diff options
| author | qidaijie <[email protected]> | 2021-12-06 14:10:26 +0300 |
|---|---|---|
| committer | qidaijie <[email protected]> | 2021-12-06 14:10:26 +0300 |
| commit | 2ed5b5f5a3725b715aae9e6cb4cc55d90e21b1e8 (patch) | |
| tree | 069d550739f6bbd8b95e55d126c26ff992fb183a | |
| parent | 579623f96602ed0bb5933ea5324dfd77ca96a458 (diff) | |
提交21.11版本配置
59 files changed, 0 insertions, 19711 deletions
diff --git a/flink/DC/conf/flink-conf.yaml b/flink/DC/conf/flink-conf.yaml index cb47df9..9aa3cbe 100644 --- a/flink/DC/conf/flink-conf.yaml +++ b/flink/DC/conf/flink-conf.yaml @@ -298,10 +298,5 @@ historyserver.archive.fs.refresh-interval: 10000 #完成的作业到期并从作业存储区中清除的秒数 jobstore.expiration-time: 7200 -<<<<<<< HEAD #避免由于task不能正常取消而使taskmanager服务挂掉 task.cancellation.timeout: 0 -======= - - ->>>>>>> parent of 5ba399a... Update docker-checkpoint diff --git a/flink/NC/topology/dos-detection/config/DOS-DETECTION-APPLICATION b/flink/NC/topology/dos-detection/config/DOS-DETECTION-APPLICATION deleted file mode 100644 index c6c4d64..0000000 --- a/flink/NC/topology/dos-detection/config/DOS-DETECTION-APPLICATION +++ /dev/null @@ -1,132 +0,0 @@ -#flink任务名,一般不变 -stream.execution.job.name=DOS-DETECTION-APPLICATION - -#输入kafka topic名 -kafka.input.topic.name=DOS-SKETCH-RECORD - -#输入kafka地址 -kafka.input.bootstrap.servers=10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094 - -#读取kafka group id -kafka.input.group.id=dos-detection-job-210914-1 - -#发送kafka metrics topic名 -kafka.output.metric.topic.name=TRAFFIC-TOP-DESTINATION-IP-METRICS - -#发送kafka event topic名 -kafka.output.event.topic.name=DOS-EVENT - -#kafka输出地址 -kafka.output.bootstrap.servers=10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094 - -#-----------------HBase----------------- -#zookeeper地址 -hbase.zookeeper.quorum=10.224.11.11:2181,10.224.11.12:2181,10.224.11.13:2181 - -#hbase客户端处理时间 -hbase.client.operation.timeout=30000 -hbase.client.scanner.timeout.period=30000 - -##hbase baseline表名 -hbase.baseline.table.name=dos:ddos_traffic_baselines - -#读取baseline限制 -hbase.baseline.total.num=1000000 - -#-----------------并行度----------------- -#flink运行环境并行度,其优先级低于算子并行度,如果未设置算子并行度,则使用该数值 -stream.execution.environment.parallelism=10 - -#输入kafka并行度大小 -kafka.input.parallelism=10 - -#设置聚合并行度,2个key -flink.first.agg.parallelism=10 - -#设置结果判定并行度 -flink.detection.map.parallelism=10 - -#发送kafka metrics并行度大小 -kafka.output.metric.parallelism=10 - -#发送kafka event并行度大小 -kafka.output.event.parallelism=10 - -#watermark延迟 -flink.watermark.max.orderness=60 - -#计算窗口大小,默认600s -flink.window.max.time=600 - -#-----------------基线/.阈值----------------- -#dos event结果中distinct source IP限制 -source.ip.list.limit=10000 - -#基于目的IP的分区数,默认为10000,一般不变 -destination.ip.partition.num=10000 - -data.center.id.num=15 - -#IP mmdb库路径 -ip.mmdb.path=/data/tsg/olap/topology/dat/ - -#静态敏感阈值,速率小于此值不报警 -static.sensitivity.threshold=100 - -#基线敏感阈值 -baseline.sensitivity.threshold=0.2 - -#基于baseline判定dos攻击的上下限 -baseline.sessions.minor.threshold=0.1 -baseline.sessions.warning.threshold=0.5 -baseline.sessions.major.threshold=1 -baseline.sessions.severe.threshold=3 -baseline.sessions.critical.threshold=8 - -#bifang服务访问地址 -bifang.server.uri=http://10.224.11.249:80 - -#访问bifang只读权限token,bifang内置,无需修改 -bifang.server.token=ed04b942-7df4-4e3d-b9a9-a881ca98a867 - -#加密密码路径信息 -bifang.server.encryptpwd.path=/v1/user/encryptpwd - -#登录bifang服务路径信息 -bifang.server.login.path=/v1/user/login - -#获取静态阈值路径信息 -bifang.server.policy.threshold.path=/v1/policy/profile/DoS/detection/threshold - -#-----------------连接超时参数----------------- - -#http请求相关参数 -#最大连接数 -http.pool.max.connection=400 - -#单路由最大连接数 -http.pool.max.per.route=80 - -#向服务端请求超时时间设置(单位:毫秒) -http.pool.request.timeout=60000 - -#向服务端连接超时时间设置(单位:毫秒) -http.pool.connect.timeout=60000 - -#服务端响应超时时间设置(单位:毫秒) -http.pool.response.timeout=60000 - -#获取静态阈值周期,默认十分钟 -static.threshold.schedule.minutes=10 - -#获取baseline周期,默认7天 -baseline.threshold.schedule.days=7 - -#-----------------Kafka用户认证----------------- - -#kafka用户认证配置参数 -sasl.jaas.config.user=admin -sasl.jaas.config.password=galaxy2019 - -#是否开启kafka用户认证配置,1:是;0:否 -sasl.jaas.config.flag=1 diff --git a/flink/NC/topology/flink-top/kafka-flinksql-top.sql b/flink/NC/topology/flink-top/kafka-flinksql-top.sql deleted file mode 100644 index 0e0724f..0000000 --- a/flink/NC/topology/flink-top/kafka-flinksql-top.sql +++ /dev/null @@ -1,367 +0,0 @@ ---通联: -CREATE TABLE session_record_completed_log( -common_schema_type VARCHAR, -common_recv_time BIGINT, -common_client_ip VARCHAR, -common_server_ip VARCHAR, -http_host VARCHAR, -http_domain VARCHAR, -common_l4_protocol VARCHAR, -common_internal_ip VARCHAR, -common_external_ip VARCHAR, -common_subscriber_id VARCHAR, -common_sessions BIGINT, -common_c2s_pkt_num BIGINT, -common_s2c_pkt_num BIGINT, -common_c2s_byte_num BIGINT, -common_s2c_byte_num BIGINT, -common_processing_time BIGINT, -stat_time as TO_TIMESTAMP(FROM_UNIXTIME(common_recv_time)), -WATERMARK FOR stat_time AS stat_time - INTERVAL '1' MINUTE) -WITH( -'connector' = 'kafka', -'properties.group.id' = 'kafka-indexing-service', -'topic' = 'SESSION-RECORD-COMPLETED', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'scan.startup.mode' = 'latest-offset', -'sink.parallelism'='60', -'format' = 'json' -); - ---client: -CREATE TABLE top_client_ip_log( -source VARCHAR, -session_num BIGINT, -c2s_pkt_num BIGINT, -s2c_pkt_num BIGINT, -c2s_byte_num BIGINT, -s2c_byte_num BIGINT, -order_by VARCHAR, -stat_time BIGINT, -PRIMARY KEY (stat_time) NOT ENFORCED -)WITH( -'connector' = 'upsert-kafka', -'topic' = 'TOP-CLIENT-IP', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_client_ip_view as -SELECT common_client_ip as source,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_l4_protocol = 'IPv6_TCP' or common_l4_protocol = 'IPv4_TCP' -group by common_client_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_client_ip_log -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000); - - - - ---server: -CREATE TABLE top_server_ip_log( -destination VARCHAR, -session_num BIGINT, -c2s_pkt_num BIGINT, -s2c_pkt_num BIGINT, -c2s_byte_num BIGINT, -s2c_byte_num BIGINT, -order_by VARCHAR, -stat_time BIGINT, -PRIMARY KEY (stat_time) NOT ENFORCED -)WITH( -'connector' = 'upsert-kafka', -'topic' = 'TOP-SERVER-IP', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_server_ip_view as -SELECT common_server_ip as `destination`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_l4_protocol = 'IPv6_TCP' or common_l4_protocol = 'IPv4_TCP' -group by common_server_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_server_ip_log -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000) -union all -(SELECT destination, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -destination, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000); - - ---internal -CREATE TABLE top_internal_ip_log ( - source VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-INTERNAL-HOST', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_common_internal_ip_view as -SELECT common_internal_ip as `source`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_internal_ip<>'' -group by common_internal_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - - -INSERT INTO top_internal_ip_log -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000); - - ---external: -CREATE TABLE top_external_ip_log ( - destination VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-EXTERNAL-HOST', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - - -CREATE VIEW top_common_external_ip_view as -SELECT common_external_ip as `destination`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_external_ip<>'' -group by common_external_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - - -INSERT INTO top_external_ip_log -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000); - - ---website_domain -CREATE TABLE top_website_domain_log ( - domain VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-WEBSITE-DOMAIN', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_website_domain_view as -SELECT http_domain as `domain`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where http_domain<>'' -group by http_domain,TUMBLE(stat_time,INTERVAL '5' MINUTE); - - -INSERT INTO top_website_domain_log -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000) -union all -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000) -union all -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000); - - ---user: -CREATE TABLE top_user_log ( - subscriber_id VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-USER', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_user_log_view as -SELECT common_subscriber_id as `subscriber_id`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_subscriber_id <>'' -group by common_subscriber_id,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_user_log -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000) -union all -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000) -union all -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000); diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/active_defence_event.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/active_defence_event.json deleted file mode 100644 index 44aeb53..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/active_defence_event.json +++ /dev/null @@ -1,322 +0,0 @@ -{ - "type": "record", - "name": "active_defence_event", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "schema_query": { - "dimensions": [ - "common_policy_id", - "ad_target_ip", - "ad_cc_target_url" - ], - "metrics": [ - "ad_target_ip", - "ad_sent_byte_num", - "ad_sent_pkt_num", - "ad_cc_initiate_connection_num", - "ad_cc_established_connection_num", - "ad_cc_rejected_connection_num" - ], - "filters": [ - "common_policy_id", - "ad_target_ip", - "ad_target_port", - "ad_protocol", - "common_address_type", - "ad_sent_byte_num", - "ad_sent_pkt_num", - "ad_cc_initiate_connection_num", - "ad_cc_established_connection_num", - "ad_cc_rejected_connection_num" - ] - }, - "schema_type": { - "REFLECTION": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_address_type", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_entrance_id", - "common_user_region", - "ad_method", - "ad_protocol", - "ad_target_ip", - "ad_target_port", - "ad_target_ip_location", - "ad_target_ip_asn", - "ad_reflector_profile_id", - "ad_sent_pkt_num", - "ad_sent_byte_num", - "ad_generate_time" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "ad_target_ip", - "ad_target_port", - "ad_reflector_profile_id", - "ad_sent_pkt_num", - "ad_sent_byte_num" - ] - }, - "FLOOD": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_address_type", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_entrance_id", - "common_user_region", - "ad_method", - "ad_protocol", - "ad_target_ip", - "ad_target_port", - "ad_target_ip_location", - "ad_target_ip_asn", - "ad_claimed_src_ip_profile_id", - "ad_sent_pkt_num", - "ad_sent_byte_num", - "ad_generate_time" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "ad_target_ip", - "ad_target_port", - "ad_claimed_src_ip_profile_id", - "ad_protocol" - ] - }, - "CC": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_address_type", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_entrance_id", - "common_user_region", - "ad_method", - "ad_protocol", - "ad_cc_target_url", - "ad_claimed_src_ip_profile_id", - "ad_cc_initiate_connection_num", - "ad_cc_established_connection_num", - "ad_cc_rejected_connection_num", - "ad_generate_time" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "ad_cc_target_url", - "ad_claimed_src_ip_profile_id", - "ad_protocol" - ] - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "ad_target_ip", - "ad_target_port", - "ad_cc_target_url" - ] - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "allow_query": "true", - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "allow_query": "true", - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_device_id", - "label": "Device ID", - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "ad_target_ip", - "label": "Target IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_ip_country,geo_asn", - "appendTo": "ad_target_ip_location,ad_target_ip_asn" - } - }, - "type": "string" - }, - { - "name": "ad_target_port", - "label": "Target Port", - "type": "int" - }, - { - "name": "ad_cc_target_url", - "label": "Target URL", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "ad_target_ip_location", - "label": "Target Location", - "type": "string" - }, - { - "name": "ad_target_ip_asn", - "label": "Target ASN", - "type": "string" - }, - { - "name": "ad_protocol", - "label": "Protocol", - "type": "string" - }, - { - "name": "ad_method", - "label": "Method", - "type": "string" - }, - { - "name": "ad_claimed_src_ip_profile_id", - "label": "Claimed Profile ID", - "type": "int" - }, - { - "name": "ad_reflector_profile_id", - "label": "Reflector Profile ID", - "type": "int" - }, - { - "name": "ad_sent_pkt_num", - "label": "Packets Sent", - "type": "int" - }, - { - "name": "ad_sent_byte_num", - "label": "Bytes Sent", - "type": "int" - }, - { - "name": "ad_cc_initiate_connection_num", - "label": "Initiate Numbers", - "type": "int" - }, - { - "name": "ad_cc_established_connection_num", - "label": "Established Numbers", - "type": "int" - }, - { - "name": "ad_cc_rejected_connection_num", - "label": "Rejected Numbers", - "type": "int" - }, - { - "name": "ad_generate_time", - "label": "Generate Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "int" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/ck-filter.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/ck-filter.json deleted file mode 100644 index ebf0e6c..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/ck-filter.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "version": "1.0", - "name": "ClickHouse-Raw", - "namespace": "ClickHouse", - "filters": [ - { - "name":"@start", - "value": "'2021-01-11 10:00:00'" - }, - { - "name":"@end", - "value": "'2021-01-13 11:00:00'" - }, - { - "name":"@common_filter", - "value": [ - "common_log_id=1153021139190754263", - "common_client_ip='118.180.48.74'", - "common_client_ip='120.242.132.200'", - "common_internal_ip='223.116.37.192'", - "common_server_ip='8.8.8.8'", - "common_server_ip='114.114.114.114'", - "common_server_ip!='114.114.114.114'", - "common_server_ip='120.239.72.226'", - "common_external_ip='111.10.53.14'", - "common_client_port=52607", - "common_server_port=443", - "common_c2s_pkt_num>5", - "common_s2c_pkt_num>5", - "common_c2s_byte_num>100", - "common_s2c_byte_num<200", - "common_schema_type='DNS'", - "common_establish_latency_ms>200", - "common_con_duration_ms>10000", - "common_stream_trace_id=1153021139190754263", - "common_tcp_client_isn=2857077935", - "common_tcp_server_isn=0", - "http_domain='qq.com'", - "http_domain!='qq.com'", - "http_domain='yunser.com'", - "mail_account='[email protected]'", - "mail_subject='test'", - "dns_qname='qbwup.imtt.qq.com'", - "ssl_sni='mmbiz.qpic.cn'", - "ssl_sni='openai.qq.com'", - "ssl_con_latency_ms>100", - "ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1'", - "common_client_ip='36.189.226.21' and common_server_ip='8.8.8.8'", - "common_server_ip='111.10.53.14' and common_server_port=443", - "common_server_ip like '120.239%'", - "common_server_ip not like '120.239%'", - "common_server_ip like '%114.114%'", - "mail_account like 'abc@%'", - "http_domain like '%baidu.com%'", - "ssl_sni like '%google.com'", - "http_domain like 'baidu%'", - "http_domain like '%baidu.com%'", - "common_client_ip in ('120.239.72.226','114.114.114.114')", - "common_client_ip not in ('120.239.72.226','114.114.114.114')", - "common_server_ip='116.177.248.126' and notEmpty(http_domain)", - "common_server_ip='116.177.248.126' and common_client_ip='120.242.132.200'", - "common_server_ip='116.177.248.126' and common_stream_trace_id=1153021139190754263", - "common_client_ip='120.242.132.200' and common_server_ip='116.177.248.126'", - "http_domain='qq.com' or common_server_ip='120.239.72.226'", - "common_server_port not in (80,443)", - "http_domain not like '%qq.com'" - ] - }, - { - "name":"@index_filter", - "value": [ - "common_log_id=1153021139190754263", - "common_client_ip='118.180.48.74'", - "common_client_ip='120.242.132.200'", - "common_server_ip='114.114.114.114'", - "common_server_ip!='114.114.114.114'", - "common_server_ip='120.239.72.226'", - "http_domain='qq.com'", - "http_domain!='qq.com'", - "http_domain='yunser.com'", - "ssl_sni='mmbiz.qpic.cn'", - "ssl_sni='openai.qq.com'", - "common_server_ip like '120.239%'", - "common_server_ip not like '120.239%'", - "common_server_ip like '%114.114%'", - "common_subscriber_id='%test%'", - "http_domain like 'baidu%'", - "http_domain like '%baidu.com%'", - "common_client_ip in ('120.239.72.226','114.114.114.114')", - "common_client_ip not in ('120.239.72.226','114.114.114.114')", - "common_server_ip='116.177.248.126' and notEmpty(http_domain)", - "common_server_ip='116.177.248.126' and common_client_ip='120.242.132.200'", - "common_server_ip='116.177.248.126' and common_stream_trace_id=1153021139190754263", - "common_client_ip='120.242.132.200' and common_server_ip='116.177.248.126'", - "http_domain='qq.com' or common_server_ip='120.239.72.226'" - ] - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/ck-queries-template.sql b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/ck-queries-template.sql deleted file mode 100644 index fc08e8c..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/ck-queries-template.sql +++ /dev/null @@ -1,118 +0,0 @@ ---Q01.Count(1) -select count(1) from session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ---Q02.All Fields Query (default) -SELECT * FROM session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) LIMIT 30 ---Q03.All Fields Query order by Time desc -SELECT * FROM session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 ---Q04.All Fields Query order by Time asc -SELECT * FROM session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time asc LIMIT 30 ---Q05.All Fields Query by Filter -SELECT * FROM session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @common_filter ORDER BY common_recv_time DESC LIMIT 30 ---Q06.Default Fields Query by Filter -SELECT toDateTime(common_recv_time) AS common_recv_time , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @common_filter ORDER BY common_recv_time DESC LIMIT 30 ---Q07.All Fields Query (sub query by time) -SELECT * FROM session_record AS session_record WHERE toDateTime(common_recv_time) IN ( SELECT toDateTime(common_recv_time) FROM session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 ) AND common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 ---Q08.All Fields Query (sub query by log id) -SELECT * FROM session_record AS session_record WHERE common_log_id IN ( SELECT common_log_id FROM session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 ) AND common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 ---Q09.Default Field Query (sub query by time) -SELECT toDateTime(common_recv_time) AS common_recv_time_str , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM session_record AS session_record WHERE toDateTime(common_recv_time) IN ( SELECT toDateTime(common_recv_time) FROM session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 ---Q10.Default Field Query (sub query by log id) -SELECT toDateTime(common_recv_time) AS common_recv_time_str , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM session_record AS session_record WHERE common_log_id IN ( select common_log_id FROM session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end)) ORDER BY common_recv_time DESC LIMIT 30 ---Q11.Default Field Query by Server IP (sub query by log id with Index Table) -SELECT toDateTime(common_recv_time) AS common_recv_time_str , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM session_record AS session_record WHERE common_log_id IN ( Select common_log_id FROM session_record_common_server_ip AS session_record_common_server_ip WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time DESC LIMIT 30 ---Q12.Default Field Query by Client IP (sub query by log id with Index Table) -SELECT toDateTime(common_recv_time) AS common_recv_time_str , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM session_record AS session_record WHERE common_log_id IN ( Select common_log_id FROM session_record_common_client_ip AS session_record_common_client_ip WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time DESC LIMIT 30 ---Q13.Default Field Query by Domain (sub query by log id with Index Table) -SELECT toDateTime(common_recv_time) AS common_recv_time_str , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM session_record AS session_record WHERE common_log_id IN ( Select common_log_id FROM session_record_http_domain AS session_record_http_domain WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time DESC LIMIT 30 ---Q14.All Fields Query by Client IP (sub query by log id with index Table) -SELECT * FROM session_record AS session_record WHERE common_log_id IN ( SELECT common_log_id FROM session_record_common_client_ip AS session_record_common_client_ip WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time desc LIMIT 30 ---Q15.All Fields Query by Server IP(sub query by log id with index Table) -SELECT * FROM session_record AS session_record WHERE common_log_id IN ( SELECT common_log_id FROM session_record_common_server_ip AS session_record_common_server_ip WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time desc LIMIT 30 ---Q16.All Fields Query by Domain(sub query by log id with index Table) -SELECT * FROM session_record AS session_record WHERE common_log_id IN ( SELECT common_log_id FROM session_record_http_domain AS session_record_http_domain WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time desc LIMIT 30 ---Q17.Session Logs Sent to Database Trend(Time Grain 5 minute) -SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", count(common_log_id) AS "logs" FROM session_record AS session_record WHERE ( ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ) ) GROUP BY "Receive Time" LIMIT 10000 ---Q18.Traffic Bandwidth Trend(Time Grain 30 second) -SELECT toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 30 SECOND)))) AS stat_time, sum(common_c2s_byte_num) AS bytes_sent, sum(common_s2c_byte_num) AS bytes_received, sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, sum(common_c2s_pkt_num + common_s2c_pkt_num) AS packets, sum(common_sessions) AS sessions FROM session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 10000 ---Q19.Log Tend by Type (Time Grain 5 minute) -SELECT toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE)))) AS stat_time, common_schema_type AS type, sum(common_sessions) AS sessions, sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, sum(common_c2s_pkt_num + common_s2c_pkt_num) AS packets FROM session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) GROUP BY stat_time, common_schema_type ORDER BY stat_time ASC LIMIT 10000 ---Q20.Traffic Metrics Analytic -SELECT round(sum(common_s2c_byte_num) * 8 / 300,2) AS trafficInBits, round(sum(common_c2s_byte_num) * 8 / 300,2) AS trafficOutBits, round(sum(common_s2c_byte_num + common_c2s_byte_num) * 8 / 300,2) AS trafficTotalBits, round(sum(common_s2c_pkt_num) / 300,2) AS trafficInPackets, round(sum(common_c2s_pkt_num) / 300,2) AS trafficOutPackets, round(sum(common_s2c_pkt_num + common_c2s_pkt_num) / 300,2) AS trafficTotalPackets, round(sum(common_sessions) / 300,2) AS sessions FROM session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ---Q21.Traffic Endpoints Metrics Trend(Time Grain 5 minute) -SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", uniq(common_internal_ip) AS "Unique Internal IP", uniq(common_external_ip) AS "Unique External IP", uniq(common_subscriber_id) AS "Unique Subscriber ID", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "Bytes", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Receive Time" LIMIT 10000 ---Q22.Endpoint Unique Num by L4 Protocol -SELECT 'all' AS type, uniq(common_client_ip) AS client_ips, uniq(common_internal_ip) AS internal_ips, uniq(common_server_ip) AS server_ips, uniq(common_external_ip) AS external_ips, uniq(common_subscriber_id) as subscriber_ids FROM session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) UNION ALL SELECT 'tcp' AS type, uniq(common_client_ip) AS client_ips, uniq(common_internal_ip) AS internal_ips, uniq(common_server_ip) AS server_ips, uniq(common_external_ip) AS external_ips, uniq(common_subscriber_id) as subscriber_ids FROM session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND common_l4_protocol IN ( 'IPv4_TCP', 'IPv6_TCP' ) UNION ALL SELECT 'UDP' AS type, uniq(common_client_ip) AS client_ips, uniq(common_internal_ip) AS internal_ips, uniq(common_server_ip) AS server_ips, uniq(common_external_ip) AS external_ips, uniq(common_subscriber_id) as subscriber_ids FROM session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND common_l4_protocol IN ( 'IPv4_UDP', 'IPv6_UDP' ) ---Q23.One-sided Connection Trend(Time Grain 5 minute) -SELECT toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE)))) AS stat_time, (CASE WHEN common_stream_dir = 1 THEN 'c2s' WHEN common_stream_dir = 2 THEN 's2c' WHEN common_stream_dir = 3 THEN 'double' ELSE 'None' END) AS type, sum(common_sessions) AS sessions FROM session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) GROUP BY stat_time, common_stream_dir ORDER BY stat_time ASC LIMIT 10000 ---Q24. Estimated One-sided Sessions with Bandwidth -SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", sum(common_sessions) AS "sessions", sum(if(common_stream_dir <> 3, common_sessions, 0)) AS "one_side_sessions", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "Bytes", round(one_side_sessions / sessions, 2) AS one_side_percent FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Receive Time" LIMIT 10000 ---Q25.Estimated TCP Sequence Gap Loss -SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", sum(common_c2s_byte_num + common_s2c_byte_num) AS "bytes", sum(common_c2s_tcp_lostlen + common_s2c_tcp_lostlen) AS "gap_loss_bytes", round(gap_loss_bytes / bytes, 2) AS gap_loss_percent FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( common_l4_protocol IN ( 'IPv4_TCP', 'IPv6_TCP' ) ) GROUP BY "Receive Time" LIMIT 10000 ---Q26.Top30 Server IP by Bytes -SELECT "server_ip" AS "server_ip" , SUM(coalesce("bytes",0)) AS "bytes" , SUM(coalesce("bytes_sent",0)) AS "Sent" , SUM(coalesce("bytes_received",0)) AS "Received" , SUM(coalesce("sessions",0)) AS "sessions" FROM ( SELECT SUM(coalesce(common_c2s_byte_num,0)) AS "bytes_sent" , SUM(coalesce(common_s2c_byte_num,0)) AS "bytes_received" , SUM(common_c2s_byte_num+common_s2c_byte_num) AS "bytes" , SUM(coalesce(common_sessions,0)) AS "sessions" , common_server_ip AS "server_ip" FROM session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty( common_server_ip) ) GROUP BY "server_ip" ORDER BY "bytes" desc ) GROUP BY "server_ip" ORDER BY "bytes" desc LIMIT 30 ---Q27.Top30 Client IP by Sessions -SELECT common_client_ip , COUNT(*) AS sessions FROM session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) GROUP BY common_client_ip ORDER BY sessions desc LIMIT 0,30 ---Q28.Top30 TCP Server Ports by Sessions -SELECT "Server Port" AS "Server Port", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT common_server_port AS "Server Port", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( common_l4_protocol IN ( 'IPv4_TCP', 'IPv6_TCP' ) ) GROUP BY "Server Port" LIMIT 1048576) GROUP BY "Server Port" ORDER BY "Sessions" DESC LIMIT 30 ---Q29.Top30 Domian by Bytes -SELECT "domain" AS "Website Domain" , SUM(coalesce("bytes",0)) AS "Throughput" FROM ( SELECT SUM(coalesce(common_c2s_byte_num,0)) AS "bytes_sent" , SUM(coalesce(common_s2c_byte_num,0)) AS "bytes_received" , SUM(coalesce(common_c2s_byte_num+common_s2c_byte_num,0)) AS "bytes" , http_domain AS "domain" FROM session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty( http_domain) ) GROUP BY "domain" ORDER BY "bytes" desc ) GROUP BY "domain" ORDER BY "Throughput" desc LIMIT 30 ---Q30.Top30 Endpoint Devices by Bandwidth -SELECT "device_id" AS "device_id", sum(coalesce("bytes", 0)) AS "bytes", sum(coalesce("bytes_sent", 0)) AS "Sent", sum(coalesce("bytes_received", 0)) AS "Received" FROM (SELECT sum(coalesce(common_c2s_byte_num, 0)) AS "bytes_sent", sum(coalesce(common_s2c_byte_num, 0)) AS "bytes_received", sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, common_device_id AS "device_id" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "device_id" ORDER BY "bytes" DESC LIMIT 1048576) GROUP BY "device_id" ORDER BY "bytes" DESC LIMIT 30 ---Q31.Top30 Domain by Unique Client IP -SELECT "Http.Domain" AS "Http.Domain", sum(coalesce("Client IP", 0)) AS "Client IP" FROM (SELECT http_domain AS "Http.Domain", uniq(common_client_ip) AS "Client IP" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(http_domain) ) GROUP BY "Http.Domain" ORDER BY "Client IP" DESC LIMIT 1048576) GROUP BY "Http.Domain" ORDER BY "Client IP" DESC LIMIT 30 ---Q32.Top100 Most Time Consuming Domains -SELECT "Domain" AS "Domain", avg(coalesce("Avg Establish Latency(ms)", 0)) AS "Avg Establish Latency(ms)" FROM (SELECT http_domain AS "Domain", avg(coalesce(common_establish_latency_ms, 0)) AS "Avg Establish Latency(ms)" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(http_domain) ) GROUP BY "Domain" LIMIT 1048576) GROUP BY "Domain" ORDER BY "Avg Establish Latency(ms)" DESC LIMIT 100 ---Q33.Top30 Sources by Sessions -SELECT "source" AS "source", sum(coalesce("sessions", 0)) AS "sessions" FROM (SELECT coalesce(nullif(common_subscriber_id, ''), nullif(common_client_ip, '')) AS "source", sum(coalesce(common_sessions, 0)) AS "sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "source" ORDER BY "sessions" DESC LIMIT 1048576) GROUP BY "source" ORDER BY "sessions" DESC LIMIT 30 ---Q34.Top30 Destinations by Sessions -SELECT "destination" AS "destination", sum(coalesce("sessions", 0)) AS "sessions" FROM (SELECT coalesce(nullif(http_domain, ''), nullif(common_server_ip, '')) AS "destination", sum(coalesce(common_sessions, 0)) AS "sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "destination" ORDER BY "sessions" DESC LIMIT 1048576) GROUP BY "destination" ORDER BY "sessions" DESC LIMIT 30 ---Q35.Top30 Destination Regions by Bandwidth -SELECT "server_location" AS "server_location", sum(coalesce("bytes", 0)) AS "bytes", sum(coalesce("bytes_sent", 0)) AS "Sent", sum(coalesce("bytes_received", 0)) AS "Received" FROM (SELECT arrayElement(splitByString(',', common_server_location), length(splitByString(',', common_server_location))) AS "server_location", sum(coalesce(common_c2s_byte_num, 0)) AS "bytes_sent", sum(coalesce(common_s2c_byte_num, 0)) AS "bytes_received", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "bytes", sum(coalesce(common_sessions, 0)) AS "sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "server_location" ORDER BY "bytes" DESC LIMIT 1048576) GROUP BY "server_location" ORDER BY "bytes" DESC LIMIT 30 ---Q36.Top30 URLS by Sessions -SELECT "Http URL" AS "Http URL", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT http_url AS "Http URL", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Http URL" LIMIT 1048576) GROUP BY "Http URL" ORDER BY "Sessions" DESC LIMIT 30 ---Q37.Top30 Destination Transmission APP by Bandwidth -SELECT "server_ip" AS "server_ip", groupUniqArray(coalesce("trans_app", 0)) AS "trans_app", sum(coalesce("bytes", 0)) AS "bytes", sum(coalesce("bytes_sent", 0)) AS "Sent", sum(coalesce("bytes_received", 0)) AS "Received" FROM (SELECT sum(coalesce(common_c2s_byte_num, 0)) AS "bytes_sent", sum(coalesce(common_s2c_byte_num, 0)) AS "bytes_received", sum(common_c2s_byte_num + common_s2c_byte_num) AS "bytes", groupUniqArray(concat(common_l4_protocol, '/', toString(common_server_port))) AS "trans_app", common_server_ip AS "server_ip" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(common_server_ip) ) GROUP BY "server_ip" ORDER BY "bytes" DESC LIMIT 1048576) GROUP BY "server_ip" ORDER BY "bytes" DESC LIMIT 30 ---Q38.Browsing Users by Website domains and Sessions -SELECT "Subscriber ID" AS "Subscriber ID", "Http.Domain" AS "Http.Domain", sum(coalesce("sessions", 0)) AS "sessions" FROM (SELECT http_domain AS "Http.Domain", common_subscriber_id AS "Subscriber ID", sum(coalesce(common_sessions, 0)) AS "sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(http_domain) AND notEmpty(common_subscriber_id) ) GROUP BY "Http.Domain", "Subscriber ID" ORDER BY "sessions" DESC LIMIT 1048576) GROUP BY "Subscriber ID", "Http.Domain" ORDER BY "sessions" DESC LIMIT 10000 ---Q39.Top Domain and Server IP by Bytes Sent -SELECT "Http.Domain" AS "Http.Domain" , "Server IP" AS "Server IP" , SUM(coalesce("Bytes Sent",0)) AS "Bytes Sent" FROM ( SELECT common_server_ip AS "Server IP" , http_domain AS "Http.Domain" , SUM(coalesce(common_c2s_byte_num+common_s2c_byte_num,0)) AS "Bytes" , SUM(coalesce(common_c2s_byte_num,0)) AS "Bytes Sent" , SUM(coalesce(common_s2c_byte_num,0)) AS "Bytes Received" FROM session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty( http_domain) ) GROUP BY "Server IP" , "Http.Domain" ORDER BY "Bytes" desc LIMIT 1048576 ) GROUP BY "Http.Domain" , "Server IP" ORDER BY "Bytes Sent" desc LIMIT 10000 ---Q40.Top30 Website Domains by Client IP and Sessions -SELECT "Http.Domain" AS "Http.Domain", "Client IP" AS "Client IP", sum(coalesce("sessions", 0)) AS "sessions" FROM (SELECT common_client_ip AS "Client IP", http_domain AS "Http.Domain", sum(coalesce(common_sessions, 0)) AS "sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(http_domain) ) GROUP BY "Client IP", "Http.Domain" ORDER BY "sessions" DESC LIMIT 1048576) GROUP BY "Http.Domain", "Client IP" ORDER BY "sessions" DESC LIMIT 10000 ---Q41.Domain is Accessed by Unique Client IP Trend(bytes Time Grain 5 minute) -SELECT toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) AS _time , http_domain AS Domain, COUNT(DISTINCT(common_client_ip)) AS nums FROM session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND notEmpty(http_domain) AND http_domain IN ( SELECT http_domain FROM session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND notEmpty(http_domain) GROUP BY http_domain ORDER BY SUM(common_s2c_byte_num+common_c2s_byte_num) DESC LIMIT 5 ) GROUP BY toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) , http_domain ORDER BY toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) DESC LIMIT 10000 ---Q42. Domain is Accessed by Unique Client IP Trend(sessions,Time Grain 5 minute) -SELECT toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),3600)*3600) AS stat_time , http_domain , uniq (common_client_ip) AS nums FROM session_record AS session_record WHERE common_recv_time >= toDateTime(@start)-604800 AND common_recv_time < toDateTime(@end) AND http_domain IN ( SELECT http_domain FROM session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND notEmpty(http_domain) GROUP BY http_domain ORDER BY COUNT(*) desc LIMIT 5 ) group by toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)*3600), http_domain ORDER BY stat_time desc LIMIT 10000 ---Q43.Bandwidth Trend with Device ID(Time Grain 5 minute) -SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", common_device_id AS "Device ID", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "Bytes" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Receive Time", "Device ID" LIMIT 10000 ---Q44.Internal IP by Sled IP and Sessions -SELECT "Internal IP" AS "Internal IP", "Sled IP" AS "Sled IP", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT common_sled_ip AS "Sled IP", common_internal_ip AS "Internal IP", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Sled IP", "Internal IP" LIMIT 1048576) GROUP BY "Internal IP", "Sled IP" ORDER BY "Sessions" DESC LIMIT 10000 ---Q45.Bandwidth Trend with Internal IP (Time Grain 5 minute) -SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "Bytes", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS "Packets", sum(coalesce(common_sessions, 0)) AS "New Sessions", sum(coalesce(common_c2s_byte_num, 0)) AS "Bytes Sent", sum(coalesce(common_s2c_byte_num, 0)) AS "Bytes Received", sum(coalesce(common_c2s_pkt_num, 0)) AS "Packets Sent", sum(coalesce(common_s2c_pkt_num, 0)) AS "Packets Received" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) AND @common_filter ) GROUP BY "Receive Time" LIMIT 10000 ---Q46.Top30 Domains Detail with Internal IP -SELECT "Domain" AS "Domain", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT http_domain AS "Domain", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) AND @common_filter ) AND ( notEmpty(http_domain) ) GROUP BY "Domain" LIMIT 1048576) GROUP BY "Domain" ORDER BY "Sessions" DESC LIMIT 30 ---Q47.Top30 URLS Detail with Internal IP -SELECT "URL" AS "URL", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT http_url AS "URL", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) AND @common_filter ) AND ( notEmpty(http_url) ) GROUP BY "URL" LIMIT 1048576) GROUP BY "URL" ORDER BY "Sessions" DESC LIMIT 30 ---Q48.Top Domains with Unique Client IP and Subscriber ID -SELECT "Http.Domain" AS "Http.Domain", sum(coalesce("Unique Client IP", 0)) AS "Unique Client IP", sum(coalesce("Unique Subscriber ID", 0)) AS "Unique Subscriber ID" FROM (SELECT http_domain AS "Http.Domain", uniq(common_client_ip) AS "Unique Client IP", uniq(common_subscriber_id) AS "Unique Subscriber ID" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(http_domain) ) GROUP BY "Http.Domain" LIMIT 1048576) GROUP BY "Http.Domain" ORDER BY "Unique Client IP" DESC LIMIT 100 ---Q49.Top100 Domains by Packets sent -SELECT "Http.Domain" AS "Http.Domain", sum(coalesce("Packets Sent", 0)) AS "Packets Sent" FROM (SELECT http_domain AS "Http.Domain", sum(coalesce(common_c2s_pkt_num, 0)) AS "Packets Sent" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Http.Domain" LIMIT 1048576) GROUP BY "Http.Domain" ORDER BY "Packets Sent" DESC LIMIT 100 ---Q50.Internal and External asymmetric traffic -SELECT "Internal IP" AS "Internal IP", "External IP" AS "External IP", "Sled IP" AS "Sled IP", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT common_sled_ip AS "Sled IP", common_external_ip AS "External IP", common_internal_ip AS "Internal IP", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "Bytes Sent+Bytes Received", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( common_stream_dir != 3 ) GROUP BY "Sled IP", "External IP", "Internal IP" LIMIT 1048576) GROUP BY "Internal IP", "External IP", "Sled IP" ORDER BY "Sessions" DESC LIMIT 500 ---Q51.Client and Server ASN asymmetric traffic -SELECT "Client ASN" AS "Client ASN", "Server ASN" AS "Server ASN", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT common_server_asn AS "Server ASN", common_client_asn AS "Client ASN", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( common_stream_dir != 3 ) GROUP BY "Server ASN", "Client ASN" LIMIT 1048576) GROUP BY "Client ASN", "Server ASN" ORDER BY "Sessions" DESC LIMIT 500 ---Q52.Top handshake latency by Website and Client IPs -SELECT "SSL.SNI" AS "SSL.SNI", "Client IP" AS "Client IP", avg(coalesce("Establish Latency(ms)", 0)) AS "Establish Latency(ms)" FROM (SELECT common_client_ip AS "Client IP", ssl_sni AS "SSL.SNI", avg(coalesce(common_establish_latency_ms, 0)) AS "Establish Latency(ms)" FROM session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Client IP", "SSL.SNI" LIMIT 1048576) GROUP BY "SSL.SNI", "Client IP" ORDER BY "Establish Latency(ms)" DESC LIMIT 500 ---Q53.Domain baidu.com Drill down Client IP -select common_client_ip as "Client IP" , avg(common_establish_latency_ms) as "Establishing Time Mean(ms)", count(1) as Responses,any(common_client_location) as Location from session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and http_domain='baidu.com' group by "Client IP" order by Responses desc limit 100 ---Q54.Domain baidu.com Drill down Server IP -select common_server_ip as "Server IP" , avg(http_response_latency_ms) as "Server Processing Time Mean(ms)", count(1) as Responses,any(common_server_location) as Location from session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and http_domain='baidu.com' group by "Server IP" order by Responses desc limit 100 ---Q55.Domain baidu.com Drill down URI -select http_url as "URI" , avg(http_response_latency_ms) as "Server Processing Time Mean(ms)", count(1) as Responses from session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and http_domain='baidu.com' group by "URI" order by Responses desc limit 100 ---Q56.L7 Protocol Metrics -select common_l7_protocol as "Protocol" , uniq(common_client_ip) as "Clients" , uniq(common_server_ip) as "Servers", count(1) as Sessions,sum(common_c2s_byte_num+common_s2c_byte_num) as bytes from session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and notEmpty(common_l7_protocol) group by common_l7_protocol order by bytes desc ---Q57.L7 Protocol SIP Drill down Client IP -select common_client_ip as "Client IP" , count(1) as Sessions,sum(common_c2s_byte_num) as "Bytes Out", sum(common_s2c_byte_num) as "Bytes In",any(common_client_location) as Location from session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and common_l7_protocol='SIP' group by "Client IP" order by Sessions desc limit 100 ---Q58.L7 Protocol SIP Drill down Server IP -select common_server_ip as "Server IP" , count(1) as Sessions,sum(common_c2s_byte_num) as "Bytes Out", sum(common_s2c_byte_num) as "Bytes In",any(common_server_location) as Location from session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and common_l7_protocol='SIP' group by "Server IP" order by Sessions desc limit 100 ---Q59.Top5 Server IP keys with Unique Client IPs Trend (Grain 5 minute) -SELECT toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) AS _time , common_server_ip AS server_ip, COUNT(DISTINCT(common_client_ip)) AS nums FROM session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND common_server_ip IN ( SELECT common_server_ip FROM session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) GROUP BY common_server_ip ORDER BY count(*) DESC LIMIT 5 ) GROUP BY toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) , server_ip ORDER BY toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) DESC LIMIT 10000
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/columns_cluster.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/columns_cluster.json deleted file mode 100644 index d190d3c..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/columns_cluster.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "namespace": "system", - "type": "record", - "name": "columns_cluster", - "fields": [ - { - "name": "database", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/disks_cluster.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/disks_cluster.json deleted file mode 100644 index 70777c6..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/disks_cluster.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "namespace": "system", - "type": "record", - "name": "disks_cluster", - "fields": [ - { - "name": "name", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/dos_event.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/dos_event.json deleted file mode 100644 index cb22113..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/dos_event.json +++ /dev/null @@ -1,348 +0,0 @@ -{ - "type": "record", - "name": "dos_event", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "log_id", - "partition_key": "start_time", - "functions": { - "aggregation": [ - { - "name": "COUNT", - "label": "COUNT", - "function": "count(expr)" - }, - { - "name": "COUNT_DISTINCT", - "label": "COUNT_DISTINCT", - "function": "count(distinct expr)" - }, - { - "name": "AVG", - "label": "AVG", - "function": "avg(expr)" - }, - { - "name": "SUM", - "label": "SUM", - "function": "sum(expr)" - }, - { - "name": "MAX", - "label": "MAX", - "function": "max(expr)" - }, - { - "name": "MIN", - "label": "MIN", - "function": "min(expr)" - } - ], - "operator": [ - { - "name": "=", - "label": "=", - "function": "expr = value" - }, - { - "name": "!=", - "label": "!=", - "function": "expr != value" - }, - { - "name": ">", - "label": ">", - "function": "expr > value" - }, - { - "name": "<", - "label": "<", - "function": "expr < value" - }, - { - "name": ">=", - "label": ">=", - "function": "expr >= value" - }, - { - "name": "<=", - "label": "<=", - "function": "expr <= value" - }, - { - "name": "has", - "label": "HAS", - "function": "has(expr, value)" - }, - { - "name": "in", - "label": "IN", - "function": "expr in (values)" - }, - { - "name": "not in", - "label": "NOT IN", - "function": "expr not in (values)" - }, - { - "name": "like", - "label": "LIKE", - "function": "expr like value" - }, - { - "name": "not like", - "label": "NOT LIKE", - "function": "expr not like value" - }, - { - "name": "notEmpty", - "label": "NOT EMPTY", - "function": "notEmpty(expr)" - }, - { - "name": "empty", - "label": "EMPTY", - "function": "empty(expr)" - } - ] - }, - "schema_query": { - "references": { - "aggregation": [ - { - "type": "int", - "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" - }, - { - "type": "long", - "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" - }, - { - "type": "float", - "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" - }, - { - "type": "double", - "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" - }, - { - "type": "string", - "functions": "COUNT,COUNT_DISTINCT" - }, - { - "type": "date", - "functions": "COUNT,COUNT_DISTINCT,MAX,MIN" - }, - { - "type": "timestamp", - "functions": "COUNT,COUNT_DISTINCT,MAX,MIN" - } - ], - "operator": [ - { - "type": "int", - "functions": "=,!=,>,<,>=,<=,in,not in" - }, - { - "type": "long", - "functions": "=,!=,>,<,>=,<=,in,not in" - }, - { - "type": "float", - "functions": "=,!=,>,<,>=,<=" - }, - { - "type": "double", - "functions": "=,!=,>,<,>=,<=" - }, - { - "type": "string", - "functions": "=,!=,in,not in,like,not like,notEmpty,empty" - }, - { - "type": "date", - "functions": "=,!=,>,<,>=,<=" - }, - { - "type": "timestamp", - "functions": "=,!=,>,<,>=,<=" - }, - { - "type": "array", - "functions": "has" - } - ] - } - }, - "default_columns": [ - "log_id", - "attack_type", - "source_ip_list", - "destination_ip", - "severity", - "start_time", - "end_time", - "packet_rate", - "bit_rate", - "session_rate" - ] - }, - "fields": [ - { - "name": "start_time", - "label": "Start Time", - "doc": { - "allow_query": "true", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "end_time", - "label": "End Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "log_id", - "label": "Log ID", - "doc": { - "allow_query": "true", - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "attack_type", - "label": "Attack Type", - "doc": { - "allow_query": "true", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "TCP SYN Flood", - "value": "TCP SYN Flood" - }, - { - "code": "UDP Flood", - "value": "UDP Flood" - }, - { - "code": "ICMP Flood", - "value": "ICMP Flood" - }, - { - "code": "DNS Flood", - "value": "DNS Flood" - }, - { - "code": "DNS Amplification", - "value": "DNS Amplification" - } - ] - }, - "type": "string" - }, - { - "name": "severity", - "label": "Severity", - "doc": { - "allow_query": "true", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "Critical", - "value": "Critical" - }, - { - "code": "Severe", - "value": "Severe" - }, - { - "code": "Major", - "value": "Major" - }, - { - "code": "Warning", - "value": "Warning" - }, - { - "code": "Minor", - "value": "Minor" - } - ] - }, - "type": "string" - }, - { - "name": "conditions", - "label": "Conditions", - "type": "string" - }, - { - "name": "destination_ip", - "label": "Destination IP", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "destination_country", - "label": "Destination Country", - "type": "string" - }, - { - "name": "source_ip_list", - "label": "Source IPs", - "type": "string" - }, - { - "name": "source_country_list", - "label": "Source Countries", - "type": "string" - }, - { - "name": "session_rate", - "label": "Sessions/s", - "doc": { - "constraints": { - "type": "sessions/sec" - } - }, - "type": "long" - }, - { - "name": "packet_rate", - "label": "Packets/s", - "doc": { - "constraints": { - "type": "packets/sec" - } - }, - "type": "long" - }, - { - "name": "bit_rate", - "label": "Bits/s", - "doc": { - "constraints": { - "type": "bits/sec" - } - }, - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/druid-filter.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/druid-filter.json deleted file mode 100644 index d124633..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/druid-filter.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "version": "1.0", - "name": "druid-Raw", - "namespace": "druid", - "filters": [ - { - "name":"@start", - "value": "'2021-01-11 10:00:00'" - }, - { - "name":"@end", - "value": "'2021-01-13 11:00:00'" - }, - { - "name":"@common_filter", - "value": [ - "common_client_ip='192.168.44.21'and common_server_port=443" - ] - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/druid-queries-template.sql b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/druid-queries-template.sql deleted file mode 100644 index c56d2c8..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/druid-queries-template.sql +++ /dev/null @@ -1,92 +0,0 @@ ---Q01.All Security Event Hits -select policy_id, sum(hits) as hits from security_event_hits_log where __time >@start and __time <@end group by policy_id ---Q02.Security Event Hits with Policy ID 0 -select policy_id, sum(hits) as hits from security_event_hits_log where __time >@start and __time <@end and policy_id in (0) group by policy_id ---Q03.All Security Event Hits Trend by 5min A -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as start_time, sum(hits) as hits from security_event_hits_log where __time >= TIMESTAMP @start and __time < TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') limit 10000 ---Q04.Security Event Hit Time(first and last time) A -select policy_id,TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used from security_event_hits_log where policy_id in (0) group by policy_id ---Q05.Top 200 Security Policies -select policy_id, sum(hits) as hits from security_event_hits_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by policy_id order by hits desc limit 200 ---Q06.Top 200 Security Policies with Action -select policy_id, action, sum(hits) as hits from security_event_hits_log where __time >=@start and __time <@end group by policy_id, action order by hits desc limit 200 ---Q07.All Proxy Event Hits -select policy_id, sum(hits) as hits from proxy_event_hits_log where __time >=@start and __time <@end group by policy_id ---Q08.Proxy Event Hits with Policy ID 0 -select policy_id, sum(hits) as hits from proxy_event_hits_log where __time >=@start and __time <@end and policy_id=0 group by policy_id ---Q09.All Proxy Event Hits Trend by 5min A -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as start_time, sum(hits) as hits from proxy_event_hits_log where __time >= TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') limit 10000 ---Q10.Proxy Event Hit Time(first and last time) A -select policy_id,TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used from proxy_event_hits_log where policy_id in (0) group by policy_id ---Q11.Top 200 Proxy Policies -select policy_id, sum(hits) as hits from proxy_event_hits_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by policy_id order by hits desc limit 200 ---Q12.Top 200 Proxy Policies with sub Action -select policy_id, sub_action as action, sum(hits) as hits from proxy_event_hits_log where __time >=@start and __time <@end group by policy_id, sub_action order by hits desc limit 200 ---Q13.Proxy Action Hits -select sub_action as action, sum(hits) as hits from proxy_event_hits_log where __time >= TIMESTAMP @start and __time < TIMESTAMP @end group by sub_action ---Q14.Proxy Action Hits Trend by 5min -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as start_time, sub_action as action, sum(hits) as hits from proxy_event_hits_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') , sub_action limit 10000 ---Q15.Traffic Metrics Pinning Hits -SELECT sum(not_pinning_num) AS sessions, 'notPinningNum' AS type FROM traffic_metrics_log WHERE __time >= @start AND __time < @end UNION ALL SELECT sum(pinning_num) AS sessions, 'pinningNum' AS type FROM traffic_metrics_log WHERE __time >= @start AND __time < @end UNION ALL SELECT sum(maybe_pinning_num) AS sessions, 'maybePinningNum' AS type FROM traffic_metrics_log WHERE __time >= @start AND __time < @end ---Q16.Traffic Metrics Pinning Trend by 5Min -SELECT TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') AS statisticTime, sum(pinning_num) AS sessions FROM traffic_metrics_log WHERE __time >= @start AND __time < @end GROUP BY TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') LIMIT 10000 ---Q17.Traffic Metrics Not Pinning Trend by 5Min -SELECT TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') AS statisticTime, sum(not_pinning_num) AS sessions FROM traffic_metrics_log WHERE __time>= @start AND __time < @end GROUP BY TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') LIMIT 10000 ---Q18.Traffic Metrics Maybe Pinning Trend by 5Min -SELECT TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') AS statisticTime, sum(maybe_pinning_num) AS sessions FROM traffic_metrics_log WHERE __time >= @start AND __time < @end GROUP BY TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') LIMIT 10000 ---Q19.Traffic Metrics Throughput Bytes IN/OUT -select sum(total_in_bytes) as traffic_in_bytes, sum(total_out_bytes) as traffic_out_bytes from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end ---Q20. Traffic Metrics Throughput Packets IN/OUT -select sum(total_in_packets) as traffic_in_packets, sum(total_out_packets) as traffic_out_packets from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end ---Q21.Traffic Metrics New Sessions -select sum(new_conn_num) as sessions from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end ---Q22.Traffic Metrics Bandwidth Bytes IN/OUT -select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'traffic_in_bytes' as type, sum(total_in_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'traffic_out_bytes' as type, sum(total_out_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') ---Q23.Traffic Metrics Bandwidth Packets IN/OUT -select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'traffic_in_packets' as type, sum(total_in_packets) as packets from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'traffic_out_packets' as type, sum(total_out_packets) as packets from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') ---Q24.Traffic Metrics New Sessions Trend by 5Min -select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'new_conn_num' as type, sum(new_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') ---Q25.Traffic Metrics New and Live Sessions -select sum(new_conn_num) as new_conn_num, sum(established_conn_num) as established_conn_num from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end ---Q26.Traffic Metrics New and Live Sessions Trend by 5Min -select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'new_conn_num' as type, sum(new_conn_num) as sessions from traffic_metrics_log where __time >=TIMESTAMP @start and __time < TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'established_conn_num' as type, sum(established_conn_num) as sessions from traffic_metrics_log where __time >= TIMESTAMP @start and __time < TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') ---Q27.Traffic Metrics Security Throughput Bytes -select sum(default_in_bytes+default_out_bytes) as default_bytes, sum(allow_in_bytes+allow_out_bytes) as allow_bytes, sum(deny_in_bytes+deny_out_bytes) as deny_bytes, sum(monitor_in_bytes+monitor_out_bytes) as monitor_bytes, sum(intercept_in_bytes+intercept_out_bytes) as intercept_bytes from traffic_metrics_log where __time >=TIMESTAMP @start and __time < TIMESTAMP @end ---Q28.Traffic Metrics Security Throughput Packets -select sum(default_in_packets+default_out_packets) as default_packets, sum(allow_in_packets+allow_in_packets) as allow_packets, sum(deny_in_packets+deny_out_packets) as deny_packets, sum(monitor_in_packets+monitor_out_packets) as monitor_packets, sum(intercept_in_packets+intercept_out_packets) as intercept_packets from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end ---Q29.Traffic Metrics Security Throughput Sessions -select sum(default_conn_num) as default_sessions, sum(allow_conn_num) as allow_sessions, sum(deny_conn_num) as deny_sessions, sum(monitor_conn_num) as monitor_sessions, sum(intercept_conn_num) as intercept_sessions from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end ---Q30.Traffic Metrics Security Bandwidth Bytes by 5Min -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'default_bytes' as type, sum(default_in_bytes+default_out_bytes) as bytes from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'allow_bytes' as type, sum(allow_in_bytes+allow_out_bytes) as bytes from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'deny_bytes' as type, sum(deny_in_bytes+deny_out_bytes) as bytes from traffic_metrics_log where __time >= TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'monitor_bytes' as type, sum(monitor_in_bytes+monitor_out_bytes) as bytes from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'intercept_bytes' as type, sum(intercept_in_bytes+intercept_out_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') ---Q31.Traffic Metrics Security Bandwidth Packets by 5Min -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'default_packets' as type, sum(default_in_packets+default_out_packets) as packets from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'allow_packets' as type, sum(allow_in_packets+allow_out_packets) as packets from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'deny_packets' as type, sum(deny_in_packets+deny_out_packets) as packets from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'monitor_packets' as type, sum(monitor_in_packets+monitor_out_packets) as packets from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'intercept_packets' as type, sum(intercept_in_packets+intercept_out_packets) as packets from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') ---Q32.Traffic Metrics Security Sessions Trend by 5Min -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'default_conn_num' as type, sum(default_conn_num) as sessions from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'allow_conn_num' as type, sum(allow_conn_num) as sessions from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'deny_conn_num' as type, sum(deny_conn_num) as sessions from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'monitor_conn_num' as type, sum(monitor_conn_num) as sessions from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'intercept_conn_num' as type, sum(intercept_conn_num) as sessions from traffic_metrics_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') ---Q33.Top 100 Client IP by Sessions -select source as client_ip, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_client_ip_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end and order_by='sessions' group by source order by sessions desc limit 100 ---Q34.Top 100 Server IP by Sessions -select destination as server_ip, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_server_ip_log where __time >= @start and __time < @end and order_by='sessions' group by destination order by sessions desc limit 100 ---Q35.Top 100 Internal IP by Sessions -select source as internal_ip, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_internal_host_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end and order_by='sessions' group by source order by sessions desc limit 100 ---Q36.Top 100 External IP by Sessions -select destination as external_ip, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_external_host_log where __time >= @start and __time < @end and order_by='sessions' group by destination order by sessions desc limit 100 ---Q37.Top 100 Domain by Bytes -select domain, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_website_domain_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end and order_by='bytes' group by domain order by bytes desc limit 100 ---Q38.Top 100 Subscriber ID by Sessions -select subscriber_id, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_user_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end and order_by='sessions' group by subscriber_id order by sessions desc limit 100 ---Q39.Top 100 Hit URLS by hits -select url,sum(session_num) as hits from top_urls_log where __time >=TIMESTAMP @start and __time <TIMESTAMP @end group by url order by hits desc limit 100 ---Q40.Proxy Event Unique ISP -SELECT policy_id, APPROX_COUNT_DISTINCT_DS_HLL(isp) as num FROM proxy_event_hits_log where __time >= @start and __time < @end group by policy_id ---Q41.Traffic Composition Metrics -SELECT APPROX_COUNT_DISTINCT_DS_HLL(ip_object) AS uniq_client_ip, SUM(one_sided_connections) AS one_sided_connections, SUM(uncategorized_bytes) AS total_uncategorized_bytes, SUM(fragmentation_packets) AS fragmentation_packets, SUM(sequence_gap_loss) AS sequence_gap_loss_bytes, SUM(s2c_byte_num+c2s_byte_num) AS summaryTotalBytes, SUM(s2c_pkt_num+c2s_pkt_num) AS summaryTotalPackets, SUM(sessions) AS summarySessions FROM traffic_summary_log WHERE __time >= TIMESTAMP @start AND __time < TIMESTAMP @end LIMIT 1 ---Q42.Traffic Composition Throughput -(SELECT SUM(c2s_byte_num + s2c_byte_num) as total_bytes, SUM(sessions) as total_sessions, (SUM(c2s_byte_num + s2c_byte_num) * 8)/((TIMESTAMP_TO_MILLIS(TIMESTAMP @end )-TIMESTAMP_TO_MILLIS(TIMESTAMP @start ))/1000) AS data_rate FROM traffic_protocol_stat_log WHERE __time >= TIMESTAMP @start AND __time < TIMESTAMP @end AND protocol_id = 'ETHERNET' LIMIT 1) UNION ALL ( SELECT SUM(sessions), 0, 0 FROM traffic_protocol_stat_log WHERE __time >= TIMESTAMP @start AND __time < TIMESTAMP @end AND protocol_id = 'ETHERNET' GROUP BY __time ORDER BY __time DESC LIMIT 1 ) ---Q43.Traffic Composition Protocol Tree -SELECT protocol_id, SUM(sessions) as sessions,SUM(c2s_byte_num) as c2s_byte_num, SUM(c2s_pkt_num) as c2s_pkt_num, SUM(s2c_byte_num) as s2c_byte_num, SUM(s2c_pkt_num) as s2c_pkt_num FROM traffic_protocol_stat_log WHERE __time >= TIMESTAMP @start AND __time < TIMESTAMP @end GROUP BY protocol_id ---Q44.System Quota -SELECT log_type, SUM(used_size) as used_size, SUM(max_size) * 7/10 as max_size, TIME_FORMAT(LATEST(last_storage) * 1000,'YYYY-MM-dd') as first_storage FROM ( SELECT log_type, LATEST(used_size) as used_size, LATEST(max_size) as max_size, LATEST(last_storage) as last_storage FROM sys_storage_log WHERE __time >= CURRENT_TIMESTAMP - INTERVAL '1' HOUR AND data_center != '' GROUP BY data_center,log_type ) GROUP BY log_type ---Q45.System Quota Daily Trend -select TIME_FORMAT(__time,'YYYY-MM-dd') as stat_time,log_type as type, sum(aggregate_size) as used_size from sys_storage_log where __time >= @start and __time < @end group by TIME_FORMAT(__time,'YYYY-MM-dd'), log_type ---Q46.Traffic Statistics(Metrics01) -select sum(total_hit_sessions) as total_hit_sessions, sum(total_bytes_transferred) as total_bytes_transferred, sum(total_packets_transferred) as total_packets_transferred, sum(total_new_sessions) as total_new_sessions , sum(total_close_sessions) as total_close_sessions, sum(average_new_sessions_per_second) as average_new_sessions_per_second , sum(average_bytes_per_second) as average_bytes_per_second , sum(average_packets_per_second) as average_packets_per_second , COUNT(DISTINCT(device_id)) as device_num, sum(live_sessions) as average_live_sessions from ( select device_id, sum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions, sum(total_in_bytes + total_out_bytes) as total_bytes_transferred, sum(total_in_packets + total_out_packets) as total_packets_transferred, sum(new_conn_num) as total_new_sessions, sum(close_conn_num) as total_close_sessions, avg(nullif(new_conn_num, 0))/ 5 as average_new_sessions_per_second, avg(nullif(total_in_bytes + total_out_bytes, 0))* 8 / 5 as average_bytes_per_second, avg(nullif(total_in_packets + total_out_packets, 0))/ 5 as average_packets_per_second, avg(nullif(established_conn_num, 0)) as live_sessions from traffic_metrics_log where __time >= @start and __time < @end group by device_id)
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/engine-filter.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/engine-filter.json deleted file mode 100644 index 21fc9d5..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/engine-filter.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "version": "1.0", - "name": "Engine-Raw", - "namespace": "Engine", - "filters": [ - { - "name":"@start", - "value": "'2021-01-11 10:00:00'" - }, - { - "name":"@end", - "value": "'2021-01-13 11:00:00'" - }, - { - "name":"@common_filter", - "value": [ - "common_log_id=1153021139190754263", - "common_client_ip='36.189.226.21'", - "common_internal_ip='223.116.37.192'", - "common_server_ip='8.8.8.8'", - "common_external_ip='111.10.53.14'", - "common_client_port=52607", - "common_server_port=443", - "common_c2s_pkt_num>5", - "common_s2c_pkt_num>5", - "common_c2s_byte_num>100", - "common_s2c_byte_num<200", - "common_schema_type='DNS'", - "common_establish_latency_ms>200", - "common_con_duration_ms>10000", - "common_stream_trace_id=1153021139190754263", - "common_tcp_client_isn=2857077935", - "common_tcp_server_isn=0", - "http_domain='microsoft.com'", - "mail_account='[email protected]'", - "mail_subject='test'", - "dns_qname='qbwup.imtt.qq.com'", - "ssl_sni='note.youdao.com'", - "ssl_con_latency_ms>100", - "ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1'", - "common_client_ip='36.189.226.21' and common_server_ip='8.8.8.8'", - "common_server_ip='111.10.53.14' and common_server_port=443", - "mail_account like 'abc@%'", - "http_domain like '%baidu.com%'", - "ssl_sni like '%youdao.com'", - "common_client_ip in ('36.189.226.21','111.10.53.14')", - "common_server_port not in (80,443)", - "notEmpty(http_domain)", - "http_domain not like '%microsoft.com'" - ] - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/engine-queries-template.sql b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/engine-queries-template.sql deleted file mode 100644 index 4dabe5d..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/engine-queries-template.sql +++ /dev/null @@ -1,92 +0,0 @@ ---Q01.CK DateTime -select toDateTime(common_recv_time) as common_recv_time from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) limit 20 ---Q02.Standard DateTime -select FROM_UNIXTIME(common_recv_time) as common_recv_time from session_record where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) limit 20 ---Q03.count(1) -select count(1) from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) ---Q04.count(*) -select count(*) from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) ---Q05.UDF APPROX_COUNT_DISTINCT_DS_HLL -SELECT policy_id, APPROX_COUNT_DISTINCT_DS_HLL(isp) as num FROM proxy_event_hits_log where __time >= @start and __time < @end and policy_id=0 group by policy_id ---Q06.UDF TIME_FLOOR_WITH_FILL -select TIME_FLOOR_WITH_FILL(common_recv_time,'PT5M','previous') as stat_time from session_record where common_recv_time > @start and common_recv_time < @end group by stat_time ---Q07.UDF GEO IP -select IP_TO_GEO(common_client_ip) as geo,IP_TO_CITY(common_server_ip) as city,IP_TO_COUNTRY(common_server_ip) as country from session_record limit 10 ---Q08.Special characters -select * from session_record where (common_protocol_label ='/$' or common_client_ip like'%') limit 10 ---Q09.Federation Query -select * from (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT5M','zero')) as stat_time from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) group by stat_time order by stat_time asc) ---Q10.Catalog Database -select * from tsg_galaxy_v3.session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) limit 20 ---Q11.Session Record Logs -select * from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) AND @common_filter order by common_recv_time desc limit 20 ---Q12.Live Session Record Logs -select * from interim_session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) AND @common_filter order by common_recv_time desc limit 20 ---Q13.Transaction Record Logs -select * from transaction_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) order by common_recv_time desc limit 20 ---Q14.Security Event Logs -select * from security_event where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) AND @common_filter order by common_recv_time desc limit 0,20 ---Q15.Proxy Event Logs -select * from proxy_event where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) order by common_recv_time desc limit 0,20 ---Q16.Radius Record Logs -select * from radius_record where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) order by common_recv_time desc limit 0,20 ---Q17.GTPC Record Logs -select * from gtpc_record where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) order by common_recv_time desc limit 0,20 ---Q18.Security Event Logs with fields -select FROM_UNIXTIME(common_recv_time) as common_recv_time,common_log_id,common_policy_id,common_subscriber_id,common_client_ip,common_client_port,common_l4_protocol,common_address_type,common_server_ip,common_server_port,common_action,common_direction,common_sled_ip,common_client_location,common_client_asn,common_server_location,common_server_asn,common_c2s_pkt_num,common_s2c_pkt_num,common_c2s_byte_num,common_s2c_byte_num,common_schema_type,common_sub_action,common_device_id, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,common_establish_latency_ms,common_con_duration_ms,common_stream_dir,common_stream_trace_id,http_url,http_host,http_domain,http_request_body,http_response_body,http_cookie,http_referer,http_user_agent,http_content_length,http_content_type,http_set_cookie,http_version,http_response_latency_ms,http_action_file_size,http_session_duration_ms,mail_protocol_type,mail_account,mail_from_cmd,mail_to_cmd,mail_from,mail_to,mail_cc,mail_bcc,mail_subject,mail_attachment_name,mail_eml_file,dns_message_id,dns_qr,dns_opcode,dns_aa,dns_tc,dns_rd,dns_ra,dns_rcode,dns_qdcount,dns_ancount,dns_nscount,dns_arcount,dns_qname,dns_qtype,dns_qclass,dns_cname,dns_sub,dns_rr,ssl_sni,ssl_san,ssl_cn,ssl_pinningst,ssl_intercept_state,ssl_server_side_latency,ssl_client_side_latency,ssl_server_side_version,ssl_client_side_version,ssl_cert_verify,ssl_error,quic_version,quic_sni,quic_user_agent,ftp_account,ftp_url,ftp_content from security_event where common_recv_time >= @start and common_recv_time < @end order by common_recv_time desc limit 10000 ---Q19.Radius ON/OFF Logs For Frame IP -select framed_ip, arraySlice(groupUniqArray(concat(toString(event_timestamp),':', if(acct_status_type=1,'start','stop'))),1,100000) as timeseries from radius_onff_log where event_timestamp >=toDateTime(@start) and event_timestamp <toDateTime(@end) group by framed_ip limit 20 ---Q20.Radius ON/OFF Logs For Account -select account, arraySlice(groupUniqArray(concat(toString(event_timestamp),':', if(acct_status_type=1,'start','stop'))),1,100000) as timeseries from radius_onff_log where event_timestamp >= @start and event_timestamp < @end group by account ---Q21.Radius ON/OFF Logs total Account number -select count(distinct(framed_ip)) as active_ip_num , sum(acct_session_time) as online_duration from (select any(framed_ip) as framed_ip ,max(acct_session_time) as acct_session_time from radius_onff_log where account='000jS' and event_timestamp >= @start and event_timestamp < @end group by acct_session_id) ---Q22.Radius ON/OFF Logs Account Access Detail -select max(if(acct_status_type=1,event_timestamp,0)) as start_time,max(if(acct_status_type=2,event_timestamp,0)) as end_time, any(framed_ip) as ip,max(acct_session_time) as online_duration from radius_onff_log where event_timestamp >= @start and event_timestamp < @end group by acct_session_id order by start_time desc limit 200 ---Q23.Report for Client IP -select common_client_ip, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@end)) group by common_client_ip order by sessions desc limit 0,100 ---Q24.Report for Server IP -select common_server_ip, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) group by common_server_ip order by sessions desc limit 0,100 ---Q25.Report for SSL SNI -select ssl_sni, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) group by ssl_sni order by sessions desc limit 0,100 ---Q26.Report for SSL APP -select common_app_label as applicaiton, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) group by applicaiton order by sessions desc limit 0,100 ---Q27.Report for Domains -select http_domain AS domain,SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes,SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes,SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes FROM session_record WHERE common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(domain) GROUP BY domain ORDER BY bytes DESC LIMIT 100 ---Q28.Report for Domains with unique Client IP -select toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300) as stat_time, http_domain, uniq (common_client_ip) as nums from session_record where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and http_domain in (select http_domain from session_record where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(http_domain) group by http_domain order by SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) desc limit 10 ) group by toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300), http_domain order by stat_time asc limit 500 ---Q29. Report for HTTP Host -SELECT http_host as host, SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes,SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes,SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes FROM session_record WHERE common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(http_host) GROUP BY host ORDER BY bytes DESC limit 100 union all SELECT 'totals' as host, SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes, SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes, SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(http_host) ---Q30.Report for HTTP/HTTPS URLS with Sessions -SELECT http_url AS url,count(*) AS sessions FROM proxy_event WHERE common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(http_url) GROUP BY url ORDER BY sessions DESC LIMIT 100 ---Q31.Report for HTTP/HTTPS URLS with UNIQUE Client IP -select toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300) as stat_time, http_url, count(distinct(common_client_ip)) as nums from proxy_event where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and http_url IN (select http_url from proxy_event where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(http_url) group by http_url order by count(*) desc limit 10 ) group by toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300), http_url order by stat_time asc limit 500 ---Q32.Report for Subscriber ID with Sessions -select common_subscriber_id as user, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(user) group by common_subscriber_id order by sessions desc limit 0,100 ---Q33.Report for Subscriber ID with Bandwidth -SELECT common_subscriber_id as user,SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes,SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes,SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes FROM session_record WHERE common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(user) GROUP BY user ORDER BY bytes DESC LIMIT 100 ---Q34.Report Unique Endpoints -select uniq(common_client_ip) as "Client IP",uniq(common_server_ip) as "Server IP",uniq(common_internal_ip) as "Internal IP",uniq(common_external_ip) as "External IP",uniq(http_domain) as "Domain",uniq(ssl_sni) as "SNI" from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) ---Q35.TopN Optimizer -SELECT http_url AS url, SUM(common_sessions) AS sessions FROM session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND notEmpty(http_url) GROUP BY http_url ORDER BY sessions DESC limit 10 ---Q36.All Security Event Hits Trend by 5min B -select DATE_FORMAT(FROM_UNIXTIME(FLOOR(UNIX_TIMESTAMP(__time)/300)*300),'%Y-%m-%d %H:%i:%s') as start_time, sum(hits) as hits from security_event_hits_log where __time >= @start and __time < @end group by DATE_FORMAT(FROM_UNIXTIME(FLOOR(UNIX_TIMESTAMP(__time)/300)*300),'%Y-%m-%d %H:%i:%s') limit 10000 ---Q37.Security Event Hit Time(first and last time) B -select policy_id, DATE_FORMAT(min(__time) ,'%Y-%m-%d %H:%i:%s') as first_used, DATE_FORMAT(max(__time) ,'%Y-%m-%d %H:%i:%s') as last_used from security_event_hits_log where policy_id in (0) group by policy_id ---Q38.All Proxy Event Hits Trend by 5min B -select FROM_UNIXTIME(FLOOR(UNIX_TIMESTAMP(__time)/300)*300) as start_time, sum(hits) as hits from proxy_event_hits_log where __time >= @start and __time < @end group by FROM_UNIXTIME(FLOOR(UNIX_TIMESTAMP(__time)/300)*300) limit 10000 ---Q39.Proxy Event Hit Time(first and last time) B -select policy_id, DATE_FORMAT(min(__time) ,'%Y-%m-%d %H:%i:%s') as first_used, DATE_FORMAT(max(__time) ,'%Y-%m-%d %H:%i:%s') as last_used from proxy_event_hits_log where policy_id in (0) group by policy_id ---Q40.Traffic Composition Protocol Tree Trend -(SELECT TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * TIME_FLOOR_WITH_FILL(TIMESTAMP_TO_MILLIS(__time)/1000, 'PT30S', 'zero')), 'yyyy-MM-dd HH:mm:ss') as stat_time, protocol_id as type, sum(c2s_byte_num + s2c_byte_num) as bytes from traffic_protocol_stat_log where __time >= TIMESTAMP @start AND __time < TIMESTAMP @end and protocol_id = 'ETHERNET' group by TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * TIME_FLOOR_WITH_FILL(TIMESTAMP_TO_MILLIS(__time)/1000, 'PT30S', 'zero')), 'yyyy-MM-dd HH:mm:ss'), protocol_id order by stat_time asc) union all (SELECT TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * TIME_FLOOR_WITH_FILL(TIMESTAMP_TO_MILLIS(__time)/1000, 'PT30S', 'zero')), 'yyyy-MM-dd HH:mm:ss') as stat_time, protocol_id as type, sum(c2s_byte_num + s2c_byte_num) as bytes from traffic_protocol_stat_log where __time >= TIMESTAMP @start AND __time < TIMESTAMP @end and protocol_id like CONCAT('ETHERNET','.%') and LENGTH(protocol_id) = LENGTH(REPLACE(protocol_id,'.','')) + 1 + 0 group by TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * TIME_FLOOR_WITH_FILL(TIMESTAMP_TO_MILLIS(__time)/1000, 'PT30S', 'zero')), 'yyyy-MM-dd HH:mm:ss'), protocol_id order by stat_time asc) ---Q41.Traffic Metrics Security Action Hits Trend -select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1800S','zero')) as statisticTime, sum(default_in_bytes + default_out_bytes) as default_bytes, sum(default_in_packets + default_out_packets) as default_packets, sum(default_conn_num) as default_sessions, sum(allow_in_bytes + allow_out_bytes) as allow_bytes, sum(allow_in_packets + allow_out_packets) as allow_packets, sum(allow_conn_num) as allow_sessions, sum(deny_in_bytes + deny_out_bytes) as deny_bytes, sum(deny_in_packets + deny_out_packets) as deny_packets, sum(deny_conn_num) as deny_sessions, sum(monitor_in_bytes + monitor_out_bytes) as monitor_bytes, sum(monitor_in_packets + monitor_out_packets) as monitor_packets, sum(monitor_conn_num) as monitor_sessions, sum(intercept_in_bytes + intercept_out_bytes) as intercept_bytes, sum(intercept_in_packets + intercept_out_packets) as intercept_packets, sum(intercept_conn_num) as intercept_sessions from traffic_metrics_log where __time >= @start and __time < @end group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1800S','zero')) limit 100000 ---Q42.Traffic Metrics Proxy Action Hits Trend -SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1800S','zero')) AS statisticTime,SUM(intcp_allow_num) AS intercept_allow_conn_num,SUM(intcp_mon_num) AS intercept_monitor_conn_num,SUM(intcp_deny_num) AS intercept_deny_conn_num,SUM(intcp_rdirt_num) AS intercept_redirect_conn_num,SUM(intcp_repl_num) AS intercept_replace_conn_num,SUM(intcp_hijk_num) AS intercept_hijack_conn_num,SUM(intcp_ins_num) AS intercept_insert_conn_num FROM traffic_metrics_log WHERE __time >= @start AND __time < @end GROUP BY FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1800S', 'zero')) LIMIT 100000 ---Q43.Traffic Statistics(Metrics02) -select FROM_UNIXTIME(stat_time) as max_active_date_by_sessions, total_live_sessions as max_live_sessions from ( select stat_time, sum(live_sessions) as total_live_sessions from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'P1D') as stat_time, device_id, avg(established_conn_num) as live_sessions from traffic_metrics_log where __time >= @start and __time<@end group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'P1D'), device_id) group by stat_time order by total_live_sessions desc limit 1 ) ---Q44.Traffic Summary(Bandwidth Trend) -select * from ( select DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s') as stat_time,'traffic_in_bytes' as type, sum(total_in_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s'), 'traffic_in_bytes' union all select DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s') as stat_time,'traffic_out_bytes' as type,sum(total_out_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s'),'traffic_out_bytes' ) order by stat_time asc limit 100000 ---Q45.Traffic Summary(Sessions Trend) -select DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s') as stat_time, 'total_conn_num' as type, sum(new_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end group by DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s'), 'total_conn_num' order by stat_time asc limit 10000 ---Q46.Domain Baidu.com Metrics -select FROM_UNIXTIME(min(common_recv_time)) as "First Seen" , FROM_UNIXTIME(max(common_recv_time)) as "Last Seen" , median(http_response_latency_ms) as "Server Processing Time Median(ms)", count(1) as Responses,any(common_server_location) as Location from session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND http_domain='baidu.com'
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/galaxy-qgw-service.yml b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/galaxy-qgw-service.yml deleted file mode 100644 index 1a3dc5f..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/galaxy-qgw-service.yml +++ /dev/null @@ -1,112 +0,0 @@ -##############静态参数配置(修改后需要重启项目)############## -## 服务配置 -server: - port: 8183 -## 监控参数 -management: - metrics: - tags: - application: ${project.name} - endpoint: - health: - show-details: always - shutdown: - enabled: true - health: - redis: - enabled: false - db: - enabled: false - endpoints: - web: - exposure: - include: '*' - exclude: env,auditevents,beans,conditions,info - base-path: /monitor -#MySql configuration -spring: - datasource: - driver-class-name: com.mysql.cj.jdbc.Driver - url: jdbc:mysql://10.224.11.249:3306/tsg-bifang?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&serverTimezone=GMT - username: root - pin: Bifang&*() -## Hbase configuration -hbase: - zookeeperQuorum: 10.224.11.11:2181,10.224.11.12:2181,10.224.11.13:2181 - zookeeperZnodeParent: /hbase - dbname: tsg - tableName: report_result - columnFamily: response - columnName: result - clientIpcPoolSize: 70 - rpcTimeout: 60000 -##############动态参数配置(修改后不需要重启项目)############## -## 项目参数 -project: - name: galaxy-qgw-service-nacos - description: 统一数据查询网关 - version: 1.1 - groupId: com.mesalab - artifactId: galaxy-qgw-service - basedir: - corePackage: com.mesalab.common - servicePackage: com.mesalab.qgw - author: - name: darnell - url: - email: -## ClickhHouse configuration -clickhouse: - url: http://10.224.11.244:8124 - dbname: tsg_galaxy_v3 - enableApproximateOptimizer: true - realTimeAccount: - username: tsg_query - pin: galaxy2018 - socketTimeOut: 90000 - longTermAccount: - username: tsg_report - pin: galaxy2019 - socketTimeOut: 21700000 -## Druid configuration -druid: - url: 10.224.11.244:8089/druid/v2/sql - dbname: druid - socketTimeOut: 90000 -## Elasticsearch configuration -elasticsearch: - url: 127.0.0.1:9200/_sql - dbname: elasticsearch - socketTimeOut: 60000 -## xxl-job-admin configuration -xxl-job-admin: - url: http://10.224.11.244:8181/xxl-job-admin - userName: query - pin: galaxy2018 -## Engine configuration -engine: - maxCacheNum: 1048575 - defaultResultNum: 100000 -## ArangoDB configuration -arango: - server: http://10.224.11.55:8529 - database: tsg_galaxy_v3 - username: query - pin: galaxy2018 - jwturl: ${arango.server}/_db/${arango.database}/_open/auth - queryurl: ${arango.server}/_db/${arango.database}/_api/cursor - maxrows: 10000 - socketTimeOut: 300000 -## http pool config -http: - pool: - connect: - timeout: 30000 - max: - connection: 500 - per: - route: 200 - request: - timeout: 10000 - response: - timeout: 60000
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/gtpc_record.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/gtpc_record.json deleted file mode 100644 index 5c1d74b..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/gtpc_record.json +++ /dev/null @@ -1,1184 +0,0 @@ -{ - "type": "record", - "name": "gtpc_record", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_l4_protocol", - "common_l7_protocol", - "common_device_group", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "gtp_version", - "gtp_apn", - "gtp_imei", - "gtp_imsi", - "gtp_phone_number", - "gtp_msg_type" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_sled_ip", - "common_device_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_sessions", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "gtp_version", - "gtp_apn", - "gtp_imei", - "gtp_imsi", - "gtp_phone_number" - ], - "filters": [ - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_l4_protocol", - "common_l7_protocol", - "common_stream_dir", - "common_direction", - "common_device_group", - "common_sled_ip", - "common_device_id", - "common_schema_type", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "gtp_version", - "gtp_apn", - "gtp_imei", - "gtp_imsi", - "gtp_phone_number", - "gtp_end_user_ipv4", - "gtp_end_user_ipv6", - "gtp_uplink_teid", - "gtp_downlink_teid", - "gtp_msg_type" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "action": [ - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c" - ] - } - }, - "schema_type": { - "GTP-C": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_app_surrogate_id", - "common_app_surrogate_id", - "common_service_category", - "common_l7_protocol", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "gtp_version", - "gtp_apn", - "gtp_imei", - "gtp_imsi", - "gtp_phone_number", - "gtp_end_user_ipv4", - "gtp_end_user_ipv6", - "gtp_uplink_teid", - "gtp_downlink_teid", - "gtp_msg_type" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "gtp_version", - "gtp_msg_type", - "gtp_imsi", - "gtp_imei", - "gtp_phone_number", - "common_client_ip", - "common_server_ip" - ] - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "gtp_version", - "gtp_msg_type", - "gtp_imsi", - "gtp_imei", - "gtp_phone_number", - "common_client_ip", - "common_server_ip" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "allow_query": "true", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "allow_query": "true", - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_subscriber_id", - "label": "Subscriber ID", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_imei", - "label": "IMEI", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_imsi", - "label": "IMSI", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_phone_number", - "label": "Phone Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_client_ip", - "label": "Client IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_client_asn" - } - }, - "type": "string" - }, - { - "name": "common_internal_ip", - "label": "Internal IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_client_port", - "label": "Client Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_l4_protocol", - "label": "L4 Protocol", - "type": "string" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_server_ip", - "label": "Server IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "type": "string" - }, - { - "name": "common_server_port", - "label": "Server Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_external_ip", - "label": "External IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_action", - "label": "Action", - "doc": { - "visibility": "hidden", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "type": "int" - }, - { - "name": "common_direction", - "label": "Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_sled_ip", - "label": "Sled IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "common_client_location", - "label": "Client Location", - "type": "string" - }, - { - "name": "common_client_asn", - "label": "Client ASN", - "type": "string" - }, - { - "name": "common_server_location", - "label": "Server Location", - "type": "string" - }, - { - "name": "common_server_asn", - "label": "Server ASN", - "type": "string" - }, - { - "name": "common_sessions", - "label": "Sessions", - "type": "long" - }, - { - "name": "common_c2s_pkt_num", - "label": "Packets Sent", - "type": "long" - }, - { - "name": "common_s2c_pkt_num", - "label": "Packets Received", - "type": "long" - }, - { - "name": "common_c2s_byte_num", - "label": "Bytes Sent", - "type": "long" - }, - { - "name": "common_s2c_byte_num", - "label": "Bytes Received", - "type": "long" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_service", - "label": "Service", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_schema_type", - "label": "Schema Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "GTP-C", - "value": "GTP-C" - } - ] - }, - "type": "string" - }, - { - "name": "common_user_tags", - "label": "User Tags", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_sub_action", - "label": "Sub Action", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_id", - "label": "Device ID", - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "label": "ISP", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_device_tag", - "label": "Device Tag", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "type": "string" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_encapsulation", - "label": "Encapsulation", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_app_label", - "label": "Application Label", - "type": "string" - }, - { - "name": "common_tunnels", - "label": "Tunnels", - "type": "string" - }, - { - "name": "common_protocol_label", - "label": "Protocol Label", - "type": "string" - }, - { - "name": "common_app_id", - "label": "Application ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_app_surrogate_id", - "label": "Surrogate ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "label": "L7 Protocol", - "type": "string" - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "doc": { - "constraints": { - "operator_functions": "has" - }, - "visibility": "disabled", - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "label": "Start Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_end_time", - "label": "End Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "type": "long" - }, - { - "name": "common_establish_latency_ms", - "label": "Establish Latency(ms)", - "type": "long" - }, - { - "name": "common_con_duration_ms", - "label": "Duration(ms)", - "type": "long" - }, - { - "name": "common_stream_dir", - "label": "Stream Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ], - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_address_list", - "label": "Address List", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_has_dup_traffic", - "label": "Duplication Traffic", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_stream_error", - "label": "Stream Error", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_stream_trace_id", - "label": "Session ID", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_link_info_c2s", - "label": "Link Info(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_link_info_s2c", - "label": "Link Info(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "label": "Fragmentation Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_ipfrag_num", - "label": "Fragmentation Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_lostlen", - "label": "Sequence Gap Loss(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_lostlen", - "label": "Sequence Gap Loss(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_unorder_num", - "label": "Unorder Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_unorder_num", - "label": "Unorder Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_pkt_retrans", - "label": "Packet Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_retrans", - "label": "Packet Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_retrans", - "label": "Byte Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_retrans", - "label": "Byte Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_first_ttl", - "label": "First TTL", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_processing_time", - "label": "Processing Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "gtp_version", - "label": "Version", - "type": "string" - }, - { - "name": "gtp_apn", - "label": "APN", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "gtp_imei", - "label": "IMEI", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "gtp_imsi", - "label": "IMSI", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "gtp_phone_number", - "label": "Phone Number", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "gtp_uplink_teid", - "label": "Uplink TEID", - "type": "long" - }, - { - "name": "gtp_downlink_teid", - "label": "Downlink TEID", - "type": "long" - }, - { - "name": "gtp_msg_type", - "label": "Message Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "create", - "value": "create" - }, - { - "code": "modify", - "value": "modify" - }, - { - "code": "delete", - "value": "delete" - } - ], - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "gtp_end_user_ipv4", - "label": "End User Address V4", - "type": "string" - }, - { - "name": "gtp_end_user_ipv6", - "label": "End User Address V6", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/interim_session_record.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/interim_session_record.json deleted file mode 100644 index c3bb802..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/interim_session_record.json +++ /dev/null @@ -1,2272 +0,0 @@ -{ - "type": "record", - "name": "interim_session_record", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_l4_protocol", - "common_l7_protocol", - "common_device_group", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url", - "ssl_sni", - "ssl_ja3_hash", - "quic_sni", - "quic_version" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_subscriber_id", - "common_sled_ip", - "common_device_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_sessions", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url", - "ssl_sni", - "ssl_ja3_hash", - "quic_sni" - ], - "filters": [ - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_l4_protocol", - "common_l7_protocol", - "common_stream_dir", - "common_direction", - "common_device_group", - "common_sled_ip", - "common_device_id", - "common_schema_type", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url", - "ssl_sni", - "ssl_ja3_hash", - "quic_sni", - "quic_vesion" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "action": [ - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c" - ] - } - }, - "schema_type": { - "BASE": { - "$ref": "public_schema_info.json#/schema_type/BASE" - }, - "HTTP": { - "$ref": "public_schema_info.json#/schema_type/HTTP" - }, - "MAIL": { - "$ref": "public_schema_info.json#/schema_type/MAIL" - }, - "DNS": { - "$ref": "public_schema_info.json#/schema_type/DNS" - }, - "SSL": { - "$ref": "public_schema_info.json#/schema_type/SSL" - }, - "QUIC": { - "$ref": "public_schema_info.json#/schema_type/QUIC" - }, - "FTP": { - "$ref": "public_schema_info.json#/schema_type/FTP" - }, - "BGP": { - "$ref": "public_schema_info.json#/schema_type/BGP" - }, - "SIP": { - "$ref": "public_schema_info.json#/schema_type/SIP" - }, - "RTP": { - "$ref": "public_schema_info.json#/schema_type/RTP" - }, - "APP": { - "$ref": "public_schema_info.json#/schema_type/APP" - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "common_client_ip", - "common_server_ip", - "common_server_port", - "common_schema_type" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "allow_query": "true", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "allow_query": "true", - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_subscriber_id", - "label": "Subscriber ID", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_imei", - "label": "IMEI", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_imsi", - "label": "IMSI", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_phone_number", - "label": "Phone Number", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_client_ip", - "label": "Client IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn,radius_match", - "appendTo": "common_client_asn,common_subscriber_id" - } - }, - "type": "string" - }, - { - "name": "common_internal_ip", - "label": "Internal IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_client_port", - "label": "Client Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_l4_protocol", - "label": "L4 Protocol", - "type": "string" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_server_ip", - "label": "Server IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "type": "string" - }, - { - "name": "common_server_port", - "label": "Server Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_external_ip", - "label": "External IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_action", - "label": "Action", - "doc": { - "visibility": "hidden", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "type": "int" - }, - { - "name": "common_direction", - "label": "Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_sled_ip", - "label": "Sled IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "common_client_location", - "label": "Client Location", - "type": "string" - }, - { - "name": "common_client_asn", - "label": "Client ASN", - "type": "string" - }, - { - "name": "common_server_location", - "label": "Server Location", - "type": "string" - }, - { - "name": "common_server_asn", - "label": "Server ASN", - "type": "string" - }, - { - "name": "common_sessions", - "label": "Sessions", - "type": "long" - }, - { - "name": "common_c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_num", - "label": "Packets Received", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_num", - "label": "Bytes Received", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "type": "long" - }, - { - "name": "common_service", - "label": "Service", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_schema_type", - "label": "Schema Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "BASE", - "value": "BASE" - }, - { - "code": "MAIL", - "value": "MAIL" - }, - { - "code": "DNS", - "value": "DNS" - }, - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "SSL", - "value": "SSL" - }, - { - "code": "QUIC", - "value": "QUIC" - }, - { - "code": "FTP", - "value": "FTP" - }, - { - "code": "SIP", - "value": "SIP" - }, - { - "code": "RTP", - "value": "RTP" - }, - { - "code": "APP", - "value": "APP" - } - ], - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_user_tags", - "label": "User Tags", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_sub_action", - "label": "Sub Action", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_id", - "label": "Device ID", - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "label": "ISP", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_device_tag", - "label": "Device Tag", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "type": "string" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_encapsulation", - "label": "Encapsulation", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_app_label", - "label": "Application Label", - "type": "string" - }, - { - "name": "common_tunnels", - "label": "Tunnels", - "type": "string" - }, - { - "name": "common_protocol_label", - "label": "Protocol Label", - "type": "string" - }, - { - "name": "common_app_id", - "label": "Application ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_app_surrogate_id", - "label": "Surrogate ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "label": "L7 Protocol", - "type": "string" - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "doc": { - "constraints": { - "operator_functions": "has" - }, - "allow_query": "true", - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "label": "Start Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_end_time", - "label": "End Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "type": "long" - }, - { - "name": "common_establish_latency_ms", - "label": "Establish Latency(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_con_duration_ms", - "label": "Duration(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_stream_dir", - "label": "Stream Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ], - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_address_list", - "label": "Address List", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_has_dup_traffic", - "label": "Duplication Traffic", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_stream_error", - "label": "Stream Error", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_stream_trace_id", - "label": "Session ID", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_link_info_c2s", - "label": "Link Info(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_link_info_s2c", - "label": "Link Info(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "label": "Fragmentation Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_ipfrag_num", - "label": "Fragmentation Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_lostlen", - "label": "Sequence Gap Loss(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_lostlen", - "label": "Sequence Gap Loss(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_unorder_num", - "label": "Unorder Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_unorder_num", - "label": "Unorder Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_pkt_retrans", - "label": "Packet Retransmission(c2s)", - "type": "long" - }, - { - "name": "common_s2c_pkt_retrans", - "label": "Packet Retransmission(s2c)", - "type": "long" - }, - { - "name": "common_c2s_byte_retrans", - "label": "Byte Retransmission(c2s)", - "type": "long" - }, - { - "name": "common_s2c_byte_retrans", - "label": "Byte Retransmission(s2c)", - "type": "long" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_first_ttl", - "label": "First TTL", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_processing_time", - "label": "Processing Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "http_url", - "label": "HTTP.URL", - "type": "string" - }, - { - "name": "http_host", - "label": "HTTP.Host", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "http_domain", - "label": "HTTP.Domain", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "http_request_line", - "label": "HTTP.Request Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_line", - "label": "HTTP.Response Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_request_header", - "label": "HTTP.Request Headers", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_header", - "label": "HTTP.Response Headers", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content", - "label": "HTTP.Request Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content_length", - "label": "HTTP.Request Content Length", - "type": "string" - }, - { - "name": "http_request_content_type", - "label": "HTTP.Request Content Type", - "type": "string" - }, - { - "name": "http_response_content", - "label": "HTTP.Response Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_content_length", - "label": "HTTP.Response Content Length", - "type": "string" - }, - { - "name": "http_response_content_type", - "label": "HTTP.Response Content Type", - "type": "string" - }, - { - "name": "http_request_body", - "label": "HTTP.Request Body", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_response_body", - "label": "HTTP.Response Body", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_request_body_key", - "label": "HTTP.Request Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_body_key", - "label": "HTTP.Response Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_proxy_flag", - "label": "HTTP.Proxy Flag", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_sequence", - "label": "HTTP.Sequence", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_snapshot", - "label": "HTTP.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_cookie", - "label": "HTTP.Cookie", - "type": "string" - }, - { - "name": "http_referer", - "label": "HTTP.Referer", - "type": "string" - }, - { - "name": "http_user_agent", - "label": "HTTP.User Agent", - "type": "string" - }, - { - "name": "http_content_length", - "label": "HTTP.Content Length", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_content_type", - "label": "HTTP.Content Type", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_set_cookie", - "label": "HTTP.Set Cookie", - "type": "string" - }, - { - "name": "http_version", - "label": "HTTP.Version", - "type": "string" - }, - { - "name": "http_response_latency_ms", - "label": "HTTP.Response Latency(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "http_session_duration_ms", - "label": "HTTP.Session Duration(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "http_action_file_size", - "label": "HTTP.Action File Size", - "type": "int" - }, - { - "name": "mail_protocol_type", - "label": "Mail.Protocol Type", - "type": "string" - }, - { - "name": "mail_account", - "label": "Mail.Account", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "mail_from_cmd", - "label": "Mail.From CMD", - "type": "string" - }, - { - "name": "mail_to_cmd", - "label": "Mail.To CMD", - "type": "string" - }, - { - "name": "mail_from", - "label": "Mail.From", - "doc": { - "allow_query": "true", - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_to", - "label": "Mail.To", - "doc": { - "allow_query": "true", - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_cc", - "label": "Mail.CC", - "type": "string" - }, - { - "name": "mail_bcc", - "label": "Mail.BCC", - "type": "string" - }, - { - "name": "mail_subject", - "label": "Mail.Subject", - "doc": { - "allow_query": "true", - "format": { - "functions": "decode_of_base64", - "param": "$.mail_subject_charset" - } - }, - "type": "string" - }, - { - "name": "mail_subject_charset", - "label": "Mail.Subject Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content", - "label": "Mail.Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content_charset", - "label": "Mail.Content Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_name", - "label": "Mail.Attachment", - "doc": { - "format": { - "functions": "decode_of_base64", - "param": "$.mail_attachment_name_charset" - } - }, - "type": "string" - }, - { - "name": "mail_attachment_name_charset", - "label": "Mail.Attachment Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_content", - "label": "Mail.Attachment Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_eml_file", - "label": "Mail.EML File", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "mail_snapshot", - "label": "Mail.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "dns_message_id", - "label": "DNS.Message ID", - "type": "int" - }, - { - "name": "dns_qr", - "label": "DNS.QR", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "RESPONSE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_opcode", - "label": "DNS.OPCODE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "IQUERY" - }, - { - "code": "2", - "value": "STATUS" - }, - { - "code": "5", - "value": "UPDATE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_aa", - "label": "DNS.AA", - "type": "int" - }, - { - "name": "dns_tc", - "label": "DNS.TC", - "type": "int" - }, - { - "name": "dns_rd", - "label": "DNS.RD", - "type": "int" - }, - { - "name": "dns_ra", - "label": "DNS.RA", - "type": "int" - }, - { - "name": "dns_rcode", - "label": "DNS.RCODE", - "type": "int" - }, - { - "name": "dns_qdcount", - "label": "DNS.QDCOUNT", - "type": "int" - }, - { - "name": "dns_ancount", - "label": "DNS.ANCOUNT", - "type": "int" - }, - { - "name": "dns_nscount", - "label": "DNS.NSCOUNT", - "type": "int" - }, - { - "name": "dns_arcount", - "label": "DNS.ARCOUNT", - "type": "int" - }, - { - "name": "dns_qname", - "label": "DNS.QNAME", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "dns_qtype", - "label": "DNS.QTYPE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "A" - }, - { - "code": "2", - "value": "NS" - }, - { - "code": "5", - "value": "CNAME" - }, - { - "code": "6", - "value": "SOA" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "12", - "value": "PTR" - }, - { - "code": "13", - "value": "HINFO" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "15", - "value": "MX" - }, - { - "code": "28", - "value": "AAAA" - } - ] - }, - "type": "int" - }, - { - "name": "dns_qclass", - "label": "DNS.QCLASS", - "type": "int" - }, - { - "name": "dns_cname", - "label": "DNS.CNAME", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "dns_sub", - "label": "DNS.SUB", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "DNS" - }, - { - "code": "2", - "value": "DNSSEC" - } - ] - }, - "type": "int" - }, - { - "name": "dns_rr", - "label": "DNS.RR", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_version", - "label": "SSL.Version", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_sni", - "label": "SSL.SNI", - "doc": { - "allow_query": "true", - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "ssl_san", - "label": "SSL.SAN", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_cn", - "label": "SSL.CN", - "type": "string" - }, - { - "name": "ssl_pinningst", - "label": "SSL.Pinning", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Not Pinning" - }, - { - "code": "1", - "value": "Pinning" - }, - { - "code": "2", - "value": "Maybe Pinning" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_intercept_state", - "label": "SSL.Intercept State", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Passthrough" - }, - { - "code": "1", - "value": "Intercept" - }, - { - "code": "2", - "value": "Shutdown" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_server_side_latency", - "label": "SSL.Server Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_client_side_latency", - "label": "SSL.Client Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_server_side_version", - "label": "SSL.Server Side Version", - "type": "string" - }, - { - "name": "ssl_client_side_version", - "label": "SSL.Client Side Version", - "type": "string" - }, - { - "name": "ssl_cert_verify", - "label": "SSL.Certificate Verify", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "No" - }, - { - "code": "1", - "value": "Yes" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_error", - "label": "SSL.Error", - "type": "string" - }, - { - "name": "ssl_con_latency_ms", - "label": "SSL.Connection Latency(ms)", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "ssl_ja3_fingerprint", - "label": "SSL.JA3", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "ssl_ja3_hash", - "label": "SSL.JA3 hash", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "ssl_cert_issuer", - "label": "SSL.Issuer", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "ssl_cert_subject", - "label": "SSL.Subject", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "quic_version", - "label": "QUIC.Version", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "quic_sni", - "label": "QUIC.SNI", - "doc": { - "allow_query": "true", - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "quic_user_agent", - "label": "QUIC.User Agent", - "type": "string" - }, - { - "name": "ftp_account", - "label": "FTP.Account", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "ftp_url", - "label": "FTP.URL", - "type": "string" - }, - { - "name": "ftp_content", - "label": "FTP.Content", - "type": "string" - }, - { - "name": "ftp_link_type", - "label": "FTP.Link Type", - "type": "string" - }, - { - "name": "bgp_type", - "label": "BGP.Type", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "bgp_as_num", - "label": "BGP.AS Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "bgp_route", - "label": "BGP.Route", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_account", - "label": "VoIP.Calling Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_account", - "label": "VoIP.Called Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_number", - "label": "VoIP.Calling Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_number", - "label": "VoIP.Called Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_url", - "label": "Streaming.Media URL", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_protocol", - "label": "Streaming.Media Protocol", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "app_extra_info", - "label": "APP.Extra Info", - "type": "string" - }, - { - "name": "sip_call_id", - "label": "SIP.Call-ID", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "sip_originator_description", - "label": "SIP.Originator", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "sip_responder_description", - "label": "SIP.Responder", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "sip_user_agent", - "label": "SIP.User-Agent", - "type": "string" - }, - { - "name": "sip_server", - "label": "SIP.Server", - "type": "string" - }, - { - "name": "sip_originator_sdp_connect_ip", - "label": "SIP.Originator IP", - "type": "string" - }, - { - "name": "sip_originator_sdp_media_port", - "label": "SIP.Originator Port", - "type": "int" - }, - { - "name": "sip_originator_sdp_media_type", - "label": "SIP.Originator Media Type", - "type": "string" - }, - { - "name": "sip_originator_sdp_content", - "label": "SIP.Originator Content", - "type": "string" - }, - { - "name": "sip_responder_sdp_connect_ip", - "label": "SIP.Responder IP", - "type": "string" - }, - { - "name": "sip_responder_sdp_media_port", - "label": "SIP.Responder Port", - "type": "int" - }, - { - "name": "sip_responder_sdp_media_type", - "label": "SIP.Responder Media Type", - "type": "string" - }, - { - "name": "sip_responder_sdp_content", - "label": "SIP.Responder Content", - "type": "string" - }, - { - "name": "sip_duration", - "label": "SIP.Duration", - "type": "int" - }, - { - "name": "sip_bye", - "label": "SIP.Bye", - "type": "string" - }, - { - "name": "rtp_payload_type_c2s", - "label": "RTP.Payload Type(c2s)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_payload_type_s2c", - "label": "RTP.Payload Type(s2c)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_pcap_path", - "label": "RTP.PCAP", - "doc": { - "constraints": { - "type": "files" - } - }, - "type": "string" - }, - { - "name": "rtp_originator_dir", - "label": "RTP.Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "unknown" - }, - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - } - ] - }, - "type": "int" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/liveChart_interim.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/liveChart_interim.json deleted file mode 100644 index 0898ce1..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/liveChart_interim.json +++ /dev/null @@ -1,169 +0,0 @@ -{ - "type": "record", - "name": "liveChart_interim", - "in": "INTERIM-SESSION-RECORD", - "out": "TRAFFIC-PROTOCOL-STAT", - "task": "Protocol-Distribution", - "doc": { - "timestamp": { - "name": "stat_time", - "type": "long" - }, - "dimensions": [ - { - "name": "protocol_id", - "fieldName": "common_protocol_label", - "type": "string" - }, - { - "name": "entrance_id", - "fieldName": "common_entrance_id", - "type": "string" - }, - { - "name": "isp", - "fieldName": "common_isp", - "type": "string" - }, - { - "name": "data_center", - "fieldName": "common_data_center", - "type": "string" - }, - { - "name": "device_group", - "fieldName": "common_device_group", - "type": "string" - } - ], - "metrics": [ - { - "function": "sum", - "name": "sessions", - "fieldName": "common_sessions", - "type": "long" - }, - { - "function": "sum", - "name": "c2s_byte_num", - "fieldName": "common_c2s_byte_diff", - "type": "long" - }, - { - "function": "sum", - "name": "s2c_byte_num", - "fieldName": "common_s2c_byte_diff", - "type": "long" - }, - { - "function": "sum", - "name": "c2s_pkt_num", - "fieldName": "common_c2s_pkt_diff", - "type": "long" - }, - { - "function": "sum", - "name": "s2c_pkt_num", - "fieldName": "common_s2c_pkt_diff", - "type": "long" - }, - { - "function": "sum", - "name": "c2s_ipfrag_num", - "fieldName": "common_c2s_ipfrag_num", - "type": "long" - }, - { - "function": "sum", - "name": "s2c_ipfrag_num", - "fieldName": "common_s2c_ipfrag_num", - "type": "long" - }, - { - "function": "sum", - "name": "c2s_tcp_lostlen", - "fieldName": "common_c2s_tcp_lostlen", - "type": "long" - }, - { - "function": "sum", - "name": "s2c_tcp_lostlen", - "fieldName": "common_s2c_tcp_lostlen", - "type": "long" - }, - { - "function": "sum", - "name": "c2s_tcp_unorder_num", - "fieldName": "common_c2s_tcp_unorder_num", - "type": "long" - }, - { - "function": "sum", - "name": "s2c_tcp_unorder_num", - "fieldName": "common_s2c_tcp_unorder_num", - "type": "long" - }, - { - "function": "disCount", - "name": "unique_sip_num", - "fieldName": "common_server_ip", - "type": "long" - }, - { - "function": "disCount", - "name": "unique_cip_num", - "fieldName": "common_client_ip", - "type": "long" - } - ], - "filters": [ - { - "fieldName": "common_protocol_label", - "type": "notempty" - } - ], - "transforms": [ - { - "function": "combination", - "name": "protocol_id", - "fieldName": "common_protocol_label", - "parameters": "common_l7_protocol,." - }, - { - "function": "combination", - "name": "protocol_id", - "fieldName": "common_protocol_label", - "parameters": "common_app_label,." - }, - { - "function": "flattenSpec", - "name": "data_center", - "fieldName": "common_device_tag", - "parameters": "$.tags[?(@.tag=='data_center')].value" - }, - { - "function": "flattenSpec", - "name": "device_group", - "fieldName": "common_device_tag", - "parameters": "$.tags[?(@.tag=='device_group')].value" - }, - { - "function": "hierarchy", - "name": "protocol_id", - "fieldName": "common_protocol_label", - "parameters": "." - } - ], - "action": [ - { - "label": "Default", - "metrics": "c2s_byte_num,s2c_byte_num,c2s_pkt_num,s2c_pkt_num" - } - ], - "granularity": { - "type": "period", - "period": "15S" - } - }, - "fields": [] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/liveChart_session.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/liveChart_session.json deleted file mode 100644 index 8a2c499..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/liveChart_session.json +++ /dev/null @@ -1,169 +0,0 @@ -{ - "type": "record", - "name": "liveChart_session", - "in": "SESSION-RECORD", - "out": "TRAFFIC-PROTOCOL-STAT", - "task": "Protocol-Distribution", - "doc": { - "timestamp": { - "name": "stat_time", - "type": "long" - }, - "dimensions": [ - { - "name": "protocol_id", - "fieldName": "common_protocol_label", - "type": "string" - }, - { - "name": "entrance_id", - "fieldName": "common_entrance_id", - "type": "string" - }, - { - "name": "isp", - "fieldName": "common_isp", - "type": "string" - }, - { - "name": "data_center", - "fieldName": "common_data_center", - "type": "string" - }, - { - "name": "device_group", - "fieldName": "common_device_group", - "type": "string" - } - ], - "metrics": [ - { - "function": "sum", - "name": "sessions", - "fieldName": "common_sessions", - "type": "long" - }, - { - "function": "sum", - "name": "c2s_byte_num", - "fieldName": "common_c2s_byte_diff", - "type": "long" - }, - { - "function": "sum", - "name": "s2c_byte_num", - "fieldName": "common_s2c_byte_diff", - "type": "long" - }, - { - "function": "sum", - "name": "c2s_pkt_num", - "fieldName": "common_c2s_pkt_diff", - "type": "long" - }, - { - "function": "sum", - "name": "s2c_pkt_num", - "fieldName": "common_s2c_pkt_diff", - "type": "long" - }, - { - "function": "sum", - "name": "c2s_ipfrag_num", - "fieldName": "common_c2s_ipfrag_num", - "type": "long" - }, - { - "function": "sum", - "name": "s2c_ipfrag_num", - "fieldName": "common_s2c_ipfrag_num", - "type": "long" - }, - { - "function": "sum", - "name": "c2s_tcp_lostlen", - "fieldName": "common_c2s_tcp_lostlen", - "type": "long" - }, - { - "function": "sum", - "name": "s2c_tcp_lostlen", - "fieldName": "common_s2c_tcp_lostlen", - "type": "long" - }, - { - "function": "sum", - "name": "c2s_tcp_unorder_num", - "fieldName": "common_c2s_tcp_unorder_num", - "type": "long" - }, - { - "function": "sum", - "name": "s2c_tcp_unorder_num", - "fieldName": "common_s2c_tcp_unorder_num", - "type": "long" - }, - { - "function": "disCount", - "name": "unique_sip_num", - "fieldName": "common_server_ip", - "type": "long" - }, - { - "function": "disCount", - "name": "unique_cip_num", - "fieldName": "common_client_ip", - "type": "long" - } - ], - "filters": [ - { - "fieldName": "common_protocol_label", - "type": "notempty" - } - ], - "transforms": [ - { - "function": "combination", - "name": "protocol_id", - "fieldName": "common_protocol_label", - "parameters": "common_l7_protocol,." - }, - { - "function": "combination", - "name": "protocol_id", - "fieldName": "common_protocol_label", - "parameters": "common_app_label,." - }, - { - "function": "flattenSpec", - "name": "data_center", - "fieldName": "common_device_tag", - "parameters": "$.tags[?(@.tag=='data_center')].value" - }, - { - "function": "flattenSpec", - "name": "device_group", - "fieldName": "common_device_tag", - "parameters": "$.tags[?(@.tag=='device_group')].value" - }, - { - "function": "hierarchy", - "name": "protocol_id", - "fieldName": "common_protocol_label", - "parameters": "." - } - ], - "action": [ - { - "label": "Default", - "metrics": "sessions,c2s_byte_num,s2c_byte_num,c2s_pkt_num,s2c_pkt_num,c2s_ipfrag_num,s2c_ipfrag_num,c2s_tcp_lostlen,s2c_tcp_lostlen,c2s_tcp_unorder_num,s2c_tcp_unorder_num" - } - ], - "granularity": { - "type": "period", - "period": "15S" - } - }, - "fields": [] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/meta_data.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/meta_data.json deleted file mode 100644 index a5ba551..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/meta_data.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "metadata": [ - { - "namespace": "tsg_galaxy_v3", - "group": "CLICKHOUSE_GROUP", - "tables": [ - "radius_onff_log", - "session_record", - "session_record_common_client_ip", - "session_record_common_server_ip", - "session_record_http_domain", - "interim_session_record", - "transaction_record", - "radius_record", - "voip_record", - "gtpc_record", - "security_event", - "proxy_event", - "dos_event", - "active_defence_event", - "sys_packet_capture_event" - ] - }, - { - "namespace": "elasticsearch", - "group": "ES_GROUP", - "tables": [ - ] - }, - { - "namespace": "system", - "group": "CLICKHOUSE_GROUP", - "tables": [ - "query_log_cluster", - "tables_cluster", - "columns_cluster", - "disks_cluster", - "parts_cluster", - "processes", - "query_log" - ] - }, - { - "namespace": "druid", - "group": "DRUID_GROUP", - "tables": [ - "top_internal_host_log", - "top_website_domain_log", - "proxy_event_hits_log", - "sys_storage_log", - "security_event_hits_log", - "traffic_protocol_stat_log", - "top_server_ip_log", - "traffic_summary_log", - "traffic_metrics_log", - "top_user_log", - "top_urls_log", - "top_client_ip_log", - "top_external_host_log", - "traffic_app_stat_log", - "traffic_top_destination_ip_metrics_log" - ] - }, - { - "namespace": "etl", - "group": "ETL_GROUP", - "tables": [ - "liveChart_interim", - "liveChart_session" - ] - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/parts_cluster.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/parts_cluster.json deleted file mode 100644 index c311abf..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/parts_cluster.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "namespace": "system", - "type": "record", - "name": "parts_cluster", - "fields": [ - { - "name": "name", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/processes.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/processes.json deleted file mode 100644 index 75d74a9..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/processes.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "namespace": "system", - "type": "record", - "name": "processes", - "fields": [ - { - "name": "query_id", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/proxy_event.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/proxy_event.json deleted file mode 100644 index 2fe96c7..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/proxy_event.json +++ /dev/null @@ -1,1514 +0,0 @@ -{ - "type": "record", - "name": "proxy_event", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_policy_id", - "common_sub_action", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_device_group", - "common_client_asn", - "common_server_asn", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url", - "doh_host", - "doh_qname" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_subscriber_id", - "common_sled_ip", - "common_device_id", - "common_sessions", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url", - "doh_host", - "doh_qname" - ], - "filters": [ - "common_policy_id", - "common_sub_action", - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_l4_protocol", - "common_device_group", - "common_sled_ip", - "common_device_id", - "common_client_asn", - "common_server_asn", - "common_direction", - "common_schema_type", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url", - "http_request_content_type", - "http_response_content_type", - "doh_host", - "doh_qname" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "action": [ - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c" - ] - } - }, - "schema_type": { - "HTTP": { - "$ref": "public_schema_info.json#/schema_type/HTTP" - }, - "DoH": { - "$ref": "public_schema_info.json#/schema_type/DoH" - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_client_ip", - "common_server_ip", - "common_server_port", - "common_sub_action", - "common_schema_type" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "allow_query": "true", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "allow_query": "true", - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_subscriber_id", - "label": "Subscriber ID", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_imei", - "label": "IMEI", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_imsi", - "label": "IMSI", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_phone_number", - "label": "Phone Number", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_client_ip", - "label": "Client IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn,radius_match", - "appendTo": "common_client_asn,common_subscriber_id" - } - }, - "type": "string" - }, - { - "name": "common_internal_ip", - "label": "Internal IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_client_port", - "label": "Client Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_l4_protocol", - "label": "L4 Protocol", - "type": "string" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_server_ip", - "label": "Server IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "type": "string" - }, - { - "name": "common_server_port", - "label": "Server Port", - "type": "int", - "doc": { - "allow_query": "true" - } - }, - { - "name": "common_external_ip", - "label": "External IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_action", - "label": "Action", - "doc": { - "allow_query": "true", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "48", - "value": "Manipulation" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "type": "int" - }, - { - "name": "common_direction", - "label": "Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_sled_ip", - "label": "Sled IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "common_client_location", - "label": "Client Location", - "type": "string" - }, - { - "name": "common_client_asn", - "label": "Client ASN", - "type": "string" - }, - { - "name": "common_server_location", - "label": "Server Location", - "type": "string" - }, - { - "name": "common_server_asn", - "label": "Server ASN", - "type": "string" - }, - { - "name": "common_sessions", - "label": "Sessions", - "doc": { - "format": { - "functions": "set_value", - "param": "1" - } - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_num", - "label": "Packets Received", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_num", - "label": "Bytes Received", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_service", - "label": "Service", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_schema_type", - "label": "Schema Type", - "doc": { - "allow_query": "true", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "DoH", - "value": "DoH" - } - ] - }, - "type": "string" - }, - { - "name": "common_user_tags", - "label": "User Tags", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_sub_action", - "label": "Sub Action", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_id", - "label": "Device ID", - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "label": "ISP", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_device_tag", - "label": "Device Tag", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "type": "string" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_encapsulation", - "label": "Encapsulation", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_app_label", - "label": "Application Label", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_tunnels", - "label": "Tunnels", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_protocol_label", - "label": "Protocol Label", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_app_id", - "label": "Application ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_app_surrogate_id", - "label": "Surrogate ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "label": "L7 Protocol", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "doc": { - "constraints": { - "operator_functions": "has" - }, - "allow_query": "true", - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "label": "Start Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_end_time", - "label": "End Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "type": "long" - }, - { - "name": "common_establish_latency_ms", - "label": "Establish Latency(ms)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_con_duration_ms", - "label": "Duration(ms)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_stream_dir", - "label": "Stream Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ] - }, - "type": "int" - }, - { - "name": "common_address_list", - "label": "Address List", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_has_dup_traffic", - "label": "Duplication Traffic", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_stream_error", - "label": "Stream Error", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_stream_trace_id", - "label": "Session ID", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_link_info_c2s", - "label": "Link Info(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_link_info_s2c", - "label": "Link Info(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "label": "Fragmentation Packets(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_ipfrag_num", - "label": "Fragmentation Packets(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_tcp_lostlen", - "label": "Sequence Gap Loss(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_tcp_lostlen", - "label": "Sequence Gap Loss(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_tcp_unorder_num", - "label": "Unorder Packets(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_tcp_unorder_num", - "label": "Unorder Packets(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_retrans", - "label": "Packet Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_retrans", - "label": "Packet Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_retrans", - "label": "Byte Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_retrans", - "label": "Byte Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_first_ttl", - "label": "First TTL", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_processing_time", - "label": "Processing Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "http_url", - "label": "HTTP.URL", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "http_host", - "label": "HTTP.Host", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "http_domain", - "label": "HTTP.Domain", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "http_request_line", - "label": "HTTP.Request Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_line", - "doc": { - "visibility": "disabled" - }, - "label": "HTTP.Response Line", - "type": "string" - }, - { - "name": "http_request_header", - "label": "HTTP.Request Header", - "type": "string" - }, - { - "name": "http_response_header", - "label": "HTTP.Response Header", - "type": "string" - }, - { - "name": "http_request_content", - "label": "HTTP.Request Content", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_request_content_length", - "label": "HTTP.Request Content Length", - "type": "string" - }, - { - "name": "http_request_content_type", - "label": "HTTP.Request Content Type", - "type": "string" - }, - { - "name": "http_response_content", - "label": "HTTP.Response Content", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_content_length", - "label": "HTTP.Response Content Length", - "type": "string" - }, - { - "name": "http_response_content_type", - "label": "HTTP.Response Content Type", - "type": "string" - }, - { - "name": "http_request_body", - "label": "HTTP.Request Body", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_response_body", - "label": "HTTP.Response Body", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_request_body_key", - "label": "HTTP.Request Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_body_key", - "label": "HTTP.Response Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_proxy_flag", - "label": "HTTP.Proxy Flag", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_sequence", - "label": "HTTP.Sequence", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_snapshot", - "label": "HTTP.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_cookie", - "label": "HTTP.Cookie", - "type": "string" - }, - { - "name": "http_referer", - "label": "HTTP.Referer", - "type": "string" - }, - { - "name": "http_user_agent", - "label": "HTTP.User Agent", - "type": "string" - }, - { - "name": "http_content_length", - "label": "HTTP.Content Length", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_content_type", - "label": "HTTP.Content Type", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_set_cookie", - "label": "HTTP.Set Cookie", - "type": "string" - }, - { - "name": "http_version", - "label": "HTTP.Version", - "type": "string" - }, - { - "name": "http_response_latency_ms", - "label": "HTTP.Response Latency(ms)", - "type": "long" - }, - { - "name": "http_session_duration_ms", - "label": "HTTP.Session Duration(ms)", - "type": "long" - }, - { - "name": "http_action_file_size", - "label": "HTTP.Action File Size", - "type": "int" - }, - { - "name": "doh_url", - "label": "DoH.URL", - "type": "string" - }, - { - "name": "doh_host", - "label": "DoH.Host", - "type": "string" - }, - { - "name": "doh_request_line", - "label": "DoH.Request Line", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "doh_response_line", - "doc": { - "visibility": "hidden" - }, - "label": "DoH.Response Line", - "type": "string" - }, - { - "name": "doh_cookie", - "label": "DoH.Cookie", - "type": "string" - }, - { - "name": "doh_referer", - "label": "DoH.Referer", - "type": "string" - }, - { - "name": "doh_user_agent", - "label": "DoH.User Agent", - "type": "string" - }, - { - "name": "doh_content_length", - "label": "DoH.Content Length", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "doh_content_type", - "label": "DoH.Content Type", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "doh_set_cookie", - "label": "DoH.Set Cookie", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "doh_version", - "label": "DoH.Version", - "type": "string" - }, - { - "name": "doh_message_id", - "label": "DoH.Message ID", - "type": "int" - }, - { - "name": "doh_qr", - "label": "DoH.QR", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "REESPONSE" - } - ] - }, - "type": "int" - }, - { - "name": "doh_opcode", - "label": "DoH.OPCODE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "IQUERY" - }, - { - "code": "2", - "value": "STATUS" - }, - { - "code": "5", - "value": "UPDATE" - } - ] - }, - "type": "int" - }, - { - "name": "doh_aa", - "label": "DoH.AA", - "type": "int" - }, - { - "name": "doh_tc", - "label": "DoH.TC", - "type": "int" - }, - { - "name": "doh_rd", - "label": "DoH.RD", - "type": "int" - }, - { - "name": "doh_ra", - "label": "DoH.RA", - "type": "int" - }, - { - "name": "doh_rcode", - "label": "DoH.RCODE", - "type": "int" - }, - { - "name": "doh_qdcount", - "label": "DoH.QDCOUNT", - "type": "int" - }, - { - "name": "doh_ancount", - "label": "DoH.ANCOUNT", - "type": "int" - }, - { - "name": "doh_nscount", - "label": "DoH.NSCOUNT", - "type": "int" - }, - { - "name": "doh_arcount", - "label": "DoH.ARCOUNT", - "type": "int" - }, - { - "name": "doh_qname", - "label": "DoH.QNAME", - "type": "string" - }, - { - "name": "doh_qtype", - "label": "DoH.QTYPE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "A" - }, - { - "code": "2", - "value": "NS" - }, - { - "code": "5", - "value": "CNAME" - }, - { - "code": "6", - "value": "SOA" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "12", - "value": "PTR" - }, - { - "code": "13", - "value": "HINFO" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "15", - "value": "MX" - }, - { - "code": "28", - "value": "AAAA" - } - ] - }, - "type": "int" - }, - { - "name": "doh_qclass", - "label": "DoH.QCLASS", - "type": "int" - }, - { - "name": "doh_cname", - "label": "DoH.CNAME", - "type": "string" - }, - { - "name": "doh_sub", - "label": "DoH.SUB", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "DNS" - }, - { - "code": "2", - "value": "DNSSEC" - } - ] - }, - "type": "int" - }, - { - "name": "doh_rr", - "label": "DoH.RR", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/proxy_event_hits_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/proxy_event_hits_log.json deleted file mode 100644 index 5e3ff8a..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/proxy_event_hits_log.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "type": "record", - "name": "proxy_event_hits_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "action", - "type": "long" - }, - { - "name": "isp", - "type": "string" - }, - { - "name": "entrance_id", - "type": "long" - }, - { - "name": "hits", - "type": "long" - }, - { - "name": "policy_id", - "type": "long" - }, - { - "name": "sub_action", - "type": "string" - }, - { - "name": "country", - "type": "string" - }, - { - "name": "location", - "type": "string" - }, - { - "name": "c2s_byte_num", - "type": "long" - }, - { - "name": "s2c_byte_num", - "type": "long" - }, - { - "name": "ip_object", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/query_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/query_log.json deleted file mode 100644 index 4f5e8d5..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/query_log.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "namespace": "system", - "type": "record", - "name": "query_log", - "fields": [ - { - "name": "query_id", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/query_log_cluster.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/query_log_cluster.json deleted file mode 100644 index d6e7583..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/query_log_cluster.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "namespace": "system", - "type": "record", - "name": "query_log_cluster", - "fields": [ - { - "name": "type", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/radius_onff_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/radius_onff_log.json deleted file mode 100644 index 9201ebb..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/radius_onff_log.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "type": "record", - "name": "radius_onff_log", - "namespace": "tsg_galaxy_v3", - "fields": [ - { - "name": "event_timestamp", - "label": "Event Time", - "type": "long" - }, - { - "name": "account", - "label": "Account", - "type": "string" - }, - { - "name": "framed_ip", - "label": "Framed IP", - "type": "string" - }, - { - "name": "acct_session_id", - "label": "Acct Session ID", - "type": "string" - }, - { - "name": "acct_status_type", - "label": "Acct Status Type", - "type": "int" - }, - { - "name": "acct_session_time", - "label": "Acct Session Time", - "type": "int" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/radius_record.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/radius_record.json deleted file mode 100644 index f9cb440..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/radius_record.json +++ /dev/null @@ -1,1376 +0,0 @@ -{ - "type": "record", - "name": "radius_record", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "radius_nas_ip", - "radius_framed_ip", - "common_subscriber_id" - ], - "metrics": [ - "radius_framed_ip", - "radius_event_timestamp", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num" - ], - "filters": [ - "radius_framed_ip", - "common_subscriber_id", - "radius_packet_type", - "radius_acct_session_id", - "radius_acct_multi_session_id", - "radius_acct_status_type" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "action": [ - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c" - ] - } - }, - "schema_type": { - "RADIUS": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "radius_packet_type", - "radius_nas_ip", - "radius_framed_ip", - "radius_account", - "radius_session_timeout", - "radius_idle_timeout", - "radius_acct_status_type", - "radius_acct_terminate_cause", - "radius_event_timestamp", - "radius_nas_port", - "radius_service_type", - "radius_framed_protocol", - "radius_callback_number", - "radius_callback_id", - "radius_termination_action", - "radius_called_station_id", - "radius_calling_station_id", - "radius_acct_delay_time", - "radius_acct_session_id", - "radius_acct_multi_session_id", - "radius_acct_input_octets", - "radius_acct_output_octets", - "radius_acct_input_packets", - "radius_acct_output_packets", - "radius_acct_session_time", - "radius_acct_link_count", - "radius_acct_interim_interval" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "radius_nas_ip", - "radius_framed_ip", - "radius_acct_status_type" - ] - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "radius_nas_ip", - "radius_framed_ip", - "radius_acct_status_type" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "allow_query": "true", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "allow_query": "true", - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_subscriber_id", - "label": "Subscriber ID", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_imei", - "label": "IMEI", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_imsi", - "label": "IMSI", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_phone_number", - "label": "Phone Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_client_ip", - "label": "Client IP", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_client_port", - "label": "Client Port", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_internal_ip", - "label": "Internal IP", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_l4_protocol", - "label": "L4 Protocol", - "type": "string" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_server_ip", - "label": "Server IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "type": "string" - }, - { - "name": "common_server_port", - "label": "Server Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_external_ip", - "label": "External IP", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_action", - "label": "Action", - "doc": { - "visibility": "hidden", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "48", - "value": "Manipulation" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "type": "int" - }, - { - "name": "common_direction", - "label": "Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_sled_ip", - "label": "Sled IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "common_client_location", - "label": "Client Location", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_client_asn", - "label": "Client ASN", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_server_location", - "label": "Server Location", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_server_asn", - "label": "Server ASN", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_sessions", - "label": "Sessions", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_num", - "label": "Packets Sent", - "type": "long" - }, - { - "name": "common_s2c_pkt_num", - "label": "Packets Received", - "type": "long" - }, - { - "name": "common_c2s_byte_num", - "label": "Bytes Sent", - "type": "long" - }, - { - "name": "common_s2c_byte_num", - "label": "Bytes Received", - "type": "long" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_service", - "label": "Service", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_schema_type", - "label": "Schema Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "BASE", - "value": "BASE" - }, - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "MAIL", - "value": "MAIL" - }, - { - "code": "DNS", - "value": "DNS" - }, - { - "code": "SSL", - "value": "SSL" - }, - { - "code": "FTP", - "value": "FTP" - } - ], - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_user_tags", - "label": "User Tags", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_sub_action", - "label": "Sub Action", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_id", - "label": "Device ID", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "label": "ISP", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_device_tag", - "label": "Device Tag", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "type": "string" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_encapsulation", - "label": "Encapsulation", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_app_label", - "label": "Application Label", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_tunnels", - "label": "Tunnels", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_protocol_label", - "label": "Protocol Label", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_app_id", - "label": "Application ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_app_surrogate_id", - "label": "Surrogate ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "label": "L7 Protocol", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "doc": { - "constraints": { - "operator_functions": "has" - }, - "visibility": "disabled", - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "label": "Start Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_end_time", - "label": "End Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - }, - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_establish_latency_ms", - "label": "Establish Latency(ms)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_con_duration_ms", - "label": "Duration(ms)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_stream_dir", - "label": "Stream Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ] - }, - "type": "int" - }, - { - "name": "common_address_list", - "label": "Address List", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_has_dup_traffic", - "label": "Duplication Traffic", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_stream_error", - "label": "Stream Error", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_stream_trace_id", - "label": "Session ID", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_link_info_c2s", - "label": "Link Info(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_link_info_s2c", - "label": "Link Info(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "label": "Fragmentation Packets(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_ipfrag_num", - "label": "Fragmentation Packets(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_tcp_lostlen", - "label": "Sequence Gap Loss(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_tcp_lostlen", - "label": "Sequence Gap Loss(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_tcp_unorder_num", - "label": "Unorder Packets(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_tcp_unorder_num", - "label": "Unorder Packets(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_retrans", - "label": "Packet Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_retrans", - "label": "Packet Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_retrans", - "label": "Byte Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_retrans", - "label": "Byte Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_first_ttl", - "label": "First TTL", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_processing_time", - "label": "Processing Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "radius_packet_type", - "label": "Packet Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "Access-Request" - }, - { - "code": "2", - "value": "Access-Accept" - }, - { - "code": "3", - "value": "Access-Reject" - }, - { - "code": "4", - "value": "Accounting-Request" - }, - { - "code": "5", - "value": "Accounting-Response" - }, - { - "code": "11", - "value": "Access-Challenge" - } - ] - }, - "type": "int" - }, - { - "name": "radius_account", - "label": "Account", - "doc": { - "format": { - "functions": "get_value", - "appendTo": "common_subscriber_id" - } - }, - "type": "string" - }, - { - "name": "radius_nas_ip", - "label": "Nas IP", - "type": "string" - }, - { - "name": "radius_framed_ip", - "label": "Framed IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "radius_session_timeout", - "label": "Session Timeout", - "type": "int" - }, - { - "name": "radius_idle_timeout", - "label": "Idle Timeout", - "type": "int" - }, - { - "name": "radius_acct_status_type", - "label": "ACC Status Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "Start" - }, - { - "code": "2", - "value": "Stop" - }, - { - "code": "3", - "value": "Interim-Update" - }, - { - "code": "7", - "value": "Accounting-On" - }, - { - "code": "8", - "value": "Accounting-Off" - } - ] - }, - "type": "int" - }, - { - "name": "radius_acct_terminate_cause", - "label": "Acct Terminate Cause", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "User Request" - }, - { - "code": "2", - "value": "Lost Carrier" - }, - { - "code": "3", - "value": "Lost Service" - }, - { - "code": "4", - "value": "Idle Timeout" - }, - { - "code": "5", - "value": "Session Timeout" - }, - { - "code": "6", - "value": "Admin Reset" - }, - { - "code": "7", - "value": "Admin Reboot" - }, - { - "code": "8", - "value": "Port Error" - }, - { - "code": "9", - "value": "NAS Error" - }, - { - "code": "10", - "value": "NAS Request" - }, - { - "code": "11", - "value": "NAS Reboot" - }, - { - "code": "12", - "value": "Port Unneeded" - }, - { - "code": "13", - "value": "Port Preempted" - }, - { - "code": "14", - "value": "Port Suspended" - }, - { - "code": "15", - "value": "Service Unavailable" - }, - { - "code": "16", - "value": "Callback" - }, - { - "code": "17", - "value": "User Error" - }, - { - "code": "18", - "value": "Host Request" - } - ] - }, - "type": "int" - }, - { - "name": "radius_event_timestamp", - "label": "Event Timestamp", - "type": "int" - }, - { - "name": "radius_service_type", - "label": "Service Type", - "type": "int" - }, - { - "name": "radius_nas_port", - "label": "Nas Port", - "type": "int" - }, - { - "name": "radius_framed_protocol", - "label": "Framed Protocol", - "type": "int" - }, - { - "name": "radius_callback_number", - "label": "Callback Number", - "type": "string" - }, - { - "name": "radius_callback_id", - "label": "Callback ID", - "type": "string" - }, - { - "name": "radius_termination_action", - "label": "Termination Action", - "type": "int" - }, - { - "name": "radius_called_station_id", - "label": "Called Station ID", - "type": "string" - }, - { - "name": "radius_calling_station_id", - "label": "Calling Station ID", - "type": "string" - }, - { - "name": "radius_acct_delay_time", - "label": "Acct Delay Time", - "type": "int" - }, - { - "name": "radius_acct_session_id", - "label": "Acct Session ID", - "type": "string" - }, - { - "name": "radius_acct_multi_session_id", - "label": "Acct Multi Session ID", - "type": "string" - }, - { - "name": "radius_acct_input_octets", - "label": "Acct Input Octets", - "type": "long" - }, - { - "name": "radius_acct_output_octets", - "label": "Acct Output Octets", - "type": "long" - }, - { - "name": "radius_acct_input_packets", - "label": "Acct Input Packets", - "type": "long" - }, - { - "name": "radius_acct_output_packets", - "label": "Acct Output Packets", - "type": "long" - }, - { - "name": "radius_acct_session_time", - "label": "Acct Session Time", - "type": "int" - }, - { - "name": "radius_acct_link_count", - "label": "Acct Link Count", - "type": "int" - }, - { - "name": "radius_acct_interim_interval", - "label": "Acct Interim Interval", - "type": "int" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/security_event.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/security_event.json deleted file mode 100644 index 26a9ab3..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/security_event.json +++ /dev/null @@ -1,2334 +0,0 @@ -{ - "type": "record", - "name": "security_event", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_policy_id", - "common_action", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_l4_protocol", - "common_l7_protocol", - "common_device_group", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "ssl_sni", - "ssl_ja3_hash", - "ssl_client_side_version", - "ssl_server_side_version", - "mail_account", - "mail_from", - "mail_to", - "quic_sni", - "quic_version" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_subscriber_id", - "common_sled_ip", - "common_device_id", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_mirrored_pkts", - "common_mirrored_bytes", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "ssl_sni", - "ssl_ja3_hash", - "ssl_client_side_latency", - "ssl_server_side_latency", - "mail_account", - "mail_from", - "mail_to", - "quic_sni" - ], - "filters": [ - "common_policy_id", - "common_action", - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_mirrored_pkts", - "common_mirrored_bytes", - "common_l4_protocol", - "common_l7_protocol", - "common_stream_dir", - "common_device_group", - "common_sled_ip", - "common_device_id", - "common_direction", - "common_schema_type", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "http_request_content_type", - "http_response_content_type", - "ssl_sni", - "ssl_ja3_hash", - "ssl_pinningst", - "ssl_intercept_state", - "ssl_client_side_version", - "ssl_server_side_version", - "ssl_cert_verify", - "ssl_client_side_latency", - "ssl_server_side_latency", - "mail_account", - "mail_from", - "mail_to", - "mail_subject", - "quic_sni", - "quic_version" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "action": [ - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c" - ] - } - }, - "schema_type": { - "BASE": { - "$ref": "public_schema_info.json#/schema_type/BASE" - }, - "HTTP": { - "$ref": "public_schema_info.json#/schema_type/HTTP" - }, - "MAIL": { - "$ref": "public_schema_info.json#/schema_type/MAIL" - }, - "DNS": { - "$ref": "public_schema_info.json#/schema_type/DNS" - }, - "SSL": { - "$ref": "public_schema_info.json#/schema_type/SSL" - }, - "QUIC": { - "$ref": "public_schema_info.json#/schema_type/QUIC" - }, - "FTP": { - "$ref": "public_schema_info.json#/schema_type/FTP" - }, - "BGP": { - "$ref": "public_schema_info.json#/schema_type/BGP" - }, - "SIP": { - "$ref": "public_schema_info.json#/schema_type/SIP" - }, - "RTP": { - "$ref": "public_schema_info.json#/schema_type/RTP" - }, - "APP": { - "$ref": "public_schema_info.json#/schema_type/APP" - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_client_ip", - "common_server_ip", - "common_server_port", - "common_schema_type" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "allow_query": "true", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "allow_query": "true", - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_subscriber_id", - "label": "Subscriber ID", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_imei", - "label": "IMEI", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_imsi", - "label": "IMSI", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_phone_number", - "label": "Phone Number", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_client_ip", - "label": "Client IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn,radius_match", - "appendTo": "common_client_asn,common_subscriber_id" - } - }, - "type": "string" - }, - { - "name": "common_internal_ip", - "label": "Internal IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_client_port", - "label": "Client Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_l4_protocol", - "label": "L4 Protocol", - "type": "string" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_server_ip", - "label": "Server IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "type": "string" - }, - { - "name": "common_server_port", - "label": "Server Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_external_ip", - "label": "External IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_action", - "label": "Action", - "doc": { - "allow_query": "true", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "type": "int" - }, - { - "name": "common_direction", - "label": "Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_sled_ip", - "label": "Sled IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "common_client_location", - "label": "Client Location", - "type": "string" - }, - { - "name": "common_client_asn", - "label": "Client ASN", - "type": "string" - }, - { - "name": "common_server_location", - "label": "Server Location", - "type": "string" - }, - { - "name": "common_server_asn", - "label": "Server ASN", - "type": "string" - }, - { - "name": "common_sessions", - "label": "Sessions", - "doc": { - "format": { - "functions": "set_value", - "param": "1" - } - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_num", - "label": "Packets Received", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_num", - "label": "Bytes Received", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_service", - "label": "Service", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_schema_type", - "label": "Schema Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "MAIL", - "value": "MAIL" - }, - { - "code": "DNS", - "value": "DNS" - }, - { - "code": "SSL", - "value": "SSL" - }, - { - "code": "QUIC", - "value": "QUIC" - }, - { - "code": "FTP", - "value": "FTP" - }, - { - "code": "SIP", - "value": "SIP" - }, - { - "code": "RTP", - "value": "RTP" - }, - { - "code": "APP", - "value": "APP" - } - ], - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_user_tags", - "label": "User Tags", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_sub_action", - "label": "Sub Action", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_id", - "label": "Device ID", - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "label": "ISP", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_device_tag", - "label": "Device Tag", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "type": "string" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_encapsulation", - "label": "Encapsulation", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_app_label", - "label": "Application Label", - "type": "string", - "doc": { - "allow_query": "true" - } - }, - { - "name": "common_tunnels", - "label": "Tunnels", - "type": "string" - }, - { - "name": "common_protocol_label", - "label": "Protocol Label", - "type": "string" - }, - { - "name": "common_app_id", - "label": "Application ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string" - }, - { - "name": "common_app_surrogate_id", - "label": "Surrogate ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "label": "L7 Protocol", - "type": "string" - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "doc": { - "constraints": { - "operator_functions": "has" - }, - "allow_query": "true", - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "label": "Start Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_end_time", - "label": "End Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "type": "long" - }, - { - "name": "common_establish_latency_ms", - "label": "Establish Latency(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_con_duration_ms", - "label": "Duration(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_stream_dir", - "label": "Stream Direction", - "doc": { - "allow_query": "true", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ] - }, - "type": "int" - }, - { - "name": "common_address_list", - "label": "Address List", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_has_dup_traffic", - "label": "Duplication Traffic", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_stream_error", - "label": "Stream Error", - "type": "string" - }, - { - "name": "common_stream_trace_id", - "label": "Session ID", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_link_info_c2s", - "label": "Link Info(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_link_info_s2c", - "label": "Link Info(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "label": "Fragmentation Packets(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_ipfrag_num", - "label": "Fragmentation Packets(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_tcp_lostlen", - "label": "Sequence Gap Loss(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_tcp_lostlen", - "label": "Sequence Gap Loss(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_tcp_unorder_num", - "label": "Unorder Packets(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_tcp_unorder_num", - "label": "Unorder Packets(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_retrans", - "label": "Packet Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_retrans", - "label": "Packet Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_retrans", - "label": "Byte Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_retrans", - "label": "Byte Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_first_ttl", - "label": "First TTL", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_processing_time", - "label": "Processing Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "allow_query": "true" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "allow_query": "true" - } - }, - { - "name": "http_url", - "label": "HTTP.URL", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "http_host", - "label": "HTTP.Host", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "http_domain", - "label": "HTTP.Domain", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "http_request_line", - "label": "HTTP.Request Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_line", - "label": "HTTP.Response Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_request_header", - "label": "HTTP.Request Header", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_header", - "label": "HTTP.Response Header", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content", - "label": "HTTP.Request Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content_length", - "label": "HTTP.Request Content Length", - "type": "string" - }, - { - "name": "http_request_content_type", - "label": "HTTP.Request Content Type", - "type": "string" - }, - { - "name": "http_response_content", - "label": "HTTP.Response Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_content_length", - "label": "HTTP.Response Content Length", - "type": "string" - }, - { - "name": "http_response_content_type", - "label": "HTTP.Response Content Type", - "type": "string" - }, - { - "name": "http_request_body", - "label": "HTTP.Request Body", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_response_body", - "label": "HTTP.Response Body", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_request_body_key", - "label": "HTTP.Request Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_body_key", - "label": "HTTP.Response Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_proxy_flag", - "label": "HTTP.Proxy Flag", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_sequence", - "label": "HTTP.Sequence", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_snapshot", - "label": "HTTP.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_cookie", - "label": "HTTP.Cookie", - "type": "string" - }, - { - "name": "http_referer", - "label": "HTTP.Referer", - "type": "string" - }, - { - "name": "http_user_agent", - "label": "HTTP.User Agent", - "type": "string" - }, - { - "name": "http_content_length", - "label": "HTTP.Content Length", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_content_type", - "label": "HTTP.Content Type", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_set_cookie", - "label": "HTTP.Set Cookie", - "type": "string" - }, - { - "name": "http_version", - "label": "HTTP.Version", - "type": "string" - }, - { - "name": "http_response_latency_ms", - "label": "HTTP.Response Latency(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "http_action_file_size", - "label": "HTTP.Action File Size", - "type": "int" - }, - { - "name": "http_session_duration_ms", - "label": "HTTP.Session Duration(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "mail_protocol_type", - "label": "Mail.Protocol Type", - "type": "string" - }, - { - "name": "mail_account", - "label": "Mail.Account", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "mail_from_cmd", - "label": "Mail.From CMD", - "type": "string" - }, - { - "name": "mail_to_cmd", - "label": "Mail.To CMD", - "type": "string" - }, - { - "name": "mail_from", - "label": "Mail.From", - "doc": { - "allow_query": "true", - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_to", - "label": "Mail.To", - "doc": { - "allow_query": "true", - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_cc", - "label": "Mail.CC", - "type": "string" - }, - { - "name": "mail_bcc", - "label": "Mail.BCC", - "type": "string" - }, - { - "name": "mail_subject", - "label": "Mail.Subject", - "doc": { - "allow_query": "true", - "format": { - "functions": "decode_of_base64", - "param": "$.mail_subject_charset" - } - }, - "type": "string" - }, - { - "name": "mail_subject_charset", - "label": "Mail.Subject Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content", - "label": "Mail.Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content_charset", - "label": "Mail.Content Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_name", - "label": "Mail.Attachment", - "doc": { - "format": { - "functions": "decode_of_base64", - "param": "$.mail_attachment_name_charset" - } - }, - "type": "string" - }, - { - "name": "mail_attachment_name_charset", - "label": "Mail.Attachment Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_content", - "label": "Mail.Attachment Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_eml_file", - "label": "Mail.EML File", - "doc": { - "constraints": { - "type": "file" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_snapshot", - "label": "Mail.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "dns_message_id", - "label": "DNS.Message ID", - "type": "int" - }, - { - "name": "dns_qr", - "label": "DNS.QR", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "RESPONSE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_opcode", - "label": "DNS.OPCODE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "IQUERY" - }, - { - "code": "2", - "value": "STATUS" - }, - { - "code": "5", - "value": "UPDATE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_aa", - "label": "DNS.AA", - "type": "int" - }, - { - "name": "dns_tc", - "label": "DNS.TC", - "type": "int" - }, - { - "name": "dns_rd", - "label": "DNS.RD", - "type": "int" - }, - { - "name": "dns_ra", - "label": "DNS.RA", - "type": "int" - }, - { - "name": "dns_rcode", - "label": "DNS.RCODE", - "type": "int" - }, - { - "name": "dns_qdcount", - "label": "DNS.QDCOUNT", - "type": "int" - }, - { - "name": "dns_ancount", - "label": "DNS.ANCOUNT", - "type": "int" - }, - { - "name": "dns_nscount", - "label": "DNS.NSCOUNT", - "type": "int" - }, - { - "name": "dns_arcount", - "label": "DNS.ARCOUNT", - "type": "int" - }, - { - "name": "dns_qname", - "label": "DNS.QNAME", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "dns_qtype", - "label": "DNS.QTYPE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "A" - }, - { - "code": "2", - "value": "NS" - }, - { - "code": "5", - "value": "CNAME" - }, - { - "code": "6", - "value": "SOA" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "12", - "value": "PTR" - }, - { - "code": "13", - "value": "HINFO" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "15", - "value": "MX" - }, - { - "code": "28", - "value": "AAAA" - } - ] - }, - "type": "int" - }, - { - "name": "dns_qclass", - "label": "DNS.QCLASS", - "type": "int" - }, - { - "name": "dns_cname", - "label": "DNS.CNAME", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "dns_sub", - "label": "DNS.SUB", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "DNS" - }, - { - "code": "2", - "value": "DNSSEC" - } - ] - }, - "type": "int" - }, - { - "name": "dns_rr", - "label": "DNS.RR", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_version", - "label": "SSL.Version", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_sni", - "label": "SSL.SNI", - "doc": { - "allow_query": "true", - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "ssl_san", - "label": "SSL.SAN", - "type": "string" - }, - { - "name": "ssl_cn", - "label": "SSL.CN", - "type": "string" - }, - { - "name": "ssl_pinningst", - "label": "SSL.Pinning", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Not Pinning" - }, - { - "code": "1", - "value": "Pinning" - }, - { - "code": "2", - "value": "Maybe Pinning" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_intercept_state", - "label": "SSL.Intercept State", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Passthrough" - }, - { - "code": "1", - "value": "Intercept" - }, - { - "code": "2", - "value": "Shutdown" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_server_side_latency", - "label": "SSL.Server Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_client_side_latency", - "label": "SSL.Client Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_server_side_version", - "label": "SSL.Server Side Version", - "type": "string" - }, - { - "name": "ssl_client_side_version", - "label": "SSL.Client Side Version", - "type": "string" - }, - { - "name": "ssl_cert_verify", - "label": "SSL.Certificate Verify", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "No" - }, - { - "code": "1", - "value": "Yes" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_error", - "label": "SSL.Error", - "type": "string" - }, - { - "name": "ssl_con_latency_ms", - "label": "SSL.Connection Latency(ms)", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "ssl_ja3_fingerprint", - "label": "SSL.JA3", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "ssl_ja3_hash", - "label": "SSL.JA3 hash", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "ssl_cert_issuer", - "label": "SSL.Issuer", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "ssl_cert_subject", - "label": "SSL.Subject", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "quic_version", - "label": "Quic.Version", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "quic_sni", - "label": "Quic.SNI", - "doc": { - "allow_query": "true", - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "quic_user_agent", - "label": "Quic.User Agent", - "type": "string" - }, - { - "name": "ftp_account", - "label": "FTP.Account", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "ftp_url", - "label": "FTP.URL", - "type": "string" - }, - { - "name": "ftp_content", - "label": "FTP.Content", - "type": "string" - }, - { - "name": "ftp_link_type", - "label": "FTP.Link Type", - "type": "string" - }, - { - "name": "bgp_type", - "label": "BGP.Type", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "bgp_as_num", - "label": "BGP.AS Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "bgp_route", - "label": "BGP.Route", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_account", - "label": "VoIP.Calling Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_account", - "label": "VoIP.Called Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_number", - "label": "VoIP.Calling Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_number", - "label": "VoIP.Called Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_url", - "label": "Streaming.Media URL", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_protocol", - "label": "Streaming.Media Protocol", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "app_extra_info", - "label": "APP.Extra Info", - "type": "string" - }, - { - "name": "sip_call_id", - "label": "SIP.Call-ID", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "sip_originator_description", - "label": "SIP.Originator", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "sip_responder_description", - "label": "SIP.Responder", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "sip_user_agent", - "label": "SIP.User-Agent", - "type": "string" - }, - { - "name": "sip_server", - "label": "SIP.Server", - "type": "string" - }, - { - "name": "sip_originator_sdp_connect_ip", - "label": "SIP.Originator IP", - "type": "string" - }, - { - "name": "sip_originator_sdp_media_port", - "label": "SIP.Originator Port", - "type": "int" - }, - { - "name": "sip_originator_sdp_media_type", - "label": "SIP.Originator Media Type", - "type": "string" - }, - { - "name": "sip_originator_sdp_content", - "label": "SIP.Originator Content", - "type": "string" - }, - { - "name": "sip_responder_sdp_connect_ip", - "label": "SIP.Responder IP", - "type": "string" - }, - { - "name": "sip_responder_sdp_media_port", - "label": "SIP.Responder Port", - "type": "int" - }, - { - "name": "sip_responder_sdp_media_type", - "label": "SIP.Responder Media Type", - "type": "string" - }, - { - "name": "sip_responder_sdp_content", - "label": "SIP.Responder Content", - "type": "string" - }, - { - "name": "sip_duration", - "label": "SIP.Duration", - "type": "int" - }, - { - "name": "sip_bye", - "label": "SIP.Bye", - "type": "string" - }, - { - "name": "rtp_payload_type_c2s", - "label": "RTP.Payload Type(c2s)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_payload_type_s2c", - "label": "RTP.Payload Type(s2c)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_pcap_path", - "label": "RTP.PCAP", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "rtp_originator_dir", - "label": "RTP.Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "unknown" - }, - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - } - ], - "visibility": "hidden" - }, - "type": "int" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/security_event_hits_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/security_event_hits_log.json deleted file mode 100644 index c445244..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/security_event_hits_log.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "type": "record", - "name": "security_event_hits_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "action", - "type": "long" - }, - { - "name": "entrance_id", - "type": "long" - }, - { - "name": "hits", - "type": "long" - }, - { - "name": "c2s_byte_num", - "type": "long" - }, - { - "name": "s2c_byte_num", - "type": "long" - }, - { - "name": "isp", - "type": "string" - }, - { - "name": "policy_id", - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record.json deleted file mode 100644 index 3c8425d..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record.json +++ /dev/null @@ -1,2289 +0,0 @@ -{ - "type": "record", - "name": "session_record", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "index_table": "session_record_common_client_ip,session_record_common_server_ip,session_record_http_domain", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_l4_protocol", - "common_l7_protocol", - "common_device_group", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "ssl_sni", - "ssl_ja3_hash", - "quic_sni", - "quic_version" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_subscriber_id", - "common_sled_ip", - "common_device_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_sessions", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "ssl_sni", - "ssl_ja3_hash", - "quic_sni" - ], - "filters": [ - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_l4_protocol", - "common_l7_protocol", - "common_stream_dir", - "common_direction", - "common_device_group", - "common_sled_ip", - "common_device_id", - "common_schema_type", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "ssl_sni", - "ssl_ja3_hash", - "quic_sni", - "quic_version" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "action": [ - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c" - ] - } - }, - "schema_type": { - "BASE": { - "$ref": "public_schema_info.json#/schema_type/BASE" - }, - "HTTP": { - "$ref": "public_schema_info.json#/schema_type/HTTP" - }, - "MAIL": { - "$ref": "public_schema_info.json#/schema_type/MAIL" - }, - "DNS": { - "$ref": "public_schema_info.json#/schema_type/DNS" - }, - "SSL": { - "$ref": "public_schema_info.json#/schema_type/SSL" - }, - "QUIC": { - "$ref": "public_schema_info.json#/schema_type/QUIC" - }, - "FTP": { - "$ref": "public_schema_info.json#/schema_type/FTP" - }, - "BGP": { - "$ref": "public_schema_info.json#/schema_type/BGP" - }, - "SIP": { - "$ref": "public_schema_info.json#/schema_type/SIP" - }, - "RTP": { - "$ref": "public_schema_info.json#/schema_type/RTP" - }, - "APP": { - "$ref": "public_schema_info.json#/schema_type/APP" - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "common_client_ip", - "common_server_ip", - "common_server_port", - "common_schema_type" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "allow_query": "true", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "allow_query": "true", - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_subscriber_id", - "label": "Subscriber ID", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_imei", - "label": "IMEI", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_imsi", - "label": "IMSI", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_phone_number", - "label": "Phone Number", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_client_ip", - "label": "Client IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn,radius_match", - "appendTo": "common_client_asn,common_subscriber_id" - } - }, - "type": "string" - }, - { - "name": "common_internal_ip", - "label": "Internal IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_client_port", - "label": "Client Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_l4_protocol", - "label": "L4 Protocol", - "type": "string" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_server_ip", - "label": "Server IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "type": "string" - }, - { - "name": "common_server_port", - "label": "Server Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_external_ip", - "label": "External IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_action", - "label": "Action", - "doc": { - "visibility": "hidden", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "type": "int" - }, - { - "name": "common_direction", - "label": "Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_sled_ip", - "label": "Sled IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "common_client_location", - "label": "Client Location", - "type": "string" - }, - { - "name": "common_client_asn", - "label": "Client ASN", - "type": "string" - }, - { - "name": "common_server_location", - "label": "Server Location", - "type": "string" - }, - { - "name": "common_server_asn", - "label": "Server ASN", - "type": "string" - }, - { - "name": "common_sessions", - "label": "Sessions", - "type": "long" - }, - { - "name": "common_c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_num", - "label": "Packets Received", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_num", - "label": "Bytes Received", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_service", - "label": "Service", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_schema_type", - "label": "Schema Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "BASE", - "value": "BASE" - }, - { - "code": "MAIL", - "value": "MAIL" - }, - { - "code": "DNS", - "value": "DNS" - }, - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "SSL", - "value": "SSL" - }, - { - "code": "QUIC", - "value": "QUIC" - }, - { - "code": "FTP", - "value": "FTP" - }, - { - "code": "SIP", - "value": "SIP" - }, - { - "code": "RTP", - "value": "RTP" - }, - { - "code": "APP", - "value": "APP" - } - ], - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_user_tags", - "label": "User Tags", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_sub_action", - "label": "Sub Action", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_id", - "label": "Device ID", - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "label": "ISP", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_device_tag", - "label": "Device Tag", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "type": "string" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_encapsulation", - "label": "Encapsulation", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_app_label", - "label": "Application Label", - "type": "string", - "doc": { - "allow_query": "true" - } - }, - { - "name": "common_tunnels", - "label": "Tunnels", - "type": "string" - }, - { - "name": "common_protocol_label", - "label": "Protocol Label", - "type": "string" - }, - { - "name": "common_app_id", - "label": "Application ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string" - }, - { - "name": "common_app_surrogate_id", - "label": "Surrogate ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "label": "L7 Protocol", - "type": "string" - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "doc": { - "constraints": { - "operator_functions": "has" - }, - "allow_query": "true", - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "label": "Start Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_end_time", - "label": "End Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "type": "long" - }, - { - "name": "common_establish_latency_ms", - "label": "Establish Latency(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_con_duration_ms", - "label": "Duration(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_stream_dir", - "label": "Stream Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ], - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_address_list", - "label": "Address List", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_has_dup_traffic", - "label": "Duplication Traffic", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_stream_error", - "label": "Stream Error", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_stream_trace_id", - "label": "Session ID", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_link_info_c2s", - "label": "Link Info(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_link_info_s2c", - "label": "Link Info(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "label": "Fragmentation Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_ipfrag_num", - "label": "Fragmentation Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_lostlen", - "label": "Sequence Gap Loss(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_lostlen", - "label": "Sequence Gap Loss(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_unorder_num", - "label": "Unorder Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_unorder_num", - "label": "Unorder Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_pkt_retrans", - "label": "Packet Retransmission(c2s)", - "type": "long" - }, - { - "name": "common_s2c_pkt_retrans", - "label": "Packet Retransmission(s2c)", - "type": "long" - }, - { - "name": "common_c2s_byte_retrans", - "label": "Byte Retransmission(c2s)", - "type": "long" - }, - { - "name": "common_s2c_byte_retrans", - "label": "Byte Retransmission(s2c)", - "type": "long" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_first_ttl", - "label": "First TTL", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_processing_time", - "label": "Processing Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "http_url", - "label": "HTTP.URL", - "type": "string" - }, - { - "name": "http_host", - "label": "HTTP.Host", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "http_domain", - "label": "HTTP.Domain", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "http_request_line", - "label": "HTTP.Request Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_line", - "label": "HTTP.Response Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_request_header", - "label": "HTTP.Request Headers", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_header", - "label": "HTTP.Response Headers", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content", - "label": "HTTP.Request Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content_length", - "label": "HTTP.Request Content Length", - "type": "string" - }, - { - "name": "http_request_content_type", - "label": "HTTP.Request Content Type", - "type": "string" - }, - { - "name": "http_response_content", - "label": "HTTP.Response Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_content_length", - "label": "HTTP.Response Content Length", - "type": "string" - }, - { - "name": "http_response_content_type", - "label": "HTTP.Response Content Type", - "type": "string" - }, - { - "name": "http_request_body", - "label": "HTTP.Request Body", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_response_body", - "label": "HTTP.Response Body", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_request_body_key", - "label": "HTTP.Request Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_body_key", - "label": "HTTP.Response Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_proxy_flag", - "label": "HTTP.Proxy Flag", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_sequence", - "label": "HTTP.Sequence", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_snapshot", - "label": "HTTP.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_cookie", - "label": "HTTP.Cookie", - "type": "string" - }, - { - "name": "http_referer", - "label": "HTTP.Referer", - "type": "string" - }, - { - "name": "http_user_agent", - "label": "HTTP.User Agent", - "type": "string" - }, - { - "name": "http_content_length", - "label": "HTTP.Content Length", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_content_type", - "label": "HTTP.Content Type", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_set_cookie", - "label": "HTTP.Set Cookie", - "type": "string" - }, - { - "name": "http_version", - "label": "HTTP.Version", - "type": "string" - }, - { - "name": "http_response_latency_ms", - "label": "HTTP.Response Latency(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "http_session_duration_ms", - "label": "HTTP.Session Duration(ms)", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "http_action_file_size", - "label": "HTTP.Action File Size", - "type": "int" - }, - { - "name": "mail_protocol_type", - "label": "Mail.Protocol Type", - "type": "string" - }, - { - "name": "mail_account", - "label": "Mail.Account", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "mail_from_cmd", - "label": "Mail.From CMD", - "type": "string" - }, - { - "name": "mail_to_cmd", - "label": "Mail.To CMD", - "type": "string" - }, - { - "name": "mail_from", - "label": "Mail.From", - "doc": { - "allow_query": "true", - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_to", - "label": "Mail.To", - "doc": { - "allow_query": "true", - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_cc", - "label": "Mail.CC", - "type": "string" - }, - { - "name": "mail_bcc", - "label": "Mail.BCC", - "type": "string" - }, - { - "name": "mail_subject", - "label": "Mail.Subject", - "doc": { - "allow_query": "true", - "format": { - "functions": "decode_of_base64", - "param": "$.mail_subject_charset" - } - }, - "type": "string" - }, - { - "name": "mail_subject_charset", - "label": "Mail.Subject Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content", - "label": "Mail.Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content_charset", - "label": "Mail.Content Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_name", - "label": "Mail.Attachment", - "doc": { - "format": { - "functions": "decode_of_base64", - "param": "$.mail_attachment_name_charset" - } - }, - "type": "string" - }, - { - "name": "mail_attachment_name_charset", - "label": "Mail.Attachment Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_content", - "label": "Mail.Attachment Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_eml_file", - "label": "Mail.EML File", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "mail_snapshot", - "label": "Mail.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "dns_message_id", - "label": "DNS.Message ID", - "type": "int" - }, - { - "name": "dns_qr", - "label": "DNS.QR", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "RESPONSE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_opcode", - "label": "DNS.OPCODE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "IQUERY" - }, - { - "code": "2", - "value": "STATUS" - }, - { - "code": "5", - "value": "UPDATE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_aa", - "label": "DNS.AA", - "type": "int" - }, - { - "name": "dns_tc", - "label": "DNS.TC", - "type": "int" - }, - { - "name": "dns_rd", - "label": "DNS.RD", - "type": "int" - }, - { - "name": "dns_ra", - "label": "DNS.RA", - "type": "int" - }, - { - "name": "dns_rcode", - "label": "DNS.RCODE", - "type": "int" - }, - { - "name": "dns_qdcount", - "label": "DNS.QDCOUNT", - "type": "int" - }, - { - "name": "dns_ancount", - "label": "DNS.ANCOUNT", - "type": "int" - }, - { - "name": "dns_nscount", - "label": "DNS.NSCOUNT", - "type": "int" - }, - { - "name": "dns_arcount", - "label": "DNS.ARCOUNT", - "type": "int" - }, - { - "name": "dns_qname", - "label": "DNS.QNAME", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "dns_qtype", - "label": "DNS.QTYPE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "A" - }, - { - "code": "2", - "value": "NS" - }, - { - "code": "5", - "value": "CNAME" - }, - { - "code": "6", - "value": "SOA" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "12", - "value": "PTR" - }, - { - "code": "13", - "value": "HINFO" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "15", - "value": "MX" - }, - { - "code": "28", - "value": "AAAA" - } - ] - }, - "type": "int" - }, - { - "name": "dns_qclass", - "label": "DNS.QCLASS", - "type": "int" - }, - { - "name": "dns_cname", - "label": "DNS.CNAME", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "dns_sub", - "label": "DNS.SUB", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "DNS" - }, - { - "code": "2", - "value": "DNSSEC" - } - ] - }, - "type": "int" - }, - { - "name": "dns_rr", - "label": "DNS.RR", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_version", - "label": "SSL.Version", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_sni", - "label": "SSL.SNI", - "doc": { - "allow_query": "true", - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "ssl_san", - "label": "SSL.SAN", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_cn", - "label": "SSL.CN", - "type": "string" - }, - { - "name": "ssl_pinningst", - "label": "SSL.Pinning", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Not Pinning" - }, - { - "code": "1", - "value": "Pinning" - }, - { - "code": "2", - "value": "Maybe Pinning" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_intercept_state", - "label": "SSL.Intercept State", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Passthrough" - }, - { - "code": "1", - "value": "Intercept" - }, - { - "code": "2", - "value": "Shutdown" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_server_side_latency", - "label": "SSL.Server Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_client_side_latency", - "label": "SSL.Client Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_server_side_version", - "label": "SSL.Server Side Version", - "type": "string" - }, - { - "name": "ssl_client_side_version", - "label": "SSL.Client Side Version", - "type": "string" - }, - { - "name": "ssl_cert_verify", - "label": "SSL.Certificate Verify", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "No" - }, - { - "code": "1", - "value": "Yes" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_error", - "label": "SSL.Error", - "type": "string" - }, - { - "name": "ssl_con_latency_ms", - "label": "SSL.Connection Latency(ms)", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "ssl_ja3_fingerprint", - "label": "SSL.JA3", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "ssl_ja3_hash", - "label": "SSL.JA3 hash", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "ssl_cert_issuer", - "label": "SSL.Issuer", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "ssl_cert_subject", - "label": "SSL.Subject", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "quic_version", - "label": "QUIC.Version", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "quic_sni", - "label": "QUIC.SNI", - "doc": { - "allow_query": "true", - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "quic_user_agent", - "label": "QUIC.User Agent", - "type": "string" - }, - { - "name": "ftp_account", - "label": "FTP.Account", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "ftp_url", - "label": "FTP.URL", - "type": "string" - }, - { - "name": "ftp_content", - "label": "FTP.Content", - "type": "string" - }, - { - "name": "ftp_link_type", - "label": "FTP.Link Type", - "type": "string" - }, - { - "name": "bgp_type", - "label": "BGP.Type", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "bgp_as_num", - "label": "BGP.AS Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "bgp_route", - "label": "BGP.Route", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_account", - "label": "VoIP.Calling Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_account", - "label": "VoIP.Called Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_number", - "label": "VoIP.Calling Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_number", - "label": "VoIP.Called Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_url", - "label": "Streaming.Media URL", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_protocol", - "label": "Streaming.Media Protocol", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "app_extra_info", - "label": "APP.Extra Info", - "type": "string" - }, - { - "name": "sip_call_id", - "label": "SIP.Call-ID", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "sip_originator_description", - "label": "SIP.Originator", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "sip_responder_description", - "label": "SIP.Responder", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "sip_user_agent", - "label": "SIP.User-Agent", - "type": "string" - }, - { - "name": "sip_server", - "label": "SIP.Server", - "type": "string" - }, - { - "name": "sip_originator_sdp_connect_ip", - "label": "SIP.Originator IP", - "type": "string" - }, - { - "name": "sip_originator_sdp_media_port", - "label": "SIP.Originator Port", - "type": "int" - }, - { - "name": "sip_originator_sdp_media_type", - "label": "SIP.Originator Media Type", - "type": "string" - }, - { - "name": "sip_originator_sdp_content", - "label": "SIP.Originator Content", - "type": "string" - }, - { - "name": "sip_responder_sdp_connect_ip", - "label": "SIP.Responder IP", - "type": "string" - }, - { - "name": "sip_responder_sdp_media_port", - "label": "SIP.Responder Port", - "type": "int" - }, - { - "name": "sip_responder_sdp_media_type", - "label": "SIP.Responder Media Type", - "type": "string" - }, - { - "name": "sip_responder_sdp_content", - "label": "SIP.Responder Content", - "type": "string" - }, - { - "name": "sip_duration", - "label": "SIP.Duration", - "type": "int" - }, - { - "name": "sip_bye", - "label": "SIP.Bye", - "type": "string" - }, - { - "name": "rtp_payload_type_c2s", - "label": "RTP.Payload Type(c2s)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_payload_type_s2c", - "label": "RTP.Payload Type(s2c)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_pcap_path", - "label": "RTP.PCAP", - "doc": { - "constraints": { - "type": "files" - } - }, - "type": "string" - }, - { - "name": "rtp_originator_dir", - "label": "RTP.Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "unknown" - }, - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - } - ], - "visibility": "hidden" - }, - "type": "int" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record_common_client_ip.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record_common_client_ip.json deleted file mode 100644 index 9184e36..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record_common_client_ip.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "type": "record", - "name": "session_record_common_client_ip", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "index_key": "common_client_ip" - }, - "fields": [ - { - "name": "common_log_id", - "type": "long" - }, - { - "name": "common_recv_time", - "type": "long" - }, - { - "name": "common_server_ip", - "type": "string" - }, - { - "name": "common_client_ip", - "type": "string" - }, - { - "name": "common_sled_ip", - "type": "string" - }, - { - "name": "common_entrance_id", - "type": "int" - }, - { - "name": "common_subscriber_id", - "type": "string" - }, - { - "name": "common_stream_trace_id", - "type": "long" - }, - { - "name": "common_schema_type", - "type": "string" - }, - { - "name": "common_client_port", - "type": "int" - }, - { - "name": "common_server_port", - "type": "int" - }, - { - "name": "common_app_label", - "type": "string" - }, - { - "name": "common_direction", - "type": "int" - }, - { - "name": "http_domain", - "type": "string" - }, - { - "name": "ssl_sni", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record_common_server_ip.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record_common_server_ip.json deleted file mode 100644 index a7c977f..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record_common_server_ip.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "type": "record", - "name": "session_record_common_server_ip", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "index_key": "common_server_ip" - }, - "fields": [ - { - "name": "common_log_id", - "type": "long" - }, - { - "name": "common_recv_time", - "type": "long" - }, - { - "name": "common_server_ip", - "type": "string" - }, - { - "name": "common_client_ip", - "type": "string" - }, - { - "name": "common_sled_ip", - "type": "string" - }, - { - "name": "common_entrance_id", - "type": "int" - }, - { - "name": "common_subscriber_id", - "type": "string" - }, - { - "name": "common_stream_trace_id", - "type": "long" - }, - { - "name": "common_schema_type", - "type": "string" - }, - { - "name": "common_client_port", - "type": "int" - }, - { - "name": "common_server_port", - "type": "int" - }, - { - "name": "common_app_label", - "type": "string" - }, - { - "name": "common_direction", - "type": "int" - }, - { - "name": "http_domain", - "type": "string" - }, - { - "name": "ssl_sni", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record_http_domain.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record_http_domain.json deleted file mode 100644 index 65414ea..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/session_record_http_domain.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "type": "record", - "name": "session_record_http_domain", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "index_key": "http_domain" - }, - "fields": [ - { - "name": "common_log_id", - "type": "long" - }, - { - "name": "common_recv_time", - "type": "long" - }, - { - "name": "common_server_ip", - "type": "string" - }, - { - "name": "common_client_ip", - "type": "string" - }, - { - "name": "common_sled_ip", - "type": "string" - }, - { - "name": "common_entrance_id", - "type": "int" - }, - { - "name": "common_subscriber_id", - "type": "string" - }, - { - "name": "common_stream_trace_id", - "type": "long" - }, - { - "name": "common_schema_type", - "type": "string" - }, - { - "name": "common_client_port", - "type": "int" - }, - { - "name": "common_server_port", - "type": "int" - }, - { - "name": "common_app_label", - "type": "string" - }, - { - "name": "common_direction", - "type": "int" - }, - { - "name": "http_domain", - "type": "string" - }, - { - "name": "ssl_sni", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/sys_packet_capture_event.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/sys_packet_capture_event.json deleted file mode 100644 index 47879de..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/sys_packet_capture_event.json +++ /dev/null @@ -1,801 +0,0 @@ -{ - "type": "record", - "name": "sys_packet_capture_event", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time" - }, - "fields": [ - { - "name": "common_recv_time", - "type": "long", - "doc": { - "allow_query": "true", - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "label": "Receive Time" - }, - { - "name": "common_log_id", - "type": "long", - "doc": { - "allow_query": "true", - "format": { - "functions": "snowflake_id" - } - }, - "label": "Log ID" - }, - { - "name": "common_policy_id", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Policy ID" - }, - { - "name": "common_subscriber_id", - "type": "string", - "doc": { - "allow_query": "true" - }, - "label": "Subscriber ID" - }, - { - "name": "common_imei", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "IMEI" - }, - { - "name": "common_imsi", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "IMSI" - }, - { - "name": "common_phone_number", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "Phone Number" - }, - { - "name": "common_client_ip", - "type": "string", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "label": "Client IP" - }, - { - "name": "common_internal_ip", - "type": "string", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "label": "Internal IP" - }, - { - "name": "common_client_port", - "type": "int", - "label": "Client Port" - }, - { - "name": "common_l4_protocol", - "type": "string", - "label": "L4 Protocol" - }, - { - "name": "common_address_type", - "type": "int", - "doc": { - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "label": "Address Type" - }, - { - "name": "common_server_ip", - "type": "string", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "label": "Server IP" - }, - { - "name": "common_server_port", - "type": "int", - "doc": { - "allow_query": "true" - }, - "label": "Server Port" - }, - { - "name": "common_external_ip", - "type": "string", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "label": "External IP" - }, - { - "name": "common_action", - "type": "int", - "doc": { - "allow_query": "true", - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "label": "Action" - }, - { - "name": "common_direction", - "type": "int", - "doc": { - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "label": "Direction" - }, - { - "name": "common_entrance_id", - "type": "int", - "doc": { - "visibility": "disabled" - }, - "label": "Entrance ID" - }, - { - "name": "common_sled_ip", - "type": "string", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "label": "Sled IP" - }, - { - "name": "common_client_location", - "type": "string", - "label": "Client Location" - }, - { - "name": "common_client_asn", - "type": "string", - "label": "Client ASN" - }, - { - "name": "common_server_location", - "type": "string", - "label": "Server Location" - }, - { - "name": "common_server_asn", - "type": "string", - "label": "Server ASN" - }, - { - "name": "common_sessions", - "type": "long", - "label": "Sessions" - }, - { - "name": "common_c2s_pkt_num", - "type": "long", - "label": "Packets Sent" - }, - { - "name": "common_s2c_pkt_num", - "type": "long", - "label": "Packets Received" - }, - { - "name": "common_c2s_byte_num", - "type": "long", - "label": "Bytes Sent" - }, - { - "name": "common_s2c_byte_num", - "type": "long", - "label": "Bytes Received" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "type": "long" - }, - { - "name": "common_service", - "type": "int", - "doc": { - "visibility": "disabled" - }, - "label": "Service" - }, - { - "name": "common_schema_type", - "type": "string", - "doc": { - "data": [ - { - "code": "BASE", - "value": "BASE" - }, - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "MAIL", - "value": "MAIL" - }, - { - "code": "DNS", - "value": "DNS" - }, - { - "code": "SSL", - "value": "SSL" - }, - { - "code": "FTP", - "value": "FTP" - } - ], - "visibility": "hidden" - }, - "label": "Schema Type" - }, - { - "name": "common_user_tags", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "User Tags" - }, - { - "name": "common_sub_action", - "type": "string", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "label": "Sub Action" - }, - { - "name": "common_user_region", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "User Region" - }, - { - "name": "common_device_id", - "type": "string", - "label": "Device ID" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "ISP" - }, - { - "name": "common_device_tag", - "type": "string", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "label": "Device Tag" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - } - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - } - }, - "type": "string" - }, - { - "name": "common_encapsulation", - "type": "int", - "doc": { - "data": [ - { - "code": "0", - "value": "Ethernet" - }, - { - "code": "8", - "value": "PPP" - }, - { - "code": "12", - "value": "CiscoHDLC" - } - ] - }, - "label": "Encapsulation" - }, - { - "name": "common_app_label", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "Application Label" - }, - { - "name": "common_tunnels", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "Tunnels" - }, - { - "name": "common_protocol_label", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "Protocol Label" - }, - { - "name": "common_app_id", - "type": "string", - "label": "Application ID", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_app_surrogate_id", - "type": "string", - "label": "Surrogate ID", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "type": "string", - "label": "L7 Protocol" - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "type": "long", - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "hidden" - }, - "label": "Start Time" - }, - { - "name": "common_end_time", - "type": "long", - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "hidden" - }, - "label": "End Time" - }, - { - "name": "common_establish_latency_ms", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Establish Latency(ms)" - }, - { - "name": "common_con_duration_ms", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Duration(ms)" - }, - { - "name": "common_stream_dir", - "type": "int", - "doc": { - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ] - }, - "label": "Stream Direction" - }, - { - "name": "common_address_list", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "Address List" - }, - { - "name": "common_has_dup_traffic", - "type": "int", - "doc": { - "data": [ - { - "code": "0", - "value": "No" - }, - { - "code": "1", - "value": "Yes" - } - ], - "visibility": "hidden" - }, - "label": "Duplication Traffic" - }, - { - "name": "common_stream_error", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "Stream Error" - }, - { - "name": "common_stream_trace_id", - "type": "long", - "doc": { - "allow_query": "true" - }, - "label": "Session ID" - }, - { - "name": "common_link_info_c2s", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "Link Info(c2s)" - }, - { - "name": "common_link_info_s2c", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "Link Info(s2c)" - }, - { - "name": "common_c2s_ipfrag_num", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Fragmentation Packets(c2s)" - }, - { - "name": "common_s2c_ipfrag_num", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Fragmentation Packets(s2c)" - }, - { - "name": "common_c2s_tcp_lostlen", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Sequence Gap Loss(c2s)" - }, - { - "name": "common_s2c_tcp_lostlen", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Sequence Gap Loss(s2c)" - }, - { - "name": "common_c2s_tcp_unorder_num", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Unorder Packets(c2s)" - }, - { - "name": "common_s2c_tcp_unorder_num", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Unorder Packets(s2c)" - }, - { - "name": "common_c2s_pkt_retrans", - "type": "long", - "label": "Packet Retransmission(c2s)" - }, - { - "name": "common_s2c_pkt_retrans", - "type": "long", - "label": "Packet Retransmission(s2c)" - }, - { - "name": "common_c2s_byte_retrans", - "type": "long", - "label": "Byte Retransmission(c2s)" - }, - { - "name": "common_s2c_byte_retrans", - "type": "long", - "label": "Byte Retransmission(s2c)" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_first_ttl", - "type": "int", - "doc": { - "visibility": "hidden" - }, - "label": "First TTL" - }, - { - "name": "common_processing_time", - "type": "long", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "label": "Processing Time" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "nic_name", - "type": "string", - "label": "Nic Name" - }, - { - "name": "origin_source_mac", - "type": "string", - "label": "Origin Source Mac" - }, - { - "name": "origin_dest_mac", - "type": "string", - "label": "Origin Dest Mac" - }, - { - "name": "packet_url", - "type": "string", - "label": "Packet URL" - }, - { - "name": "pcap_storage_task_id", - "type": "int", - "label": "Task ID" - }, - { - "name": "pcap_storage_duration", - "type": "int", - "label": "Duration" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/sys_storage_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/sys_storage_log.json deleted file mode 100644 index 3bb3224..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/sys_storage_log.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "type": "record", - "name": "sys_storage_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "log_type", - "type": "string" - }, - { - "name": "data_center", - "type": "string" - }, - { - "name": "max_size", - "type": "long" - }, - { - "name": "used_size", - "type": "long" - }, - { - "name": "aggregate_size", - "type": "long" - }, - { - "name": "last_storage", - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/tables_cluster.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/tables_cluster.json deleted file mode 100644 index 4765d85..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/tables_cluster.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "namespace": "system", - "type": "record", - "name": "tables_cluster", - "fields": [ - { - "name": "database", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_client_ip_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_client_ip_log.json deleted file mode 100644 index 78f3867..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_client_ip_log.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "type": "record", - "name": "top_client_ip_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "source", - "type": "string" - }, - { - "name": "session_num", - "type": "long" - }, - { - "name": "order_by", - "type": "string" - }, - { - "name": "c2s_pkt_num", - "type": "long" - }, - { - "name": "s2c_pkt_num", - "type": "long" - }, - { - "name": "c2s_byte_num", - "type": "long" - }, - { - "name": "s2c_byte_num", - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_external_host_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_external_host_log.json deleted file mode 100644 index 68c229e..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_external_host_log.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "type": "record", - "name": "top_external_host_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "c2s_byte_num", - "type": "long" - }, - { - "name": "c2s_pkt_num", - "type": "long" - }, - { - "name": "destination", - "type": "string" - }, - { - "name": "order_by", - "type": "string" - }, - { - "name": "s2c_byte_num", - "type": "long" - }, - { - "name": "s2c_pkt_num", - "type": "long" - }, - { - "name": "session_num", - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_internal_host_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_internal_host_log.json deleted file mode 100644 index 75347a5..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_internal_host_log.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "type": "record", - "name": "top_internal_host_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "c2s_byte_num", - "type": "long" - }, - { - "name": "c2s_pkt_num", - "type": "long" - }, - { - "name": "order_by", - "type": "string" - }, - { - "name": "s2c_byte_num", - "type": "long" - }, - { - "name": "s2c_pkt_num", - "type": "long" - }, - { - "name": "session_num", - "type": "long" - }, - { - "name": "source", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_server_ip_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_server_ip_log.json deleted file mode 100644 index 74258f1..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_server_ip_log.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "type": "record", - "name": "top_server_ip_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "destination", - "type": "string" - }, - { - "name": "order_by", - "type": "string" - }, - { - "name": "session_num", - "type": "long" - }, - { - "name": "c2s_pkt_num", - "type": "long" - }, - { - "name": "s2c_pkt_num", - "type": "long" - }, - { - "name": "c2s_byte_num", - "type": "long" - }, - { - "name": "s2c_byte_num", - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_urls_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_urls_log.json deleted file mode 100644 index 7a0cc9b..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_urls_log.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "type": "record", - "name": "top_urls_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "session_num", - "type": "long" - }, - { - "name": "url", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_user_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_user_log.json deleted file mode 100644 index ebddb24..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_user_log.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "type": "record", - "name": "top_user_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "c2s_byte_num", - "type": "long" - }, - { - "name": "c2s_pkt_num", - "type": "long" - }, - { - "name": "order_by", - "type": "string" - }, - { - "name": "s2c_byte_num", - "type": "long" - }, - { - "name": "s2c_pkt_num", - "type": "long" - }, - { - "name": "session_num", - "type": "long" - }, - { - "name": "subscriber_id", - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_website_domain_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_website_domain_log.json deleted file mode 100644 index df86ea9..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/top_website_domain_log.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "type": "record", - "name": "top_website_domain_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "c2s_byte_num", - "type": "long" - }, - { - "name": "c2s_pkt_num", - "type": "long" - }, - { - "name": "domain", - "type": "string" - }, - { - "name": "order_by", - "type": "string" - }, - { - "name": "s2c_byte_num", - "type": "long" - }, - { - "name": "s2c_pkt_num", - "type": "long" - }, - { - "name": "session_num", - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_app_stat_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_app_stat_log.json deleted file mode 100644 index 083ef7b..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_app_stat_log.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "type": "record", - "name": "traffic_app_stat_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "app_name", - "type": "string" - }, - { - "name": "sub_app_name", - "type": "string" - }, - { - "name": "session_num", - "type": "long" - }, - { - "name": "c2s_pkt_num", - "type": "long" - }, - { - "name": "s2c_pkt_num", - "type": "long" - }, - { - "name": "c2s_byte_num", - "type": "long" - }, - { - "name": "s2c_byte_num", - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_metrics_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_metrics_log.json deleted file mode 100644 index 6e0a690..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_metrics_log.json +++ /dev/null @@ -1,214 +0,0 @@ -{ - "type": "record", - "name": "traffic_metrics_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "allow_conn_num", - "type": "long" - }, - { - "name": "allow_in_bytes", - "type": "long" - }, - { - "name": "allow_in_packets", - "type": "long" - }, - { - "name": "allow_out_bytes", - "type": "long" - }, - { - "name": "allow_out_packets", - "type": "long" - }, - { - "name": "close_conn_num", - "type": "long" - }, - { - "name": "default_conn_num", - "type": "long" - }, - { - "name": "default_in_bytes", - "type": "long" - }, - { - "name": "default_in_packets", - "type": "long" - }, - { - "name": "default_out_bytes", - "type": "long" - }, - { - "name": "default_out_packets", - "type": "long" - }, - { - "name": "deny_conn_num", - "type": "long" - }, - { - "name": "deny_in_bytes", - "type": "long" - }, - { - "name": "deny_in_packets", - "type": "long" - }, - { - "name": "deny_out_bytes", - "type": "long" - }, - { - "name": "deny_out_packets", - "type": "long" - }, - { - "name": "device_id", - "type": "string" - }, - { - "name": "entrance_id", - "type": "long" - }, - { - "name": "intercept_conn_num", - "type": "long" - }, - { - "name": "intercept_in_bytes", - "type": "long" - }, - { - "name": "intercept_in_packets", - "type": "long" - }, - { - "name": "intercept_out_bytes", - "type": "long" - }, - { - "name": "intercept_out_packets", - "type": "long" - }, - { - "name": "established_conn_num", - "type": "long" - }, - { - "name": "monitor_conn_num", - "type": "long" - }, - { - "name": "monitor_in_bytes", - "type": "long" - }, - { - "name": "monitor_in_packets", - "type": "long" - }, - { - "name": "monitor_out_bytes", - "type": "long" - }, - { - "name": "monitor_out_packets", - "type": "long" - }, - { - "name": "new_conn_num", - "type": "long" - }, - { - "name": "total_in_bytes", - "type": "long" - }, - { - "name": "total_in_packets", - "type": "long" - }, - { - "name": "total_out_bytes", - "type": "long" - }, - { - "name": "total_out_packets", - "type": "long" - }, - { - "name": "alert_bytes", - "type": "long" - }, - { - "name": "hijk_bytes", - "type": "long" - }, - { - "name": "ins_bytes", - "type": "long" - }, - { - "name": "intcp_allow_num", - "type": "long" - }, - { - "name": "intcp_deny_num", - "type": "long" - }, - { - "name": "intcp_hijk_num", - "type": "long" - }, - { - "name": "intcp_ins_num", - "type": "long" - }, - { - "name": "intcp_mon_num", - "type": "long" - }, - { - "name": "intcp_rdirt_num", - "type": "long" - }, - { - "name": "intcp_repl_num", - "type": "long" - }, - { - "name": "maybe_pinning_num", - "type": "long" - }, - { - "name": "not_pinning_num", - "type": "long" - }, - { - "name": "pinning_num", - "type": "long" - }, - { - "name": "ad_cc_bytes", - "type": "long" - }, - { - "name": "ad_flood_bytes", - "type": "long" - }, - { - "name": "ad_reflection_bytes", - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_protocol_stat_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_protocol_stat_log.json deleted file mode 100644 index d37b603..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_protocol_stat_log.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "type": "record", - "name": "traffic_protocol_stat_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "protocol_id", - "type": "string" - }, - { - "name": "isp", - "type": "string" - }, - { - "name": "entrance_id", - "type": "long" - }, - { - "name": "data_center", - "type": "string" - }, - { - "name": "device_group", - "type": "string" - }, - { - "name": "sessions", - "type": "long" - }, - { - "name": "c2s_pkt_num", - "type": "long" - }, - { - "name": "s2c_pkt_num", - "type": "long" - }, - { - "name": "c2s_byte_num", - "type": "long" - }, - { - "name": "s2c_byte_num", - "type": "long" - }, - { - "name": "c2s_ipfrag_num", - "type": "long" - }, - { - "name": "s2c_ipfrag_num", - "type": "long" - }, - { - "name": "c2s_tcp_lostlen", - "type": "long" - }, - { - "name": "s2c_tcp_lostlen", - "type": "long" - }, - { - "name": "c2s_tcp_unorder_num", - "type": "long" - }, - { - "name": "s2c_tcp_unorder_num", - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_summary_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_summary_log.json deleted file mode 100644 index 26088b8..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_summary_log.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "type": "record", - "name": "traffic_summary_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "isp", - "type": "string" - }, - { - "name": "entrance_id", - "type": "long" - }, - { - "name": "device_group", - "type": "string" - }, - { - "name": "data_center", - "type": "string" - }, - { - "name": "schema_type", - "type": "string" - }, - { - "name": "ip_object", - "type": "string" - }, - { - "name": "sessions", - "type": "long" - }, - { - "name": "c2s_pkt_num", - "type": "long" - }, - { - "name": "s2c_pkt_num", - "type": "long" - }, - { - "name": "c2s_byte_num", - "type": "long" - }, - { - "name": "s2c_byte_num", - "type": "long" - }, - { - "name": "one_sided_connections", - "type": "long" - }, - { - "name": "uncategorized_bytes", - "type": "long" - }, - { - "name": "fragmentation_packets", - "type": "long" - }, - { - "name": "sequence_gap_loss", - "type": "long" - }, - { - "name": "unorder_packets", - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_top_destination_ip_metrics_log.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_top_destination_ip_metrics_log.json deleted file mode 100644 index ece6294..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/traffic_top_destination_ip_metrics_log.json +++ /dev/null @@ -1,46 +0,0 @@ -{ - "type": "record", - "name": "traffic_top_destination_ip_metrics_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "type": "long" - }, - { - "name": "common_sled_ip", - "type": "string" - }, - { - "name": "common_data_center", - "type": "string" - }, - { - "name": "destination_ip", - "type": "string" - }, - { - "name": "attack_type", - "type": "string" - }, - { - "name": "session_rate", - "type": "long" - }, - { - "name": "packet_rate", - "type": "long" - }, - { - "name": "bit_rate", - "type": "long" - }, - { - "name": "partition_num", - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/transaction_record.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/transaction_record.json deleted file mode 100644 index 9ecc324..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/transaction_record.json +++ /dev/null @@ -1,1508 +0,0 @@ -{ - "type": "record", - "name": "transaction_record", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_stream_trace_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_l4_protocol", - "common_l7_protocol", - "common_device_group", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_subscriber_id", - "common_sled_ip", - "common_device_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_sessions", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url" - ], - "filters": [ - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_l4_protocol", - "common_l7_protocol", - "common_stream_dir", - "common_direction", - "common_device_group", - "common_sled_ip", - "common_device_id", - "common_schema_type", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "action": [ - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c" - ] - } - }, - "schema_type": { - "BASE": { - "$ref": "public_schema_info.json#/schema_type/BASE" - }, - "HTTP": { - "$ref": "public_schema_info.json#/schema_type/HTTP" - }, - "MAIL": { - "$ref": "public_schema_info.json#/schema_type/MAIL" - }, - "DNS": { - "$ref": "public_schema_info.json#/schema_type/DNS" - }, - "SSL": { - "$ref": "public_schema_info.json#/schema_type/SSL" - }, - "QUIC": { - "$ref": "public_schema_info.json#/schema_type/QUIC" - }, - "FTP": { - "$ref": "public_schema_info.json#/schema_type/FTP" - }, - "BGP": { - "$ref": "public_schema_info.json#/schema_type/BGP" - }, - "SIP": { - "$ref": "public_schema_info.json#/schema_type/SIP" - }, - "RTP": { - "$ref": "public_schema_info.json#/schema_type/RTP" - }, - "APP": { - "$ref": "public_schema_info.json#/schema_type/APP" - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "common_client_ip", - "common_server_ip", - "common_server_port", - "common_schema_type" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "type": "long", - "doc": { - "allow_query": "true", - "constraints": { - "type": "timestamp" - } - }, - "label": "Receive Time" - }, - { - "name": "common_log_id", - "type": "long", - "doc": { - "allow_query": "true", - "format": { - "functions": "snowflake_id" - } - }, - "label": "Log ID" - }, - { - "name": "common_policy_id", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Policy ID" - }, - { - "name": "common_subscriber_id", - "type": "string", - "doc": { - "allow_query": "true" - }, - "label": "Subscriber ID" - }, - { - "name": "common_imei", - "type": "string", - "doc": { - "allow_query": "true" - }, - "label": "IMEI" - }, - { - "name": "common_imsi", - "type": "string", - "doc": { - "allow_query": "true" - }, - "label": "IMSI" - }, - { - "name": "common_phone_number", - "type": "string", - "doc": { - "allow_query": "true" - }, - "label": "Phone Number" - }, - { - "name": "common_client_ip", - "type": "string", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn,radius_match", - "appendTo": "common_client_asn,common_subscriber_id" - } - }, - "label": "Client IP" - }, - { - "name": "common_internal_ip", - "type": "string", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "label": "Internal IP" - }, - { - "name": "common_client_port", - "type": "int", - "doc": { - "allow_query": "true" - }, - "label": "Client Port" - }, - { - "name": "common_l4_protocol", - "type": "string", - "label": "L4 Protocol" - }, - { - "name": "common_address_type", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "label": "Address Type" - }, - { - "name": "common_server_ip", - "type": "string", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "label": "Server IP" - }, - { - "name": "common_server_port", - "type": "int", - "doc": { - "allow_query": "true" - }, - "label": "Server Port" - }, - { - "name": "common_external_ip", - "type": "string", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "label": "External IP" - }, - { - "name": "common_action", - "type": "int", - "doc": { - "visibility": "hidden", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "label": "Action" - }, - { - "name": "common_direction", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "label": "Direction" - }, - { - "name": "common_entrance_id", - "type": "int", - "doc": { - "visibility": "disabled" - }, - "label": "Entrance ID" - }, - { - "name": "common_sled_ip", - "type": "string", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "label": "Sled IP" - }, - { - "name": "common_client_location", - "type": "string", - "label": "Client Location" - }, - { - "name": "common_client_asn", - "type": "string", - "label": "Client ASN" - }, - { - "name": "common_server_location", - "type": "string", - "label": "Server Location" - }, - { - "name": "common_server_asn", - "type": "string", - "label": "Server ASN" - }, - { - "name": "common_sessions", - "type": "long", - "label": "Sessions" - }, - { - "name": "common_c2s_pkt_num", - "type": "long", - "label": "Packets Sent" - }, - { - "name": "common_s2c_pkt_num", - "type": "long", - "label": "Packets Received" - }, - { - "name": "common_c2s_byte_num", - "type": "long", - "label": "Bytes Sent" - }, - { - "name": "common_s2c_byte_num", - "type": "long", - "label": "Bytes Received" - }, - { - "name": "common_c2s_pkt_diff", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Packets Sent(Diff)" - }, - { - "name": "common_s2c_pkt_diff", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Packets Received(Diff)" - }, - { - "name": "common_c2s_byte_diff", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Bytes Sent(Diff)" - }, - { - "name": "common_s2c_byte_diff", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Bytes Received(Diff)" - }, - { - "name": "common_service", - "type": "int", - "doc": { - "visibility": "disabled" - }, - "label": "Service" - }, - { - "name": "common_schema_type", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "BASE", - "value": "BASE" - }, - { - "code": "DNS", - "value": "DNS" - }, - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "SIP", - "value": "SIP" - } - ], - "allow_query": "true" - }, - "label": "Schema Type" - }, - { - "name": "common_user_tags", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "User Tags" - }, - { - "name": "common_sub_action", - "type": "string", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "label": "Sub Action" - }, - { - "name": "common_user_region", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "User Region" - }, - { - "name": "common_device_id", - "type": "string", - "label": "Device ID" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "ISP" - }, - { - "name": "common_device_tag", - "type": "string", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "label": "Device Tag" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_encapsulation", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "label": "Encapsulation" - }, - { - "name": "common_app_label", - "type": "string", - "label": "Application Label" - }, - { - "name": "common_tunnels", - "type": "string", - "label": "Tunnels" - }, - { - "name": "common_protocol_label", - "type": "string", - "label": "Protocol Label" - }, - { - "name": "common_app_id", - "type": "string", - "label": "Application ID", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_app_surrogate_id", - "type": "string", - "label": "Surrogate ID", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "type": "string", - "label": "L7 Protocol" - }, - { - "name": "common_service_category", - "type": { - "type": "array", - "items": "int" - }, - "doc": { - "constraints": { - "operator_functions": "has" - }, - "allow_query": "true", - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "label": "FQDN Category" - }, - { - "name": "common_start_time", - "type": "long", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "label": "Start Time" - }, - { - "name": "common_end_time", - "type": "long", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "label": "End Time" - }, - { - "name": "common_establish_latency_ms", - "type": "long", - "label": "Establish Latency(ms)" - }, - { - "name": "common_con_duration_ms", - "type": "long", - "label": "Duration(ms)" - }, - { - "name": "common_stream_dir", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ], - "allow_query": "true" - }, - "label": "Stream Direction" - }, - { - "name": "common_address_list", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "Address List" - }, - { - "name": "common_has_dup_traffic", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "label": "Duplication Traffic" - }, - { - "name": "common_stream_error", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "Stream Error" - }, - { - "name": "common_stream_trace_id", - "type": "long", - "doc": { - "allow_query": "true" - }, - "label": "Session ID" - }, - { - "name": "common_link_info_c2s", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "Link Info(c2s)" - }, - { - "name": "common_link_info_s2c", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "Link Info(s2c)" - }, - { - "name": "common_c2s_ipfrag_num", - "type": "long", - "label": "Fragmentation Packets(c2s)" - }, - { - "name": "common_s2c_ipfrag_num", - "type": "long", - "label": "Fragmentation Packets(s2c)" - }, - { - "name": "common_c2s_tcp_lostlen", - "type": "long", - "label": "Sequence Gap Loss(c2s)" - }, - { - "name": "common_s2c_tcp_lostlen", - "type": "long", - "label": "Sequence Gap Loss(s2c)" - }, - { - "name": "common_c2s_tcp_unorder_num", - "type": "long", - "label": "Unorder Packets(c2s)" - }, - { - "name": "common_s2c_tcp_unorder_num", - "type": "long", - "label": "Unorder Packets(s2c)" - }, - { - "name": "common_c2s_pkt_retrans", - "type": "long", - "label": "Packet Retransmission(c2s)" - }, - { - "name": "common_s2c_pkt_retrans", - "type": "long", - "label": "Packet Retransmission(s2c)" - }, - { - "name": "common_c2s_byte_retrans", - "type": "long", - "label": "Byte Retransmission(c2s)" - }, - { - "name": "common_s2c_byte_retrans", - "type": "long", - "label": "Byte Retransmission(s2c)" - }, - { - "name": "common_tcp_client_isn", - "type": "long", - "doc": { - "allow_query": "true" - }, - "label": "TCP Client ISN" - }, - { - "name": "common_tcp_server_isn", - "type": "long", - "doc": { - "allow_query": "true" - }, - "label": "TCP Server ISN" - }, - { - "name": "common_first_ttl", - "type": "int", - "doc": { - "visibility": "hidden" - }, - "label": "First TTL" - }, - { - "name": "common_processing_time", - "type": "long", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "label": "Processing Time" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "http_url", - "type": "string", - "label": "HTTP.URL" - }, - { - "name": "http_host", - "type": "string", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "label": "HTTP.Host" - }, - { - "name": "http_domain", - "type": "string", - "doc": { - "allow_query": "true" - }, - "label": "HTTP.Domain" - }, - { - "name": "http_request_line", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "HTTP.Request Line" - }, - { - "name": "http_response_line", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "HTTP.Response Line" - }, - { - "name": "http_request_header", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Request Headers" - }, - { - "name": "http_response_header", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Response Headers" - }, - { - "name": "http_request_content", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Request Content" - }, - { - "name": "http_request_content_length", - "label": "HTTP.Request Content Length", - "type": "string" - }, - { - "name": "http_request_content_type", - "label": "HTTP.Request Content Type", - "type": "string" - }, - { - "name": "http_response_content", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Response Content" - }, - { - "name": "http_response_content_length", - "label": "HTTP.Response Content Length", - "type": "string" - }, - { - "name": "http_response_content_type", - "label": "HTTP.Response Content Type", - "type": "string" - }, - { - "name": "http_request_body", - "type": "string", - "doc": { - "constraints": { - "type": "file" - } - }, - "label": "HTTP.Request Body" - }, - { - "name": "http_response_body", - "type": "string", - "doc": { - "constraints": { - "type": "file" - } - }, - "label": "HTTP.Response Body" - }, - { - "name": "http_request_body_key", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "HTTP.Request Body Key" - }, - { - "name": "http_response_body_key", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "HTTP.Response Body Key" - }, - { - "name": "http_proxy_flag", - "type": "int", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Proxy Flag" - }, - { - "name": "http_sequence", - "type": "int", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Sequence" - }, - { - "name": "http_snapshot", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Snapshot" - }, - { - "name": "http_cookie", - "type": "string", - "label": "HTTP.Cookie" - }, - { - "name": "http_referer", - "type": "string", - "label": "HTTP.Referer" - }, - { - "name": "http_user_agent", - "type": "string", - "label": "HTTP.User Agent" - }, - { - "name": "http_content_length", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Content Length" - }, - { - "name": "http_content_type", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Content Type" - }, - { - "name": "http_set_cookie", - "type": "string", - "label": "HTTP.Set Cookie" - }, - { - "name": "http_version", - "type": "string", - "label": "HTTP.Version" - }, - { - "name": "http_response_latency_ms", - "type": "long", - "label": "HTTP.Response Latency(ms)" - }, - { - "name": "http_session_duration_ms", - "type": "long", - "label": "HTTP.Session Duration(ms)" - }, - { - "name": "http_action_file_size", - "type": "int", - "label": "HTTP.Action File Size" - }, - { - "name": "dns_message_id", - "type": "int", - "label": "DNS.Message ID" - }, - { - "name": "dns_qr", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "RESPONSE" - } - ] - }, - "label": "DNS.QR" - }, - { - "name": "dns_opcode", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "IQUERY" - }, - { - "code": "2", - "value": "STATUS" - }, - { - "code": "5", - "value": "UPDATE" - } - ] - }, - "label": "DNS.OPCODE" - }, - { - "name": "dns_aa", - "type": "int", - "label": "DNS.AA" - }, - { - "name": "dns_tc", - "type": "int", - "label": "DNS.TC" - }, - { - "name": "dns_rd", - "type": "int", - "label": "DNS.RD" - }, - { - "name": "dns_ra", - "type": "int", - "label": "DNS.RA" - }, - { - "name": "dns_rcode", - "type": "int", - "label": "DNS.RCODE" - }, - { - "name": "dns_qdcount", - "type": "int", - "label": "DNS.QDCOUNT" - }, - { - "name": "dns_ancount", - "type": "int", - "label": "DNS.ANCOUNT" - }, - { - "name": "dns_nscount", - "type": "int", - "label": "DNS.NSCOUNT" - }, - { - "name": "dns_arcount", - "type": "int", - "label": "DNS.ARCOUNT" - }, - { - "name": "dns_qname", - "type": "string", - "label": "DNS.QNAME" - }, - { - "name": "dns_qtype", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "A" - }, - { - "code": "2", - "value": "NS" - }, - { - "code": "5", - "value": "CNAME" - }, - { - "code": "6", - "value": "SOA" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "12", - "value": "PTR" - }, - { - "code": "13", - "value": "HINFO" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "15", - "value": "MX" - }, - { - "code": "28", - "value": "AAAA" - } - ] - }, - "label": "DNS.QTYPE" - }, - { - "name": "dns_qclass", - "type": "int", - "label": "DNS.QCLASS" - }, - { - "name": "dns_cname", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "DNS.CNAME" - }, - { - "name": "dns_sub", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "DNS" - }, - { - "code": "2", - "value": "DNSSEC" - } - ] - }, - "label": "DNS.SUB" - }, - { - "name": "dns_rr", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "DNS.RR" - }, - { - "name": "sip_call_id", - "type": "string", - "label": "SIP.Call-ID" - }, - { - "name": "sip_originator_description", - "type": "string", - "label": "SIP.Originator" - }, - { - "name": "sip_responder_description", - "type": "string", - "label": "SIP.Responder" - }, - { - "name": "sip_user_agent", - "type": "string", - "label": "SIP.User-Agent" - }, - { - "name": "sip_server", - "type": "string", - "label": "SIP.Server" - }, - { - "name": "sip_originator_sdp_connect_ip", - "type": "string", - "label": "SIP.Originator IP" - }, - { - "name": "sip_originator_sdp_media_port", - "type": "int", - "label": "SIP.Originator Port" - }, - { - "name": "sip_originator_sdp_media_type", - "type": "string", - "label": "SIP.Originator Media Type" - }, - { - "name": "sip_originator_sdp_content", - "type": "string", - "label": "SIP.Originator Content" - }, - { - "name": "sip_responder_sdp_connect_ip", - "type": "string", - "label": "SIP.Responder IP" - }, - { - "name": "sip_responder_sdp_media_port", - "type": "int", - "label": "SIP.Responder Port" - }, - { - "name": "sip_responder_sdp_media_type", - "type": "string", - "label": "SIP.Responder Media Type" - }, - { - "name": "sip_responder_sdp_content", - "type": "string", - "label": "SIP.Responder Content" - }, - { - "name": "sip_duration", - "type": "int", - "label": "SIP.Duration" - }, - { - "name": "sip_bye", - "type": "string", - "label": "SIP.Bye" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/version.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/version.json deleted file mode 100644 index c3e8fb3..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/version.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "product": "185 Environment", - "version": "21.07", - "registered": "Geedge", - "updated": "2021-08-01 00:00:00", - "components": { - "oss": [ - { - "name": "zookeeper", - "version": "3.4.10", - "licenseType": "Apache License 2.0", - "description": "分布式应用程序协调服务" - }, - { - "name": "kafka", - "version": "1.0.0", - "licenseType": "Apache License 2.0", - "description": "消息队列" - }, - { - "name": "habse", - "version": "2.2.3", - "licenseType": "Apache License 2.0", - "description": "用于文件系统和存储Radius数据" - }, - { - "name": "flink", - "version": "1.13.1", - "licenseType": "Apache License 2.0", - "description": "日志补全传输" - }, - { - "name": "clickhouse", - "version": "20.3.12.112", - "licenseType": "Apache License 2.0", - "description": "原始日志数据库" - }, - { - "name": "druid", - "version": "0.18.1", - "licenseType": "Apache License 2.0", - "description": "分析实时数据并提供低延迟查询的OLAP应用程序" - }, - { - "name": "gohangout", - "version": "1.15.2.20210408", - "description": "动态获取原始日志表schema入库程序" - } - ], - "apps": [ - { - "name": "galaxy-qgw-service", - "version": "348", - "description": "数据平台对外统一查询网关" - }, - { - "name": "galaxy-report-service", - "version": "21.09.13", - "description": "自定义报表查询服务" - }, - { - "name": "galaxy-hos-service", - "version": "21.10.01", - "description": "对象存储服务" - }, - { - "name": "galaxy-job-admin", - "version": "v1.3.20210408", - "description": "分布式任务调度平台" - }, - { - "name": "galaxy-job-executor", - "version": "v1.3.210922", - "description": "分布式任务调度平台-执行器" - } - ], - "tasks": [ - { - "name": "flink", - "version": "flink-config-21.10", - "description": "原始日志补全、subscriber更新、Radius上下线功能" - }, - { - "name": "druid", - "version": "druid-config-21.10", - "description": "所有分析日志任务" - }, - { - "name": "gohangout", - "version": "gohangout-config-21.10", - "description": "原始日志入库、上下线日志入库" - } - ] - } -}
\ No newline at end of file diff --git a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/voip_record.json b/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/voip_record.json deleted file mode 100644 index af6d4d0..0000000 --- a/galaxy-qgw-service/config/nacos/config/fixed-10.224.11.244_8848-National-Center_nacos/snapshot-tenant/National-Center/Galaxy/voip_record.json +++ /dev/null @@ -1,1377 +0,0 @@ -{ - "type": "record", - "name": "voip_record", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_l4_protocol", - "common_l7_protocol", - "common_device_group", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "sip_call_id", - "sip_originator_description", - "sip_responder_description", - "sip_user_agent", - "sip_server", - "sip_duration", - "sip_bye", - "rtp_payload_type_c2s", - "rtp_payload_type_s2c", - "rtp_originator_dir" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_subscriber_id", - "common_sled_ip", - "common_device_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_sessions", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "sip_call_id", - "sip_originator_description", - "sip_responder_description", - "sip_user_agent", - "sip_server", - "sip_duration" - ], - "filters": [ - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_l4_protocol", - "common_l7_protocol", - "common_stream_dir", - "common_direction", - "common_device_group", - "common_sled_ip", - "common_device_id", - "common_schema_type", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "sip_call_id", - "sip_originator_description", - "sip_responder_description", - "sip_user_agent", - "sip_server", - "sip_duration", - "sip_bye", - "rtp_payload_type_c2s", - "rtp_payload_type_s2c", - "rtp_originator_dir" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "action": [ - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c" - ] - } - }, - "schema_type": { - "SIP": { - "$ref": "public_schema_info.json#/schema_type/SIP" - }, - "RTP": { - "$ref": "public_schema_info.json#/schema_type/RTP" - }, - "VoIP": { - "$ref": "public_schema_info.json#/schema_type/VoIP" - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "common_client_ip", - "sip_originator_description", - "sip_responder_description", - "sip_call_id", - "common_server_ip", - "common_server_port", - "rtp_pcap_path", - "rtp_originator_dir" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "allow_query": "true", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "allow_query": "true", - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_subscriber_id", - "label": "Subscriber ID", - "doc": { - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_imei", - "label": "IMEI", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_imsi", - "label": "IMSI", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_phone_number", - "label": "Phone Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_client_ip", - "label": "Client IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn,radius_match", - "appendTo": "common_client_asn,common_subscriber_id" - } - }, - "type": "string" - }, - { - "name": "common_internal_ip", - "label": "Internal IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_client_port", - "label": "Client Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_l4_protocol", - "label": "L4 Protocol", - "type": "string" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_server_ip", - "label": "Server IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "type": "string" - }, - { - "name": "common_server_port", - "label": "Server Port", - "doc": { - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_external_ip", - "label": "External IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_action", - "label": "Action", - "doc": { - "visibility": "hidden", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "type": "int" - }, - { - "name": "common_direction", - "label": "Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_sled_ip", - "label": "Sled IP", - "doc": { - "allow_query": "true", - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "common_client_location", - "label": "Client Location", - "type": "string" - }, - { - "name": "common_client_asn", - "label": "Client ASN", - "type": "string" - }, - { - "name": "common_server_location", - "label": "Server Location", - "type": "string" - }, - { - "name": "common_server_asn", - "label": "Server ASN", - "type": "string" - }, - { - "name": "common_sessions", - "label": "Sessions", - "type": "long" - }, - { - "name": "common_c2s_pkt_num", - "label": "Packets Sent", - "type": "long" - }, - { - "name": "common_s2c_pkt_num", - "label": "Packets Received", - "type": "long" - }, - { - "name": "common_c2s_byte_num", - "label": "Bytes Sent", - "type": "long" - }, - { - "name": "common_s2c_byte_num", - "label": "Bytes Received", - "type": "long" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_service", - "label": "Service", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_schema_type", - "label": "Schema Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "VoIP", - "value": "VoIP" - }, - { - "code": "SIP", - "value": "SIP" - }, - { - "code": "RTP", - "value": "RTP" - } - ], - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_user_tags", - "label": "User Tags", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_sub_action", - "label": "Sub Action", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_id", - "label": "Device ID", - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "label": "ISP", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_device_tag", - "label": "Device Tag", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "type": "string" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "allow_query": "true" - }, - "type": "string" - }, - { - "name": "common_encapsulation", - "label": "Encapsulation", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_app_label", - "label": "Application Label", - "type": "string" - }, - { - "name": "common_tunnels", - "label": "Tunnels", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_protocol_label", - "label": "Protocol Label", - "type": "string" - }, - { - "name": "common_app_id", - "label": "Application ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_app_surrogate_id", - "label": "Surrogate ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "label": "L7 Protocol", - "type": "string" - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "doc": { - "constraints": { - "operator_functions": "has" - }, - "visibility": "disabled", - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "label": "Start Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_end_time", - "label": "End Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "type": "long" - }, - { - "name": "common_establish_latency_ms", - "label": "Establish Latency(ms)", - "type": "long" - }, - { - "name": "common_con_duration_ms", - "label": "Duration(ms)", - "type": "long" - }, - { - "name": "common_stream_dir", - "label": "Stream Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ], - "allow_query": "true" - }, - "type": "int" - }, - { - "name": "common_address_list", - "label": "Address List", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_has_dup_traffic", - "label": "Duplication Traffic", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_stream_error", - "label": "Stream Error", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_stream_trace_id", - "label": "Session ID", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_link_info_c2s", - "label": "Link Info(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_link_info_s2c", - "label": "Link Info(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "label": "Fragmentation Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_ipfrag_num", - "label": "Fragmentation Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_lostlen", - "label": "Sequence Gap Loss(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_lostlen", - "label": "Sequence Gap Loss(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_unorder_num", - "label": "Unorder Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_unorder_num", - "label": "Unorder Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_pkt_retrans", - "label": "Packet Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_retrans", - "label": "Packet Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_retrans", - "label": "Byte Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_retrans", - "label": "Byte Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "doc": { - "allow_query": "true" - }, - "type": "long" - }, - { - "name": "common_first_ttl", - "label": "First TTL", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_processing_time", - "label": "Processing Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "sip_call_id", - "label": "SIP.Call-ID", - "type": "string" - }, - { - "name": "sip_originator_description", - "label": "SIP.Originator", - "type": "string" - }, - { - "name": "sip_responder_description", - "label": "SIP.Responder", - "type": "string" - }, - { - "name": "sip_user_agent", - "label": "SIP.User-Agent", - "type": "string" - }, - { - "name": "sip_server", - "label": "SIP.Server", - "type": "string" - }, - { - "name": "sip_originator_sdp_connect_ip", - "label": "SIP.Originator IP", - "type": "string" - }, - { - "name": "sip_originator_sdp_media_port", - "label": "SIP.Originator Port", - "type": "int" - }, - { - "name": "sip_originator_sdp_media_type", - "label": "SIP.Originator Media Type", - "type": "string" - }, - { - "name": "sip_originator_sdp_content", - "label": "SIP.Originator Content", - "type": "string" - }, - { - "name": "sip_responder_sdp_connect_ip", - "label": "SIP.Responder IP", - "type": "string" - }, - { - "name": "sip_responder_sdp_media_port", - "label": "SIP.Responder Port", - "type": "int" - }, - { - "name": "sip_responder_sdp_media_type", - "label": "SIP.Responder Media Type", - "type": "string" - }, - { - "name": "sip_responder_sdp_content", - "label": "SIP.Responder Content", - "type": "string" - }, - { - "name": "sip_duration", - "label": "SIP.Duration", - "type": "int" - }, - { - "name": "sip_bye", - "label": "SIP.Bye", - "type": "string" - }, - { - "name": "rtp_payload_type_c2s", - "label": "RTP.Payload Type(c2s)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_payload_type_s2c", - "label": "RTP.Payload Type(s2c)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_pcap_path", - "label": "RTP.PCAP", - "doc": { - "constraints": { - "type": "files" - } - }, - "type": "string" - }, - { - "name": "rtp_originator_dir", - "label": "RTP.Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "unknown" - }, - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - } - ] - }, - "type": "int" - } - ] -}
\ No newline at end of file diff --git a/galaxy-qgw-service/schema/bifang-api b/galaxy-qgw-service/schema/bifang-api deleted file mode 100644 index 9ff0973..0000000 --- a/galaxy-qgw-service/schema/bifang-api +++ /dev/null @@ -1,152 +0,0 @@ -#系统标题 -app_name=Tiangou Secure Gateway -#token超时时间 -token_timeout=1800 -#minio配置 -minio_url=http://10.224.11.249:9090 -minio_accessKey=minio -minio_mimaKey=123456789 -minio_bucketName=tsg -#证书存放路径 -cert_file_path=/opt/tsg/bifang/api/certFile/cert/ -cert_validate_file=x509 -cert_validate_success_info=Successful -#银河数据库API地址 -yh_data_url_log=http://10.224.11.244:9999 -#银河数据库API返回格式 -yh_data_format_log=json -#real-time:实时查询 long-term:离线查询 -yh_data_option_log=real-time -#日志表导出时每次最多导出数据量 -yh_data_export_num=100000 -#导出最大行数 -max_export_rows=10000000 -#long-term:离线查询 -yh_data_format_long_term=long-term -#echartsJS路径 -echartsJS_path=/opt/tsg/bifang/api/js/echarts-convert/echarts/ -#TOT用户输入Code码后锁定时间(单位s) -TOT_LOCK_TIME=180 -#TOT用户TOT_USER_TIME秒内重试次数 -TOT_USER_COUNT=5 -#TOT用户密匙 -TOT_SECRET_KEY=FPK3NGDG55PM6SD5W4OJBTMVMUWSSGL62W2PLJH2PMEICBCCZNVQ -#TOT对应用户表UserName -TOT_USER_MAPPING=TotPUser -#TOT重试时间段(单位s) -TOT_USER_TIME=60 -#TOTPKeyValidTime(s) -TOT_CLOCK_TIME=180 -#influxdb密码 -influx_password=tsg2019 -##influxdb账号 -influx_user=admin -#influxdb地址 -influx_url=http://192.168.40.210:58086/ -#influxdb 库 -influx_database=tsg_stat -#策略对象导出分页查询每次查询数据量(合理设置可加快导出效率) -export_page_size=500000 -#oam_api公共url -OAM_API_ADDRESS=http://192.168.40.210:50080/tsgoam -sub_group_allow_level=5 -sub_group_level=2 -corelation_level=5 -#银河数据库支持查询schema的表.以,分割 -log_schema_table_name=security_event,proxy_event,dos_event,active_defence_event,wannat_event,session_record,interim_session_record,transaction_record,radius_record,voip_record,gtpc_record -#银河数据库schema缓存时间(秒) -log_schema_cache_time=300 -#银河数据库schema查询URI -log_schema_uri=/metadata/schema/v1/fields/ -#功能端策略验证URI -policy_verify_uri=http://10.224.11.249:9994/v1/policy/verify -#捕包策略时长 -packet_capture_duration=86400 -#报告table类型top默认值 -report_table_top=500 -#报告柱图top默认值 -report_bar_top=50 -#报告饼图top默认值 -report_pie_top=50 -#二次分组时最大默认值 -report_max=100000 -#ip上限 -ip_upper_limit=200000 -#url上限 -url_upper_limit=5000000 -#fqdn上限 -fqdn_upper_limit=200000 -#account上限 -account_upper_limit=200000 -#keyword上限 -keywords_upper_limit=200000 -#signature上限 -http_signature_upper_limit=200000 -#subscriberId上限 -subscriberid_upper_limit=200000 -#url、ip、fqdn、account、keyword、signature、subscriberId以外的其他Item导入上限 -other_upper_limit=2000000 -#Fingerprint上限 -fingerprint_upper_limit=50000 -#apn上限 -apn_upper_limit=100000 -#imsi上限 -imsi_upper_limit=100000 -#phone上限 -phone_number_upper_limit=100000 -#自定义fqdn上限 -fqdn_category_user_defined_upper_limit=100000 -#ip_learning上限 -ip_learning_upper_limit=100000 -#geo_location上限 -geo_location_upper_limit=100000 -#app_id上限 -app_id_upper_limit=100000 -#app_selector上限 -app_selector_upper_limit=100000 -#fqdn_category上限 -fqdn_category_upper_limit=100000 -#as_number上限 -as_number_upper_limit=100000 -#file_type上限 -file_type_upper_limit=100000 -#file_size上限 -file_size_upper_limit=100000 -#功能端策略配置上限 -policy_upper_limit=1000000 -#用户自定义APP上限 -app_upper_limit=2000 -#用户自定义APP单次导入上限 -imp_app_upper_limit=100 -#用户自定义APP特征上限 -app_sig_upper_limit=2000 -#测试IP地址可达性第三方接口URL -policy_test_ip_reachability_url=http://192.168.40.133:8888/v1/policy/profile/wannat/testip/reachability -cache_certificate_max_rows=10000 -vpn_server_ip=["1.2.3.4"] -layer2_natgw_ip=["1.2.3.4/32"] -#文件下载url路径 -downloadFileUrl=https://10.224.11.249/filedownload?url= -#consul ip地址 -consul_ip=192.168.40.204 -#consul 端口 -consul_port=8500 -#kafka生产者(kafkaTemplate)使用的地址 -spring_kafka_bootstrap_servers=10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094 -#证书的的topic -certificate_info_topic=PXY-EXCH-INTERMEDIA-CERT -#groupid -kafka_consumer_group_id=tsg-consumer-cert -yh_data_option_valid=syntax-validation -minio_bucketName_settings=settings -#系统语言设置 -sys_language=[{"value": "zh","label": "简体中文" },{"value": "rn","label": "русский"},{"value": "en","label": "English"}] -#2fa名称配置 -tsg_2fa_name=tsg -#kafka认证信息 -sasl_jaas_config_info=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="galaxy2019"; -#查询WANNAT Access Servers信息 -wannat_access_server_url=http://10.224.11.55:8000/v1/wannat/access_servers -showCopyright=disable -# 设备标签 -device_tags=[{"tagName":"Device Group","tagValue":"device_group","tagType":"device_group","subTags":[{"tagName":"Bole-IGW","tagValue":"BOL-IGW","tagType":"device_group","subTags":null},{"tagName":"Shashamane-IGW","tagValue":"SSM-IGW","tagType":"device_group","subTags":null},{"tagName":"Microwave-IGW","tagValue":"MWV-IGW","tagType":"device_group","subTags":null},{"tagName":"Bahir Dar-IGW","tagValue":"BJR-IGW","tagType":"device_group","subTags":null},{"tagName":"Bole","tagValue":"BOL-PE","tagType":"device_group","subTags":null},{"tagName":"Legehar","tagValue":"LGH-PE","tagType":"device_group","subTags":null},{"tagName":"Old Airport","tagValue":"OAP-PE","tagType":"device_group","subTags":null},{"tagName":"Microwave","tagValue":"MVW-PE","tagType":"device_group","subTags":null},{"tagName":"Nefas Silk","tagValue":"NFS-PE","tagType":"device_group","subTags":null},{"tagName":"Ambo","tagValue":"AMB-PE","tagType":"device_group","subTags":null},{"tagName":"Dire Dawa","tagValue":"DIR-PE","tagType":"device_group","subTags":null},{"tagName":"Adama","tagValue":"ADM-PE","tagType":"device_group","subTags":null},{"tagName":"Shashamane","tagValue":"SSM-PE","tagType":"device_group","subTags":null},{"tagName":"Nekemte","tagValue":"NEK-PE","tagType":"device_group","subTags":null},{"tagName":"Microwave GGSN","tagValue":"MWV-GGSN","tagType":"device_group","subTags":null},{"tagName":"Kirkos GGSN","tagValue":"KKS-GGSN","tagType":"device_group","subTags":null},{"tagName":"Nefas Silk GGSN","tagValue":"NFS-GGSN","tagType":"device_group","subTags":null},{"tagName":"Kirkos","tagValue":"KKS-PE","tagType":"device_group","subTags":null},{"tagName":"Yeka","tagValue":"YKA-PE","tagType":"device_group","subTags":null},{"tagName":"Arada","tagValue":"ARD-PE","tagType":"device_group","subTags":null},{"tagName":"Jijiga","tagValue":"JIJ-PE","tagType":"device_group","subTags":null},{"tagName":"Dessie","tagValue":"DSE-PE","tagType":"device_group","subTags":null},{"tagName":"Mekele","tagValue":"MQX-PE","tagType":"device_group","subTags":null},{"tagName":"Debre Markos","tagValue":"DBM-PE","tagType":"device_group","subTags":null},{"tagName":"Bahir Dar","tagValue":"BJR-PE","tagType":"device_group","subTags":null},{"tagName":"Gondar","tagValue":"GDQ-PE","tagType":"device_group","subTags":null},{"tagName":"Hawasa","tagValue":"HWS-PE","tagType":"device_group","subTags":null},{"tagName":"Sodo","tagValue":"SXU-PE","tagType":"device_group","subTags":null},{"tagName":"Jimma","tagValue":"JIM-PE","tagType":"device_group","subTags":null},{"tagName":"Dire Dawa-IGW","tagValue":"DIR-IGW","tagType":"device_group","subTags":null}]}]
\ No newline at end of file diff --git a/galaxy-qgw-service/schema/galaxy-hos-service.yml b/galaxy-qgw-service/schema/galaxy-hos-service.yml deleted file mode 100644 index a9c72dd..0000000 --- a/galaxy-qgw-service/schema/galaxy-hos-service.yml +++ /dev/null @@ -1,88 +0,0 @@ -#服务端口 -server: - port: 8186 - tomcat: - max-threads: 200 -#tomcat缓存大小,单位KB系统默认10M,配置10g -tomcat: - cacheMaxSize: 3000000 -#hbase参数 -hbase: - zookeeper_quorum: 10.224.11.11,10.224.11.12,10.224.11.13 - zookeeper_property_clientPort: 2181 - zookeeper_znode_parent: /hbase - client_retries_number: 3 - rpc_timeout: 100000 - connect_pool: 5 - client_write_buffer: 10485760 - client_keyvalue_maxsize: 1024000000 - #批量获取数量 - get_batch: 200 - #hbase索引表前缀,前缀为以下的都为索引表 - time_index_table_prefix: index_time_ - filename_index_table_prefix: index_filename_ - partfile_index_table_prefix: index_partfile_ - system_bucket_meta: system:bucket_meta - #创建表预分区时的分区,为空则不分区 - region_start_key: 4,8,c - filename_head: 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f - #获取文件大小的目录 - hbasePath: /hbase - #1是集群0是单机,主要针对存储配额获取方式 - standone: 1 - #hadoop集群namenode节点 - namenodes: 10.224.11.32,10.224.11.33 - #hadoop端口 - hadoop_port: 9000 - #建表时是否打开hbase wal,1打开,0关闭 - openWal: 0 -#是否打开验证,0打开,打开需要使用S3身份验证或者token访问服务 -auth: - open: 0 -hos: - #批量删除对象的最大数量 - deleteMultipleNumber: 1000 - #获取对象列表等操作的最大值 - maxResultLimit: 10000 - #分块上传的最大分块数 - maxPartNumber: 1000 - #追加上传的最大次数 - maxPosition: 100000 - #存放对象的用户自定义元数据的请求头 - metaHeader: x-hos-meta-message - #存放对象信息的请求头 - objectInfo: x-hos-object-info - #是否打开对象列表查询功能,1打开 - simple: 1 - #是否打开限流,1打开 - openRateLimiter: 0 - #限流每秒请求数 - rateLimiterQps: 20000 - #hos验证 - token: c21f969b5f03d33d43e04f8f136e7682 - #用户白名单(hbase的namespace),获取存储配额 - users: default - #元数据存储占比 - metaProportion: 0.03 - #展示追加文件丢失块的最大数量 - lostPartsCount: 10 -#设置上传文件大小的最大值 -spring: - servlet: - multipart: - max-file-size: 1024MB - max-request-size: 1024MB -#Prometheus参数 - application: - name: HosServiceApplication -#Prometheus参数 -management: - endpoints: - web: - exposure: - include: '*' - metrics: - tags: - application: ${spring.application.name} -logging: - config: ./config/log4j2-dev.xml
\ No newline at end of file diff --git a/galaxy-qgw-service/schema/galaxy-job-admin.properties b/galaxy-qgw-service/schema/galaxy-job-admin.properties deleted file mode 100644 index 1d04071..0000000 --- a/galaxy-qgw-service/schema/galaxy-job-admin.properties +++ /dev/null @@ -1,73 +0,0 @@ -### web -server.port=8184 -server.servlet.context-path=/xxl-job-admin -spring.application.name=galaxy-job-admin -### actuator -management.server.servlet.context-path=/actuator -management.health.mail.enabled=false -management.endpoints.web.exposure.include=* -#详细的应用健康信息 prometheus -management.endpoint.health.show-details=always - -management.endpoint.metrics.enabled=true -management.endpoint.prometheus.enabled=true -management.metrics.export.prometheus.enabled=true -management.metrics.tags.application=${spring.application.name} -management.metrics.tags.module=${spring.application.name} - - -### resources -spring.mvc.servlet.load-on-startup=0 -spring.mvc.static-path-pattern=/static/** -spring.resources.static-locations=classpath:/static/ - -### freemarker -spring.freemarker.templateLoaderPath=classpath:/templates/ -spring.freemarker.suffix=.ftl -spring.freemarker.charset=UTF-8 -spring.freemarker.request-context-attribute=request -spring.freemarker.settings.number_format=0.########## - -### mybatis -mybatis.mapper-locations=classpath:/mybatis-mapper/*Mapper.xml -#mybatis.type-aliases-package=com.xxl.job.admin.core.model - -### xxl-job, datasource -spring.datasource.url=jdbc:mysql://10.224.11.244:3306/xxl_job?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&serverTimezone=GMT -spring.datasource.username=root -spring.datasource.password=galaxy2019 -spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver - -### datasource-pool -spring.datasource.type=com.zaxxer.hikari.HikariDataSource -spring.datasource.hikari.minimum-idle=10 -spring.datasource.hikari.maximum-pool-size=100 -spring.datasource.hikari.auto-commit=true -spring.datasource.hikari.idle-timeout=30000 -spring.datasource.hikari.pool-name=HikariCP -spring.datasource.hikari.max-lifetime=900000 -spring.datasource.hikari.connection-timeout=30000 -spring.datasource.hikari.connection-test-query=SELECT 1 - -### xxl-job, email -spring.mail.host=smtp.qq.com -spring.mail.port=25 -spring.mail.password=xxx -spring.mail.properties.mail.smtp.auth=true -spring.mail.properties.mail.smtp.starttls.enable=true -spring.mail.properties.mail.smtp.starttls.required=true -spring.mail.properties.mail.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory - -### xxl-job, access token -xxl.job.accessToken= - -### xxl-job, i18n (default is zh_CN, and you can choose "zh_CN", "zh_TC" and "en") -xxl.job.i18n=zh_CN - -## xxl-job, triggerpool max size -xxl.job.triggerpool.fast.max=200 -xxl.job.triggerpool.slow.max=100 - -### xxl-job, log retention days -xxl.job.logretentiondays=30 diff --git a/galaxy-qgw-service/schema/galaxy-job-executor.properties b/galaxy-qgw-service/schema/galaxy-job-executor.properties deleted file mode 100644 index b9180bb..0000000 --- a/galaxy-qgw-service/schema/galaxy-job-executor.properties +++ /dev/null @@ -1,65 +0,0 @@ -################################静态参数配置(修改后需要重启项目)################################ -### web port -server.port = 8185 -spring.application.name=galaxy-job-executor -### actuator -management.server.servlet.context-path=/actuator -management.health.mail.enabled=false -management.endpoints.web.exposure.include=* -#详细的应用健康信息 -management.endpoint.health.show-details=always -management.endpoint.metrics.enabled=true -management.endpoint.prometheus.enabled=true -management.metrics.export.prometheus.enabled=true -management.metrics.tags.application=${spring.application.name} -zookeeper.server=10.224.11.11:2181,10.224.11.12:2181,10.224.11.13:2181 - -################################动态参数配置(修改后不需要重启项目)################################ -##存储配额文件服务器 -storge.files.hos-server=National-Center|10.224.11.244:9098,BOL-IGW|10.225.12.4:9098,SSM-IGW|10.226.12.4:9098,MWV-IGW|10.227.12.4:9098,BJR-IGW|10.228.12.4:9098,BOL-PE|10.229.12.4:9098,LGH-PE|10.230.12.4:9098,OAP-PE|10.231.12.4:9098,KKS-PE|10.232.12.4:9098,MVW-PE|10.233.12.4:9098,YKA-PE|10.234.12.4:9098,ARD-PE|10.235.12.4:9098,NFS-PE|10.236.12.4:9098,AMB-PE|10.237.12.4:9098,DIR-PE|10.238.12.4:9098,JIJ-PE|10.239.12.4:9098,DSE-PE|10.240.12.4:9098,MQX-PE|10.241.12.4:9098,DBM-PE|10.242.12.4:9098,BJR-PE|10.243.12.4:9098,GDQ-PE|10.244.12.4:9098,ADM-PE|10.245.12.4:9098,SSM-PE|10.246.12.4:9098,HWS-PE|10.247.12.4:9098,SXU-PE|10.248.12.4:9098,JIM-PE|10.249.12.4:9098,NEK-PE|10.250.12.4:9098,MWV-GGSN|10.251.12.4:9098,KKS-GGSN|10.252.12.4:9098,NFS-GGSN|10.253.12.4:9098 -storge.files.token=c21f969b5f03d33d43e04f8f136e7682 -##存储配额查询druid -storge.analytic.server=National-Center|10.224.11.244:8089 -##存储配额查询clickhouse -storge.traffic.server=National-Center|10.224.11.244:8124 -storge.traffic.datasource=tsg_galaxy_v3 -storge.traffic.username=default -storge.traffic.password=galaxy2019 -#删除ttl -storge.traffic.system.parts=system.parts -#存储配额查询 -storge.traffic.system.partsclusters=system.parts_cluster -storge.traffic.system.disks=system.disks_cluster -storge.traffic.system.tables=system.tables -storge.traffic.system.clusters=system.clusters -#删除ttl白名单 -storge.files.delete.exclusion= -storge.analytic.delete.exclusion=traffic_metrics_log -storge.taffic.delete.exclusion= -### xxl-job admin address list, such as "http://address" or "http://address01,http://address02" -xxl.job.admin.addresses=http://10.224.11.244:8181/xxl-job-admin -### xxl-job, access token -xxl.job.accessToken= -### xxl-job executor registry-address: default use address to registry , otherwise use ip:po -xxl.job.executor.appname=galaxy-executor -### xxl-job executor registry-address: default use address to registry , otherwise use ip:port if address is null -xxl.job.executor.address= -### xxl-job executor server-info -xxl.job.executor.ip= -xxl.job.executor.port=8886 -### xxl-job executor log-path -xxl.job.executor.logpath=/data/logs/jobhandler -### xxl-job executor log-retention-days -xxl.job.executor.logretentiondays=30 -## http pool config -### max connection number -http.pool.max.connection=500 -http.pool.request.timeout=120000 -http.pool.response.timeout=300000 -http.pool.max.per.route=300 -http.pool.connect.timeout=10000 -##指定kafka server的地址,集群配多个,中间,逗号隔开 -spring.kafka.bootstrap-servers=10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094 -spring.kafka.ssl.enable=true -spring.kafka.ssl.username=admin -spring.kafka.ssl.pin=galaxy2019
\ No newline at end of file diff --git a/galaxy-qgw-service/schema/galaxy-report-service.yml b/galaxy-qgw-service/schema/galaxy-report-service.yml deleted file mode 100644 index a9edeae..0000000 --- a/galaxy-qgw-service/schema/galaxy-report-service.yml +++ /dev/null @@ -1,123 +0,0 @@ -#http的端口 -server: - port: 9093 -#更新进度条的时间10s -scan: - result: - scheduled: - plan: 0/15 * * * * ? -#同时间执行是线程数 -globle: - job_thread: 2 -#Hbasehttp的端口 -#Hbase的表名等配置通畅不需要更改 -hbase: - table: tsg:report_result - zookeeper_quorum: 10.224.11.11,10.224.11.12,10.224.11.13 - zookeeper_property_clientPort: 2181 - zookeeper_znode_parent: /hbase - client_retries_number: 3 - rpc_timeout: 100000 - connect_pool: 10 -#查询网关ip -ck: - gateway_ip: 10.224.11.244:9999 - -#zk集群的ip -zookeeper: - connectString: 10.224.11.11:2181,10.224.11.12:2181,10.224.11.13:2181 -#是否启用zookeeper 0启用(集群) 1禁用(单机) - open: 0 - retryCount: 6 - elapsedTimeMs: 10000 - sessionTimeoutMs: 50000 - connectionTimeoutMs: 50000 - nameSpace: reportservice - -#最大连接数 -http: - maxTotal: 300 -#并发数 - defaultMaxPerRoute: 100 -#创建连接的最长时间 - connectTimeout: 10000 -#从连接池中获取到连接的最长时间 - connectionRequestTimeout: 10000 -#数据传输的最长时间 - socketTimeout: 21605000 -#提交请求前测试连接是否可用 - staleConnectionCheckEnabled: true - socketTimeoutShort: 30000 - -#mariadb的url -spring: - application: - name: galaxy_report_service - - datasource: - url: jdbc:mariadb://10.224.11.249:3306/tsg-bifang?serverTimezone=GMT&useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&failOverReadOnly=false -#mariadb的用户名 - username: root -#mariadb的密码 - password: Bifang&*() - -#以下配置不需要更改通常 - name: druidDataSource - type: com.alibaba.druid.pool.DruidDataSource - driver-class-name: org.mariadb.jdbc.Driver - -#配置监控统计拦截的filters,去掉后监控界面SQL无法进行统计,’wall’用于防火墙 - druid: - filters: stat,wall,slf4j - #最大连接数 - max-active: 30 - #最小连接数 - min-idle: 1 - #初始化连接数 - initial-size: 2 - #获取连接最大超时时间 - max-wait: 600000 - #间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 - time-between-eviction-runs-millis: 60000 - # 一个连接在池中最小生存的时间,单位是毫秒 - min-evictable-idle-time-millis: 300000 - #验证连接是否可用,在数据库中执行一条sql - validation-query: select 1 - #建议配置为true,不影响性能,并且保证安全性。申请连接的时候检测,如果空闲时间大于timeBetweenEvictionRunsMillis, - # 执行validationQuery检测连接是否有效 - test-while-idle: true - #申请连接时执行validationQuery检测连接是否有效,做了这个配置会降低性能 - test-on-borrow: true - test-on-return: false - connection-properties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500 - #是否开启WebStatFilter - web-stat-filter: - enabled: true - #设置不统计哪些URL(用于排除一些不必要的url) - exclusions: "*.js,*.gif,*.jpg,*..ng,*.css,*.ico,/druid/*" - #是否开启Druid监控信息显示页面 - stat-view-servlet: - enabled: true - #甚至浏览器访问路径 - url-pattern: /druid/* - #禁止手动重置监控数据 - reset-enable: false - #durid-ui页面账户密码 - login-username: admin - login-password: admin - #Spring监控,对内部各接口调用的监控,需要导入aop相关包 - aop-patterns: com.mesa.reportservice.controller.*,com.mesa.reportservice.service.*,com.mesa.reportservice.mapper.* -mybatis: - typeAliasesPackage: com.mesa.reportservice.bean - mapperLocations: classpath*:/mappers/*.xml -management: - endpoints: - web: - exposure: - include: "*" - metrics: - tags: - application: galaxy_report_service - -logging: - config: ./config/log4j2-dev.xml
\ No newline at end of file diff --git a/topology/NC/flink-top/old/flink-sql-xj.sql b/topology/NC/flink-top/old/flink-sql-xj.sql deleted file mode 100644 index 00a0be8..0000000 --- a/topology/NC/flink-top/old/flink-sql-xj.sql +++ /dev/null @@ -1,365 +0,0 @@ ---通联: -CREATE TABLE session_record_completed_log( -common_schema_type VARCHAR, -common_recv_time BIGINT, -common_client_ip VARCHAR, -common_server_ip VARCHAR, -http_host VARCHAR, -http_domain VARCHAR, -common_l4_protocol VARCHAR, -common_internal_ip VARCHAR, -common_external_ip VARCHAR, -common_subscriber_id VARCHAR, -common_sessions BIGINT, -common_c2s_pkt_num BIGINT, -common_s2c_pkt_num BIGINT, -common_c2s_byte_num BIGINT, -common_s2c_byte_num BIGINT, -common_processing_time BIGINT, -stat_time as TO_TIMESTAMP(FROM_UNIXTIME(common_recv_time)), -WATERMARK FOR stat_time AS stat_time - INTERVAL '1' MINUTE) -WITH( -'connector' = 'kafka', -'properties.group.id' = 'kafka-indexing-service-20210929-1', -'topic' = 'CONNECTION-RECORD-COMPLETED-LOG', --- 'properties.bootstrap.servers' = '192.168.44.11:9092', -'properties.bootstrap.servers' = '10.111.200.135:9092,10.111.200.136:9092,10.111.200.137:9092,10.111.200.138:9092,10.111.200.139:9092,10.111.200.140:9092,10.111.200.141:9092,10.111.200.142:9092,10.111.200.143:9092,10.111.200.144:9092,10.111.200.145:9092,10.111.200.146:9092,10.111.200.147:9092,10.111.200.148:9092,10.111.200.149:9092,10.111.200.150:9092,10.111.200.151:9092,10.111.200.152:9092,10.111.200.153:9092,10.111.200.154:9092,10.111.200.155:9092,10.111.200.156:9092,10.111.200.158:9092,10.111.200.159:9092,10.111.200.160:9092,10.111.200.161:9092,10.111.200.162:9092,10.111.200.163:9092,10.111.200.164:9092', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'scan.startup.mode' = 'latest-offset', -'format' = 'json' -'sink.parallelism'= '60' -); - - ---client: -CREATE TABLE top_client_ip_log( -source VARCHAR, -session_num BIGINT, -c2s_pkt_num BIGINT, -s2c_pkt_num BIGINT, -c2s_byte_num BIGINT, -s2c_byte_num BIGINT, -order_by VARCHAR, -stat_time BIGINT, -PRIMARY KEY (stat_time) NOT ENFORCED -)WITH( -'connector' = 'upsert-kafka', -'topic' = 'TOP-CLIENT-IP-LOG-FLINK', ---'properties.bootstrap.servers' = '10.111.136.193:9092', -'properties.bootstrap.servers' = '10.111.136.193:9092,10.111.136.194:9092,10.111.136.195:9092,10.111.136.196:9092,10.111.136.197:9092,10.111.136.198:9092,10.111.136.199:9092,10.111.136.200:9092,10.111.136.201:9092,10.111.136.203:9092,10.111.136.204:9092,10.111.136.205:9092,10.111.136.206:9092,10.111.136.207:9092,10.111.136.202:9092', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_client_ip_view as -SELECT common_client_ip as source,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_l4_protocol = 'IPv6_TCP' or common_l4_protocol = 'IPv4_TCP' -group by common_client_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_client_ip_log -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000); - - ---server: -CREATE TABLE top_server_ip_log( -destination VARCHAR, -session_num BIGINT, -c2s_pkt_num BIGINT, -s2c_pkt_num BIGINT, -c2s_byte_num BIGINT, -s2c_byte_num BIGINT, -order_by VARCHAR, -stat_time BIGINT, -PRIMARY KEY (stat_time) NOT ENFORCED -)WITH( -'connector' = 'upsert-kafka', -'topic' = 'TOP-SERVER-IP-LOG-FLINK', ---'properties.bootstrap.servers' = '10.111.136.193:9092', -'properties.bootstrap.servers' = '10.111.136.193:9092,10.111.136.194:9092,10.111.136.195:9092,10.111.136.196:9092,10.111.136.197:9092,10.111.136.198:9092,10.111.136.199:9092,10.111.136.200:9092,10.111.136.201:9092,10.111.136.203:9092,10.111.136.204:9092,10.111.136.205:9092,10.111.136.206:9092,10.111.136.207:9092,10.111.136.202:9092', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_server_ip_view as -SELECT common_server_ip as `destination`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_l4_protocol = 'IPv6_TCP' or common_l4_protocol = 'IPv4_TCP' -group by common_server_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_server_ip_log -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000) -union all -(SELECT destination, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -destination, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000); - - ---internal -CREATE TABLE top_internal_ip_log ( - source VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-INTERNAL-HOST-LOG-FLINK', ---'properties.bootstrap.servers' = '10.111.136.193:9092', -'properties.bootstrap.servers' = '10.111.136.193:9092,10.111.136.194:9092,10.111.136.195:9092,10.111.136.196:9092,10.111.136.197:9092,10.111.136.198:9092,10.111.136.199:9092,10.111.136.200:9092,10.111.136.201:9092,10.111.136.203:9092,10.111.136.204:9092,10.111.136.205:9092,10.111.136.206:9092,10.111.136.207:9092,10.111.136.202:9092', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_common_internal_ip_view as -SELECT common_internal_ip as `source`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_internal_ip<>'' -group by common_internal_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_internal_ip_log -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000); - - ---external: -CREATE TABLE top_external_ip_log ( - destination VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-EXTERNAL-HOST-LOG-FLINK', --- 'properties.bootstrap.servers' = '10.111.136.193:9092', -'properties.bootstrap.servers' = '10.111.136.193:9092,10.111.136.194:9092,10.111.136.195:9092,10.111.136.196:9092,10.111.136.197:9092,10.111.136.198:9092,10.111.136.199:9092,10.111.136.200:9092,10.111.136.201:9092,10.111.136.203:9092,10.111.136.204:9092,10.111.136.205:9092,10.111.136.206:9092,10.111.136.207:9092,10.111.136.202:9092', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_common_external_ip_view as -SELECT common_external_ip as `destination`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_external_ip<>'' -group by common_external_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_external_ip_log -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000); - - ---website_domain -CREATE TABLE top_website_domain_log ( - domain VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-WEBSITE-DOMAIN-LOG-FLINK', -'properties.bootstrap.servers' = '10.111.136.193:9092,10.111.136.194:9092,10.111.136.195:9092,10.111.136.196:9092,10.111.136.197:9092,10.111.136.198:9092,10.111.136.199:9092,10.111.136.200:9092,10.111.136.201:9092,10.111.136.203:9092,10.111.136.204:9092,10.111.136.205:9092,10.111.136.206:9092,10.111.136.207:9092,10.111.136.202:9092', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_website_domain_view as -SELECT http_domain as `domain`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where http_domain<>'' -group by http_domain,TUMBLE(stat_time,INTERVAL '5' MINUTE); - - -INSERT INTO top_website_domain_log -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000) -union all -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000) -union all -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000); - - ---user: -CREATE TABLE top_user_log ( - subscriber_id VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-USER-LOG-FLINK', ---'properties.bootstrap.servers' = '10.111.136.193:9092', -'properties.bootstrap.servers' = '10.111.136.193:9092,10.111.136.194:9092,10.111.136.195:9092,10.111.136.196:9092,10.111.136.197:9092,10.111.136.198:9092,10.111.136.199:9092,10.111.136.200:9092,10.111.136.201:9092,10.111.136.203:9092,10.111.136.204:9092,10.111.136.205:9092,10.111.136.206:9092,10.111.136.207:9092,10.111.136.202:9092', -'properties.security.protocol'='SASL_PLAINTEXT', -operties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - - -CREATE VIEW top_user_log_view as -SELECT common_subscriber_id as `subscriber_id`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_subscriber_id <>'' -group by common_subscriber_id,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_user_log -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000) -union all -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000) -union all -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000); - diff --git a/topology/NC/flink-top/old/kafka-flinksql-test.sql b/topology/NC/flink-top/old/kafka-flinksql-test.sql deleted file mode 100644 index 501d1f6..0000000 --- a/topology/NC/flink-top/old/kafka-flinksql-test.sql +++ /dev/null @@ -1,359 +0,0 @@ ---通联: -CREATE TABLE session_record_completed_log( -common_schema_type VARCHAR, -common_recv_time BIGINT, -common_client_ip VARCHAR, -common_server_ip VARCHAR, -http_host VARCHAR, -http_domain VARCHAR, -common_l4_protocol VARCHAR, -common_internal_ip VARCHAR, -common_external_ip VARCHAR, -common_subscriber_id VARCHAR, -common_sessions BIGINT, -common_c2s_pkt_num BIGINT, -common_s2c_pkt_num BIGINT, -common_c2s_byte_num BIGINT, -common_s2c_byte_num BIGINT, -common_processing_time BIGINT, -stat_time as TO_TIMESTAMP(FROM_UNIXTIME(common_recv_time)), -WATERMARK FOR stat_time AS stat_time - INTERVAL '1' MINUTE) -WITH( -'connector' = 'kafka', -'properties.group.id' = 'kafka-indexing-service', -'topic' = 'CONNECTION-RECORD-COMPLETED', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'scan.startup.mode' = 'latest-offset', -'format' = 'json', -'sink.parallelism'= '60' -); - - ---client: -CREATE TABLE top_client_ip_log( -source VARCHAR, -session_num BIGINT, -c2s_pkt_num BIGINT, -s2c_pkt_num BIGINT, -c2s_byte_num BIGINT, -s2c_byte_num BIGINT, -order_by VARCHAR, -stat_time BIGINT, -PRIMARY KEY (stat_time) NOT ENFORCED -)WITH( -'connector' = 'upsert-kafka', -'topic' = 'TOP-CLIENT-IP', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_client_ip_view as -SELECT common_client_ip as source,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_l4_protocol = 'IPv6_TCP' or common_l4_protocol = 'IPv4_TCP' -group by common_client_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_client_ip_log -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000); - - ---server: -CREATE TABLE top_server_ip_log( -destination VARCHAR, -session_num BIGINT, -c2s_pkt_num BIGINT, -s2c_pkt_num BIGINT, -c2s_byte_num BIGINT, -s2c_byte_num BIGINT, -order_by VARCHAR, -stat_time BIGINT, -PRIMARY KEY (stat_time) NOT ENFORCED -)WITH( -'connector' = 'upsert-kafka', -'topic' = 'TOP-SERVER-IP', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_server_ip_view as -SELECT common_server_ip as `destination`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_l4_protocol = 'IPv6_TCP' or common_l4_protocol = 'IPv4_TCP' -group by common_server_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_server_ip_log -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000) -union all -(SELECT destination, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -destination, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000); - - ---internal -CREATE TABLE top_internal_ip_log ( - source VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-INTERNAL-HOST', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_common_internal_ip_view as -SELECT common_internal_ip as `source`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_internal_ip<>'' -group by common_internal_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_internal_ip_log -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000); - - ---external: -CREATE TABLE top_external_ip_log ( - destination VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-EXTERNAL-HOST', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_common_external_ip_view as -SELECT common_external_ip as `destination`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_external_ip<>'' -group by common_external_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_external_ip_log -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000); - - ---website_domain -CREATE TABLE top_website_domain_log ( - domain VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-WEBSITE-DOMAIN', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_website_domain_view as -SELECT http_domain as `domain`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where http_domain<>'' -group by http_domain,TUMBLE(stat_time,INTERVAL '5' MINUTE); - - -INSERT INTO top_website_domain_log -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000) -union all -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000) -union all -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000); - - ---user: -CREATE TABLE top_user_log ( - subscriber_id VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-USER', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'operties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'key.format' = 'json', -'value.format' = 'json' -); - - -CREATE VIEW top_user_log_view as -SELECT common_subscriber_id as `subscriber_id`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_subscriber_id <>'' -group by common_subscriber_id,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_user_log -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000) -union all -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000) -union all -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000); - diff --git a/topology/NC/flink-top/old/kafka-flinksql-top.sql b/topology/NC/flink-top/old/kafka-flinksql-top.sql deleted file mode 100644 index 0e0724f..0000000 --- a/topology/NC/flink-top/old/kafka-flinksql-top.sql +++ /dev/null @@ -1,367 +0,0 @@ ---通联: -CREATE TABLE session_record_completed_log( -common_schema_type VARCHAR, -common_recv_time BIGINT, -common_client_ip VARCHAR, -common_server_ip VARCHAR, -http_host VARCHAR, -http_domain VARCHAR, -common_l4_protocol VARCHAR, -common_internal_ip VARCHAR, -common_external_ip VARCHAR, -common_subscriber_id VARCHAR, -common_sessions BIGINT, -common_c2s_pkt_num BIGINT, -common_s2c_pkt_num BIGINT, -common_c2s_byte_num BIGINT, -common_s2c_byte_num BIGINT, -common_processing_time BIGINT, -stat_time as TO_TIMESTAMP(FROM_UNIXTIME(common_recv_time)), -WATERMARK FOR stat_time AS stat_time - INTERVAL '1' MINUTE) -WITH( -'connector' = 'kafka', -'properties.group.id' = 'kafka-indexing-service', -'topic' = 'SESSION-RECORD-COMPLETED', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'scan.startup.mode' = 'latest-offset', -'sink.parallelism'='60', -'format' = 'json' -); - ---client: -CREATE TABLE top_client_ip_log( -source VARCHAR, -session_num BIGINT, -c2s_pkt_num BIGINT, -s2c_pkt_num BIGINT, -c2s_byte_num BIGINT, -s2c_byte_num BIGINT, -order_by VARCHAR, -stat_time BIGINT, -PRIMARY KEY (stat_time) NOT ENFORCED -)WITH( -'connector' = 'upsert-kafka', -'topic' = 'TOP-CLIENT-IP', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_client_ip_view as -SELECT common_client_ip as source,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_l4_protocol = 'IPv6_TCP' or common_l4_protocol = 'IPv4_TCP' -group by common_client_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_client_ip_log -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_client_ip_view) -WHERE rownum <= 1000); - - - - ---server: -CREATE TABLE top_server_ip_log( -destination VARCHAR, -session_num BIGINT, -c2s_pkt_num BIGINT, -s2c_pkt_num BIGINT, -c2s_byte_num BIGINT, -s2c_byte_num BIGINT, -order_by VARCHAR, -stat_time BIGINT, -PRIMARY KEY (stat_time) NOT ENFORCED -)WITH( -'connector' = 'upsert-kafka', -'topic' = 'TOP-SERVER-IP', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_server_ip_view as -SELECT common_server_ip as `destination`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_l4_protocol = 'IPv6_TCP' or common_l4_protocol = 'IPv4_TCP' -group by common_server_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_server_ip_log -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000) -union all -(SELECT destination, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -destination, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_server_ip_view) -WHERE rownum <= 1000); - - ---internal -CREATE TABLE top_internal_ip_log ( - source VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-INTERNAL-HOST', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_common_internal_ip_view as -SELECT common_internal_ip as `source`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_internal_ip<>'' -group by common_internal_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - - -INSERT INTO top_internal_ip_log -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`source`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_common_internal_ip_view) -WHERE rownum <= 1000); - - ---external: -CREATE TABLE top_external_ip_log ( - destination VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-EXTERNAL-HOST', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - - -CREATE VIEW top_common_external_ip_view as -SELECT common_external_ip as `destination`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_external_ip<>'' -group by common_external_ip,TUMBLE(stat_time,INTERVAL '5' MINUTE); - - -INSERT INTO top_external_ip_log -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000) -union all -(SELECT `destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`destination`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_common_external_ip_view) -WHERE rownum <= 1000); - - ---website_domain -CREATE TABLE top_website_domain_log ( - domain VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-WEBSITE-DOMAIN', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_website_domain_view as -SELECT http_domain as `domain`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where http_domain<>'' -group by http_domain,TUMBLE(stat_time,INTERVAL '5' MINUTE); - - -INSERT INTO top_website_domain_log -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000) -union all -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000) -union all -(SELECT `domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`domain`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_website_domain_view) -WHERE rownum <= 1000); - - ---user: -CREATE TABLE top_user_log ( - subscriber_id VARCHAR, - session_num BIGINT, - c2s_pkt_num BIGINT, - s2c_pkt_num BIGINT, - c2s_byte_num BIGINT, - s2c_byte_num BIGINT, - order_by VARCHAR, - stat_time BIGINT, - PRIMARY KEY (stat_time) NOT ENFORCED -) WITH ( -'connector' = 'upsert-kafka', -'topic' = 'TOP-USER', -'properties.bootstrap.servers' = '10.224.11.14:9094,10.224.11.15:9094,10.224.11.16:9094,10.224.11.17:9094,10.224.11.18:9094,10.224.11.19:9094,10.224.11.20:9094,10.224.11.21:9094,10.224.11.22:9094,10.224.11.23:9094', -'properties.security.protocol'='SASL_PLAINTEXT', -'properties.sasl.mechanism'='PLAIN', -'properties.sasl.jaas.config'= 'org.apache.flink.kafka.shaded.org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="galaxy2019";', -'sink.parallelism'='60', -'key.format' = 'json', -'value.format' = 'json' -); - -CREATE VIEW top_user_log_view as -SELECT common_subscriber_id as `subscriber_id`,sum(common_sessions) as session_num,sum(common_c2s_pkt_num) as c2s_pkt_num,sum(common_s2c_pkt_num) as s2c_pkt_num,sum(common_c2s_byte_num) as c2s_byte_num,sum(common_s2c_byte_num) as s2c_byte_num,UNIX_TIMESTAMP(CAST(TUMBLE_END(stat_time,INTERVAL '5' MINUTE) as VARCHAR)) as stat_time -FROM session_record_completed_log -where common_subscriber_id <>'' -group by common_subscriber_id,TUMBLE(stat_time,INTERVAL '5' MINUTE); - -INSERT INTO top_user_log -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'sessions' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY session_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000) -union all -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'packets' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_pkt_num+s2c_pkt_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000) -union all -(SELECT `subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,order_by,stat_time FROM -(SELECT -`subscriber_id`, session_num, c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,'bytes' as order_by,stat_time, -ROW_NUMBER() OVER (PARTITION BY stat_time ORDER BY c2s_byte_num+s2c_byte_num DESC) as rownum -FROM -top_user_log_view) -WHERE rownum <= 1000); |