# Historical Class The `Historical` class provides access to historical information including flows and alerts. ## Constructor ### `__init__(self, ntopng_obj, ifid=None)` Constructs a new Historical object. - `ntopng_obj`: The ntopng handle ## Methods ### `get_alert_type_counters(self, epoch_begin, epoch_end)` Returns statistics about the number of alerts per alert type. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - Returns: Statistics (object) ### `get_alert_severity_counters(self, epoch_begin, epoch_end)` Returns statistics about the number of alerts per alert severity. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - Returns: Statistics (object) ### `get_alerts(self, alert_family, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)` Runs queries on the alert database. - `alert_family`: The alert family (flow, host, interface, etc) - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `select_clause`: Select clause (SQL syntax) - `where_clause`: Where clause (SQL syntax) - `maxhits`: Max number of results (limit) - `group_by`: Group by condition (SQL syntax) - `order_by`: Order by condition (SQL syntax) - Returns: Query result (object) ### `get_alerts_stats(self, epoch_begin, epoch_end, host=None)` Returns flow alerts stats. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `host` (optional): Host IP address - Returns: Flow alert stats (object) ### `get_flow_alerts_stats(self, epoch_begin, epoch_end)` Returns flow alerts statistics. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - Returns: Flow alert statistics (object) ### `get_flow_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)` Returns flow alerts matching the specified criteria. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `select_clause`: Select clause (SQL syntax) - `where_clause`: Where clause (SQL syntax) - `maxhits`: Max number of results (limit) - `group_by`: Group by condition (SQL syntax) - `order_by`: Order by condition (SQL syntax) - Returns: Query result (object) ### `get_active_monitoring_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)` Returns alerts matching the specified criteria for active monitoring. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `select_clause`: Select clause (SQL syntax) - `where_clause`: Where clause (SQL syntax) - `maxhits`: Max number of results (limit) - `group_by`: Group by condition (SQL syntax) - `order_by`: Order by condition (SQL syntax) - Returns: Query result (object) ### `get_host_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)` Returns host alerts matching the specified criteria. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `select_clause`: Select clause (SQL syntax) - `where_clause`: Where clause (SQL syntax) - `maxhits`: Max number of results (limit) - `group_by`: Group by condition (SQL syntax) - `order_by`: Order by condition (SQL syntax) - Returns: Query result (object) ### `get_interface_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)` Returns interface alerts matching the specified criteria. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `select_clause`: Select clause (SQL syntax) - `where_clause`: Where clause (SQL syntax) - `maxhits`: Max number of results (limit) - `group_by`: Group by condition (SQL syntax) - `order_by`: Order by condition (SQL syntax) - Returns: Query result (object) ### `get_mac_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)` Returns MAC alerts matching the specified criteria. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `select_clause`: Select clause (SQL syntax) - `where_clause`: Where clause (SQL syntax) - `maxhits`: Max number of results (limit) - `group_by`: Group by condition (SQL syntax) - `order_by`: Order by condition (SQL syntax) - Returns: Query result (object) ### `get_network_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)` Returns network alerts matching the specified criteria. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `select_clause`: Select clause (SQL syntax) - `where_clause`: Where clause (SQL syntax) - `maxhits`: Max number of results (limit) - `group_by`: Group by condition (SQL syntax) - `order_by`: Order by condition (SQL syntax) - Returns: Query result (object) ### `get_snmp_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)` Returns SNMP alerts matching the specified criteria. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `select_clause`: Select clause (SQL syntax) - `where_clause`: Where clause (SQL syntax) - `maxhits`: Max number of results (limit) - `group_by`: Group by condition (SQL syntax) - `order_by`: Order by condition (SQL syntax) - Returns: Query result (object) ### `get_system_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)` Returns system alerts matching the specified criteria. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `select_clause`: Select clause (SQL syntax) - `where_clause`: Where clause (SQL syntax) - `maxhits`: Max number of results (limit) - `group_by`: Group by condition (SQL syntax) - `order_by`: Order by condition (SQL syntax) - Returns: Query result (object) ### `get_user_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)` Returns user alerts matching the specified criteria. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `select_clause`: Select clause (SQL syntax) - `where_clause`: Where clause (SQL syntax) - `maxhits`: Max number of results (limit) - `group_by`: Group by condition (SQL syntax) - `order_by`: Order by condition (SQL syntax) - Returns: Query result (object) ### `timeseries_to_pandas(self, rsp)` Converts timeseries response to a pandas DataFrame. - `rsp`: Timeseries response data - Returns: Pandas DataFrame (object) ### `get_timeseries(self, ts_schema, ts_query, epoch_begin, epoch_end)` Returns timeseries data in a pandas DataFrame for a specified schema and query. - `ts_schema`: The timeseries schema (e.g., 'host:traffic') - `ts_query`: The timeseries query (e.g., 'ifid:0,host:10.0.0.1') - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - Returns: Timeseries data (object, pandas DataFrame) ### `get_timeseries_stats(self, ts_schema, ts_query, epoch_begin, epoch_end)` Returns statistics from timeseries. - `ts_schema`: The timeseries schema (e.g., 'host:traffic') - `ts_query`: The timeseries query (e.g., 'ifid:0,host:10.0.0.1') - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - Returns: Timeseries statistics (object) ### `get_timeseries_metadata(self)` Returns timeseries metadata (lists all available timeseries). - Returns: Timeseries metadata (object) ### `get_host_timeseries(self, host_ip, ts_schema, epoch_begin, epoch_end)` Returns timeseries data in a pandas DataFrame for a specified interface and host. - `host_ip`: The host IP - `ts_schema`: The timeseries schema - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - Returns: Timeseries data (object, pandas DataFrame) ### `get_host_timeseries_stats(self, host_ip, ts_schema, epoch_begin, epoch_end)` Returns timeseries statistics for a specified interface and host. - `host_ip`: The host IP - `ts_schema`: The timeseries schema - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - Returns: Timeseries statistics (object) ### `get_interface_timeseries(self, ts_schema, epoch_begin, epoch_end)` Returns timeseries data in a pandas DataFrame for a specified interface. - `ts_schema`: The timeseries schema - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - Returns: Timeseries data (object, pandas DataFrame) ### `get_interface_timeseries_stats(self, ts_schema, epoch_begin, epoch_end)` Returns timeseries statistics for a specified interface. - `ts_schema`: The timeseries schema - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - Returns: Timeseries statistics (object) ### `get_flows(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)` Runs queries on the historical flows database (ClickHouse). - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `select_clause`: Select clause (SQL syntax) - `where_clause`: Where clause (SQL syntax) - `maxhits`: Max number of results (limit) - `group_by`: Group by condition (SQL syntax) - `order_by`: Order by condition (SQL syntax) - Returns: Query result (object) ### `get_topk_flows(self, epoch_begin, epoch_end, max_hits, where_clause)` Retrieves Top-K results from the historical flows database. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `max_hits`: Max number of results (limit) - `where_clause`: Where clause (SQL syntax) - Returns: Query result (object) ### `get_top_conversations(self, epoch_begin, epoch_end, host=None)` Returns Top Conversations. - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - `host` (optional): Host IP address - Returns: Top conversations (object) ### `get_host_top_protocols(self, host, epoch_begin, epoch_end)` Returns Top protocols for a specified host. - `host`: Host IP address - `epoch_begin`: Start of the time interval (epoch) - `epoch_end`: End of the time interval (epoch) - Returns: Top protocols (object)