SUM(curr_size)/1024/1024/1024 AS curr_size_GB FROM sys.servers WHERE server_type = 'historical'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{druid_ip}}"
|
||
],
|
||
"port": "{{druid_port}}",
|
||
"path": [
|
||
"druid",
|
||
"v2",
|
||
"sql"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "max_size",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"query\": \"SELECT SUM(max_size)/1024/1024/1024 AS max_size_GB FROM sys.servers WHERE server_type = 'historical'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{druid_ip}}"
|
||
],
|
||
"port": "{{druid_port}}",
|
||
"path": [
|
||
"druid",
|
||
"v2",
|
||
"sql"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Report and Metrics",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200) || pm.response.to.have.status(201);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\"query\":\"SELECT used_size/1024/1024/1024 as used_size_GB FROM sys_storage_log WHERE log_type = 'Report and Metrics' ORDER BY __time DESC LIMIT 1\",\"context\":{\"skipEmptyBuckets\":\"false\"},\"resultFormat\":\"object\"}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{druid_ip}}"
|
||
],
|
||
"port": "{{druid_port}}",
|
||
"path": [
|
||
"druid",
|
||
"v2",
|
||
"sql"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "The Latest Ingestion Date for Druid",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\"query\":\"SELECT version FROM sys.segments WHERE version LIKE '2%' ORDER BY version DESC LIMIT 1\"}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{druid_ip}}"
|
||
],
|
||
"port": "{{druid_port}}",
|
||
"path": [
|
||
"druid",
|
||
"v2",
|
||
"sql"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "The Earliest Ingestion Date for Druid",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"query\": \"SELECT \\\"start\\\" FROM sys.segments order by \\\"start\\\" limit 1\"\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{druid_ip}}"
|
||
],
|
||
"port": "{{druid_port}}",
|
||
"path": [
|
||
"druid",
|
||
"v2",
|
||
"sql"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Druid Tables",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "POST",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "raw",
|
||
"raw": "{\r\n \"query\": \"SELECT datasource FROM sys.tasks group by datasource\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}",
|
||
"options": {
|
||
"raw": {
|
||
"language": "json"
|
||
}
|
||
}
|
||
},
|
||
"url": {
|
||
"raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{druid_ip}}"
|
||
],
|
||
"port": "{{druid_port}}",
|
||
"path": [
|
||
"druid",
|
||
"v2",
|
||
"sql"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Unified Query Gateway",
|
||
"item": [
|
||
{
|
||
"name": "TopK Query with RBO",
|
||
"item": [
|
||
{
|
||
"name": "Standard Group By (Optimized)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as median_byte_num,min(common_c2s_byte_num) as min_byte_num,sum(common_c2s_byte_num+common_s2c_byte_num) as bytes FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as median_byte_num,min(common_c2s_byte_num) as min_byte_num,sum(common_c2s_byte_num+common_s2c_byte_num) as bytes FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Sub Query (Optimized)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip ,\n\tcount,\n\tnum\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip ,\n\t\tcount(*) AS count,\n\t\tmedian(common_c2s_byte_num) as num\n\tFROM\n\t\ttsg_galaxy_v3.session_record AS session_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tGROUP BY\n\t\tcommon_server_ip\n\tORDER BY\n\t\tcount DESC\n\tLIMIT 100) \n\torder by num desc \n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tcommon_server_ip ,\n\tcount,\n\tnum\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip ,\n\t\tcount(*) AS count,\n\t\tmedian(common_c2s_byte_num) as num\n\tFROM\n\t\ttsg_galaxy_v3.session_record AS session_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tGROUP BY\n\t\tcommon_server_ip\n\tORDER BY\n\t\tcount DESC\n\tLIMIT 100) \n\torder by num desc \n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Aggregate Function not Alias(Optimized)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) as count, median(common_c2s_byte_num) FROM session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT common_server_ip ,count(*) as count, median(common_c2s_byte_num) FROM session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Sub Query Not Order by(Not Optimized)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip ,\n\tcount,\n\tnum\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip ,\n\t\tcount(*) AS count,\n\t\tmedian(common_c2s_byte_num) as num\n\tFROM\n\t\ttsg_galaxy_v3.session_record AS session_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tGROUP BY\n\t\tcommon_server_ip) \n\torder by num desc limit 100\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tcommon_server_ip ,\n\tcount,\n\tnum\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip ,\n\t\tcount(*) AS count,\n\t\tmedian(common_c2s_byte_num) as num\n\tFROM\n\t\ttsg_galaxy_v3.session_record AS session_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tGROUP BY\n\t\tcommon_server_ip) \n\torder by num desc limit 100\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Order by with Aggregate Function(Not Optimized)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as num FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY sum(common_sessions) DESC LIMIT 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as num FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY sum(common_sessions) DESC LIMIT 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Not Support Function(Not Optimized)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) AS count, uniq(common_client_ip) as client_ips FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT common_server_ip ,count(*) AS count, uniq(common_client_ip) as client_ips FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip ORDER BY count DESC LIMIT 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Not Order By(Not Optimized)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as num FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip LIMIT 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as num FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') GROUP BY common_server_ip LIMIT 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Federation Query by Calcite",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select * from (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT1h','zero')) as stat_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time limit 10000) limit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select * from (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT1h','zero')) as stat_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time limit 10000) limit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TIME FLOOR WITH FILL(UDF)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT30m','zero')) as stat_time, count(*) as count from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time limit 10000",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT30m','zero')) as stat_time, count(*) as count from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time limit 10000"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Live Charts Metrics Validation",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200, ptotocl_stat_bytes and traffic_summary_bytes confidence interval less than 20%.\", function () {",
|
||
" ",
|
||
" responseJson = pm.response.json();",
|
||
" ",
|
||
" if (responseJson.data.length > 0 ) {",
|
||
" var ptotocl_stat_bytes = responseJson.data[0].total_bytes_gb;",
|
||
" var traffic_summary_bytes = responseJson.data[1].total_bytes_gb;",
|
||
" if (traffic_summary_bytes > 0){",
|
||
" var pertentile =100 - (ptotocl_stat_bytes/traffic_summary_bytes).toFixed(2) * 100;",
|
||
" console.log(pertentile);",
|
||
" if (pertentile <20 && pertentile > -20) {",
|
||
" pm.response.to.be.ok;",
|
||
" } else {",
|
||
" pm.response.to.be.error;",
|
||
" }",
|
||
" console.log(\"The pertentile is \" + pertentile + \"%\");",
|
||
" pm.response.to.have.status(200);",
|
||
" } else if(ptotocl_stat_bytes==0 && traffic_summary_bytes==0) {",
|
||
" console.log(\"No data.\");",
|
||
" pm.response.to.have.status(200);",
|
||
" } else {",
|
||
" pm.response.to.be.error;",
|
||
" }",
|
||
" } else {",
|
||
" console.log(\"No data.\");",
|
||
" pm.response.to.have.status(200);",
|
||
" }",
|
||
" ",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT sum(c2s_byte_num + s2c_byte_num ) *1.0 / 1024 / 1024 / 1024 as total_bytes_gb,sum(sessions) as sessions, 'Protocol Stat' as type\nFROM traffic_protocol_stat_log\nWHERE __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-86400) and protocol_id = 'ETHERNET'\nUNION ALL \nSELECT sum(c2s_byte_num + s2c_byte_num ) *1.0 / 1024/ 1024/ 1024 as total_bytes_gb, sum(sessions) as sessions, 'Traffic Summary' as type\nFROM traffic_summary_log\nWHERE __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-86400)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT sum(c2s_byte_num + s2c_byte_num ) *1.0 / 1024 / 1024 / 1024 as total_bytes_gb,sum(sessions) as sessions, 'Protocol Stat' as type\nFROM traffic_protocol_stat_log\nWHERE __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-86400) and protocol_id = 'ETHERNET'\nUNION ALL \nSELECT sum(c2s_byte_num + s2c_byte_num ) *1.0 / 1024/ 1024/ 1024 as total_bytes_gb, sum(sessions) as sessions, 'Traffic Summary' as type\nFROM traffic_summary_log\nWHERE __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-86400)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "IP Lookup(UDF)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_server_ip, IP_TO_GEO(common_server_ip) as geo,IP_TO_COUNTRY(common_server_ip) as country, IP_TO_CITY(common_server_ip) as city,IP_TO_ASN(common_server_ip) as as_number ,IP_TO_ASN_ORG(common_server_ip) as as_name from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') limit 50",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select common_server_ip, IP_TO_GEO(common_server_ip) as geo,IP_TO_COUNTRY(common_server_ip) as country, IP_TO_CITY(common_server_ip) as city,IP_TO_ASN(common_server_ip) as as_number ,IP_TO_ASN_ORG(common_server_ip) as as_name from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') limit 50"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "HOS",
|
||
"item": [
|
||
{
|
||
"name": "All Buckets",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [
|
||
{
|
||
"key": "Token",
|
||
"type": "text",
|
||
"value": "{{hos_token}}"
|
||
}
|
||
],
|
||
"url": {
|
||
"raw": "http://{{hos_ip}}:{{hos_port}}/hos/",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{hos_ip}}"
|
||
],
|
||
"port": "{{hos_port}}",
|
||
"path": [
|
||
"hos",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "AccessKey",
|
||
"value": "default",
|
||
"disabled": true
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Get Objects",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [
|
||
{
|
||
"key": "Token",
|
||
"type": "text",
|
||
"value": "{{hos_token}}"
|
||
}
|
||
],
|
||
"url": {
|
||
"raw": "http://{{hos_ip}}:{{hos_port}}/hos/session_record_hos_bucket/?max-keys=1",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{hos_ip}}"
|
||
],
|
||
"port": "{{hos_port}}",
|
||
"path": [
|
||
"hos",
|
||
"session_record_hos_bucket",
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "AccessKey",
|
||
"value": "default",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "max-keys",
|
||
"value": "1"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Get Object Metadata",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [
|
||
{
|
||
"key": "Token",
|
||
"type": "text",
|
||
"value": "{{hos_token}}"
|
||
}
|
||
],
|
||
"url": {
|
||
"raw": "http://{{hos_ip}}:{{hos_port}}/hos/default/galaxy-hos.txt?metadata=",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{hos_ip}}"
|
||
],
|
||
"port": "{{hos_port}}",
|
||
"path": [
|
||
"hos",
|
||
"default",
|
||
"galaxy-hos.txt"
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "metadata",
|
||
"value": ""
|
||
},
|
||
{
|
||
"key": "AccessKey",
|
||
"value": "default",
|
||
"disabled": true
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Get a File",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [
|
||
{
|
||
"key": "Token",
|
||
"type": "text",
|
||
"value": "{{hos_token}}"
|
||
}
|
||
],
|
||
"url": {
|
||
"raw": "http://{{hos_ip}}:{{hos_port}}/hos/default/galaxy-hos.txt",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{hos_ip}}"
|
||
],
|
||
"port": "{{hos_port}}",
|
||
"path": [
|
||
"hos",
|
||
"default",
|
||
"galaxy-hos.txt"
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "AccessKey",
|
||
"value": "default",
|
||
"disabled": true
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Execute SQL",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\tsf_profile_id,\n\tsf_status,\n\tCASE WHEN last_active_time = 0 THEN '' ELSE FROM_UNIXTIME(last_active_time) END AS last_active_time,\n\tCASE WHEN last_inactive_time = 0 THEN '' ELSE FROM_UNIXTIME(last_inactive_time) END AS last_inactive_time\nFROM\n\t(\n\tSELECT\n\t\tsf_profile_id,\n\t\tLATEST(sf_status) as sf_status,\n\t\tMAX(CASE WHEN sf_status = 1 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_active_time,\n\t\tMAX(CASE WHEN sf_status = 0 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_inactive_time\n\tfrom\n\t\tservice_function_status\n\twhere\n\t\t__time >= '2023-03-15T00:00:00+08:00'\n\t\tAND __time < '2023-03-15 07:00:00+08:00'\n\t\tAND vsys_id IN (1)\n\tgroup by\n\t\tsf_profile_id)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n\tsf_profile_id,\n\tsf_status,\n\tCASE WHEN last_active_time = 0 THEN '' ELSE FROM_UNIXTIME(last_active_time) END AS last_active_time,\n\tCASE WHEN last_inactive_time = 0 THEN '' ELSE FROM_UNIXTIME(last_inactive_time) END AS last_inactive_time\nFROM\n\t(\n\tSELECT\n\t\tsf_profile_id,\n\t\tLATEST(sf_status) as sf_status,\n\t\tMAX(CASE WHEN sf_status = 1 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_active_time,\n\t\tMAX(CASE WHEN sf_status = 0 THEN UNIX_TIMESTAMP(__time) ELSE 0 END) as last_inactive_time\n\tfrom\n\t\tservice_function_status\n\twhere\n\t\t__time >= '2023-03-15T00:00:00+08:00'\n\t\tAND __time < '2023-03-15 07:00:00+08:00'\n\t\tAND vsys_id IN (1)\n\tgroup by\n\t\tsf_profile_id)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "SQL Syntax Validation",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?option=syntax-validation&query=SELECT\n\tsum(\"Sessions\") AS \"Sessions\",\n\tsum(\"Client IP\") AS \"Client IP\",\n\tsum(\"Server IP\") AS \"Server IP\"\nFROM\n\t(\n\tSELECT\n\t\tssl_sni AS \"SSL.SNI\",\n\t\tcount(common_client_ip) AS \"Client IP\",\n\t\tcount(common_server_ip) AS \"Server IP\",\n\t\tcount(common_sessions) AS \"Sessions\"\n\tFROM\n\t\t(\n\t\tSELECT\n\t\t\t*\n\t\tFROM\n\t\t\ttsg_galaxy_v3.security_event\n\t\tLIMIT 100) AS security_event\n\tWHERE\n\t\t1 = 1\n\t\tAND ((common_policy_id = 121040))\n\t\tOR 1 = 1\n\tGROUP BY\n\t\t\"SSL.SNI\")\nORDER BY\n\t\"Sessions\" DESC,\n\t\"Client IP\" DESC,\n\t\"Server IP\" DESC\nLIMIT 50 ",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "syntax-validation"
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n\tsum(\"Sessions\") AS \"Sessions\",\n\tsum(\"Client IP\") AS \"Client IP\",\n\tsum(\"Server IP\") AS \"Server IP\"\nFROM\n\t(\n\tSELECT\n\t\tssl_sni AS \"SSL.SNI\",\n\t\tcount(common_client_ip) AS \"Client IP\",\n\t\tcount(common_server_ip) AS \"Server IP\",\n\t\tcount(common_sessions) AS \"Sessions\"\n\tFROM\n\t\t(\n\t\tSELECT\n\t\t\t*\n\t\tFROM\n\t\t\ttsg_galaxy_v3.security_event\n\t\tLIMIT 100) AS security_event\n\tWHERE\n\t\t1 = 1\n\t\tAND ((common_policy_id = 121040))\n\t\tOR 1 = 1\n\tGROUP BY\n\t\t\"SSL.SNI\")\nORDER BY\n\t\"Sessions\" DESC,\n\t\"Client IP\" DESC,\n\t\"Server IP\" DESC\nLIMIT 50 "
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "SQL Syntax Parse",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?option=syntax-parse&query=select common_client_ip from session_record",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "syntax-parse"
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select common_client_ip from session_record"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "SQL Explain",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=explain select\n\tmin(duration) min,\n\tmedian(duration) as median,avg(duration) as avg, round(QUANTILE(duration,0.8),2) as p80,\n\tround(QUANTILE(duration,0.95),2) as p95,\n\tround(QUANTILE(duration,0.99),2) as p99,\n max(duration) as max\n\t\nfrom\n\t(\n\tselect\n\t\t(common_processing_time-common_recv_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP(now())-86400 and common_recv_time<UNIX_TIMESTAMP(now()) )",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "explain select\n\tmin(duration) min,\n\tmedian(duration) as median,avg(duration) as avg, round(QUANTILE(duration,0.8),2) as p80,\n\tround(QUANTILE(duration,0.95),2) as p95,\n\tround(QUANTILE(duration,0.99),2) as p99,\n max(duration) as max\n\t\nfrom\n\t(\n\tselect\n\t\t(common_processing_time-common_recv_time) as duration\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP(now())-86400 and common_recv_time<UNIX_TIMESTAMP(now()) )"
|
||
}
|
||
]
|
||
},
|
||
"description": "执行计划返回结果进行Base64转码:\n* OriginalSQL : 输入的原始SQL\n* transformedSQL: 查询网关优化后SQL\n可通过:echo \"YWJjCg==\" | base64 -D 解码"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Describe Table",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=describe session_record",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "describe session_record"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Schema of Log Type",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/session_record",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"metadata",
|
||
"schema",
|
||
"v1",
|
||
"fields",
|
||
"session_record"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "SQL Benchmark",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/runSql?option=validation",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"diagnosis",
|
||
"runSql"
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "validation"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Knowledge Bases Lists",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/knowledge_base/v1",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
"knowledge_base",
|
||
"v1"
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Others",
|
||
"item": [
|
||
{
|
||
"name": "Reporting Dashboards",
|
||
"item": [
|
||
{
|
||
"name": "Traffic Summary",
|
||
"item": [
|
||
{
|
||
"name": "Throughput of Traffic Metrics",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(total_in_packets + total_out_packets)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(total_in_bytes + total_out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(close_conn_num)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\ttraffic_metrics_log\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(total_in_packets + total_out_packets)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(total_in_bytes + total_out_bytes)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(close_conn_num)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\ttraffic_metrics_log\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Throughput of Summary Metrics",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(c2s_pkt_num + s2c_pkt_num)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(c2s_byte_num + s2c_byte_num)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\ttraffic_summary_log\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(c2s_pkt_num + s2c_pkt_num)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(c2s_byte_num + s2c_byte_num)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\ttraffic_summary_log\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Throughput of Protocol Metrics",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(c2s_pkt_num + s2c_pkt_num)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(c2s_byte_num + s2c_byte_num)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\ttraffic_protocol_stat_log\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and protocol_id='ETHERNET'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n\t{{P1D_TIME}} as stat_time,\n\tround(SUM(c2s_pkt_num + s2c_pkt_num)/ 1000 /1000.0,2) as packets_M,\n\tround(SUM(c2s_byte_num + s2c_byte_num)/ 1024 / 1024 / 1024.0,2) as bytes_GB,\n round(SUM(sessions)/ 1000 / 1000.0,2) as sessions_M\nFROM\n\ttraffic_protocol_stat_log\nWHERE\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}' and protocol_id='ETHERNET'\ngroup by\n\t{{P1D_TIME}}\norder by\n\tstat_time"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Throughput of closed sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\n\t\n\tround(SUM(common_c2s_pkt_num + common_s2c_pkt_num)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_num + common_s2c_byte_num)/1024/1024/1024,2) as bytes_GB,\n\tround(SUM(common_sessions)/1000/1000,2) as sessions_M\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\t",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\n\t\n\tround(SUM(common_c2s_pkt_num + common_s2c_pkt_num)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_num + common_s2c_byte_num)/1024/1024/1024,2) as bytes_GB,\n\tround(SUM(common_sessions)/1000/1000,2) as sessions_M\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\t"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Throughput of interim sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select stat_time, sum(packets_M) as packets_M, sum(bytes_GB) as byets_GB from (SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\tunion all SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tinterim_session_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time) group by stat_time order by stat_time\t",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select stat_time, sum(packets_M) as packets_M, sum(bytes_GB) as byets_GB from (SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tsession_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time\n\tunion all SELECT\n\t{{P1D_RECV_TIME}} as stat_time,\t\n\tround(SUM(common_c2s_pkt_diff + common_s2c_pkt_diff)/1000/1000,2) as packets_M,\n\tround(SUM(common_c2s_byte_diff + common_s2c_byte_diff)/1024/1024/1024,2) as bytes_GB\nFROM\n\tinterim_session_record sr\nWHERE\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}')\n\tand common_recv_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\t{{P1D_RECV_TIME}}\norder by\n\tstat_time) group by stat_time order by stat_time\t"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Druid Uncategorized Traffic",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT SUM(uncategorized_bytes)/1024/1024 as uncategorized_bytes_mb FROM traffic_summary_log WHERE __time >= '{{start_time}}' and __time < '{{end_time}}' ",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT SUM(uncategorized_bytes)/1024/1024 as uncategorized_bytes_mb FROM traffic_summary_log WHERE __time >= '{{start_time}}' and __time < '{{end_time}}' "
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "ClickHouse Uncategorized Traffic",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT SUM(common_c2s_byte_num+common_s2c_byte_num)/1024/1024 as uncategorized_bytes_mb FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') AND common_l7_protocol = 'UNCATEGORIZED'",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT SUM(common_c2s_byte_num+common_s2c_byte_num)/1024/1024 as uncategorized_bytes_mb FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') AND common_l7_protocol = 'UNCATEGORIZED'"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Traffic Summary by Device ID",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\tsum(total_new_sessions) as total_new_sessions ,\n\t\tsum(total_close_sessions) as total_close_sessions,\n\t\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\t\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\t\tsum(average_packets_per_second) as average_packets_per_second ,\n\t\tCOUNT(DISTINCT(device_id)) as device_num,\n\t\tsum(live_sessions) as average_live_sessions\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tdevice_id, \n\t\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\t\tsum(total_new_sessions) as total_new_sessions,\n\t\t sum(total_close_sessions) as total_close_sessions,\n\t\t avg(total_new_sessions)/ 5 as average_new_sessions_per_second,\n\t\t avg(total_bytes_transferred)* 8 / 5 as average_bytes_per_second,\n\t\t avg(total_packets_transferred)/ 5 as average_packets_per_second,\n\t\t\tavg(live_sessions) as live_sessions\n\t\tfrom (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time, device_id, \n\t\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\t\tsum(new_conn_num) as total_new_sessions,\n\t\t sum(close_conn_num) as total_close_sessions,\n\t\t max(established_conn_num) as live_sessions\n from traffic_metrics_log \n where\n\t\t__time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\t\t group by\n\t\t FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')),\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\tsum(total_new_sessions) as total_new_sessions ,\n\t\tsum(total_close_sessions) as total_close_sessions,\n\t\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\t\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\t\tsum(average_packets_per_second) as average_packets_per_second ,\n\t\tCOUNT(DISTINCT(device_id)) as device_num,\n\t\tsum(live_sessions) as average_live_sessions\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tdevice_id, \n\t\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\t\tsum(total_new_sessions) as total_new_sessions,\n\t\t sum(total_close_sessions) as total_close_sessions,\n\t\t avg(total_new_sessions)/ 5 as average_new_sessions_per_second,\n\t\t avg(total_bytes_transferred)* 8 / 5 as average_bytes_per_second,\n\t\t avg(total_packets_transferred)/ 5 as average_packets_per_second,\n\t\t\tavg(live_sessions) as live_sessions\n\t\tfrom (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time, device_id, \n\t\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\t\tsum(new_conn_num) as total_new_sessions,\n\t\t sum(close_conn_num) as total_close_sessions,\n\t\t max(established_conn_num) as live_sessions\n from traffic_metrics_log \n where\n\t\t__time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\t\t group by\n\t\t FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')),\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Active num Stat by Device ID",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\tsum(total_new_sessions) as total_new_sessions ,\n\t\tsum(total_close_sessions) as total_close_sessions,\n\t\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\t\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\t\tsum(average_packets_per_second) as average_packets_per_second ,\n\t\tCOUNT(DISTINCT(device_id)) as device_num,\n\t\tsum(live_sessions) as average_live_sessions\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tdevice_id, \n\t\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\t\tsum(total_new_sessions) as total_new_sessions,\n\t\t sum(total_close_sessions) as total_close_sessions,\n\t\t avg(total_new_sessions)/ 300 as average_new_sessions_per_second,\n\t\t avg(total_bytes_transferred)* 8 / 300 as average_bytes_per_second,\n\t\t avg(total_packets_transferred)/ 300 as average_packets_per_second,\n\t\t\tavg(live_sessions) as live_sessions\n\t\tfrom (select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M') as stat_time, device_id, \n\t\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\t\tsum(new_conn_num) as total_new_sessions,\n\t\t sum(close_conn_num) as total_close_sessions,\n\t\t max(established_conn_num) as live_sessions\n from traffic_metrics_log \n where __time >= '{{start_time}}'\nand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n\t\t group by\n\t\t TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M'),\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\tsum(total_new_sessions) as total_new_sessions ,\n\t\tsum(total_close_sessions) as total_close_sessions,\n\t\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\t\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\t\tsum(average_packets_per_second) as average_packets_per_second ,\n\t\tCOUNT(DISTINCT(device_id)) as device_num,\n\t\tsum(live_sessions) as average_live_sessions\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tdevice_id, \n\t\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\t\tsum(total_new_sessions) as total_new_sessions,\n\t\t sum(total_close_sessions) as total_close_sessions,\n\t\t avg(total_new_sessions)/ 300 as average_new_sessions_per_second,\n\t\t avg(total_bytes_transferred)* 8 / 300 as average_bytes_per_second,\n\t\t avg(total_packets_transferred)/ 300 as average_packets_per_second,\n\t\t\tavg(live_sessions) as live_sessions\n\t\tfrom (select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M') as stat_time, device_id, \n\t\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\t\tsum(new_conn_num) as total_new_sessions,\n\t\t sum(close_conn_num) as total_close_sessions,\n\t\t max(established_conn_num) as live_sessions\n from traffic_metrics_log \n where __time >= '{{start_time}}'\nand __time < '{{end_time}}' and vsys_id in (1,2,3,4,5)\n\t\t group by\n\t\t TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M'),\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Traffic Summary (Without zero)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\tsum(total_hit_sessions) as total_hit_sessions,\n\tsum(total_bytes_transferred) as total_bytes_transferred,\n\tsum(total_packets_transferred) as total_packets_transferred,\n\tsum(total_new_sessions) as total_new_sessions ,\n\tsum(total_close_sessions) as total_close_sessions,\n\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\tsum(average_packets_per_second) as average_packets_per_second ,\n\tCOUNT(DISTINCT(device_id)) as device_num,\n\tsum(live_sessions) as average_live_sessions\nfrom\n\t(\n\tselect\n\t\tdevice_id,\n\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\tsum(new_conn_num) as total_new_sessions,\n\t\tsum(close_conn_num) as total_close_sessions,\n\t\tavg(nullif(new_conn_num,0))/ 5 as average_new_sessions_per_second,\n\t\tavg(nullif(total_in_bytes + total_out_bytes,0))* 8 / 5 as average_bytes_per_second,\n\t\tavg(nullif(total_in_packets + total_out_packets,0))/ 5 as average_packets_per_second,\n\t\tavg(nullif(established_conn_num,0)) as live_sessions\n\tfrom\n\t\ttraffic_metrics_log\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\tgroup by\n\t\tdevice_id)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsum(total_hit_sessions) as total_hit_sessions,\n\tsum(total_bytes_transferred) as total_bytes_transferred,\n\tsum(total_packets_transferred) as total_packets_transferred,\n\tsum(total_new_sessions) as total_new_sessions ,\n\tsum(total_close_sessions) as total_close_sessions,\n\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\tsum(average_packets_per_second) as average_packets_per_second ,\n\tCOUNT(DISTINCT(device_id)) as device_num,\n\tsum(live_sessions) as average_live_sessions\nfrom\n\t(\n\tselect\n\t\tdevice_id,\n\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\tsum(new_conn_num) as total_new_sessions,\n\t\tsum(close_conn_num) as total_close_sessions,\n\t\tavg(nullif(new_conn_num,0))/ 5 as average_new_sessions_per_second,\n\t\tavg(nullif(total_in_bytes + total_out_bytes,0))* 8 / 5 as average_bytes_per_second,\n\t\tavg(nullif(total_in_packets + total_out_packets,0))/ 5 as average_packets_per_second,\n\t\tavg(nullif(established_conn_num,0)) as live_sessions\n\tfrom\n\t\ttraffic_metrics_log\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\tgroup by\n\t\tdevice_id)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Duplicate logs Assessment",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by common_log_id having num >1)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Traffic Throughput Trend by Metrics",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select * from (\n select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,'Ingress' as type, sum(total_in_bytes) as bytes\n from traffic_metrics_log where __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')), 'Ingress'\nunion all\n select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as stat_time,'Egress' as type,sum(total_out_bytes) as bytes\n from traffic_metrics_log where __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')),'Egress' ) order by stat_time asc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select * from (\n select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,'Ingress' as type, sum(total_in_bytes) as bytes\n from traffic_metrics_log where __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')), 'Ingress'\nunion all\n select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as stat_time,'Egress' as type,sum(total_out_bytes) as bytes\n from traffic_metrics_log where __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')),'Egress' ) order by stat_time asc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Traffic Throughput Trend by Sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\t{{PT30S_RECV_TIME}} as stat_time,\n\tround(sum(common_c2s_byte_num)*8/30/1000/1000,2) as Bytes_Sent_Mbps,\n\tround(sum(common_s2c_byte_num)*8/30/1000/1000,2) as Bytes_Received_Mbps,\n\tround(sum(common_c2s_byte_num + common_s2c_byte_num)*8/30/1000/1000,2) as Mbps,\n\tround(sum(common_c2s_pkt_num + common_s2c_pkt_num)/30/1000,2) as Kpps,\n\tround(sum(common_sessions)/30/1000,2) as \"Ksessions/s\"\nfrom\n\tsession_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\tstat_time\norder by\n\tstat_time asc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\t{{PT30S_RECV_TIME}} as stat_time,\n\tround(sum(common_c2s_byte_num)*8/30/1000/1000,2) as Bytes_Sent_Mbps,\n\tround(sum(common_s2c_byte_num)*8/30/1000/1000,2) as Bytes_Received_Mbps,\n\tround(sum(common_c2s_byte_num + common_s2c_byte_num)*8/30/1000/1000,2) as Mbps,\n\tround(sum(common_c2s_pkt_num + common_s2c_pkt_num)/30/1000,2) as Kpps,\n\tround(sum(common_sessions)/30/1000,2) as \"Ksessions/s\"\nfrom\n\tsession_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n\tstat_time\norder by\n\tstat_time asc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Sessions Trend",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,\n\t'New Sessions' as type,\n\tsum(new_conn_num) as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time <'{{end_time}}' \ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')), 'New Sessions' order by stat_time asc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,\n\t'New Sessions' as type,\n\tsum(new_conn_num) as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time <'{{end_time}}' \ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')), 'New Sessions' order by stat_time asc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Asymmetric Traffic",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select {{Last 5 Minutes Start}} as start_time, {{now}} as end_time, sum(common_sessions) as sessions,\n sum(if(common_stream_dir <> 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select {{Last 5 Minutes Start}} as start_time, {{now}} as end_time, sum(common_sessions) as sessions,\n sum(if(common_stream_dir <> 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Uniq Client IPs For pinning",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\tstat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\t(\n\tselect\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time, \n\t\tcommon_client_ip, \n\t\tcount(*) as hits\n\tfrom\n\t\tsecurity_event\n\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and\n\t\tcommon_action = 2\n\t\tand ssl_pinningst = 0\n\tgroup by\n\t\tstat_time, common_client_ip\n\thaving\n\t\thits > 10 )\ngroup by\n\tstat_time\norder by\n\tstat_time",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tstat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\t(\n\tselect\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time, \n\t\tcommon_client_ip, \n\t\tcount(*) as hits\n\tfrom\n\t\tsecurity_event\n\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and\n\t\tcommon_action = 2\n\t\tand ssl_pinningst = 0\n\tgroup by\n\t\tstat_time, common_client_ip\n\thaving\n\t\thits > 10 )\ngroup by\n\tstat_time\norder by\n\tstat_time"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top frequent elements in Flags(With Label)",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select \n\t flag,\n\t sum(sessions) as sessions\n\tfrom (\n\t\tselect \n\t\t arrayJoin(array(\n\t\t\t if(bitAnd(common_flags, 1)= 1, 'Asymmetric', ''),\n\t\t\t if(bitAnd(common_flags, 2)= 2, 'Bulky', ''),\n\t\t\t if(bitAnd(common_flags, 4)= 4, 'CBR Streaming', ''),\n\t\t\t if(bitAnd(common_flags, 8)= 8, 'Client is Local', ''),\n\t\t\t if(bitAnd(common_flags, 16)= 16, 'Server is Local', ''),\n\t\t\t if(bitAnd(common_flags, 32)= 32, 'Download', ''),\n\t\t\t if(bitAnd(common_flags, 64)= 64, 'Interactive', ''),\n\t\t\t if(bitAnd(common_flags, 128)= 128, 'Inbound', ''),\n\t\t\t if(bitAnd(common_flags, 256)= 256, 'Outbound', ''),\n\t\t\t if(bitAnd(common_flags, 512)= 512, 'Pseudo Unidirectional', ''),\n\t\t\t if(bitAnd(common_flags, 1024)= 1024, 'Streaming', ''),\n\t\t\t if(bitAnd(common_flags, 2048)= 2048, 'Unidirectional', ''),\n\t\t\t if(bitAnd(common_flags, 4096)= 4096, 'Random looking', ''), \n\t\t\t if(bitAnd(common_flags, 8192)= 8192, 'C2S', ''), \n\t\t\t if(bitAnd(common_flags, 16384)= 16384, 'S2C', ''), \n\t\t\t if(common_flags=0, 'N/A', '')\n\t\t\t )) as flag , bytes, packets, sessions\n\t\t\t from (\n\t\t\t\n\t\tselect\n\t\t\t\tcommon_flags,\n\t\t\t\tcount(*) as sessions,\n\t\t\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t\t\tsum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\n\t\t\tfrom\n\t\t\t\tsession_record as sr\n\t\t\twhere\n\t\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tgroup by\n\t\t\t\tcommon_flags )\n\t ) where notEmpty(flag) group by flag order by sessions desc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select \n\t flag,\n\t sum(sessions) as sessions\n\tfrom (\n\t\tselect \n\t\t arrayJoin(array(\n\t\t\t if(bitAnd(common_flags, 1)= 1, 'Asymmetric', ''),\n\t\t\t if(bitAnd(common_flags, 2)= 2, 'Bulky', ''),\n\t\t\t if(bitAnd(common_flags, 4)= 4, 'CBR Streaming', ''),\n\t\t\t if(bitAnd(common_flags, 8)= 8, 'Client is Local', ''),\n\t\t\t if(bitAnd(common_flags, 16)= 16, 'Server is Local', ''),\n\t\t\t if(bitAnd(common_flags, 32)= 32, 'Download', ''),\n\t\t\t if(bitAnd(common_flags, 64)= 64, 'Interactive', ''),\n\t\t\t if(bitAnd(common_flags, 128)= 128, 'Inbound', ''),\n\t\t\t if(bitAnd(common_flags, 256)= 256, 'Outbound', ''),\n\t\t\t if(bitAnd(common_flags, 512)= 512, 'Pseudo Unidirectional', ''),\n\t\t\t if(bitAnd(common_flags, 1024)= 1024, 'Streaming', ''),\n\t\t\t if(bitAnd(common_flags, 2048)= 2048, 'Unidirectional', ''),\n\t\t\t if(bitAnd(common_flags, 4096)= 4096, 'Random looking', ''), \n\t\t\t if(bitAnd(common_flags, 8192)= 8192, 'C2S', ''), \n\t\t\t if(bitAnd(common_flags, 16384)= 16384, 'S2C', ''), \n\t\t\t if(common_flags=0, 'N/A', '')\n\t\t\t )) as flag , bytes, packets, sessions\n\t\t\t from (\n\t\t\t\n\t\tselect\n\t\t\t\tcommon_flags,\n\t\t\t\tcount(*) as sessions,\n\t\t\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t\t\tsum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\n\t\t\tfrom\n\t\t\t\tsession_record as sr\n\t\t\twhere\n\t\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tgroup by\n\t\t\t\tcommon_flags )\n\t ) where notEmpty(flag) group by flag order by sessions desc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top frequent elements in Flags",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\titem,\n\tsum(count) as count\nfrom\n\t(\n\tselect\n\t\tarrayJoin(items) as item,\n\t\tcount\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tbitmaskToArray(common_flags) as items,\n\t\t\tcount(*) as count\n\t\tfrom\n\t\t\tsession_record as sr\n\t\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tgroup by\n\t\t\tcommon_flags\n))\ngroup by\n\titem\norder by\n\tcount desc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\titem,\n\tsum(count) as count\nfrom\n\t(\n\tselect\n\t\tarrayJoin(items) as item,\n\t\tcount\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tbitmaskToArray(common_flags) as items,\n\t\t\tcount(*) as count\n\t\tfrom\n\t\t\tsession_record as sr\n\t\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tgroup by\n\t\t\tcommon_flags\n))\ngroup by\n\titem\norder by\n\tcount desc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top frequent elements in FQDN Category",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\titem,\n\tsum(count) as count\nfrom\n\t(\n\tselect\n\t\tarrayJoin(items) as item,\n\t\tcount\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tcommon_service_category as items,\n\t\t\tcount(*) as count\n\t\tfrom\n\t\t\tsession_record sr\n\t\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and notEmpty(common_service_category) group by common_service_category \n))\ngroup by\n\titem\norder by\n\tcount desc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\titem,\n\tsum(count) as count\nfrom\n\t(\n\tselect\n\t\tarrayJoin(items) as item,\n\t\tcount\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tcommon_service_category as items,\n\t\t\tcount(*) as count\n\t\tfrom\n\t\t\tsession_record sr\n\t\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and notEmpty(common_service_category) group by common_service_category \n))\ngroup by\n\titem\norder by\n\tcount desc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Flags Percentile",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=\n\tselect \n\t sum(sessions) as total_sessions,\n\t round(sum(if(bitAnd(common_flags, 1)= 1, sessions, 0))/total_sessions,4) as \"Asymmetric \",\n\t round(sum(if(bitAnd(common_flags, 2)= 2, sessions, 0))/ total_sessions,4) as \"Bulky\",\n\t round(sum(if(bitAnd(common_flags, 4)= 4, sessions, 0))/total_sessions,4) as \"CBR Streaming\",\n\t round(sum(if(bitAnd(common_flags, 8)= 8, sessions, 0))/total_sessions,4) as \"Client is Local\",\n\t round(sum(if(bitAnd(common_flags, 16)= 16, sessions, 0))/total_sessions,4) as \"Server is Local\",\n\t round(sum(if(bitAnd(common_flags, 32)= 32, sessions, 0))/total_sessions,4) as \"Download\",\n\t round(sum(if(bitAnd(common_flags, 64)= 64, sessions, 0))/total_sessions,4) as \"Interactive\",\n\t round(sum(if(bitAnd(common_flags, 128)= 128, sessions, 0))/total_sessions,4) as \"Inbound\",\n\t round(sum(if(bitAnd(common_flags, 256)= 256, sessions, 0))/total_sessions,4) as \"Outbound\",\n\t round(sum(if(bitAnd(common_flags, 512)= 512, sessions, 0))/total_sessions,4) as \"Pseudo Unidirectional\",\n\t round(sum(if(bitAnd(common_flags, 1024)= 1024, sessions, 0))/total_sessions,4) as \"Streaming\",\n\t round(sum(if(bitAnd(common_flags, 2048)= 2048, sessions, 0))/total_sessions,4) as \"Unidirectional\",\n\t round(sum(if(bitAnd(common_flags, 4096)= 4096, sessions, 0))/total_sessions,4) as \"Random looking\",\n\t round(sum(if(bitAnd(common_flags, 8192)= 8192, sessions, 0))/total_sessions,4) as \"C2S\",\n\t round(sum(if(bitAnd(common_flags, 16384)= 16384, sessions, 0))/total_sessions,4) as \"S2C\",\n\t sum(if(common_flags=0, sessions, 0)) as \"N/A\"\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tcommon_flags,\n\t\t\tcount(*) as sessions,\n\t\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t\tsum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\n\t\tfrom\n\t\t\tsession_record as sr\n\t\twhere\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tgroup by\n\t\t\tcommon_flags \n\t\t)\n\t\t",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "\n\tselect \n\t sum(sessions) as total_sessions,\n\t round(sum(if(bitAnd(common_flags, 1)= 1, sessions, 0))/total_sessions,4) as \"Asymmetric \",\n\t round(sum(if(bitAnd(common_flags, 2)= 2, sessions, 0))/ total_sessions,4) as \"Bulky\",\n\t round(sum(if(bitAnd(common_flags, 4)= 4, sessions, 0))/total_sessions,4) as \"CBR Streaming\",\n\t round(sum(if(bitAnd(common_flags, 8)= 8, sessions, 0))/total_sessions,4) as \"Client is Local\",\n\t round(sum(if(bitAnd(common_flags, 16)= 16, sessions, 0))/total_sessions,4) as \"Server is Local\",\n\t round(sum(if(bitAnd(common_flags, 32)= 32, sessions, 0))/total_sessions,4) as \"Download\",\n\t round(sum(if(bitAnd(common_flags, 64)= 64, sessions, 0))/total_sessions,4) as \"Interactive\",\n\t round(sum(if(bitAnd(common_flags, 128)= 128, sessions, 0))/total_sessions,4) as \"Inbound\",\n\t round(sum(if(bitAnd(common_flags, 256)= 256, sessions, 0))/total_sessions,4) as \"Outbound\",\n\t round(sum(if(bitAnd(common_flags, 512)= 512, sessions, 0))/total_sessions,4) as \"Pseudo Unidirectional\",\n\t round(sum(if(bitAnd(common_flags, 1024)= 1024, sessions, 0))/total_sessions,4) as \"Streaming\",\n\t round(sum(if(bitAnd(common_flags, 2048)= 2048, sessions, 0))/total_sessions,4) as \"Unidirectional\",\n\t round(sum(if(bitAnd(common_flags, 4096)= 4096, sessions, 0))/total_sessions,4) as \"Random looking\",\n\t round(sum(if(bitAnd(common_flags, 8192)= 8192, sessions, 0))/total_sessions,4) as \"C2S\",\n\t round(sum(if(bitAnd(common_flags, 16384)= 16384, sessions, 0))/total_sessions,4) as \"S2C\",\n\t sum(if(common_flags=0, sessions, 0)) as \"N/A\"\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tcommon_flags,\n\t\t\tcount(*) as sessions,\n\t\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t\tsum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\n\t\tfrom\n\t\t\tsession_record as sr\n\t\twhere\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tgroup by\n\t\t\tcommon_flags \n\t\t)\n\t\t"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Top 20 Slowest Domains",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\thttp_domain as domain,\n\tround(avg(common_establish_latency_ms),0) avg_establish_latency\nfrom\n\tsession_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand notEmpty(http_domain)\ngroup by\n\thttp_domain\norder by\n\tavg_establish_latency desc\nlimit 20",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\thttp_domain as domain,\n\tround(avg(common_establish_latency_ms),0) avg_establish_latency\nfrom\n\tsession_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand notEmpty(http_domain)\ngroup by\n\thttp_domain\norder by\n\tavg_establish_latency desc\nlimit 20"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Session Records Rate by Device Group",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query= select common_device_group,max(session_rate) as max_session_rate,avg(session_rate) as avg_session_rate,min(session_rate) as min_session_rate from (select \n\t{{PT5M_RECV_TIME}} as stat_time,common_device_group,\n\tsum(common_sessions)/300 as session_rate\nfrom\n\tsession_record sr\nwhere\n common_recv_time >= UNIX_TIMESTAMP(now())-86400\n and common_recv_time<UNIX_TIMESTAMP(now())\ngroup by\n\tstat_time, common_device_group) group by common_device_group",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": " select common_device_group,max(session_rate) as max_session_rate,avg(session_rate) as avg_session_rate,min(session_rate) as min_session_rate from (select \n\t{{PT5M_RECV_TIME}} as stat_time,common_device_group,\n\tsum(common_sessions)/300 as session_rate\nfrom\n\tsession_record sr\nwhere\n common_recv_time >= UNIX_TIMESTAMP(now())-86400\n and common_recv_time<UNIX_TIMESTAMP(now())\ngroup by\n\tstat_time, common_device_group) group by common_device_group"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "UDP Flood Detecton",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query=\nselect\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tif(notEmpty(ports),length(ports),0) as ports_num\nfrom\n\tsession_record crl\nwhere \tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\nand common_l4_protocol in ('IPv4_UDP','IPv6_UDP') and common_s2c_pkt_num =0\ngroup by\n\tcommon_server_ip\nhaving ports_num > 100\norder by\n\tports_num desc limit 50",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "\nselect\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tif(notEmpty(ports),length(ports),0) as ports_num\nfrom\n\tsession_record crl\nwhere \tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\nand common_l4_protocol in ('IPv4_UDP','IPv6_UDP') and common_s2c_pkt_num =0\ngroup by\n\tcommon_server_ip\nhaving ports_num > 100\norder by\n\tports_num desc limit 50"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Validate Session Index Tables",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}?query= select 'Total' as type, count(*) as logs from session_record where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all \nselect 'Client IP' as type, count(*) as logs from session_record_common_client_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Server IP' as type, count(*) as logs from session_record_common_server_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Domain' as type, count(*) as logs from session_record_common_server_domain where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": " select 'Total' as type, count(*) as logs from session_record where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all \nselect 'Client IP' as type, count(*) as logs from session_record_common_client_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Server IP' as type, count(*) as logs from session_record_common_server_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Domain' as type, count(*) as logs from session_record_common_server_domain where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Cardinality Estimation",
|
||
"item": [
|
||
{
|
||
"name": "Total",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tround(tcp_logs / logs, 2) as \"TCP Percentage\",\n\tround(udp_logs / logs, 2) as \"UDP Percentage\",\n\tround(egress_bytes / bytes, 2) as \"Egress Percentage\",\n\tround(ingress_bytes / bytes, 2) as \"Ingress Percentage\",\n\ttcp_logs as \"TCP Logs\",\n\tudp_logs as \"UDP Logs\",\n\tlogs as \"Logs\",\n\tegress_bytes as \"Egress Bytes\",\n\tingress_bytes as \"Ingress Bytes\",\n\tbytes as \"Bytes\"\nfrom\n\t(select\n\tsum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs,\n\tsum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs,\n\tsum(if(common_direction = 69, common_c2s_byte_num, common_s2c_byte_num)) as egress_bytes,\n\tsum(if(common_direction = 73, common_c2s_byte_num, common_s2c_byte_num)) as ingress_bytes,\n\tcount(*) as logs,\n\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tround(tcp_logs / logs, 2) as \"TCP Percentage\",\n\tround(udp_logs / logs, 2) as \"UDP Percentage\",\n\tround(egress_bytes / bytes, 2) as \"Egress Percentage\",\n\tround(ingress_bytes / bytes, 2) as \"Ingress Percentage\",\n\ttcp_logs as \"TCP Logs\",\n\tudp_logs as \"UDP Logs\",\n\tlogs as \"Logs\",\n\tegress_bytes as \"Egress Bytes\",\n\tingress_bytes as \"Ingress Bytes\",\n\tbytes as \"Bytes\"\nfrom\n\t(select\n\tsum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs,\n\tsum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs,\n\tsum(if(common_direction = 69, common_c2s_byte_num, common_s2c_byte_num)) as egress_bytes,\n\tsum(if(common_direction = 73, common_c2s_byte_num, common_s2c_byte_num)) as ingress_bytes,\n\tcount(*) as logs,\n\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Log Type",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tround(base_logs / total_logs, 2) as \"BASE Percentage\",\n\tround(http_logs / total_logs, 2) as \"HTTP Percentage\",\n\tround(ssl_logs / total_logs, 2) as \"SSL Percentage\",\n\tround(dns_logs / total_logs, 2) as \"DNS Percentage\",\n\tround(mail_logs / total_logs, 2) as \"MAIL Percentage\",\n\tround(rtp_logs / total_logs, 2) as \"RTP Percentage\",\n\tround(sip_logs / total_logs, 2) as \"SIP Percentage\",\n\tround(ftp_logs / total_logs, 2) as \"FTP Percentage\",\n\tbase_logs as \"BASE Logs\",\n\thttp_logs as \"HTTP Logs\",\n\tssl_logs as \"SSL Logs\",\n\tdns_logs as \"DNS Logs\",\n\tmail_logs as \"MAIL Logs\",\n\trtp_logs as \"RTP Logs\",\n\tsip_logs as \"SIP Logs\",\n\tftp_logs as \"FTP Logs\",\n\ttotal_logs as \"Total Logs\"\nfrom\n\t(\n\tselect\n\t\tsum(if(common_schema_type='BASE', 1, 0)) as base_logs,\n\t\tsum(if(common_schema_type='HTTP', 1, 0)) as http_logs,\n\t\tsum(if(common_schema_type='SSL', 1, 0)) as ssl_logs,\n\t\tsum(if(common_schema_type='DNS', 1, 0)) as dns_logs,\n\t\tsum(if(common_schema_type='MAIL', 1, 0)) as mail_logs,\n\t\tsum(if(common_schema_type='RTP', 1, 0)) as rtp_logs,\n\t\tsum(if(common_schema_type='SIP', 1, 0)) as sip_logs,\n\t\tsum(if(common_schema_type='FTP', 1, 0)) as ftp_logs,\n\t\tcount(*) as total_logs\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t)\n\t\t",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tround(base_logs / total_logs, 2) as \"BASE Percentage\",\n\tround(http_logs / total_logs, 2) as \"HTTP Percentage\",\n\tround(ssl_logs / total_logs, 2) as \"SSL Percentage\",\n\tround(dns_logs / total_logs, 2) as \"DNS Percentage\",\n\tround(mail_logs / total_logs, 2) as \"MAIL Percentage\",\n\tround(rtp_logs / total_logs, 2) as \"RTP Percentage\",\n\tround(sip_logs / total_logs, 2) as \"SIP Percentage\",\n\tround(ftp_logs / total_logs, 2) as \"FTP Percentage\",\n\tbase_logs as \"BASE Logs\",\n\thttp_logs as \"HTTP Logs\",\n\tssl_logs as \"SSL Logs\",\n\tdns_logs as \"DNS Logs\",\n\tmail_logs as \"MAIL Logs\",\n\trtp_logs as \"RTP Logs\",\n\tsip_logs as \"SIP Logs\",\n\tftp_logs as \"FTP Logs\",\n\ttotal_logs as \"Total Logs\"\nfrom\n\t(\n\tselect\n\t\tsum(if(common_schema_type='BASE', 1, 0)) as base_logs,\n\t\tsum(if(common_schema_type='HTTP', 1, 0)) as http_logs,\n\t\tsum(if(common_schema_type='SSL', 1, 0)) as ssl_logs,\n\t\tsum(if(common_schema_type='DNS', 1, 0)) as dns_logs,\n\t\tsum(if(common_schema_type='MAIL', 1, 0)) as mail_logs,\n\t\tsum(if(common_schema_type='RTP', 1, 0)) as rtp_logs,\n\t\tsum(if(common_schema_type='SIP', 1, 0)) as sip_logs,\n\t\tsum(if(common_schema_type='FTP', 1, 0)) as ftp_logs,\n\t\tcount(*) as total_logs\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t)\n\t\t"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Entities",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Entities of TCP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Entities of UDP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tuniq(common_client_ip) as \"Client IPs\",\n\tuniq(common_server_ip) as \"Server IPs\",\n\tuniq(common_internal_ip) as \"Internal IPs\",\n\tuniq(common_external_ip) as \"External IPs\",\n\tuniq(http_domain) as \"Domains\",\n\tuniq(http_host) as \"Hosts\",\n\tuniq(ssl_sni) as \"SNIs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Sources",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server Hits\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External Hits\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server Hits\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External Hits\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Sources of TCP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\n\t\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\n\t\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Sources of UDP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\t\nfrom session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tuniq(common_client_ip, common_server_ip) as \"Client to Server IPs\",\n\tuniq(common_internal_ip, common_external_ip) as \"Internal to External IPs\",\n\tuniq(common_client_ip, http_domain) as \"Client to Domain Hits\", uniq(common_internal_ip, http_domain) as \"Internal to Domain Hits\"\t\nfrom session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Destinations",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Destinations of TCP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_TCP', 'IPv6_TCP')"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Destinations of UDP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tuniq(common_server_ip, http_domain) as \"Server to Domain Hits\",\n\tuniq(common_external_ip, http_domain) as \"External to Domain Hits\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_l4_protocol in('IPv4_UDP', 'IPv6_UDP')"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Destinations of DNS",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tuniq(common_server_ip) as \"Server IPs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_port=53",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tuniq(common_server_ip) as \"Server IPs\"\nfrom\n\tsession_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_port=53"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Bytes Distribution of TCP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Bytes Distribution of UDP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n round(QUANTILE(bytes,0.9999),2) as p9999, \n\t round(QUANTILE(bytes,0.999),2) as p999,\n\tround(QUANTILE(bytes,0.996),2) as p996,\n\tround(QUANTILE(bytes,0.995),2) as p995,\n\tround(QUANTILE(bytes,0.99),2) as p99,\n\tround(QUANTILE(bytes,0.98),2) as p98,\n\tround(QUANTILE(bytes,0.96),2) as p96,\n\tround(QUANTILE(bytes,0.95),2) as p95,\n\tround(QUANTILE(bytes,0.92),2) as p92,\n\tround(QUANTILE(bytes,0.90),2) as p90,\n\tround(QUANTILE(bytes,0.89),2) as p89,\n\tround(QUANTILE(bytes,0.88),2) as p88,\n\tround(median(bytes),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Sessions Distribution of TCP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Sessions Distribution of UDP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n round(QUANTILE(sessions,0.9999),2) as p9999, \n\t round(QUANTILE(sessions,0.999),2) as p999,\n\tround(QUANTILE(sessions,0.996),2) as p996,\n\tround(QUANTILE(sessions,0.995),2) as p995,\n\tround(QUANTILE(sessions,0.99),2) as p99,\n\tround(QUANTILE(sessions,0.98),2) as p98,\n\tround(QUANTILE(sessions,0.96),2) as p96,\n\tround(QUANTILE(sessions,0.95),2) as p95,\n\tround(QUANTILE(sessions,0.92),2) as p92,\n\tround(QUANTILE(sessions,0.90),2) as p90,\n\tround(QUANTILE(sessions,0.89),2) as p89,\n\tround(QUANTILE(sessions,0.88),2) as p88,\n\tround(median(sessions),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tcount(*) as sessions\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\n\t\tand common_server_port in (53,443)\n\tgroup by\n\t\tcommon_server_ip \n)\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Clients Distribution of TCP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\tgroup by\n\t\tcommon_server_ip \n)\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Clients Distribution of UDP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\t\n\tgroup by\n\t\tcommon_server_ip \n)\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n round(QUANTILE(client_ips,0.9999),2) as p9999, \n\t round(QUANTILE(client_ips,0.999),2) as p999,\n\tround(QUANTILE(client_ips,0.996),2) as p996,\n\tround(QUANTILE(client_ips,0.995),2) as p995,\n\tround(QUANTILE(client_ips,0.99),2) as p99,\n\tround(QUANTILE(client_ips,0.98),2) as p98,\n\tround(QUANTILE(client_ips,0.96),2) as p96,\n\tround(QUANTILE(client_ips,0.95),2) as p95,\n\tround(QUANTILE(client_ips,0.92),2) as p92,\n\tround(QUANTILE(client_ips,0.90),2) as p90,\n\tround(QUANTILE(client_ips,0.89),2) as p89,\n\tround(QUANTILE(client_ips,0.88),2) as p88,\n\tround(median(client_ips),2) as p50\nfrom\n\t(\n\tselect\n\t\tcommon_server_ip,\n\t\tuniq(common_client_ip) as client_ips\n\tfrom\n\t\tsession_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_l4_protocol in ('IPv4_UDP', 'IPv6_UDP')\t\n\tgroup by\n\t\tcommon_server_ip \n)\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TopK Server of TCP by Sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TopK Server of UDP by Sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsum(sessions) sessions,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by sessions desc limit 100\n )"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TopK Server of TCP by Bytes",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TopK Server of UDP by Bytes",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsum(bytes) as bytes,\n\tcount(*) as server_ips,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tGROUP BY common_server_ip\n\t\torder by bytes desc limit 100\n )\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TopK Server of TCP by Clients",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tAND (common_l4_protocol IN ('IPv4_TCP', 'IPv6_TCP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TopK Server of UDP by Clients",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select \n\t\tuniq(common_client_ip) as client_ips,\n\t\tcount(*) as sessions,\n\t (\n\t\t select uniq(common_client_ip) as total_client_ips from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t ) as total_client_ips,\n\t\tround(client_ips / total_client_ips,6) as percent_client_ips_to_total,\n\t\t (\n\t\t\tselect count(*) as total_sessions from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_sessions,\n\t\tround(sessions / total_sessions,6) as percent_sessions_to_total,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n\t\t (\n\t\t\tselect sum(common_c2s_byte_num + common_s2c_byte_num) as total_bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t) as total_bytes,\n\t\tround(bytes / total_bytes,6) as percent_bytes_to_total\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\tand common_server_ip in (\n\t\t\tSELECT common_server_ip FROM session_record as cc\n\t\t\tWHERE\n\t\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t\tAND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP'))\n\t\t\tGROUP BY\n\t\t\t\tcommon_server_ip\n\t\t\torder by uniq(common_client_ip) desc limit 10\n\t\t\n\t)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TopK SNI by Sessions",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(sessions) sessions,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by sessions desc limit 100\n )",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsum(sessions) sessions,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tcount(*)\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t) as total_sessions,\n\tround(sessions / total_sessions, 6) as percent_sessions_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tcount(*) AS sessions\n\tFROM\n\t\tsession_record\n\tWHERE\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by sessions desc limit 100\n )"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TopK SNI by Bytes",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(bytes) as bytes,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by bytes desc limit 100\n )\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tsum(bytes) as bytes,\n\tcount(*) as ssl_snis,\n\t(\n\t\tselect\n\t\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\t\tfrom\n\t\t\tsession_record\n\t\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t) as total_bytes,\n\tround(bytes / total_bytes, 6) as percent_bytes_to_total\nfrom\n\t(\n\tSELECT\n\t\tssl_sni,\n\t\tsum(common_c2s_byte_num+common_s2c_byte_num) as bytes\n\tFROM\n\t\tsession_record\n\tWHERE\n\t\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\t and notEmpty(ssl_sni)\n\t\tGROUP BY ssl_sni\n\t\torder by bytes desc limit 100\n )\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "URLs Length Distribution",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(max(url_length),2) as max,\n round(QUANTILE(url_length,0.9999),2) as p9999,\n\tround(QUANTILE(url_length,0.99),2) as p99,\n\tround(QUANTILE(url_length,0.95),2) as p95,\n\tround(QUANTILE(url_length,0.90),2) as p90,\n\tround(median(url_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(http_url) as url_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_schema_type='HTTP'\n)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n round(max(url_length),2) as max,\n round(QUANTILE(url_length,0.9999),2) as p9999,\n\tround(QUANTILE(url_length,0.99),2) as p99,\n\tround(QUANTILE(url_length,0.95),2) as p95,\n\tround(QUANTILE(url_length,0.90),2) as p90,\n\tround(median(url_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(http_url) as url_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_schema_type='HTTP'\n)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "SSL SAN Length Distribution",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n round(max(san_length),2) as max,\n round(QUANTILE(san_length,0.9999),2) as p9999,\n\tround(QUANTILE(san_length,0.99),2) as p99,\n\tround(QUANTILE(san_length,0.95),2) as p95,\n\tround(QUANTILE(san_length,0.90),2) as p90,\n\tround(median(san_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(ssl_san) as san_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_schema_type='SSL'\n)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n round(max(san_length),2) as max,\n round(QUANTILE(san_length,0.9999),2) as p9999,\n\tround(QUANTILE(san_length,0.99),2) as p99,\n\tround(QUANTILE(san_length,0.95),2) as p95,\n\tround(QUANTILE(san_length,0.90),2) as p90,\n\tround(median(san_length),2) as p50\nfrom\n\t(\n\tselect\n\t\tlength(ssl_san) as san_length\n\tfrom\n\t\tsession_record\n\twhere\n\t common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t and common_schema_type='SSL'\n)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "APP Bitrate per Server IP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n common_app_label,\t\n round(median(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"Medain Mbits/s\",\n\tround(avg(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"AVG Mbits / s\",\n\tround(QUANTILE(traffic_bytes, 0.95) * 8 / 1000 / 1000 / 300,2) as \"P95 Mbits / s\"\nFROM\n\t(\n\tSELECT\n\t common_app_label,\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300) * 300) as stat_time,\n\t\tround(sum(common_c2s_byte_num + common_s2c_byte_num)/ uniq(common_server_ip),2) as traffic_bytes\n\tFROM\n\t\tsession_record as ss\n\tWHERE\n\t\t(common_recv_time >= toDateTime('2022-07-19 00:00:00'))\n\t\tAND (common_recv_time < toDateTime('2022-07-20 00:00:00'))\n\tGROUP BY\n\t\tstat_time, common_app_label\n) group by common_app_label order by \"AVG Mbits / s\" desc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n common_app_label,\t\n round(median(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"Medain Mbits/s\",\n\tround(avg(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"AVG Mbits / s\",\n\tround(QUANTILE(traffic_bytes, 0.95) * 8 / 1000 / 1000 / 300,2) as \"P95 Mbits / s\"\nFROM\n\t(\n\tSELECT\n\t common_app_label,\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300) * 300) as stat_time,\n\t\tround(sum(common_c2s_byte_num + common_s2c_byte_num)/ uniq(common_server_ip),2) as traffic_bytes\n\tFROM\n\t\tsession_record as ss\n\tWHERE\n\t\t(common_recv_time >= toDateTime('2022-07-19 00:00:00'))\n\t\tAND (common_recv_time < toDateTime('2022-07-20 00:00:00'))\n\tGROUP BY\n\t\tstat_time, common_app_label\n) group by common_app_label order by \"AVG Mbits / s\" desc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Domain Drill Down",
|
||
"item": [
|
||
{
|
||
"name": "Domain Entity",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" , groupUniqArray(common_l7_protocol) as protocols,FROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" , median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes, any(common_server_location) as Location from session_record where common_server_domain='{{domain}}' and common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" , groupUniqArray(common_l7_protocol) as protocols,FROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" , median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes, any(common_server_location) as Location from session_record where common_server_domain='{{domain}}' and common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Domain Access Trend",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'P1D')) as stat_time, count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes from session_record where common_server_domain='{{domain}}' and common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time order by stat_time limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'P1D')) as stat_time, count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes from session_record where common_server_domain='{{domain}}' and common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') group by stat_time order by stat_time limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Client",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip as \"Client IP\" , avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\", count(1) as Responses,any(common_client_location) as Location from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"Client IP\" order by Responses desc limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select common_client_ip as \"Client IP\" , avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\", count(1) as Responses,any(common_client_location) as Location from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"Client IP\" order by Responses desc limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Server",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_server_ip as \"Server IP\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes,any(common_server_location) as Location from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"Server IP\" order by bytes desc limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select common_server_ip as \"Server IP\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes,any(common_server_location) as Location from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"Server IP\" order by bytes desc limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "URI",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select http_url as \"URI\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"URI\" order by Responses desc limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select http_url as \"URI\" , avg(http_response_latency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_domain='{{domain}}' group by \"URI\" order by Responses desc limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "IP Drill Down",
|
||
"item": [
|
||
{
|
||
"name": "IP Entity",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" ,\n\tFROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" ,\n\tcount(1) as Sessions,\n\tsum(if(common_client_ip = '{{client_ip}}', 1, 0)) as \"Clients\", sum(if(common_server_ip='{{server_ip}}', 1, 0)) as \"Servers\",\n\tany(common_server_location) as Location\nfrom\n\tsession_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')and\n\t(common_server_ip = '{{client_ip}}'\n\tor common_client_ip = '{{server_ip}}')",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tFROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" ,\n\tFROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" ,\n\tcount(1) as Sessions,\n\tsum(if(common_client_ip = '{{client_ip}}', 1, 0)) as \"Clients\", sum(if(common_server_ip='{{server_ip}}', 1, 0)) as \"Servers\",\n\tany(common_server_location) as Location\nfrom\n\tsession_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')and\n\t(common_server_ip = '{{client_ip}}'\n\tor common_client_ip = '{{server_ip}}')"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Domain",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select http_domain as \"Domain\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes,uniq(common_client_ip) as \"Client IPs\" from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_ip='{{server_ip}}' group by \"Domain\" order by \"Client IPs\" desc limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select http_domain as \"Domain\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes,uniq(common_client_ip) as \"Client IPs\" from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_ip='{{server_ip}}' group by \"Domain\" order by \"Client IPs\" desc limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Client Access Domain",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select http_domain as \"Domain\", median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_client_ip='{{client_ip}}' group by \"Domain\" order by Bytes desc limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select http_domain as \"Domain\", median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Sessions,sum(common_c2s_byte_num + common_s2c_byte_num) as Bytes from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_client_ip='{{client_ip}}' group by \"Domain\" order by Bytes desc limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Client to Server",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip as \"Client IP\" , common_server_ip as \"Server IP\", groupUniqArray(concat(common_l7_protocol, '/' , toString(common_server_port))) as \"Applicaiton Protocol\",count(1) as Sessions,any(common_client_location) as \"Client Location\",any(common_client_location) as \"Serever Location\" from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and (common_server_ip = '{{server_ip}}'\n\tor common_client_ip = '{{client_ip}}') group by \"Client IP\", \"Server IP\" order by Sessions desc limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select common_client_ip as \"Client IP\" , common_server_ip as \"Server IP\", groupUniqArray(concat(common_l7_protocol, '/' , toString(common_server_port))) as \"Applicaiton Protocol\",count(1) as Sessions,any(common_client_location) as \"Client Location\",any(common_client_location) as \"Serever Location\" from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and (common_server_ip = '{{server_ip}}'\n\tor common_client_ip = '{{client_ip}}') group by \"Client IP\", \"Server IP\" order by Sessions desc limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Server QoS & Throutput Trend",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT1H_RECV_TIME}} as stat_time,\n sum(common_c2s_byte_num) as bytes_sent, sum(common_s2c_byte_num) as bytes_received, \n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets,sum(common_sessions) as sessions,avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\"\nfrom\n session_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_ip='{{server_ip}}'\ngroup by\n stat_time order by stat_time asc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n {{PT1H_RECV_TIME}} as stat_time,\n sum(common_c2s_byte_num) as bytes_sent, sum(common_s2c_byte_num) as bytes_received, \n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets,sum(common_sessions) as sessions,avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\"\nfrom\n session_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_server_ip='{{server_ip}}'\ngroup by\n stat_time order by stat_time asc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "DNS Analysis",
|
||
"item": [
|
||
{
|
||
"name": "DNS qtype",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,count(1) as requests,\nsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\nsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets\nfrom transaction_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type = 'DNS'\ngroup by dns_qtype\norder by requests desc\n\n\n\n\n\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,count(1) as requests,\nsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\nsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets\nfrom transaction_record\nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type = 'DNS'\ngroup by dns_qtype\norder by requests desc\n\n\n\n\n\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS rcode",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other'\n\tEND) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff + common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff + common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_rcode\norder by\n\trequests desc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other'\n\tEND) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff + common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff + common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_rcode\norder by\n\trequests desc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS qnames",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n transaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n transaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS qnames by erros",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdns_qname,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tdns_qname,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS server ip",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc\nlimit 50\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc\nlimit 50\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS server ip by erros",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS IP Conversations With Highest Errors",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand dns_rcode>0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS Requests With Highes Erros",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type='DNS' and dns_rcode>0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type='DNS' and dns_rcode>0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "DNS Resolver Amplification Attack",
|
||
"item": [
|
||
{
|
||
"name": "DNS Resolvers",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS Resolver Amlif Times",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') \n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "",
|
||
"value": ""
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') \n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS Resolver Metrics trend",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "",
|
||
"value": ""
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_c2s_byte_diff>0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS Resolver rcode",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS' \n\tand common_server_ip = '60.13.217.234'\ngroup by\n\tdns_rcode\norder by\n\trequests desc\n",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "",
|
||
"value": ""
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS' \n\tand common_server_ip = '60.13.217.234'\ngroup by\n\tdns_rcode\norder by\n\trequests desc\n"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS Resolver qname",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '117.145.34.90'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "",
|
||
"value": ""
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tdns_qname,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '117.145.34.90'\ngroup by\n\tdns_qname\norder by\n\trequests desc\nlimit 50"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS Resolver qtype",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,\ncount(1) as requests,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets,\nmax(common_c2s_byte_diff) as max_request_bytes,\nmax(common_s2c_byte_diff) as max_response_bytes,\navg(common_c2s_byte_diff) as avg_request_bytes,\navg(common_s2c_byte_diff) as avg_response_bytes,\nmedian(common_c2s_byte_diff) as median_request_bytes,\nmedian(common_s2c_byte_diff) as median_response_bytes\nfrom transaction_record where\ncommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type = 'DNS'\nand common_server_ip = '117.145.34.90'\ngroup by dns_qtype\norder by requests desc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "",
|
||
"value": ""
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n(CASE\nWHEN dns_qtype = 1 THEN 'A'\nWHEN dns_qtype = 2 THEN 'NS'\nWHEN dns_qtype = 3 THEN 'MD'\nWHEN dns_qtype = 4 THEN 'MF'\nWHEN dns_qtype = 5 THEN 'CNAME'\nWHEN dns_qtype = 6 THEN 'SOA'\nWHEN dns_qtype = 7 THEN 'MB'\nWHEN dns_qtype = 8 THEN 'MG'\nWHEN dns_qtype = 9 THEN 'MR'\nWHEN dns_qtype = 10 THEN 'NULL'\nWHEN dns_qtype = 11 THEN 'WKS'\nWHEN dns_qtype = 12 THEN 'PTR'\nWHEN dns_qtype = 13 THEN 'HINFO'\nWHEN dns_qtype = 15 THEN 'MX'\nWHEN dns_qtype = 16 THEN 'TXT'\nWHEN dns_qtype = 25 THEN 'KEY'\nWHEN dns_qtype = 28 THEN 'AAAA'\nWHEN dns_qtype = 33 THEN 'SRV'\nWHEN dns_qtype = 35 THEN 'NAPTR'\nWHEN dns_qtype = 38 THEN 'A6'\nWHEN dns_qtype = 39 THEN 'DNAME'\nWHEN dns_qtype = 43 THEN 'DS'\nWHEN dns_qtype = 46 THEN 'RRSIG'\nWHEN dns_qtype = 48 THEN 'DNSKEY'\nWHEN dns_qtype = 49 THEN 'DHCID'\nWHEN dns_qtype = 99 THEN 'SPF'\nWHEN dns_qtype = 255 THEN '*. A'\nWHEN dns_qtype = 256 THEN 'URI' ELSE 'Other' END) as \"Query Type\",\ndns_qtype,\ncount(1) as requests,\nsum(common_c2s_byte_diff) as total_request_bytes,\nsum(common_s2c_byte_diff) as total_response_bytes,\nsum(common_c2s_pkt_diff) as total_request_packets,\nsum(common_s2c_pkt_diff) as total_response_packets,\nmax(common_c2s_byte_diff) as max_request_bytes,\nmax(common_s2c_byte_diff) as max_response_bytes,\navg(common_c2s_byte_diff) as avg_request_bytes,\navg(common_s2c_byte_diff) as avg_response_bytes,\nmedian(common_c2s_byte_diff) as median_request_bytes,\nmedian(common_s2c_byte_diff) as median_response_bytes\nfrom transaction_record where\ncommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}') and common_schema_type = 'DNS'\nand common_server_ip = '117.145.34.90'\ngroup by dns_qtype\norder by requests desc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Victim Clients",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_s2c_byte_diff>1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DNS Resolvers by Victim IP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=SELECT\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tany(common_server_location) as server_location\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_client_ip = '123.101.255.253' \n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "",
|
||
"value": ""
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tany(common_server_location) as server_location\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_client_ip = '123.101.255.253' \n\tand common_schema_type = 'DNS'\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Amlif Times Distribution",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect\n\tcount(*) as ips,\n\tsum(if(byte_ratio <= 1, 1, 0)) as \"1 times\",\n\tsum(if(byte_ratio > 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "",
|
||
"value": ""
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "\nselect\n\tcount(*) as ips,\n\tsum(if(byte_ratio <= 1, 1, 0)) as \"1 times\",\n\tsum(if(byte_ratio > 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Ampli Attack Country Distribution",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "",
|
||
"value": ""
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n\t\tand common_c2s_byte_diff>0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "DNS NXDOMAIN Flood",
|
||
"item": [
|
||
{
|
||
"name": "DNS Proxy Server",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_schema_type = 'DNS'\n\tand dns_rcode = 3\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc limit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select \n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_schema_type = 'DNS'\n\tand dns_rcode = 3\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc limit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "Client IP Highest Erros",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"protocolProfileBehavior": {
|
||
"disableBodyPruning": true
|
||
},
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"body": {
|
||
"mode": "formdata",
|
||
"formdata": []
|
||
},
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_schema_type = 'DNS'\n\tand common_server_ip = '202.106.196.115'\n\tand dns_rcode in (2, 3, 8)\ngroup by\n\tcommon_client_ip\norder by\n\trequests desc\nlimit 100",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "option",
|
||
"value": "long-term",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "resultId",
|
||
"value": "129494",
|
||
"disabled": true
|
||
},
|
||
{
|
||
"key": "query",
|
||
"value": "select\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time <UNIX_TIMESTAMP('{{end_time}}')\n and common_schema_type = 'DNS'\n\tand common_server_ip = '202.106.196.115'\n\tand dns_rcode in (2, 3, 8)\ngroup by\n\tcommon_client_ip\norder by\n\trequests desc\nlimit 100"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Kafka Topics (Deprecated)",
|
||
"item": [
|
||
{
|
||
"name": "Kafka Topic Metrics",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\n- kafka_server_BrokerTopicMetrics_MeanRate\n - Topic 消息传输速率均值,可定位当前Topic平均处理多少消息\n - 每秒接收消息:kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的请求数量:kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的生产数量:kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n- kafka_server_BrokerTopicMetrics_OneMinuteRate\n - Topic 1分钟内传输消息速率,可定位最近1分钟有无数据\n - 每秒接收消息:kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的请求数量:kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的生产数量:kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n- kafka_server_BrokerTopicMetrics_FiveMinuteRate\n - Topic 5分钟内传输消息速率,可定位最近5分钟有无数据\n - 每秒接收消息:kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的请求数量:kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的生产数量:kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n- kafka_server_BrokerTopicMetrics_FifteenMinuteRate\n - Topic 15分钟内传输消息速率,可定位最近15分钟有无数据\n - 每秒接收消息:kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的请求数量:kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的生产数量:kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "SESSION-RECORD",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking traffic records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SESSION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Session Records no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SESSION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Session Records failed fetch Requests.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SESSION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Session Records failed produce Requests.\"); ",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking ETL status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"ETL Session Records no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Session Records failed fetch Requests.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Session Records failed produce Requests.\");",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "INTERIM-SESSION-RECORD",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking traffic records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Interim Session Records no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Interim Session Records failed fetch requests.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Interim Session Records failed produce requests.\"); ",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking ETL status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"ETL Interim Session Records no data.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Interim Session Records failed fetch requests.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Interim Session Records failed produce requests.\");",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "SECURITY-EVENT",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking traffic records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SECURITY-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Security Events no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SECURITY-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Security Events failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SECURITY-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Security Events failed produce requests.\"); ",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking ETL status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"ETL Security Events no data.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Security Events failed fetch requests.\");",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Security Events failed produce requests.\");",
|
||
"",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TRANSACTION-EVENT",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"",
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking traffic records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRANSACTION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Transaction Records no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Transaction Records failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Transaction Records failed produce requests.\"); ",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking ETL status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"ETL Transaction Records no data.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Transaction Records failed fetch requests.\");",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Transaction Records failed produce requests.\");",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"",
|
||
"",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DOS-EVENT",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking detection events status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"DOS-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"DoS Events no data.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"DOS-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"DoS Events failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"DOS-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"DoS Events failed produce requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "VOIP-RECORD",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking Traffic Records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<=0.0001) { ",
|
||
" console.warn(\"VoIP Records no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"VoIP Records failed fetch Requests.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"VoIP Records failed produce Requests.\"); ",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking ETL status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"ETL VoIP Records ETL no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL VoIP Records failed fetch Requests.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL VoIP Records failed produce Requests.\"); ",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking VoIP Conversation status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"VoIP Conversation no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"VoIP Conversation failed fetch Requests.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"VoIP Conversation failed produce Requests.\"); ",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "RADIUS-RECORD",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking traffic records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"RADIUS-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Radius Records no data.\");",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"RADIUS-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Radius Records failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"RADIUS-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Radius Records failed produce requests.\"); ",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking ETL status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"ETL Radius Records no data.\");",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Radius Records failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Radius Records failed produce requests.\"); ",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "GTPC-RECORD",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking traffic records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"GTPC-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"GTP-C Records no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"GTPC-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"GTP-C Records failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"GTPC-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"GTP-C Records failed produce requests.\"); ",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking ETL status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"ETL GTP-C Records no data.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL GTP-C Records failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL GTP-C Records failed produce requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "SYS-PACKET-CAPTURE-EVENT",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking traffic records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Packet Capture Events no data.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Packet Capture Events failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Packet Capture Events failed produce requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking Traffic Records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"ETL Packet Capture Events no data.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Packet Capture Events failed fetch requests.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Packet Capture Events failed produce requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TRAFFIC-METRICS",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking Checking traffic records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRAFFIC-METRICS\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Traffic Metrics no data.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRAFFIC-METRICS\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Traffic Metrics failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRAFFIC-METRICS\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Traffic Metrics failed produce requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "SYS-STORAGE-LOG",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking traffic records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-STORAGE-LOG\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"System storage no data.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-STORAGE-LOG\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"System storage failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-STORAGE-LOG\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"System storage failed produce requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "DOS-SKETCH-RECORD",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking traffic records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"DOS-SKETCH-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"DoS Sketch no data.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"DOS-SKETCH-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"DoS Sketch failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"DOS-SKETCH-RECORD\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"DoS Sketch failed produce requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "PROXY-EVENT",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking traffic records status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"PROXY-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Proxy Events no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"PROXY-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Proxy Events failed fetch requests.\"); ",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"PROXY-EVENT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"Proxy Events failed produce requests.\"); ",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking ETL status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" ",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"ETL Proxy Events no data.\");",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Proxy Events failed fetch requests.\");",
|
||
"",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" console.error(\"ETL Proxy Events failed produce requests.\");",
|
||
"",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TOP-CLIENT-IP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking pre-aggregation status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-CLIENT-IP\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Top Client IPs no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-CLIENT-IP\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-CLIENT-IP\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TOP-SERVER-IP",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking pre-aggregation status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-SERVER-IP\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Top Server IPs no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-SERVER-IP\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-SERVER-IP\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TOP-INTERNAL-HOST",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking pre-aggregation status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-INTERNAL-HOST\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Top Internal IPs no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-INTERNAL-HOST\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-INTERNAL-HOST\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TOP-EXTERNAL-HOST",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking pre-aggregation status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-EXTERNAL-HOST\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Top External IPs no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-EXTERNAL-HOST\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-EXTERNAL-HOST\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TOP-WEBSITE-DOMAIN",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking pre-aggregation status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-WEBSITE-DOMAIN\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Top Website Domains no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-WEBSITE-DOMAIN\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-WEBSITE-DOMAIN\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TOP-USER",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking pre-aggregation status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-USER\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Top Subscriber IDs no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-USER\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-USER\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TOP-URLS",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking pre-aggregation status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-URLS\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.000001) { ",
|
||
" console.warn(\"Top URLs no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-URLS\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-URLS\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TRAFFIC-APP-STAT",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking pre-aggregation status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRAFFIC-APP-STAT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Top Applications no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRAFFIC-APP-STAT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRAFFIC-APP-STAT\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
},
|
||
{
|
||
"name": "TRAFFIC-PROTOCOL-STAT-LOG",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Successful request.\", function () {",
|
||
" pm.expect(pm.response.code).to.be.oneOf([200,201]);",
|
||
"});",
|
||
"",
|
||
"pm.test(\"Checking pre-aggregation status.\", function () {",
|
||
" const text = pm.response.text().split('\\n');",
|
||
" for (const v of text) {",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]<0.0001) { ",
|
||
" console.warn(\"Top Session Record Metrci - Protcols no data.\"); ",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
" if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {",
|
||
" console.log(v);",
|
||
" if(v.split(' ')[1]>100) {",
|
||
" pm.response.to.have.status(500);",
|
||
" }",
|
||
" }",
|
||
"",
|
||
" }",
|
||
" pm.response.to.be.status(200);",
|
||
"",
|
||
"});",
|
||
"",
|
||
"",
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{kafka_ip}}:{{kafka_monitor_port}}",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{kafka_ip}}"
|
||
],
|
||
"port": "{{kafka_monitor_port}}"
|
||
},
|
||
"description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}"
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"name": "Test",
|
||
"item": [
|
||
{
|
||
"name": "Test Query",
|
||
"event": [
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"exec": [
|
||
"pm.test(\"Status code is 200\", function () {",
|
||
" pm.response.to.have.status(200);",
|
||
"});"
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
},
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"exec": [
|
||
""
|
||
],
|
||
"type": "text/javascript"
|
||
}
|
||
}
|
||
],
|
||
"request": {
|
||
"method": "GET",
|
||
"header": [],
|
||
"url": {
|
||
"raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_vsys_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time,common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc, common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain, common_app_full_path,common_shaping_rule_ids, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_cname,dns_rr, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, dtls_sni ,quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools,stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20",
|
||
"protocol": "http",
|
||
"host": [
|
||
"{{qgw_ip}}"
|
||
],
|
||
"port": "{{qgw_port}}",
|
||
"path": [
|
||
""
|
||
],
|
||
"query": [
|
||
{
|
||
"key": "query",
|
||
"value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_vsys_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time,common_tunnel_endpoint_a_desc, common_tunnel_endpoint_b_desc, common_flags,common_flags_identify_info,common_server_fqdn,common_server_domain, common_app_full_path,common_shaping_rule_ids, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_cname,dns_rr, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, dtls_sni ,quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools,stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_vsys_id in (1,2,3,4) order by common_recv_time desc limit 0 , 20"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"response": []
|
||
}
|
||
]
|
||
}
|
||
],
|
||
"event": [
|
||
{
|
||
"listen": "prerequest",
|
||
"script": {
|
||
"type": "text/javascript",
|
||
"exec": [
|
||
"var startDate = new Date(Date.now()-86400000);",
|
||
"var start_time = startDate.getFullYear().toString() + \"-\" +",
|
||
" (startDate.getMonth() + 1).toString().padStart(2, '0') + \"-\" +",
|
||
" startDate.getDate().toString().padStart(2, '0') + \" \" +",
|
||
" startDate.getHours().toString().padStart(2, '0') + \":\" +",
|
||
" startDate.getMinutes().toString().padStart(2, '0') + \":\" +",
|
||
" startDate.getSeconds().toString().padStart(2, '0');",
|
||
"",
|
||
"pm.globals.set(\"start_time\", start_time);",
|
||
"var endDate = new Date(Date.now());",
|
||
"var end_time = endDate.getFullYear().toString() + \"-\" +",
|
||
" (endDate.getMonth() + 1).toString().padStart(2, '0') + \"-\" +",
|
||
" endDate.getDate().toString().padStart(2, '0') + \" \" +",
|
||
" endDate.getHours().toString().padStart(2, '0') + \":\" +",
|
||
" endDate.getMinutes().toString().padStart(2, '0') + \":\" +",
|
||
" endDate.getSeconds().toString().padStart(2, '0'); ",
|
||
"pm.globals.set(\"end_time\", end_time);",
|
||
"pm.globals.set(\"domain\",pm.variables.replaceIn('{{$randomDomainName}}'));",
|
||
"pm.globals.set(\"client_ip\",pm.variables.replaceIn('{{$randomIP}}'));",
|
||
"pm.globals.set(\"server_ip\",pm.variables.replaceIn('{{$randomIP}}'));",
|
||
""
|
||
]
|
||
}
|
||
},
|
||
{
|
||
"listen": "test",
|
||
"script": {
|
||
"type": "text/javascript",
|
||
"exec": [
|
||
""
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |