diff options
17 files changed, 87 insertions, 2332 deletions
diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/ck-queries-template.sql b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/ck-queries-template.sql index 005d47fd..2db65951 100644 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/ck-queries-template.sql +++ b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/ck-queries-template.sql @@ -117,6 +117,4 @@ select common_server_ip as "Server IP" , count(1) as Sessions,sum(common_c2s_byt --Q59.Top5 Server IP keys with Unique Client IPs Trend (Grain 5 minute) SELECT toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) AS _time , common_server_ip AS server_ip, COUNT(DISTINCT(common_client_ip)) AS nums FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND common_server_ip IN ( SELECT common_server_ip FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) GROUP BY common_server_ip ORDER BY count(*) DESC LIMIT 5 ) GROUP BY toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) , server_ip ORDER BY toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) DESC LIMIT 100 --Q60.JSQLParserException(V4.2) -select round(tcp_logs / logs, 2) as "TCP Percentage", round(udp_logs / logs, 2) as "UDP Percentage", round(egress_bytes / bytes, 2) as "Egress Percentage", round(ingress_bytes / bytes, 2) as "Ingress Percentage", tcp_logs as "TCP Logs", udp_logs as "UDP Logs", logs as "Logs", egress_bytes as "Egress Bytes", ingress_bytes as "Ingress Bytes", bytes as "Bytes"from (select sum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs, sum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs, sum(if(has(bitmaskToArray(common_flags), 256), common_c2s_byte_num, common_s2c_byte_num)) as egress_bytes, sum(if(has(bitmaskToArray(common_flags), 128), common_c2s_byte_num, common_s2c_byte_num)) as ingress_bytes, count(*) as logs, sum(common_c2s_byte_num + common_s2c_byte_num) as bytes from session_record as sub_connection where common_recv_time >= toUnixTimestamp(@start) and common_recv_time < toUnixTimestamp(@end)) ---Q61.Concat Funtion Test sql -select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(common_recv_time),'PT1M','zero') as stat_time, (CASE WHEN common_action = 1 THEN 'Monitor' WHEN common_action = 2 THEN 'Intercept' WHEN common_action = 16 THEN 'Deny' WHEN common_action = 48 THEN 'Manipulation' WHEN common_action = 96 THEN 'Allow' WHEN common_action = 128 THEN 'Allow(Deprecated)' ELSE Concat(common_action) END) as type, count(*) as events from security_event where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) and common_vsys_id in (2,3) group by stat_time, common_action
\ No newline at end of file +select round(tcp_logs / logs, 2) as "TCP Percentage", round(udp_logs / logs, 2) as "UDP Percentage", round(egress_bytes / bytes, 2) as "Egress Percentage", round(ingress_bytes / bytes, 2) as "Ingress Percentage", tcp_logs as "TCP Logs", udp_logs as "UDP Logs", logs as "Logs", egress_bytes as "Egress Bytes", ingress_bytes as "Ingress Bytes", bytes as "Bytes"from (select sum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs, sum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs, sum(if(has(bitmaskToArray(common_flags), 256), common_c2s_byte_num, common_s2c_byte_num)) as egress_bytes, sum(if(has(bitmaskToArray(common_flags), 128), common_c2s_byte_num, common_s2c_byte_num)) as ingress_bytes, count(*) as logs, sum(common_c2s_byte_num + common_s2c_byte_num) as bytes from session_record as sub_connection where common_recv_time >= toUnixTimestamp(@start) and common_recv_time < toUnixTimestamp(@end))
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/druid-queries-template.sql b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/druid-queries-template.sql index 9b7ceec6..2a2267d6 100644 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/druid-queries-template.sql +++ b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/druid-queries-template.sql @@ -1,164 +1,70 @@ ---Q01.All Security Event Hits -select policy_id, sum(hits) as hits from security_event_hits_log where __time >@start and __time <@end group by policy_id ---Q02.Security Event Hits with Policy ID 0 -select policy_id, sum(hits) as hits from security_event_hits_log where __time >@start and __time <@end and policy_id in (0) group by policy_id ---Q03.All Security Event Hits Trend by 5min A -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as start_time, sum(hits) as hits from security_event_hits_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') limit 10000 ---Q04.Security Event Hit Time(first and last time) A -select policy_id,TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used from security_event_hits_log where policy_id in (0) group by policy_id ---Q05.Top 200 Security Policies -select policy_id, sum(hits) as hits from security_event_hits_log where __time >= @start and __time < @end group by policy_id order by hits desc limit 200 ---Q06.Top 200 Security Policies with Action -select policy_id, action, sum(hits) as hits from security_event_hits_log where __time >=@start and __time <@end group by policy_id, action order by hits desc limit 200 ---Q07.All Proxy Event Hits -select policy_id, sum(hits) as hits from proxy_event_hits_log where __time >=@start and __time <@end group by policy_id ---Q08.Proxy Event Hits with Policy ID 0 -select policy_id, sum(hits) as hits from proxy_event_hits_log where __time >=@start and __time <@end and policy_id=0 group by policy_id ---Q09.All Proxy Event Hits Trend by 5min A -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as start_time, sum(hits) as hits from proxy_event_hits_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') limit 10000 ---Q10.Proxy Event Hit Time(first and last time) A -select policy_id,TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used from proxy_event_hits_log where policy_id in (0) group by policy_id ---Q11.Top 200 Proxy Policies -select policy_id, sum(hits) as hits from proxy_event_hits_log where __time >= @start and __time < @end group by policy_id order by hits desc limit 200 ---Q12.Top 200 Proxy Policies with sub Action -select policy_id, sub_action as action, sum(hits) as hits from proxy_event_hits_log where __time >=@start and __time <@end group by policy_id, sub_action order by hits desc limit 200 ---Q13.Proxy Action Hits -select sub_action as action, sum(hits) as hits from proxy_event_hits_log where __time >= @start and __time < @end group by sub_action ---Q14.Proxy Action Hits Trend by 5min -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as start_time, sub_action as action, sum(hits) as hits from proxy_event_hits_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') , sub_action limit 10000 ---Q15.Traffic Metrics Pinning Hits -SELECT sum(not_pinning_num) AS sessions, 'notPinningNum' AS type FROM traffic_metrics_log WHERE __time >= @start AND __time < @end UNION ALL SELECT sum(pinning_num) AS sessions, 'pinningNum' AS type FROM traffic_metrics_log WHERE __time >= @start AND __time < @end UNION ALL SELECT sum(maybe_pinning_num) AS sessions, 'maybePinningNum' AS type FROM traffic_metrics_log WHERE __time >= @start AND __time < @end ---Q16.Traffic Metrics Pinning Trend by 5Min -SELECT TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') AS statisticTime, sum(pinning_num) AS sessions FROM traffic_metrics_log WHERE __time >= @start AND __time < @end GROUP BY TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') LIMIT 10000 ---Q17.Traffic Metrics Not Pinning Trend by 5Min -SELECT TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') AS statisticTime, sum(not_pinning_num) AS sessions FROM traffic_metrics_log WHERE __time>= @start AND __time < @end GROUP BY TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') LIMIT 10000 ---Q18.Traffic Metrics Maybe Pinning Trend by 5Min -SELECT TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') AS statisticTime, sum(maybe_pinning_num) AS sessions FROM traffic_metrics_log WHERE __time >= @start AND __time < @end GROUP BY TIME_FORMAT( MILLIS_TO_TIMESTAMP( 1000 * (TIMESTAMP_TO_MILLIS(time_floor(0.001 * TIMESTAMP_TO_MILLIS( __time) * 1000,'PT300S'))/1000)),'YYYY-MM-dd HH:mm:ss') LIMIT 10000 ---Q19.Traffic Metrics Throughput Bytes IN/OUT -select sum(total_in_bytes) as traffic_in_bytes, sum(total_out_bytes) as traffic_out_bytes from traffic_metrics_log where __time >= @start and __time < @end ---Q20. Traffic Metrics Throughput Packets IN/OUT -select sum(total_in_packets) as traffic_in_packets, sum(total_out_packets) as traffic_out_packets from traffic_metrics_log where __time >= @start and __time < @end ---Q21.Traffic Metrics New Sessions -select sum(new_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end ---Q22.Traffic Metrics Bandwidth Bytes IN/OUT -select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'traffic_in_bytes' as type, sum(total_in_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'traffic_out_bytes' as type, sum(total_out_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') ---Q23.Traffic Metrics Bandwidth Packets IN/OUT -select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'traffic_in_packets' as type, sum(total_in_packets) as packets from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'traffic_out_packets' as type, sum(total_out_packets) as packets from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') ---Q24.Traffic Metrics New Sessions Trend by 5Min -select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'new_conn_num' as type, sum(new_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') ---Q25.Traffic Metrics New and Live Sessions -select sum(new_conn_num) as new_conn_num, sum(established_conn_num) as established_conn_num from traffic_metrics_log where __time >= @start and __time < @end ---Q26.Traffic Metrics New and Live Sessions Trend by 5Min -select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'new_conn_num' as type, sum(new_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'established_conn_num' as type, sum(established_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT30S'),'yyyy-MM-dd HH:mm:ss') ---Q27.Traffic Metrics Security Throughput Bytes -select sum(default_in_bytes+default_out_bytes) as default_bytes, sum(allow_in_bytes+allow_out_bytes) as allow_bytes, sum(deny_in_bytes+deny_out_bytes) as deny_bytes, sum(monitor_in_bytes+monitor_out_bytes) as monitor_bytes, sum(intercept_in_bytes+intercept_out_bytes) as intercept_bytes from traffic_metrics_log where __time >= @start and __time < @end ---Q28.Traffic Metrics Security Throughput Packets -select sum(default_in_packets+default_out_packets) as default_packets, sum(allow_in_packets+allow_in_packets) as allow_packets, sum(deny_in_packets+deny_out_packets) as deny_packets, sum(monitor_in_packets+monitor_out_packets) as monitor_packets, sum(intercept_in_packets+intercept_out_packets) as intercept_packets from traffic_metrics_log where __time >= @start and __time < @end ---Q29.Traffic Metrics Security Throughput Sessions -select sum(default_conn_num) as default_sessions, sum(allow_conn_num) as allow_sessions, sum(deny_conn_num) as deny_sessions, sum(monitor_conn_num) as monitor_sessions, sum(intercept_conn_num) as intercept_sessions from traffic_metrics_log where __time >= @start and __time < @end ---Q30.Traffic Metrics Security Bandwidth Bytes by 5Min -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'default_bytes' as type, sum(default_in_bytes+default_out_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'allow_bytes' as type, sum(allow_in_bytes+allow_out_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'deny_bytes' as type, sum(deny_in_bytes+deny_out_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'monitor_bytes' as type, sum(monitor_in_bytes+monitor_out_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'intercept_bytes' as type, sum(intercept_in_bytes+intercept_out_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') ---Q31.Traffic Metrics Security Bandwidth Packets by 5Min -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'default_packets' as type, sum(default_in_packets+default_out_packets) as packets from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'allow_packets' as type, sum(allow_in_packets+allow_out_packets) as packets from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'deny_packets' as type, sum(deny_in_packets+deny_out_packets) as packets from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'monitor_packets' as type, sum(monitor_in_packets+monitor_out_packets) as packets from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'intercept_packets' as type, sum(intercept_in_packets+intercept_out_packets) as packets from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') ---Q32.Traffic Metrics Security Sessions Trend by 5Min -select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'default_conn_num' as type, sum(default_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'allow_conn_num' as type, sum(allow_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'deny_conn_num' as type, sum(deny_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'monitor_conn_num' as type, sum(monitor_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') union all select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, 'intercept_conn_num' as type, sum(intercept_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') ---Q33.Top 100 Client IP by Sessions -select source as client_ip, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_client_ip_log where __time >= @start and __time < @end and order_by='sessions' group by source order by sessions desc limit 100 ---Q34.Top 100 Server IP by Sessions -select destination as server_ip, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_server_ip_log where __time >= @start and __time < @end and order_by='sessions' group by destination order by sessions desc limit 100 ---Q35.Top 100 Internal IP by Sessions -select source as internal_ip, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_internal_host_log where __time >= @start and __time < @end and order_by='sessions' group by source order by sessions desc limit 100 ---Q36.Top 100 External IP by Sessions -select destination as external_ip, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_external_host_log where __time >= @start and __time < @end and order_by='sessions' group by destination order by sessions desc limit 100 ---Q37.Top 100 Domain by Bytes -select domain, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_website_domain_log where __time >= @start and __time < @end and order_by='bytes' group by domain order by bytes desc limit 100 ---Q38.Top 100 Subscriber ID by Sessions -select subscriber_id, sum(session_num) as sessions, sum(c2s_byte_num) as sent_bytes, sum(s2c_byte_num) as received_bytes, sum(c2s_byte_num + s2c_byte_num) as bytes, sum(c2s_pkt_num) as sent_packets ,sum(s2c_pkt_num) as received_packets, sum(c2s_pkt_num+s2c_pkt_num) as packets from top_user_log where __time >= @start and __time < @end and order_by='sessions' group by subscriber_id order by sessions desc limit 100 ---Q39.Top 100 Hit URLS by hits -select url,sum(session_num) as hits from top_urls_log where __time >= @start and __time < @end group by url order by hits desc limit 100 ---Q40.Proxy Event Unique ISP -SELECT policy_id, APPROX_COUNT_DISTINCT_DS_HLL(isp) as num FROM proxy_event_hits_log where __time >= @start and __time < @end group by policy_id ---Q41.Traffic Composition Metrics -SELECT APPROX_COUNT_DISTINCT_DS_HLL(ip_object) AS uniq_client_ip, SUM(one_sided_connections) AS one_sided_connections, SUM(fragmentation_packets) AS fragmentation_packets, SUM(sequence_gap_loss) AS sequence_gap_loss_bytes, SUM(s2c_byte_num+c2s_byte_num) AS summaryTotalBytes, SUM(s2c_pkt_num+c2s_pkt_num) AS summaryTotalPackets, SUM(sessions) AS summarySessions FROM traffic_summary_log WHERE __time >= @start AND __time < @end LIMIT 1 ---Q42.Traffic Composition Throughput -(SELECT SUM(c2s_byte_num + s2c_byte_num) as total_bytes, SUM(sessions) as total_sessions, (SUM(c2s_byte_num + s2c_byte_num) * 8)/((TIMESTAMP_TO_MILLIS( @end )-TIMESTAMP_TO_MILLIS( @start ))/1000) AS data_rate FROM traffic_protocol_stat_log WHERE __time >= @start AND __time < @end AND protocol_id = 'ETHERNET' LIMIT 1) UNION ALL ( SELECT SUM(sessions), 0, 0 FROM traffic_protocol_stat_log WHERE __time >= @start AND __time < @end AND protocol_id = 'ETHERNET' GROUP BY __time ORDER BY __time DESC LIMIT 1 ) ---Q43.Traffic Composition Protocol Tree -SELECT protocol_id, SUM(sessions) as sessions,SUM(c2s_byte_num) as c2s_byte_num, SUM(c2s_pkt_num) as c2s_pkt_num, SUM(s2c_byte_num) as s2c_byte_num, SUM(s2c_pkt_num) as s2c_pkt_num FROM traffic_protocol_stat_log WHERE __time >= @start AND __time < @end GROUP BY protocol_id ---Q44.System Quota -SELECT log_type, SUM(used_size) as used_size, SUM(max_size) * 7/10 as max_size, TIME_FORMAT(LATEST(last_storage) * 1000,'YYYY-MM-dd') as first_storage FROM ( SELECT log_type, LATEST(used_size) as used_size, LATEST(max_size) as max_size, LATEST(last_storage) as last_storage FROM sys_storage_log WHERE __time >= CURRENT_TIMESTAMP - INTERVAL '1' HOUR AND data_center != '' GROUP BY data_center,log_type ) GROUP BY log_type ---Q45.System Quota Daily Trend -select TIME_FORMAT(__time,'YYYY-MM-dd') as stat_time,log_type as type, sum(aggregate_size) as used_size from sys_storage_log where __time >= @start and __time < @end group by TIME_FORMAT(__time,'YYYY-MM-dd'), log_type ---Q46.Traffic Statistics(Metrics01) -select sum(total_hit_sessions) as total_hit_sessions, sum(total_bytes_transferred) as total_bytes_transferred, sum(total_packets_transferred) as total_packets_transferred, sum(total_new_sessions) as total_new_sessions , sum(total_close_sessions) as total_close_sessions, sum(average_new_sessions_per_second) as average_new_sessions_per_second , sum(average_bytes_per_second) as average_bytes_per_second , sum(average_packets_per_second) as average_packets_per_second , COUNT(DISTINCT(device_id)) as device_num, sum(live_sessions) as average_live_sessions from ( select device_id, sum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions, sum(total_in_bytes + total_out_bytes) as total_bytes_transferred, sum(total_in_packets + total_out_packets) as total_packets_transferred, sum(new_conn_num) as total_new_sessions, sum(close_conn_num) as total_close_sessions, avg(nullif(new_conn_num, 0))/ 5 as average_new_sessions_per_second, avg(nullif(total_in_bytes + total_out_bytes, 0))* 8 / 5 as average_bytes_per_second, avg(nullif(total_in_packets + total_out_packets, 0))/ 5 as average_packets_per_second, avg(nullif(established_conn_num, 0)) as live_sessions from traffic_metrics_log where __time >= @start and __time < @end group by device_id) ---Q47.Traffic Live Chart unknown App bytes -SELECT SUM(c2s_byte_num + s2c_byte_num) as unknown_app_bytes FROM traffic_protocol_stat_log WHERE __time >= @start and __time < @end AND app_name = 'unknown' LIMIT 1 ---Q48.All Security Rule Hits +--Q01.All Security Rule Hits select rule_id as rule_id,sum(hit_count) as hits,sum(in_bytes + out_bytes) as bytes from security_rule_hits where __time >@start and __time <@end group by rule_id ---Q49.Security Rule Hits with Rule ID 0 +--Q02.Security Rule Hits with Rule ID 0 select rule_id as rule_id,sum(hit_count) as hits from security_rule_hits where __time >@start and __time <@end and rule_id in (0) group by rule_id ---Q50.All Security Rule Hits Trend by 5min A +--Q03.All Security Rule Hits Trend by 5min A select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, sum(hit_count) as hits from security_rule_hits where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') limit 10000 ---Q51.Security Rule Hit Time(first and last time) A +--Q04.Security Rule Hit Time(first and last time) A select rule_id,TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used from security_rule_hits where rule_id in (0) group by rule_id ---Q52.Top 200 Security Rules with Action +--Q05.Top 200 Security Rules with Action select rule_id, action, sum(hit_count) as hits from security_rule_hits where __time >= @start and __time < @end group by rule_id, action order by hits desc limit 200 ---Q53.All Proxy Rule Hits +--Q06.All Proxy Rule Hits select rule_id as rule_id, sum(hit_count) as hits from proxy_rule_hits where __time >=@start and __time <@end group by rule_id ---Q54.Proxy Rule Hits with Rule ID 0 +--Q07.Proxy Rule Hits with Rule ID 0 select rule_id, sum(hit_count) as hits from proxy_rule_hits where __time >=@start and __time <@end and rule_id=0 group by rule_id ---Q55.All Proxy Rule Hits Trend by 5min A +--Q08.All Proxy Rule Hits Trend by 5min A select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, sum(hit_count) as hits from proxy_rule_hits where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') limit 10000 ---Q56.Proxy Rule Hit Time(first and last time) A +--Q09.Proxy Rule Hit Time(first and last time) A select rule_id as rule_id,TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used from proxy_rule_hits where rule_id in (0) group by rule_id ---Q57.Top 200 Proxy Rules +--Q10.Top 200 Proxy Rules select rule_id, sum(hit_count) as hits from proxy_rule_hits where __time >= @start and __time < @end group by rule_id order by hits desc limit 200 ---Q58.Top 200 Proxy Rules with Action +--Q11.Top 200 Proxy Rules with Action select rule_id, action, sum(hit_count) as hits from proxy_rule_hits where __time >=@start and __time <@end group by rule_id, action order by hits desc limit 200 ---Q59.Proxy Action Hits +--Q12.Proxy Action Hits select action as action, sum(hit_count) as hits from proxy_rule_hits where __time >= @start and __time < @end group by action ---Q60.Proxy Action Hits Trend by 5min +--Q13.Proxy Action Hits Trend by 5min select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, action as action, sum(hit_count) as hits from proxy_rule_hits where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') , action limit 10000 ---Q61.Traffic Metric[Bits/s | Bytes/s | Packets/s | Sessions/s | Active Sessions] +--Q14.Traffic Metric[Bits/s | Bytes/s | Packets/s | Sessions/s | Active Sessions] SELECT sum(sum_in_bytes) * 8 / 15 AS avg_in_bits_per_sec, sum(sum_out_bytes) * 8 / 15 AS avg_out_bits_per_sec, sum(sum_in_bytes + sum_out_bytes) * 8 / 15 AS avg_bits_per_sec, sum(sum_in_bytes) / 15 AS avg_in_bytes_per_sec, sum(sum_out_bytes) / 15 AS avg_out_bytes_per_sec, sum(sum_in_bytes + sum_out_bytes) / 15 AS avg_bytes_per_sec, sum(sum_in_pkts) / 15 AS avg_in_pkts_per_sec, sum(sum_out_pkts) / 15 AS avg_out_pkts_per_sec, sum(sum_in_pkts + sum_out_pkts) / 15 AS avg_pkts_per_sec, sum(sum_sessions) / 15 AS avg_sessions_per_sec, sum(max_active_sessions) AS active_sessions FROM ( SELECT device_id, vsys_id, sum(in_bytes) AS sum_in_bytes, sum(out_bytes) AS sum_out_bytes, sum(in_pkts) AS sum_in_pkts, sum(out_pkts) AS sum_out_pkts, sum(sessions) AS sum_sessions, max(active_sessions) AS max_active_sessions FROM traffic_general_stat WHERE __time >= @start AND __time < @end GROUP BY device_id, vsys_id ) ---Q62.Traffic Metrics Bandwidth Bits IN/OUT +--Q15.Traffic Metrics Bandwidth Bits IN/OUT SELECT stat_time AS stat_time, avg(sum_in_bytes) * 8 / 15 AS avg_in_bits_per_sec, avg(sum_out_bytes) * 8 / 15 AS avg_out_bits_per_sec, avg(sum_bytes) * 8 / 15 AS avg_bits_per_sec, max(sum_in_bytes) * 8 / 15 AS max_in_bits_per_sec, max(sum_out_bytes) * 8 / 15 AS max_out_bits_per_sec, max(sum_bytes) * 8 / 15 AS max_bits_per_sec, min(sum_in_bytes) * 8 / 15 AS min_in_bits_per_sec, min(sum_out_bytes) * 8 / 15 AS min_out_bits_per_sec, min(sum_bytes) * 8 / 15 AS min_bits_per_sec FROM ( SELECT TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') AS stat_time, sum(in_bytes) AS sum_in_bytes, sum(out_bytes) AS sum_out_bytes, sum(in_bytes + out_bytes) AS sum_bytes FROM traffic_general_stat WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 10000 ---Q63.Traffic Metrics Bandwidth Bytes IN/OUT +--Q16.Traffic Metrics Bandwidth Bytes IN/OUT SELECT stat_time AS stat_time, avg(sum_in_bytes) / 15 AS avg_in_bits_per_sec, avg(sum_out_bytes) / 15 AS avg_out_bits_per_sec, avg(sum_bytes) / 15 AS avg_bits_per_sec, max(sum_in_bytes) / 15 AS max_in_bits_per_sec, max(sum_out_bytes) / 15 AS max_out_bits_per_sec, max(sum_bytes) / 15 AS max_bits_per_sec, min(sum_in_bytes) / 15 AS min_in_bits_per_sec, min(sum_out_bytes) / 15 AS min_out_bits_per_sec, min(sum_bytes) / 15 AS min_bits_per_sec FROM ( SELECT TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') AS stat_time, sum(in_bytes) AS sum_in_bytes, sum(out_bytes) AS sum_out_bytes, sum(in_bytes + out_bytes) AS sum_bytes FROM traffic_general_stat WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 10000 ---Q64.Traffic Metrics Bandwidth Packets IN/OUT +--Q17.Traffic Metrics Bandwidth Packets IN/OUT SELECT stat_time AS stat_time, avg(sum_in_pkts) / 15 AS avg_in_pkts_per_sec , avg(sum_out_pkts) / 15 AS avg_out_pkts_per_sec , avg(sum_pkts) / 15 AS avg_pkts_per_sec , max(sum_in_pkts) / 15 AS max_in_pkts_per_sec , max(sum_out_pkts) / 15 AS max_out_pkts_per_sec , max(sum_pkts) / 15 AS max_pkts_per_sec , min(sum_in_pkts) / 15 AS min_in_pkts_per_sec , min(sum_out_pkts) / 15 AS min_out_pkts_per_sec , min(sum_pkts) / 15 AS min_pkts_per_sec FROM ( SELECT TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') AS stat_time , sum(in_pkts) AS sum_in_pkts, sum(out_pkts) AS sum_out_pkts , sum(in_pkts + out_pkts) AS sum_pkts FROM traffic_general_stat WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 10000 ---Q65.Traffic Metrics New Sessions Trend by 5Min +--Q18.Traffic Metrics New Sessions Trend by 5Min SELECT stat_time AS stat_time, avg(sum_sessions) / 15 AS avg_sessions_per_sec , max(sum_sessions) / 15 AS max_sessions_per_sec , min(sum_sessions) / 15 AS min_sessions_per_sec FROM ( SELECT TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss') AS stat_time , sum(sessions) AS sum_sessions FROM traffic_general_stat WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss') ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 10000 ---Q66.Traffic Metrics Active Sessions Trend by 5Min +--Q19.Traffic Metrics Active Sessions Trend by 5Min SELECT stat_time AS stat_time, avg(sum_active_sessions) / 15 AS avg_active_sessions , max(sum_active_sessions) / 15 AS max_active_sessions , min(sum_active_sessions) / 15 AS min_active_sessions FROM ( SELECT stat_time, sum(max_active_sessions) AS sum_active_sessions FROM ( SELECT TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss') AS stat_time , device_id, vsys_id, max(active_sessions) AS max_active_sessions FROM traffic_general_stat WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss'), device_id, vsys_id ) GROUP BY stat_time ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 10000 ---Q67.Shaping Profiles Metrics +--Q20.Shaping Profiles Metrics SELECT profile_id, sum(in_bytes + out_bytes) AS bytes , sum(in_pkts + out_pkts) AS packets , sum(in_drop_pkts + out_drop_pkts) AS drops , max(in_max_latency_us + out_max_latency_us) AS max_latency_us , avg(in_queue_len + out_queue_len) AS avg_q , max(in_queue_len + out_queue_len) AS max_q FROM traffic_shaping_rule_hits WHERE __time >= @start AND __time <@end GROUP BY profile_id ---Q68.Rule Summary Metrics +--Q21.Rule Summary Metrics SELECT rule_id, TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used, sum(in_bytes + out_bytes) AS total_bytes FROM traffic_shaping_rule_hits WHERE __time >= @start AND __time <@end GROUP BY rule_id ---Q69.Profile Summary Metrics +--Q22.Profile Summary Metrics SELECT profile_id, TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used, sum(in_drop_pkts + out_drop_pkts) AS drops FROM traffic_shaping_rule_hits WHERE __time >= @start AND __time <@end GROUP BY profile_id ---Q70.Shaping Rule/Profile Throughput Trend by 5Min +--Q23.Shaping Rule/Profile Throughput Trend by 5Min SELECT TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss') AS stat_time , sum(in_bytes) AS in_bytes, sum(out_bytes) AS out_bytes FROM traffic_shaping_rule_hits WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss') ORDER BY stat_time ASC LIMIT 10000 ---Q71.Service Chaining Rule Metrics +--Q24.Service Chaining Rule Metrics SELECT rule_id, sum(sent_bytes) AS sent_bytes, sum(recv_bytes) AS received_bytes , sum(sent_pkts) AS sent_packets, sum(recv_pkts) AS received_packets FROM service_chaining_rule_hits WHERE __time >= @start AND __time <@end GROUP BY rule_id ---Q72.Service Function Forwarder Metrics +--Q25.Service Function Forwarder Metrics SELECT sff_profile_id, sum(sent_bytes) AS sent_bytes, sum(recv_bytes) AS received_bytes , sum(sent_pkts) AS sent_packets, sum(recv_pkts) AS received_packets FROM service_chaining_rule_hits WHERE __time >= @start AND __time <@end GROUP BY sff_profile_id ---Q73.Service Function Profile Metrics +--Q26.Service Function Profile Metrics SELECT sf_profile_id, sum(sent_bytes) AS sent_bytes, sum(recv_bytes) AS received_bytes , sum(sent_pkts) AS sent_packets, sum(recv_pkts) AS received_packets FROM service_chaining_rule_hits WHERE __time >= @start AND __time <@end GROUP BY sf_profile_id ---Q74.Service Function Profile Status +--Q27.Service Function Profile Status SELECT sf_profile_id, sf_status,CASE WHEN last_active_time = 0 THEN '' ELSE TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * (last_active_time)),'YYYY-MM-dd HH:mm:ss') END AS last_active_time,CASE WHEN last_inactive_time = 0 THEN '' ELSE TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * (last_inactive_time)),'YYYY-MM-dd HH:mm:ss') END AS last_inactive_time FROM ( SELECT sf_profile_id, LATEST(sf_status) AS sf_status,MAX(CASE WHEN sf_status = 1 THEN TIMESTAMP_TO_MILLIS(TIME_PARSE(__time))/1000 ELSE 0 END) AS last_active_time,MAX(CASE WHEN sf_status = 0 THEN TIMESTAMP_TO_MILLIS(TIME_PARSE(__time))/1000 ELSE 0 END) AS last_inactive_time FROM service_function_status WHERE __time >= @start AND __time <@end GROUP BY sf_profile_id) ---Q75.Top Applications +--Q28.Top Applications SELECT app_name,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM application_protocol_stat WHERE __time >= @start AND __time <@end AND app_name IS NOT NULL GROUP BY app_name ORDER BY bytes DESC LIMIT 10 ---Q76.Top Client IPs +--Q29.Top Client IPs SELECT client_ip AS client_ip,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_client_ips WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY client_ip ORDER BY bytes DESC LIMIT 10 ---Q77.Top Server IPs +--Q30.Top Server IPs SELECT server_ip AS server_ip,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_server_ips WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY server_ip ORDER BY bytes DESC LIMIT 10 ---Q78.Top External IPs +--Q31.Top External IPs SELECT external_ip AS external_ip,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_external_ips WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY external_ip ORDER BY bytes DESC LIMIT 10 ---Q79.Top Internal IPs +--Q32.Top Internal IPs SELECT internal_ip AS internal_ip,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_internal_ips WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY internal_ip ORDER BY bytes DESC LIMIT 10 ---Q80.Top Server Domains +--Q33.Top Server Domains SELECT domain,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_server_domains WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY domain ORDER BY bytes DESC LIMIT 10 ---Q81.Top Server FQDNs +--Q34.Top Server FQDNs SELECT fqdn,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_server_fqdns WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY fqdn ORDER BY bytes DESC LIMIT 10 ---Q82.Top Subscribers +--Q35.Top Subscribers SELECT subscriber_id,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_subscribers WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY subscriber_id ORDER BY bytes DESC LIMIT 10
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/engine-queries-template.sql b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/engine-queries-template.sql index 02b909bc..14cd24c9 100644 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/engine-queries-template.sql +++ b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/engine-queries-template.sql @@ -6,135 +6,101 @@ select FROM_UNIXTIME(common_recv_time) as common_recv_time from session_record w select count(1) from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) --Q04.count(*) select count(*) from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) ---Q05.UDF APPROX_COUNT_DISTINCT_DS_HLL -SELECT policy_id, APPROX_COUNT_DISTINCT_DS_HLL(isp) as num FROM proxy_event_hits_log where __time >= @start and __time < @end and policy_id=0 group by policy_id ---Q06.UDF TIME_FLOOR_WITH_FILL +--Q05.UDF TIME_FLOOR_WITH_FILL select TIME_FLOOR_WITH_FILL(common_recv_time,'PT5M','previous') as stat_time from session_record where common_recv_time > toDateTime(@start) and common_recv_time < toDateTime(@end) group by stat_time ---Q07.UDF GEO IP +--Q06.UDF GEO IP select IP_TO_GEO(common_client_ip) as geo,IP_TO_CITY(common_server_ip) as city,IP_TO_COUNTRY(common_server_ip) as country from session_record limit 10 ---Q08.Special characters +--Q07.Special characters select * from session_record where (common_protocol_label ='/$' or common_client_ip like'%') limit 10 ---Q09.Federation Query +--Q08.Federation Query select * from (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT5M','zero')) as stat_time from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) group by stat_time order by stat_time asc) ---Q10.Closed session Record Logs +--Q09.Closed session Record Logs select * from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) AND @common_filter order by common_recv_time desc limit 20 ---Q11.Interim Session Record Logs +--Q10.Interim Session Record Logs select * from interim_session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) AND @common_filter order by common_recv_time desc limit 20 ---Q12.Transaction Record Logs +--Q11.Transaction Record Logs select * from transaction_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) order by common_recv_time desc limit 20 ---Q13.Security Event Logs +--Q12.Security Event Logs select * from security_event where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) AND @common_filter order by common_recv_time desc limit 0,20 ---Q14.Proxy Event Logs +--Q13.Proxy Event Logs select * from proxy_event where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) order by common_recv_time desc limit 0,20 ---Q15.Radius Record Logs +--Q14.Radius Record Logs select * from radius_record where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) order by common_recv_time desc limit 0,20 ---Q16.GTPC Record Logs +--Q15.GTPC Record Logs select * from gtpc_record where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) order by common_recv_time desc limit 0,20 ---Q17.Closed session record with fields +--Q16.Closed session record with fields select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, common_server_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) limit 20 ---Q18.Interim session record with fields +--Q17.Interim session record with fields SELECT toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, common_server_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program FROM interim_session_record where common_recv_time >= @start and common_recv_time < @end order by common_recv_time desc limit 100000 ---Q19.Security Event Logs with fields +--Q18.Security Event Logs with fields SELECT toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_policy_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_action, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_error, common_stream_trace_id, common_packet_capture_file, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, common_mirrored_pkts, common_mirrored_bytes, http_url, http_host, common_server_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_san, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_passthrough_reason, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program from security_event where common_recv_time >= @start and common_recv_time < @end order by common_recv_time desc limit 100000 ---Q20.Radius ON/OFF Logs For Frame IP +--Q19.Radius ON/OFF Logs For Frame IP select framed_ip, arraySlice(groupUniqArray(concat(toString(event_timestamp),':', if(acct_status_type=1,'start','stop'))),1,100000) as timeseries from radius_onff_log where event_timestamp >=toDateTime(@start) and event_timestamp <toDateTime(@end) group by framed_ip limit 20 ---Q21.Radius ON/OFF Logs For Account +--Q20.Radius ON/OFF Logs For Account select account, arraySlice(groupUniqArray(concat(toString(event_timestamp),':', if(acct_status_type=1,'start','stop'))),1,100000) as timeseries from radius_onff_log where event_timestamp >= toDateTime(@start) and event_timestamp < toDateTime(@end) group by account ---Q22.Radius ON/OFF Logs total Account number +--Q21.Radius ON/OFF Logs total Account number select count(distinct(framed_ip)) as active_ip_num , sum(acct_session_time) as online_duration from (select any(framed_ip) as framed_ip ,max(acct_session_time) as acct_session_time from radius_onff_log where account='000jS' and event_timestamp >= toDateTime(@start) and event_timestamp < toDateTime(@end) group by acct_session_id) ---Q23.Radius ON/OFF Logs Account Access Detail +--Q22.Radius ON/OFF Logs Account Access Detail select max(if(acct_status_type=1,event_timestamp,0)) as start_time,max(if(acct_status_type=2,event_timestamp,0)) as end_time, any(framed_ip) as ip,max(acct_session_time) as online_duration from radius_onff_log where event_timestamp >= toDateTime(@start) and event_timestamp < toDateTime(@end) group by acct_session_id order by start_time desc limit 200 ---Q24.Report for Client IP +--Q23.Report for Client IP select common_client_ip, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@end)) group by common_client_ip order by sessions desc limit 0,100 ---Q25.Report for Server IP +--Q24.Report for Server IP select common_server_ip, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) group by common_server_ip order by sessions desc limit 0,100 ---Q26.Report for SSL SNI +--Q25.Report for SSL SNI select ssl_sni, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) group by ssl_sni order by sessions desc limit 0,100 ---Q27.Report for SSL APP +--Q26.Report for SSL APP select common_app_label as applicaiton, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) group by applicaiton order by sessions desc limit 0,100 ---Q28.Report for Domains +--Q27.Report for Domains select common_server_domain AS domain,SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes,SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes,SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes FROM session_record WHERE common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(domain) GROUP BY domain ORDER BY bytes DESC LIMIT 100 ---Q29.Report for Domains with unique Client IP +--Q28.Report for Domains with unique Client IP select toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300) as stat_time, common_server_domain, uniq (common_client_ip) as nums from session_record where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and common_server_domain in (select common_server_domain from session_record where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(common_server_domain) group by common_server_domain order by SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) desc limit 10 ) group by toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300), common_server_domain order by stat_time asc limit 500 ---Q30. Report for HTTP Host +--Q29.Report for HTTP Host SELECT http_host as host, SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes,SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes,SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes FROM session_record WHERE common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(http_host) GROUP BY host ORDER BY bytes DESC limit 100 union all SELECT 'totals' as host, SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes, SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes, SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(http_host) ---Q31.Report for HTTP/HTTPS URLS with Sessions +--Q30.Report for HTTP/HTTPS URLS with Sessions SELECT http_url AS url,count(*) AS sessions FROM proxy_event WHERE common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(http_url) GROUP BY url ORDER BY sessions DESC LIMIT 100 ---Q32.Report for HTTP/HTTPS URLS with UNIQUE Client IP +--Q31.Report for HTTP/HTTPS URLS with UNIQUE Client IP select toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300) as stat_time, http_url, count(distinct(common_client_ip)) as nums from proxy_event where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and http_url IN (select http_url from proxy_event where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(http_url) group by http_url order by count(*) desc limit 10 ) group by toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300), http_url order by stat_time asc limit 500 ---Q33.Report for Subscriber ID with Sessions +--Q32.Report for Subscriber ID with Sessions select common_subscriber_id as user, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(user) group by common_subscriber_id order by sessions desc limit 0,100 ---Q34.Report for Subscriber ID with Bandwidth +--Q33.Report for Subscriber ID with Bandwidth SELECT common_subscriber_id as user,SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes,SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes,SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes FROM session_record WHERE common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(user) GROUP BY user ORDER BY bytes DESC LIMIT 100 ---Q35.Report Unique Endpoints +--Q34.Report Unique Endpoints select uniq(common_client_ip) as "Client IP",uniq(common_server_ip) as "Server IP",uniq(common_internal_ip) as "Internal IP",uniq(common_external_ip) as "External IP",uniq(common_server_domain) as "Domain",uniq(ssl_sni) as "SNI" from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) ---Q36.TopN Optimizer +--Q35.TopN Optimizer SELECT http_url AS url, SUM(common_sessions) AS sessions FROM session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND notEmpty(http_url) GROUP BY http_url ORDER BY sessions DESC limit 10 ---Q37.All Security Event Hits Trend by 5min B -select DATE_FORMAT(FROM_UNIXTIME(FLOOR(UNIX_TIMESTAMP(__time)/300)*300),'%Y-%m-%d %H:%i:%s') as start_time, sum(hits) as hits from security_event_hits_log where __time >= @start and __time < @end group by DATE_FORMAT(FROM_UNIXTIME(FLOOR(UNIX_TIMESTAMP(__time)/300)*300),'%Y-%m-%d %H:%i:%s') limit 10000 ---Q38.Security Event Hit Time(first and last time) B -select policy_id, DATE_FORMAT(min(__time) ,'%Y-%m-%d %H:%i:%s') as first_used, DATE_FORMAT(max(__time) ,'%Y-%m-%d %H:%i:%s') as last_used from security_event_hits_log where policy_id in (0) group by policy_id ---Q39.All Proxy Event Hits Trend by 5min B -select FROM_UNIXTIME(FLOOR(UNIX_TIMESTAMP(__time)/300)*300) as start_time, sum(hits) as hits from proxy_event_hits_log where __time >= @start and __time < @end group by FROM_UNIXTIME(FLOOR(UNIX_TIMESTAMP(__time)/300)*300) limit 10000 ---Q40.Proxy Event Hit Time(first and last time) B -select policy_id, DATE_FORMAT(min(__time) ,'%Y-%m-%d %H:%i:%s') as first_used, DATE_FORMAT(max(__time) ,'%Y-%m-%d %H:%i:%s') as last_used from proxy_event_hits_log where policy_id in (0) group by policy_id ---Q41.Traffic Composition Protocol Tree Trend -(SELECT TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * TIME_FLOOR_WITH_FILL(TIMESTAMP_TO_MILLIS(__time)/1000, 'PT30S', 'zero')), 'yyyy-MM-dd HH:mm:ss') as stat_time, protocol_id as type, sum(c2s_byte_num + s2c_byte_num) as bytes from traffic_protocol_stat_log where __time >= @start AND __time < @end and protocol_id = 'ETHERNET' group by TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * TIME_FLOOR_WITH_FILL(TIMESTAMP_TO_MILLIS(__time)/1000, 'PT30S', 'zero')), 'yyyy-MM-dd HH:mm:ss'), protocol_id order by stat_time asc) union all (SELECT TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * TIME_FLOOR_WITH_FILL(TIMESTAMP_TO_MILLIS(__time)/1000, 'PT30S', 'zero')), 'yyyy-MM-dd HH:mm:ss') as stat_time, protocol_id as type, sum(c2s_byte_num + s2c_byte_num) as bytes from traffic_protocol_stat_log where __time >= @start AND __time < @end and protocol_id like CONCAT('ETHERNET','.%') and LENGTH(protocol_id) = LENGTH(REPLACE(protocol_id,'.','')) + 1 + 0 group by TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * TIME_FLOOR_WITH_FILL(TIMESTAMP_TO_MILLIS(__time)/1000, 'PT30S', 'zero')), 'yyyy-MM-dd HH:mm:ss'), protocol_id order by stat_time asc) ---Q42.Traffic Metrics Security Action Hits Trend -select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1800S','zero')) as statisticTime, sum(default_in_bytes + default_out_bytes) as default_bytes, sum(default_in_packets + default_out_packets) as default_packets, sum(default_conn_num) as default_sessions, sum(allow_in_bytes + allow_out_bytes) as allow_bytes, sum(allow_in_packets + allow_out_packets) as allow_packets, sum(allow_conn_num) as allow_sessions, sum(deny_in_bytes + deny_out_bytes) as deny_bytes, sum(deny_in_packets + deny_out_packets) as deny_packets, sum(deny_conn_num) as deny_sessions, sum(monitor_in_bytes + monitor_out_bytes) as monitor_bytes, sum(monitor_in_packets + monitor_out_packets) as monitor_packets, sum(monitor_conn_num) as monitor_sessions, sum(intercept_in_bytes + intercept_out_bytes) as intercept_bytes, sum(intercept_in_packets + intercept_out_packets) as intercept_packets, sum(intercept_conn_num) as intercept_sessions from traffic_metrics_log where __time >= @start and __time < @end group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1800S','zero')) limit 100000 ---Q43.Traffic Metrics Proxy Action Hits Trend -SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1800S','zero')) AS statisticTime,SUM(intcp_allow_num) AS intercept_allow_conn_num,SUM(intcp_mon_num) AS intercept_monitor_conn_num,SUM(intcp_deny_num) AS intercept_deny_conn_num,SUM(intcp_rdirt_num) AS intercept_redirect_conn_num,SUM(intcp_repl_num) AS intercept_replace_conn_num,SUM(intcp_hijk_num) AS intercept_hijack_conn_num,SUM(intcp_ins_num) AS intercept_insert_conn_num FROM traffic_metrics_log WHERE __time >= @start AND __time < @end GROUP BY FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1800S', 'zero')) LIMIT 100000 ---Q44.Traffic Statistics(Metrics02) -select FROM_UNIXTIME(stat_time) as max_active_date_by_sessions, total_live_sessions as max_live_sessions from ( select stat_time, sum(live_sessions) as total_live_sessions from ( select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'P1D') as stat_time, device_id, avg(established_conn_num) as live_sessions from traffic_metrics_log where __time >= @start and __time<@end group by TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'P1D'), device_id) group by stat_time order by total_live_sessions desc limit 1 ) ---Q45.Traffic Summary(Bandwidth Trend) -select * from ( select DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s') as stat_time,'traffic_in_bytes' as type, sum(total_in_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s'), 'traffic_in_bytes' union all select DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s') as stat_time,'traffic_out_bytes' as type,sum(total_out_bytes) as bytes from traffic_metrics_log where __time >= @start and __time < @end group by DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s'),'traffic_out_bytes' ) order by stat_time asc limit 100000 ---Q46.Traffic Summary(Sessions Trend) -select DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s') as stat_time, 'total_conn_num' as type, sum(new_conn_num) as sessions from traffic_metrics_log where __time >= @start and __time < @end group by DATE_FORMAT(FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1h','zero')),'%Y-%m-%d %H:%i:%s'), 'total_conn_num' order by stat_time asc limit 10000 ---Q47.Domain Baidu.com Metrics +--Q36.Domain Baidu.com Metrics select FROM_UNIXTIME(min(common_recv_time)) as "First Seen" , FROM_UNIXTIME(max(common_recv_time)) as "Last Seen" , median(http_response_latency_ms) as "Server Processing Time Median(ms)", count(1) as Responses,any(common_server_location) as Location from session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND common_server_domain='baidu.com' ---Q48.TIME_FLOOR_WITH_FILL 01 +--Q37.TIME_FLOOR_WITH_FILL 01 select "Device Group" as "Device Group" ,"Data Center" as "Data Center" ,FROM_UNIXTIME("End Time") as "End Time" , sum("counter") as "counter" from (select common_device_group as "Device Group" ,common_data_center as "Data Center" ,TIME_FLOOR_WITH_FILL (common_end_time,'PT1H','zero') as "End Time" ,count(common_log_id) as "counter" from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) group by "Device Group","Data Center","End Time") group by "Device Group" ,"Data Center" ,"End Time" order by "End Time" asc limit 5 ---Q49.TIME_FLOOR_WITH_FILL 02 +--Q38.TIME_FLOOR_WITH_FILL 02 select FROM_UNIXTIME("End Time") as "End Time" , sum("counter") as "counter" from (select common_device_group as "Device Group" ,common_data_center as "Data Center" ,TIME_FLOOR_WITH_FILL (common_end_time,'PT1H','zero') as "End Time" ,count(common_log_id) as "counter" ,count(common_server_domain) as "HTTP.Domain" from security_event where ((common_recv_time >= toDateTime('2021-10-19 00:00:00') and common_recv_time < toDateTime('2021-10-20 00:00:00')) ) AND ( ( common_action = 2 ) ) group by "Device Group","Data Center","End Time") group by "End Time" order by "End Time" asc ---Q50.CONVERT_TZ (Druid) 01 -SELECT CONVERT_TZ('2019-09-09 09:09:09','GMT','MET') as test_time from proxy_event_hits_log limit 1 ---Q51.CONVERT_TZ (Druid) 02 -SELECT CONVERT_TZ('2019-09-09 09:09:09','Europe/London','America/New_York') as test_time from proxy_event_hits_log limit 1 ---Q52.CONVERT_TZ (Druid) 03 -SELECT CONVERT_TZ(now(),'GMT','America/New_York') as test_time from proxy_event_hits_log limit 1 ---Q53.CONVERT_TZ (clickhouse) 01 +--Q39.CONVERT_TZ (clickhouse) 01 SELECT CONVERT_TZ('2019-09-09 09:09:09','GMT','MET') as test_time from session_record limit 1 ---Q54.CONVERT_TZ (clickhouse) 02 +--Q40.CONVERT_TZ (clickhouse) 02 SELECT CONVERT_TZ('2019-09-09 09:09:09','Europe/London','America/New_York') as test_time from session_record limit 1 ---Q55.CONVERT_TZ (clickhouse) 03 +--Q41.CONVERT_TZ (clickhouse) 03 SELECT CONVERT_TZ(now(),'GMT','America/New_York') as test_time from session_record limit 1 ---Q56.CONVERT_TZ (hbase) 01 +--Q42.CONVERT_TZ (hbase) 01 SELECT CONVERT_TZ('2019-09-09 09:09:09','GMT','MET') as test_time from report_result limit 1 ---Q57.CONVERT_TZ (hbase) 02 +--Q43.CONVERT_TZ (hbase) 02 SELECT CONVERT_TZ('2019-09-09 09:09:09','Europe/London','America/New_York') as test_time from report_result limit 1 ---Q58.CONVERT_TZ (hbase) 03 +--Q44.CONVERT_TZ (hbase) 03 SELECT CONVERT_TZ(now(),'GMT','America/New_York') as test_time from report_result limit 1 ---Q59.CONVERT_TZ (elasticsearch) +--Q45.CONVERT_TZ (elasticsearch) SELECT CONVERT_TZ('2019-09-09 09:09:09','Europe/London','America/New_York') as time from report_result limit 1 ---Q60.Authentication failed(code 516) +--Q46.Authentication failed(code 516) SELECT toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, http_url, http_host, common_server_domain, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program FROM interim_session_record AS interim_session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 43233, 20 ---Q61.Function MAX_DURATION +--Q47.Function MAX_DURATION SELECT destination_ip, IP_TO_GEO(destination_ip) AS destination_geo, MAX_DURATION(end_time,600) AS max_duration, any(destination_country) AS destination_country, groupUniqArray(arrayJoin(splitByString(',',source_country_list))) AS source_coutries,max(bit_rate) AS max_bit_rate,max(packet_rate) AS max_packet_rate,max(session_rate) AS max_session_rate,min(start_time) AS first_active_time,max(end_time) AS last_active_time,groupUniqArray(attack_type) AS attack_type,count(*) AS count from dos_event where start_time >= toUnixTimestamp(@start) AND start_time < toUnixTimestamp(@end) GROUP BY destination_ip ORDER BY count desc ---Q62.notEmpty(druid) -SELECT device_id from traffic_metrics_log where __time >= @start and __time < @end AND notEmpty(device_id) limit 10 ---Q63.empty(druid) -SELECT device_id from traffic_metrics_log where __time >= @start and __time < @end AND empty(device_id) limit 10 ---Q64.QUANTILE(clickhouse) +--Q48.QUANTILE(clickhouse) SELECT QUANTILE(common_c2s_byte_num) AS c2s FROM session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP')) LIMIT 1 ---Q65.QUANTILE(druid) -SELECT QUANTILE(established_conn_num, 0.6) FROM traffic_metrics_log WHERE __time >= @start AND __time < @end limit 1 ---Q66.Top Optimizer +--Q49.Top Optimizer SELECT common_client_ip AS common_client_ip, count(*) AS count, sum(common_c2s_byte_num + common_s2c_byte_num) / 1024 / 1024 AS bytes_MB FROM session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) GROUP BY common_client_ip ORDER BY count DESC LIMIT 10 ---Q67.IP_TO_GEO、IP_TO_ISP +--Q50.IP_TO_GEO、IP_TO_ISP SELECT IP_TO_GEO(common_client_ip) AS geo, IP_TO_ISP(common_client_ip) AS isp FROM session_record LIMIT 1 ---Q68.time format ISO8601, druid -SELECT FROM_UNIXTIME(UNIX_TIMESTAMP('2023-02-08T00:00:00+0800')) FROM proxy_event_hits_log limit 1 ---Q69.time format ISO8601, ck +--Q51.time format ISO8601, ck SELECT FROM_UNIXTIME(UNIX_TIMESTAMP('2023-02-08T00:00:00+0800')) FROM session_record limit 1 ---Q70.subQuery optimizing, filter field contain table name -SELECT FROM_UNIXTIME(common_recv_time) AS stat_time FROM session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND (common_client_ip = '5.32.144.55') AND session_record.common_vsys_id IN (32, 1, 27, 4) ORDER BY common_recv_time DESC LIMIT 0, 50
\ No newline at end of file +--Q52.subQuery optimizing, filter field contain table name +SELECT FROM_UNIXTIME(common_recv_time) AS stat_time FROM session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND (common_client_ip = '5.32.144.55') AND session_record.common_vsys_id IN (32, 1, 27, 4) ORDER BY common_recv_time DESC LIMIT 0, 50 +--Q53.Concat Funtion Test sql +select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(common_recv_time),'PT1M','zero') as stat_time, (CASE WHEN common_action = 1 THEN 'Monitor' WHEN common_action = 2 THEN 'Intercept' WHEN common_action = 16 THEN 'Deny' WHEN common_action = 48 THEN 'Manipulation' WHEN common_action = 96 THEN 'Allow' WHEN common_action = 128 THEN 'Allow(Deprecated)' ELSE Concat(common_action) END) as type, count(*) as events from security_event where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) and common_vsys_id in (2,3) group by stat_time, common_action
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/meta_data.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/meta_data.json index 40448669..655b026e 100644 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/meta_data.json +++ b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/meta_data.json @@ -42,13 +42,6 @@ "namespace": "druid", "group": "DRUID_GROUP", "tables": [ - "top_internal_host_log", - "top_client_ip_log", - "top_external_host_log", - "top_server_ip_log", - "top_website_domain_log", - "top_user_log", - "top_urls_log", "top_client_ips", "top_server_ips", "top_internal_ips", @@ -57,13 +50,7 @@ "top_server_fqdns", "top_subscribers", "application_protocol_stat", - "proxy_event_hits_log", - "security_event_hits_log", - "traffic_summary_log", - "traffic_protocol_stat_log", - "traffic_metrics_log", "traffic_general_stat", - "traffic_app_stat_log", "traffic_top_destination_ip_metrics_log", "traffic_shaping_rule_hits", "sys_storage_log", diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/proxy_event_hits_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/proxy_event_hits_log.json deleted file mode 100644 index 710b713c..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/proxy_event_hits_log.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "type": "record", - "name": "proxy_event_hits_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "isp", - "label": "ISP", - "type": "string", - "doc": { - "visibility": "disabled" - } - }, - { - "name": "hits", - "label": "Hits", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "policy_id", - "label": "Policy ID", - "type": "long", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "visibility": "enabled" - } - }, - { - "name": "action", - "label": "Action", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "sub_action", - "label": "Action", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - }, - { - "code": "edit_element", - "value": "Edit Element" - }, - { - "code": "run_script", - "value": "Run Script" - } - ], - "visibility": "enabled" - } - }, - { - "name": "ip_object", - "label": "IP Object", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "country", - "label": "Country", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "location", - "label": "Location", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_byte_num", - "label": "Bytes Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/security_event_hits_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/security_event_hits_log.json deleted file mode 100644 index 3af34c0f..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/security_event_hits_log.json +++ /dev/null @@ -1,137 +0,0 @@ -{ - "type": "record", - "name": "security_event_hits_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "isp", - "label": "ISP", - "type": "string", - "doc": { - "visibility": "disabled" - } - }, - { - "name": "policy_id", - "label": "Policy ID", - "type": "long", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "visibility": "enabled" - } - }, - { - "name": "pinningst", - "label": "Pinning", - "type": "long", - "doc": { - "visibility": "enabled" - } - }, - { - "name": "action", - "label": "Action", - "type": "long", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": [ - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ], - "visibility": "enabled" - } - }, - { - "name": "hits", - "label": "Hits", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_byte_num", - "label": "Bytes Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_pkt_num", - "label": "Packets Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_client_ip_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_client_ip_log.json deleted file mode 100644 index 978e1836..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_client_ip_log.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "type": "record", - "name": "top_client_ip_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "data_center", - "label": "Data Center", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "device_group", - "label": "Device Group", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "source", - "label": "Client IP", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "session_num", - "label": "Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_byte_num", - "label": "Bytes Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_pkt_num", - "label": "Packets Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "order_by", - "label": "Order By", - "doc": { - "visibility": "enabled" - }, - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_external_host_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_external_host_log.json deleted file mode 100644 index 53581d66..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_external_host_log.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "type": "record", - "name": "top_external_host_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "data_center", - "label": "Data Center", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "device_group", - "label": "Device Group", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "destination", - "label": "External IP", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "session_num", - "label": "Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_byte_num", - "label": "Bytes Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_pkt_num", - "label": "Packets Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "order_by", - "label": "Order By", - "doc": { - "visibility": "enabled" - }, - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_internal_host_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_internal_host_log.json deleted file mode 100644 index 9662c11f..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_internal_host_log.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "type": "record", - "name": "top_internal_host_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "data_center", - "label": "Data Center", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "device_group", - "label": "Device Group", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "source", - "label": "Internal IP", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "session_num", - "label": "Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_byte_num", - "label": "Bytes Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_pkt_num", - "label": "Packets Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "order_by", - "label": "Order By", - "doc": { - "visibility": "enabled" - }, - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_server_ip_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_server_ip_log.json deleted file mode 100644 index 9e4014cf..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_server_ip_log.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "type": "record", - "name": "top_server_ip_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "data_center", - "label": "Data Center", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "device_group", - "label": "Device Group", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "destination", - "label": "Server IP", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "session_num", - "label": "Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_byte_num", - "label": "Bytes Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_pkt_num", - "label": "Packets Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "order_by", - "label": "Order By", - "doc": { - "visibility": "enabled" - }, - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_urls_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_urls_log.json deleted file mode 100644 index eef7b6c7..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_urls_log.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "type": "record", - "name": "top_urls_log", - "namespace": "druid", - "doc": { - "partition_key": "__time" - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "url", - "label": "URL", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "session_num", - "label": "Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_user_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_user_log.json deleted file mode 100644 index 721e6a6c..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_user_log.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "type": "record", - "name": "top_user_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "data_center", - "label": "Data Center", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "device_group", - "label": "Device Group", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "subscriber_id", - "label": "Subscriber ID", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "session_num", - "label": "Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_byte_num", - "label": "Bytes Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_pkt_num", - "label": "Packets Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "order_by", - "label": "Order By", - "doc": { - "visibility": "enabled" - }, - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_website_domain_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_website_domain_log.json deleted file mode 100644 index 7d1d752f..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/top_website_domain_log.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "type": "record", - "name": "top_website_domain_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "data_center", - "label": "Data Center", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "device_group", - "label": "Device Group", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "domain", - "label": "Domain", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "session_num", - "label": "Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_byte_num", - "label": "Bytes Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_pkt_num", - "label": "Packets Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "order_by", - "label": "Order By", - "doc": { - "visibility": "enabled" - }, - "type": "string" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_app_stat_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_app_stat_log.json deleted file mode 100644 index 9eb869a7..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_app_stat_log.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "type": "record", - "name": "traffic_app_stat_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "data_center", - "label": "Data Center", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "device_group", - "label": "Device Group", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "app_name", - "label": "APP Name", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "visibility": "enabled" - } - }, - { - "name": "session_num", - "label": "Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_byte_num", - "label": "Bytes Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_pkt_num", - "label": "Packets Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_metrics_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_metrics_log.json deleted file mode 100644 index aa8c0d71..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_metrics_log.json +++ /dev/null @@ -1,449 +0,0 @@ -{ - "type": "record", - "name": "traffic_metrics_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "device_id", - "label": "Device ID", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "allow_conn_num", - "label": "Allow Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "allow_in_bytes", - "label": "Allow Bytes (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "allow_in_packets", - "label": "Allow Packets (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "allow_out_bytes", - "label": "Allow Bytes (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "allow_out_packets", - "label": "Allow Packets (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "close_conn_num", - "label": "Closed Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "default_conn_num", - "label": "Default Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "default_in_bytes", - "label": "Default Bytes (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "default_in_packets", - "label": "Default Packets (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "default_out_bytes", - "label": "Default Bytes (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "default_out_packets", - "label": "Default Packets (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "deny_conn_num", - "label": "Deny Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "deny_in_bytes", - "label": "Deny Bytes (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "deny_in_packets", - "label": "Deny Packets (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "deny_out_bytes", - "label": "Deny Bytes (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "deny_out_packets", - "label": "Deny Packets (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intercept_conn_num", - "label": "Intercept Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intercept_in_bytes", - "label": "Intercept Bytes (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intercept_in_packets", - "label": "Intercept Packets (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intercept_out_bytes", - "label": "Intercept Bytes (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intercept_out_packets", - "label": "Intercept Packets (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "established_conn_num", - "label": "Established Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "monitor_conn_num", - "label": "Monitor Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "monitor_in_bytes", - "label": "Monitor Bytes (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "monitor_in_packets", - "label": "Monitor Packets (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "monitor_out_bytes", - "label": "Monitor Bytes (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "monitor_out_packets", - "label": "Monitor Packets (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "new_conn_num", - "label": "New Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "total_in_bytes", - "label": "Total Bytes (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "total_in_packets", - "label": "Total Packets (Ingress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "total_out_bytes", - "label": "Total Bytes (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "total_out_packets", - "label": "Total Packets (Egress)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "alert_bytes", - "label": "Alert Bytes", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "hijk_bytes", - "label": "Hijack Bytes", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "ins_bytes", - "label": "Insert Bytes", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intcp_allow_num", - "label": "Intercept Allow Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intcp_deny_num", - "label": "Intercept Deny Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intcp_hijk_num", - "label": "Intercept Hijack Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intcp_ins_num", - "label": "Intercept Insert Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intcp_mon_num", - "label": "Intercept Monitor Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intcp_rdirt_num", - "label": "Intercept Redirect Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intcp_repl_num", - "label": "Intercept Replace Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "maybe_pinning_num", - "label": "Maybe Pinning Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "not_pinning_num", - "label": "Not Pinning Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "pinning_num", - "label": "Pinning Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "ad_cc_bytes", - "label": "AD CC Bytes", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "ad_flood_bytes", - "label": "AD Flood Bytes", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "ad_reflection_bytes", - "label": "AD Reflection Bytes", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intcp_edit_elem_num", - "label": "Intercept Edit Element Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "intcp_rus_num", - "label": "Intercept Run Script Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_protocol_stat_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_protocol_stat_log.json deleted file mode 100644 index 4d242f8d..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_protocol_stat_log.json +++ /dev/null @@ -1,189 +0,0 @@ -{ - "type": "record", - "name": "traffic_protocol_stat_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "filters": [ - "data_center", - "device_group" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "protocol_id", - "label": "Protocol ID", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "app_name", - "label": "APP Name", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "isp", - "label": "ISP", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "data_center", - "label": "Data Center", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "device_group", - "label": "Device Group", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "sessions", - "label": "Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_pkt_num", - "label": "Packets Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_byte_num", - "label": "Bytes Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_ipfrag_num", - "label": "Fragmentation Packets (c2s)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_ipfrag_num", - "label": "Fragmentation Packets (s2c)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_tcp_lostlen", - "label": "Sequence Gap Loss (c2s)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_tcp_lostlen", - "label": "Sequence Gap Loss (s2c)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_tcp_unorder_num", - "label": "Unordered Packets (c2s)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_tcp_unorder_num", - "label": "Unordered Packets (s2c)", - "doc": { - "visibility": "enabled" - }, - "type": "long" - } - ] -}
\ No newline at end of file diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_summary_log.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_summary_log.json deleted file mode 100644 index 7234a298..00000000 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/traffic_summary_log.json +++ /dev/null @@ -1,215 +0,0 @@ -{ - "type": "record", - "name": "traffic_summary_log", - "namespace": "druid", - "doc": { - "partition_key": "__time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - } - } - }, - "fields": [ - { - "name": "__time", - "label": "Time", - "type": { - "type": "string", - "logicalType": "timestamp" - }, - "doc": { - "constraints": { - "type": "timestamp" - }, - "visibility": "enabled" - } - }, - { - "name": "data_center", - "label": "Data Center", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "device_group", - "label": "Device Group", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,in" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - }, - "visibility": "enabled" - } - }, - { - "name": "vsys_id", - "label": "Vsys ID", - "doc": { - "visibility": "enabled" - }, - "type": "int", - "default": 1 - }, - { - "name": "isp", - "label": "ISP", - "type": "string", - "doc": { - "visibility": "disabled" - } - }, - { - "name": "schema_type", - "label": "Schema Type", - "type": "string", - "doc": { - "data": [ - { - "code": "BASE", - "value": "BASE" - }, - { - "code": "MAIL", - "value": "MAIL" - }, - { - "code": "DNS", - "value": "DNS" - }, - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "SSL", - "value": "SSL" - }, - { - "code": "QUIC", - "value": "QUIC" - }, - { - "code": "FTP", - "value": "FTP" - }, - { - "code": "SSH", - "value": "SSH" - }, - { - "code": "Stratum", - "value": "Stratum" - } - ], - "visibility": "enabled" - } - }, - { - "name": "ip_object", - "label": "IP Object", - "doc": { - "visibility": "enabled" - }, - "type": "string" - }, - { - "name": "sessions", - "label": "Sessions", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_byte_num", - "label": "Bytes Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_byte_num", - "label": "Bytes Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "c2s_pkt_num", - "label": "Packets Sent", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "s2c_pkt_num", - "label": "Packets Received", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "one_sided_connections", - "label": "One Sided Connections", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "uncategorized_bytes", - "label": "Uncategorized Bytes", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "fragmentation_packets", - "label": "Fragmentation Packets", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "sequence_gap_loss", - "label": "Sequence Gap Loss", - "doc": { - "visibility": "enabled" - }, - "type": "long" - }, - { - "name": "unorder_packets", - "label": "Unorder Packets", - "doc": { - "visibility": "enabled" - }, - "type": "long" - } - ] -}
\ No newline at end of file |