1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
|
{
"pre": "use tsg_galaxy_v3",
"Q1": "SELECT count(1) from connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2)",
"Q2": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) LIMIT 30",
"Q3": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ORDER BY common_recv_time DESC LIMIT 30",
"Q4": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ORDER BY common_recv_time asc LIMIT 30",
"Q5": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30",
"Q6": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ORDER BY common_recv_time DESC LIMIT 30",
"Q7": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_internal_ip='223.116.37.192' ORDER BY common_recv_time DESC LIMIT 30",
"Q8": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ORDER BY common_recv_time DESC LIMIT 30",
"Q9": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_external_ip='111.10.53.14' ORDER BY common_recv_time DESC LIMIT 30",
"Q10": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_port=52607 ORDER BY common_recv_time DESC LIMIT 30",
"Q11": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_port=443 ORDER BY common_recv_time DESC LIMIT 30",
"Q12": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_c2s_pkt_num>5 ORDER BY common_recv_time DESC LIMIT 30",
"Q13": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_s2c_pkt_num>5 ORDER BY common_recv_time DESC LIMIT 30",
"Q14": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_c2s_byte_num>100 ORDER BY common_recv_time DESC LIMIT 30",
"Q15": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_s2c_byte_num<200 ORDER BY common_recv_time DESC LIMIT 30",
"Q16": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_schema_type='DNS' ORDER BY common_recv_time DESC LIMIT 30",
"Q17": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_establish_latency_ms>200 ORDER BY common_recv_time DESC LIMIT 30",
"Q18": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_con_duration_ms>10000 ORDER BY common_recv_time DESC LIMIT 30",
"Q19": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30",
"Q20": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_tcp_client_isn=2857077935 ORDER BY common_recv_time DESC LIMIT 30",
"Q21": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_tcp_server_isn=0 ORDER BY common_recv_time DESC LIMIT 30",
"Q22": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ORDER BY common_recv_time DESC LIMIT 30",
"Q23": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND mail_account='[email protected]' ORDER BY common_recv_time DESC LIMIT 30",
"Q24": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND mail_subject='test' ORDER BY common_recv_time DESC LIMIT 30",
"Q25": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND dns_qname='qbwup.imtt.qq.com' ORDER BY common_recv_time DESC LIMIT 30",
"Q26": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ORDER BY common_recv_time DESC LIMIT 30",
"Q27": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_con_latency_ms>100 ORDER BY common_recv_time DESC LIMIT 30",
"Q28": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1' ORDER BY common_recv_time DESC LIMIT 30",
"Q29": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' and common_server_ip='8.8.8.8' ORDER BY common_recv_time DESC LIMIT 30",
"Q30": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='111.10.53.14' and common_server_port=443 ORDER BY common_recv_time DESC LIMIT 30",
"Q31": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND mail_account like 'abc@%' ORDER BY common_recv_time DESC LIMIT 30",
"Q32": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ORDER BY common_recv_time DESC LIMIT 30",
"Q33": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ORDER BY common_recv_time DESC LIMIT 30",
"Q34": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ORDER BY common_recv_time DESC LIMIT 30",
"Q35": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_port not in (80,443) ORDER BY common_recv_time DESC LIMIT 30",
"Q36": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ORDER BY common_recv_time DESC LIMIT 30",
"Q37": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ORDER BY common_recv_time DESC LIMIT 30",
"Q38": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30",
"Q39": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ORDER BY common_recv_time DESC LIMIT 30",
"Q40": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_internal_ip='223.116.37.192' ORDER BY common_recv_time DESC LIMIT 30",
"Q41": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ORDER BY common_recv_time DESC LIMIT 30",
"Q42": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_external_ip='111.10.53.14' ORDER BY common_recv_time DESC LIMIT 30",
"Q43": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_port=52607 ORDER BY common_recv_time DESC LIMIT 30",
"Q44": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_port=443 ORDER BY common_recv_time DESC LIMIT 30",
"Q45": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_c2s_pkt_num>5 ORDER BY common_recv_time DESC LIMIT 30",
"Q46": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_s2c_pkt_num>5 ORDER BY common_recv_time DESC LIMIT 30",
"Q47": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_c2s_byte_num>100 ORDER BY common_recv_time DESC LIMIT 30",
"Q48": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_s2c_byte_num<200 ORDER BY common_recv_time DESC LIMIT 30",
"Q49": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_schema_type='DNS' ORDER BY common_recv_time DESC LIMIT 30",
"Q50": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_establish_latency_ms>200 ORDER BY common_recv_time DESC LIMIT 30",
"Q51": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_con_duration_ms>10000 ORDER BY common_recv_time DESC LIMIT 30",
"Q52": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30",
"Q53": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_tcp_client_isn=2857077935 ORDER BY common_recv_time DESC LIMIT 30",
"Q54": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_tcp_server_isn=0 ORDER BY common_recv_time DESC LIMIT 30",
"Q55": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ORDER BY common_recv_time DESC LIMIT 30",
"Q56": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND mail_account='[email protected]' ORDER BY common_recv_time DESC LIMIT 30",
"Q57": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND mail_subject='test' ORDER BY common_recv_time DESC LIMIT 30",
"Q58": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND dns_qname='qbwup.imtt.qq.com' ORDER BY common_recv_time DESC LIMIT 30",
"Q59": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ORDER BY common_recv_time DESC LIMIT 30",
"Q60": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_con_latency_ms>100 ORDER BY common_recv_time DESC LIMIT 30",
"Q61": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1' ORDER BY common_recv_time DESC LIMIT 30",
"Q62": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' and common_server_ip='8.8.8.8' ORDER BY common_recv_time DESC LIMIT 30",
"Q63": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='111.10.53.14' and common_server_port=443 ORDER BY common_recv_time DESC LIMIT 30",
"Q64": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND mail_account like 'abc@%' ORDER BY common_recv_time DESC LIMIT 30",
"Q65": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ORDER BY common_recv_time DESC LIMIT 30",
"Q66": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ORDER BY common_recv_time DESC LIMIT 30",
"Q67": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ORDER BY common_recv_time DESC LIMIT 30",
"Q68": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_port not in (80,443) ORDER BY common_recv_time DESC LIMIT 30",
"Q69": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ORDER BY common_recv_time DESC LIMIT 30",
"Q70": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ORDER BY common_recv_time DESC LIMIT 30",
"Q71": "SELECT * FROM connection_record_log AS connection_record_log WHERE ckdb.function.toDateTime(common_recv_time) IN ( SELECT ckdb.function.toDateTime(common_recv_time) FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ORDER BY common_recv_time DESC LIMIT 30 ) AND common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ORDER BY common_recv_time DESC LIMIT 30",
"Q72": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ORDER BY common_recv_time DESC LIMIT 30 ) AND common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ORDER BY common_recv_time DESC LIMIT 30",
"Q73": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE ckdb.function.toDateTime(common_recv_time) IN ( SELECT ckdb.function.toDateTime(common_recv_time) FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ORDER BY common_recv_time DESC LIMIT 30 ) AND common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ORDER BY common_recv_time DESC LIMIT 30",
"Q74": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( select common_log_id FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2)) ORDER BY common_recv_time DESC LIMIT 30",
"Q75": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q76": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q77": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q78": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q79": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q80": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q81": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q82": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q83": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q84": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q85": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ) ORDER BY common_recv_time DESC LIMIT 30",
"Q86": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q87": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q88": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q89": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q90": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q91": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q92": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q93": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q94": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q95": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q96": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q97": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q98": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ) ORDER BY common_recv_time DESC LIMIT 30",
"Q99": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q100": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q101": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q102": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q103": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q104": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q105": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q106": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q107": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q108": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q109": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q110": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q111": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ) ORDER BY common_recv_time DESC LIMIT 30",
"Q112": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q113": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q114": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q115": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q116": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q117": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q118": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q119": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q120": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q121": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q122": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q123": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q124": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ) ORDER BY common_recv_time DESC LIMIT 30",
"Q125": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ) ORDER BY common_recv_time DESC LIMIT 30",
"Q126": "SELECT ckdb.function.toDateTime(common_recv_time) , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( Select common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ) ORDER BY common_recv_time DESC LIMIT 30",
"Q127": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ) ORDER BY common_recv_time desc LIMIT 30",
"Q128": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ) ORDER BY common_recv_time desc LIMIT 30",
"Q129": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ) ORDER BY common_recv_time desc LIMIT 30",
"Q130": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q131": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ) ORDER BY common_recv_time desc LIMIT 30",
"Q132": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q133": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q134": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q135": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q136": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q137": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ) ORDER BY common_recv_time desc LIMIT 30",
"Q138": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ) ORDER BY common_recv_time desc LIMIT 30",
"Q139": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_client_ip AS connection_record_log_common_client_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ORDER BY common_recv_time DESC LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q140": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ) ORDER BY common_recv_time desc LIMIT 30",
"Q141": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ) ORDER BY common_recv_time desc LIMIT 30",
"Q142": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ) ORDER BY common_recv_time desc LIMIT 30",
"Q143": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q144": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ) ORDER BY common_recv_time desc LIMIT 30",
"Q145": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q146": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q147": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q148": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q149": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q150": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ) ORDER BY common_recv_time desc LIMIT 30",
"Q151": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ) ORDER BY common_recv_time desc LIMIT 30",
"Q152": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_server_ip AS connection_record_log_common_server_ip WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q153": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ) ORDER BY common_recv_time desc LIMIT 30",
"Q154": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ) ORDER BY common_recv_time desc LIMIT 30",
"Q155": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ) ORDER BY common_recv_time desc LIMIT 30",
"Q156": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q157": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ) ORDER BY common_recv_time desc LIMIT 30",
"Q158": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q159": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q160": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q161": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q162": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q163": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ) ORDER BY common_recv_time desc LIMIT 30",
"Q164": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ) ORDER BY common_recv_time desc LIMIT 30",
"Q165": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_http_domain AS connection_record_log_http_domain WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q166": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_log_id=1153021139190754263 ) ORDER BY common_recv_time desc LIMIT 30",
"Q167": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip='36.189.226.21' ) ORDER BY common_recv_time desc LIMIT 30",
"Q168": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_server_ip='8.8.8.8' ) ORDER BY common_recv_time desc LIMIT 30",
"Q169": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_sled_ip='%192.168%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q170": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_stream_trace_id=1153021139190754263 ) ORDER BY common_recv_time desc LIMIT 30",
"Q171": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='microsoft.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q172": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni='note.youdao.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q173": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_subscriber_id='%test%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q174": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain like '%baidu.com%' ) ORDER BY common_recv_time desc LIMIT 30",
"Q175": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND ssl_sni like '%youdao.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q176": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_client_ip in ('36.189.226.21','111.10.53.14') ) ORDER BY common_recv_time desc LIMIT 30",
"Q177": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 ) ORDER BY common_recv_time desc LIMIT 30",
"Q178": "SELECT * FROM connection_record_log AS connection_record_log WHERE common_log_id IN ( SELECT common_log_id FROM connection_record_log_common_subscriber_id AS connection_record_log_common_subscriber_id WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain not like '%microsoft.com' ) ORDER BY common_recv_time desc LIMIT 30",
"Q179": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", count(common_log_id) AS \"logs\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q180": "SELECT ckdb.function.toDateTime(cast(common_recv_time/30 as int) * 30) AS stat_time, sum(common_c2s_byte_num) AS bytes_sent, sum(common_s2c_byte_num) AS bytes_received, sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, sum(common_c2s_pkt_num + common_s2c_pkt_num) AS packets, sum(common_sessions) AS sessions FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) GROUP BY ckdb.function.toDateTime(cast(common_recv_time/30 as int) * 30) ORDER BY stat_time ASC LIMIT 10000",
"Q181": "SELECT ckdb.function.toDateTime(cast(common_recv_time/300 as int) * 300) AS stat_time, common_schema_type AS type, sum(common_sessions) AS sessions, sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, sum(common_c2s_pkt_num + common_s2c_pkt_num) AS packets FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) GROUP BY ckdb.function.toDateTime(cast(common_recv_time/300 as int) * 300), common_schema_type ORDER BY stat_time ASC LIMIT 10000",
"Q182": "SELECT round(sum(common_s2c_byte_num) * 8 / 300,2) AS trafficInBits, round(sum(common_c2s_byte_num) * 8 / 300,2) AS trafficOutBits, round(sum(common_s2c_byte_num + common_c2s_byte_num) * 8 / 300,2) AS trafficTotalBits, round(sum(common_s2c_pkt_num) / 300,2) AS trafficInPackets, round(sum(common_c2s_pkt_num) / 300,2) AS trafficOutPackets, round(sum(common_s2c_pkt_num + common_c2s_pkt_num) / 300,2) AS trafficTotalPackets, round(sum(common_sessions) / 300,2) AS sessions FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2)",
"Q183": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", approx_distinct(common_internal_ip) AS \"Unique Internal IP\", approx_distinct(common_external_ip) AS \"Unique External IP\", approx_distinct(common_subscriber_id) AS \"Unique Subscriber ID\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q184": "SELECT 'all' AS type, approx_distinct(common_client_ip) AS client_ips, approx_distinct(common_internal_ip) AS internal_ips, approx_distinct(common_server_ip) AS server_ips, approx_distinct(common_external_ip) AS external_ips, approx_distinct(common_subscriber_id) as subscriber_ids FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) UNION ALL SELECT 'tcp' AS type, approx_distinct(common_client_ip) AS client_ips, approx_distinct(common_internal_ip) AS internal_ips, approx_distinct(common_server_ip) AS server_ips, approx_distinct(common_external_ip) AS external_ips, approx_distinct(common_subscriber_id) as subscriber_ids FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_l4_protocol IN ( 'IPv4_TCP', 'IPv6_TCP' ) UNION ALL SELECT 'UDP' AS type, approx_distinct(common_client_ip) AS client_ips, approx_distinct(common_internal_ip) AS internal_ips, approx_distinct(common_server_ip) AS server_ips, approx_distinct(common_external_ip) AS external_ips, approx_distinct(common_subscriber_id) as subscriber_ids FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND common_l4_protocol IN ( 'IPv4_UDP', 'IPv6_UDP' )",
"Q185": "SELECT ckdb.function.toDateTime(cast(common_recv_time/300 as int) * 300) AS stat_time, (CASE WHEN common_stream_dir = 1 THEN 'c2s' WHEN common_stream_dir = 2 THEN 's2c' WHEN common_stream_dir = 3 THEN 'double' ELSE 'None' END) AS type, sum(common_sessions) AS sessions FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) GROUP BY ckdb.function.toDateTime(cast(common_recv_time/300 as int) * 300), common_stream_dir ORDER BY stat_time ASC LIMIT 10000",
"Q186": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(common_sessions) AS \"Sessions\", sum(if(common_stream_dir <> 3, common_sessions, 0)) AS \"one_side_sessions\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", round(one_side_sessions / sessions, 2) AS one_side_percent FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q187": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(common_c2s_byte_num + common_s2c_byte_num) AS \"Bytes\", sum(common_c2s_tcp_lostlen + common_s2c_tcp_lostlen) AS \"gap_loss_bytes\", round(gap_loss_bytes / bytes, 2) AS gap_loss_percent FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( common_l4_protocol IN ( 'IPv4_TCP', 'IPv6_TCP' ) ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q188": "SELECT \"server_ip\" AS \"server_ip\" , SUM(coalesce(\"Bytes\",0)) AS \"Bytes\" , SUM(coalesce(\"bytes_sent\",0)) AS \"Sent\" , SUM(coalesce(\"bytes_received\",0)) AS \"Received\" , SUM(coalesce(\"Sessions\",0)) AS \"Sessions\" FROM ( SELECT SUM(coalesce(common_c2s_byte_num,0)) AS \"bytes_sent\" , SUM(coalesce(common_s2c_byte_num,0)) AS \"bytes_received\" , SUM(common_c2s_byte_num+common_s2c_byte_num) AS \"Bytes\" , SUM(coalesce(common_sessions,0)) AS \"Sessions\" , common_server_ip AS \"server_ip\" FROM connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( length(common_server_ip)!= 0 ) GROUP BY common_server_ip ORDER BY \"Bytes\" desc ) GROUP BY \"server_ip\" ORDER BY \"Bytes\" desc LIMIT 30",
"Q189": "SELECT common_client_ip , COUNT(*) AS sessions FROM connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) GROUP BY common_client_ip ORDER BY sessions desc LIMIT 30",
"Q190": "SELECT \"Server Port\" AS \"Server Port\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT common_server_port AS \"Server Port\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( common_l4_protocol IN ( 'IPv4_TCP', 'IPv6_TCP' ) ) GROUP BY common_server_port LIMIT 1048576) GROUP BY \"Server Port\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q191": "SELECT \"domain\" AS \"Website Domain\" , SUM(coalesce(\"Bytes\",0)) AS \"Throughput\" FROM ( SELECT SUM(coalesce(common_c2s_byte_num,0)) AS \"bytes_sent\" , SUM(coalesce(common_s2c_byte_num,0)) AS \"bytes_received\" , SUM(coalesce(common_c2s_byte_num+common_s2c_byte_num,0)) AS \"Bytes\" , http_domain AS \"domain\" FROM connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain ORDER BY \"Bytes\" desc ) GROUP BY \"domain\" ORDER BY \"Throughput\" desc LIMIT 30",
"Q192": "SELECT \"device_id\" AS \"device_id\", sum(coalesce(\"Bytes\", 0)) AS \"Bytes\", sum(coalesce(\"bytes_sent\", 0)) AS \"Sent\", sum(coalesce(\"bytes_received\", 0)) AS \"Received\" FROM (SELECT sum(coalesce(common_c2s_byte_num, 0)) AS \"bytes_sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"bytes_received\", sum(common_c2s_byte_num + common_s2c_byte_num) AS Bytes, common_device_id AS \"device_id\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY common_device_id ORDER BY \"Bytes\" DESC LIMIT 1048576) GROUP BY \"device_id\" ORDER BY \"Bytes\" DESC LIMIT 30",
"Q193": "SELECT \"Http.Domain\" AS \"Http.Domain\", sum(coalesce(\"Client IP\", 0)) AS \"Client IP\" FROM (SELECT http_domain AS \"Http.Domain\", approx_distinct(common_client_ip) AS \"Client IP\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain ORDER BY \"Client IP\" DESC LIMIT 1048576) GROUP BY \"Http.Domain\" ORDER BY \"Client IP\" DESC LIMIT 30",
"Q194": "SELECT \"Domain\" AS \"Domain\", avg(coalesce(\"Avg Establish Latency(ms)\", 0)) AS \"Avg Establish Latency(ms)\" FROM (SELECT http_domain AS \"Domain\", avg(coalesce(common_establish_latency_ms, 0)) AS \"Avg Establish Latency(ms)\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Avg Establish Latency(ms)\" DESC LIMIT 100",
"Q195": "SELECT \"source\" AS \"source\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT coalesce(nullif(common_subscriber_id, ''), nullif(common_client_ip, '')) AS \"source\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY coalesce(nullif(common_subscriber_id, ''), nullif(common_client_ip, '')) ORDER BY \"Sessions\" DESC LIMIT 1048576) GROUP BY \"source\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q196": "SELECT \"destination\" AS \"destination\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT coalesce(nullif(http_domain, ''), nullif(common_server_ip, '')) AS \"destination\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY coalesce(nullif(http_domain, ''), nullif(common_server_ip, '')) ORDER BY \"Sessions\" DESC LIMIT 1048576) GROUP BY \"destination\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q197": "SELECT \"server_location\" AS \"server_location\", sum(coalesce(\"Bytes\", 0)) AS \"Bytes\", sum(coalesce(\"bytes_sent\", 0)) AS \"Sent\", sum(coalesce(\"bytes_received\", 0)) AS \"Received\" FROM (SELECT arrayElement(splitByString(',', common_server_location), length(splitByString(',', common_server_location))) AS \"server_location\", sum(coalesce(common_c2s_byte_num, 0)) AS \"bytes_sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"bytes_received\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY \"server_location\" ORDER BY \"Bytes\" DESC LIMIT 1048576) GROUP BY \"server_location\" ORDER BY \"Bytes\" DESC LIMIT 30",
"Q198": "SELECT \"Http URL\" AS \"Http URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"Http URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY http_url LIMIT 1048576) GROUP BY \"Http URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q199": "SELECT \"server_ip\" AS \"server_ip\", groupUniqArray(coalesce(\"trans_app\", 0)) AS \"trans_app\", sum(coalesce(\"Bytes\", 0)) AS \"Bytes\", sum(coalesce(\"bytes_sent\", 0)) AS \"Sent\", sum(coalesce(\"bytes_received\", 0)) AS \"Received\" FROM (SELECT sum(coalesce(common_c2s_byte_num, 0)) AS \"bytes_sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"bytes_received\", sum(common_c2s_byte_num + common_s2c_byte_num) AS \"Bytes\", groupUniqArray(concat(common_l4_protocol, '/', toString(common_server_port))) AS \"trans_app\", common_server_ip AS \"server_ip\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( length(common_server_ip)!= 0 ) GROUP BY \"server_ip\" ORDER BY \"Bytes\" DESC LIMIT 1048576) GROUP BY \"server_ip\" ORDER BY \"Bytes\" DESC LIMIT 30",
"Q200": "SELECT \"Subscriber ID\" AS \"Subscriber ID\", \"Http.Domain\" AS \"Http.Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Http.Domain\", common_subscriber_id AS \"Subscriber ID\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( length(http_domain)!= 0 AND length(common_subscriber_id)!= 0 ) GROUP BY http_domain, common_subscriber_id ORDER BY \"Sessions\" DESC LIMIT 1048576) GROUP BY \"Subscriber ID\", \"Http.Domain\" ORDER BY \"Sessions\" DESC LIMIT 10000",
"Q201": "SELECT \"Http.Domain\" AS \"Http.Domain\" , \"Server IP\" AS \"Server IP\" , SUM(coalesce(\"Bytes Sent\",0)) AS \"Bytes Sent\" FROM ( SELECT common_server_ip AS \"Server IP\" , http_domain AS \"Http.Domain\" , SUM(coalesce(common_c2s_byte_num+common_s2c_byte_num,0)) AS \"Bytes\" , SUM(coalesce(common_c2s_byte_num,0)) AS \"Bytes Sent\" , SUM(coalesce(common_s2c_byte_num,0)) AS \"Bytes Received\" FROM connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( length(http_domain)!= 0 ) GROUP BY common_server_ip , http_domain ORDER BY \"Bytes\" desc LIMIT 1048576 ) GROUP BY \"Http.Domain\" , \"Server IP\" ORDER BY \"Bytes Sent\" desc LIMIT 10000",
"Q202": "SELECT \"Http.Domain\" AS \"Http.Domain\", \"Client IP\" AS \"Client IP\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT common_client_ip AS \"Client IP\", http_domain AS \"Http.Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( length(http_domain)!= 0 ) GROUP BY common_client_ip, http_domain ORDER BY \"Sessions\" DESC LIMIT 1048576) GROUP BY \"Http.Domain\", \"Client IP\" ORDER BY \"Sessions\" DESC LIMIT 10000",
"Q203": "SELECT ckdb.function.toDateTime(cast(common_recv_time/300 as int) * 300) AS _time , http_domain AS Domain, COUNT(DISTINCT(common_client_ip)) AS nums FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 AND http_domain IN ( SELECT http_domain FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 GROUP BY http_domain ORDER BY SUM(common_s2c_byte_num+common_c2s_byte_num) DESC LIMIT 5 ) GROUP BY ckdb.function.toDateTime(cast(common_recv_time/300 as int) * 300) , http_domain ORDER BY ckdb.function.toDateTime(cast(common_recv_time/300 as int) * 300) DESC LIMIT 10000",
"Q204": "SELECT ckdb.function.toDateTime(cast(common_recv_time/3600 as int) * 3600) AS stat_time , http_domain , approx_distinct(common_client_ip) AS nums FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1)-604800 AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain IN ( SELECT http_domain FROM connection_record_log AS connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND length(http_domain)!= 0 GROUP BY http_domain ORDER BY COUNT(*) desc LIMIT 5 ) group by ckdb.function.toDateTime(cast(common_recv_time/3600 as int) * 3600), http_domain ORDER BY stat_time desc LIMIT 10000",
"Q205": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", common_device_id AS \"Device ID\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY cast(common_recv_time/300 as int) * 300,common_device_id LIMIT 10000",
"Q206": "SELECT \"Internal IP\" AS \"Internal IP\", \"Sled IP\" AS \"Sled IP\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT common_sled_ip AS \"Sled IP\", common_internal_ip AS \"Internal IP\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY common_sled_ip, common_internal_ip LIMIT 1048576) GROUP BY \"Internal IP\", \"Sled IP\" ORDER BY \"Sessions\" DESC LIMIT 10000",
"Q207": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_log_id=1153021139190754263 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q208": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_ip='36.189.226.21' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q209": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_internal_ip='223.116.37.192' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q210": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_ip='8.8.8.8' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q211": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_external_ip='111.10.53.14' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q212": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_port=52607 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q213": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_port=443 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q214": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_c2s_pkt_num>5 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q215": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_s2c_pkt_num>5 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q216": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_c2s_byte_num>100 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q217": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_s2c_byte_num<200 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q218": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_schema_type='DNS' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q219": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_establish_latency_ms>200 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q220": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_con_duration_ms>10000 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q221": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_stream_trace_id=1153021139190754263 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q222": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_tcp_client_isn=2857077935 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q223": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_tcp_server_isn=0 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q224": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND http_domain='microsoft.com' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q225": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND mail_account='[email protected]' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q226": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND mail_subject='test' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q227": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND dns_qname='qbwup.imtt.qq.com' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q228": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_sni='note.youdao.com' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q229": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_con_latency_ms>100 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q230": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q231": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_ip='36.189.226.21' and common_server_ip='8.8.8.8' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q232": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_ip='111.10.53.14' and common_server_port=443 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q233": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND mail_account like 'abc@%' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q234": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND http_domain like '%baidu.com%' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q235": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_sni like '%youdao.com' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q236": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_ip in ('36.189.226.21','111.10.53.14') ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q237": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_port not in (80,443) ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q238": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND length(http_domain)!= 0 ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q239": "SELECT cast(common_recv_time/300 as int) * 300 AS \"Receive Time\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes\", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS \"Packets\", sum(coalesce(common_sessions, 0)) AS \"New Sessions\", sum(coalesce(common_c2s_byte_num, 0)) AS \"Bytes Sent\", sum(coalesce(common_s2c_byte_num, 0)) AS \"Bytes Received\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\", sum(coalesce(common_s2c_pkt_num, 0)) AS \"Packets Received\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND http_domain not like '%microsoft.com' ) GROUP BY cast(common_recv_time/300 as int) * 300 LIMIT 10000",
"Q240": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_log_id=1153021139190754263 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q241": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_ip='36.189.226.21' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q242": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_internal_ip='223.116.37.192' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q243": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_ip='8.8.8.8' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q244": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_external_ip='111.10.53.14' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q245": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_port=52607 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q246": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_port=443 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q247": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_c2s_pkt_num>5 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q248": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_s2c_pkt_num>5 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q249": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_c2s_byte_num>100 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q250": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_s2c_byte_num<200 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q251": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_schema_type='DNS' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q252": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_establish_latency_ms>200 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q253": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_con_duration_ms>10000 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q254": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_stream_trace_id=1153021139190754263 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q255": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_tcp_client_isn=2857077935 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q256": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_tcp_server_isn=0 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q257": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND http_domain='microsoft.com' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q258": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND mail_account='[email protected]' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q259": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND mail_subject='test' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q260": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND dns_qname='qbwup.imtt.qq.com' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q261": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_sni='note.youdao.com' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q262": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_con_latency_ms>100 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q263": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q264": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_ip='36.189.226.21' and common_server_ip='8.8.8.8' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q265": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_ip='111.10.53.14' and common_server_port=443 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q266": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND mail_account like 'abc@%' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q267": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND http_domain like '%baidu.com%' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q268": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_sni like '%youdao.com' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q269": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_ip in ('36.189.226.21','111.10.53.14') ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q270": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_port not in (80,443) ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q271": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND length(http_domain)!= 0 ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q272": "SELECT \"Domain\" AS \"Domain\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_domain AS \"Domain\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND http_domain not like '%microsoft.com' ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Domain\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q273": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_log_id=1153021139190754263 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q274": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_ip='36.189.226.21' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q275": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_internal_ip='223.116.37.192' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q276": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_ip='8.8.8.8' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q277": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_external_ip='111.10.53.14' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q278": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_port=52607 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q279": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_port=443 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q280": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_c2s_pkt_num>5 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q281": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_s2c_pkt_num>5 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q282": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_c2s_byte_num>100 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q283": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_s2c_byte_num<200 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q284": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_schema_type='DNS' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q285": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_establish_latency_ms>200 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q286": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_con_duration_ms>10000 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q287": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_stream_trace_id=1153021139190754263 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q288": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_tcp_client_isn=2857077935 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q289": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_tcp_server_isn=0 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q290": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND http_domain='microsoft.com' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q291": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND mail_account='[email protected]' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q292": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND mail_subject='test' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q293": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND dns_qname='qbwup.imtt.qq.com' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q294": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_sni='note.youdao.com' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q295": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_con_latency_ms>100 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q296": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q297": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_ip='36.189.226.21' and common_server_ip='8.8.8.8' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q298": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_ip='111.10.53.14' and common_server_port=443 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q299": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND mail_account like 'abc@%' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q300": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND http_domain like '%baidu.com%' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q301": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND ssl_sni like '%youdao.com' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q302": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_client_ip in ('36.189.226.21','111.10.53.14') ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q303": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND common_server_port not in (80,443) ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q304": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND length(http_domain)!= 0 ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q305": "SELECT \"URL\" AS \"URL\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT http_url AS \"URL\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) AND http_domain not like '%microsoft.com' ) AND ( length(http_url)!= 0 ) GROUP BY http_url LIMIT 1048576) GROUP BY \"URL\" ORDER BY \"Sessions\" DESC LIMIT 30",
"Q306": "SELECT \"Http.Domain\" AS \"Http.Domain\", sum(coalesce(\"Unique Client IP\", 0)) AS \"Unique Client IP\", sum(coalesce(\"Unique Subscriber ID\", 0)) AS \"Unique Subscriber ID\" FROM (SELECT http_domain AS \"Http.Domain\", approx_distinct(common_client_ip) AS \"Unique Client IP\", approx_distinct(common_subscriber_id) AS \"Unique Subscriber ID\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( length(http_domain)!= 0 ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Http.Domain\" ORDER BY \"Unique Client IP\" DESC LIMIT 100",
"Q307": "SELECT \"Http.Domain\" AS \"Http.Domain\", sum(coalesce(\"Packets Sent\", 0)) AS \"Packets Sent\" FROM (SELECT http_domain AS \"Http.Domain\", sum(coalesce(common_c2s_pkt_num, 0)) AS \"Packets Sent\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY http_domain LIMIT 1048576) GROUP BY \"Http.Domain\" ORDER BY \"Packets Sent\" DESC LIMIT 100",
"Q308": "SELECT \"Internal IP\" AS \"Internal IP\", \"External IP\" AS \"External IP\", \"Sled IP\" AS \"Sled IP\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT common_sled_ip AS \"Sled IP\", common_external_ip AS \"External IP\", common_internal_ip AS \"Internal IP\", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS \"Bytes Sent+Bytes Received\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( common_stream_dir != 3 ) GROUP BY common_sled_ip, common_external_ip ,common_internal_ip LIMIT 1048576) GROUP BY \"Internal IP\", \"External IP\", \"Sled IP\" ORDER BY \"Sessions\" DESC LIMIT 500",
"Q309": "SELECT \"Client ASN\" AS \"Client ASN\", \"Server ASN\" AS \"Server ASN\", sum(coalesce(\"Sessions\", 0)) AS \"Sessions\" FROM (SELECT common_server_asn AS \"Server ASN\", common_client_asn AS \"Client ASN\", sum(coalesce(common_sessions, 0)) AS \"Sessions\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) AND ( common_stream_dir != 3 ) GROUP BY common_server_asn, common_client_asn LIMIT 1048576) GROUP BY \"Client ASN\", \"Server ASN\" ORDER BY \"Sessions\" DESC LIMIT 500",
"Q310": "SELECT \"SSL.SNI\" AS \"SSL.SNI\", \"Client IP\" AS \"Client IP\", avg(coalesce(\"Establish Latency(ms)\", 0)) AS \"Establish Latency(ms)\" FROM (SELECT common_client_ip AS \"Client IP\", ssl_sni AS \"SSL.SNI\", avg(coalesce(common_establish_latency_ms, 0)) AS \"Establish Latency(ms)\" FROM connection_record_log AS connection_record_log WHERE ( ( common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) ) ) GROUP BY common_client_ip, ssl_sni LIMIT 1048576) GROUP BY \"SSL.SNI\", \"Client IP\" ORDER BY \"Establish Latency(ms)\" DESC LIMIT 500",
"Q311": "select FROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" , FROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" , median(http_response_lantency_ms) as \"Server Processing Time Median(ms)\", count(1) as Responses,any(common_server_location) as Location from connection_record_log WHERE common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) AND http_domain='baidu.com'",
"Q312": "select common_client_ip as \"Client IP\" , avg(common_establish_latency_ms) as \"Establishing Time Mean(ms)\", count(1) as Responses,any(common_client_location) as Location from connection_record_log where common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) and http_domain='baidu.com' group by \"Client IP\" order by Responses desc limit 100",
"Q313": "select common_server_ip as \"Server IP\" , avg(http_response_lantency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses,any(common_server_location) as Location from connection_record_log where common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) and http_domain='baidu.com' group by \"Server IP\" order by Responses desc limit 100",
"Q314": "select http_url as \"URI\" , avg(http_response_lantency_ms) as \"Server Processing Time Mean(ms)\", count(1) as Responses from connection_record_log where common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) and http_domain='baidu.com' group by http_url order by Responses desc limit 100",
"Q315": "select common_l7_protocol as \"Protocol\" , approx_distinct(common_client_ip) as \"Clients\" , approx_distinct(common_server_ip) as \"Servers\", count(1) as Sessions,sum(common_c2s_byte_num+common_s2c_byte_num) as bytes from connection_record_log where common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) and length(common_l7_protocol)!= 0 group by common_l7_protocol order by bytes desc",
"Q316": "select common_client_ip as \"Client IP\" , count(1) as Sessions,sum(common_c2s_byte_num) as \"Bytes Out\", sum(common_s2c_byte_num) as \"Bytes In\",any(common_client_location) as Location from connection_record_log where common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) and common_l7_protocol='SIP' group by \"Client IP\" order by Sessions desc limit 100",
"Q317": "select common_server_ip as \"Server IP\" , count(1) as Sessions,sum(common_c2s_byte_num) as \"Bytes Out\", sum(common_s2c_byte_num) as \"Bytes In\",any(common_server_location) as Location from connection_record_log where common_recv_time >= ckdb.function.toUnixTimestamp($time1) AND common_recv_time < ckdb.function.toUnixTimestamp($time2) and common_l7_protocol='SIP' group by \"Server IP\" order by Sessions desc limit 100"
}
|
