mirror of
https://github.com/ntop/ntopng.git
synced 2026-05-03 01:10:10 +00:00
81 lines
1.7 KiB
Text
81 lines
1.7 KiB
Text
Query Definitions
|
|
-----------------
|
|
|
|
Place in this directory query definitions in JSON format
|
|
used by the Historical Flow Explorer.
|
|
|
|
Built-in examples are provided and can be used as starting
|
|
point for building new queries. Please note that:
|
|
|
|
- The 'select' object can contain a list of items in the 'items'
|
|
array, or a raw SQL select in the 'sql' string.
|
|
|
|
- It is possible to use SQL functions as 'select' item as shown
|
|
in the examples by specifying the 'func' (e.g. SUM) and the
|
|
parameter (e.g. TOTAL_BYTES)
|
|
|
|
- The 'filters' object contains a list of items to filter in the
|
|
'items' array. Defining the 'name' is enough, however additional
|
|
settings can be configured to overwrite the default (e.g. the
|
|
operators to be used, the input type, optional field, etc.).
|
|
|
|
- The interface index, and first/last seen are automatically included
|
|
by the engine: no need to define them as filters in the query definition.
|
|
|
|
Examples
|
|
--------
|
|
|
|
Select example - list of fields:
|
|
|
|
"select" : {
|
|
"items" : [
|
|
{
|
|
"name": "IPV4_SRC_ADDR",
|
|
},
|
|
{
|
|
"name": "IPV4_DST_ADDR",
|
|
},
|
|
{
|
|
"name": "VLAN_ID",
|
|
},
|
|
{
|
|
"name": "L7_PROTO",
|
|
},
|
|
{
|
|
"name": "bytes",
|
|
"func": "SUM",
|
|
"param": "TOTAL_BYTES",
|
|
}
|
|
]
|
|
}
|
|
|
|
Select example - SQL:
|
|
|
|
"select" : {
|
|
"sql": "IPv4NumToString(IPV4_SRC_ADDR) IPV4_SRC_ADDR, IPv4NumToString(IPV4_DST_ADDR) IPV4_DST_ADDR, L7_PROTO, SUM(TOTAL_BYTES) bytes"
|
|
}
|
|
|
|
Filters examples:
|
|
|
|
"filters" : {
|
|
"items" : [
|
|
{
|
|
"name": "IPV4_SRC_ADDR"
|
|
},
|
|
{
|
|
"name": "TOTAL_BYTES",
|
|
"op": "gte",
|
|
"value_type": "number",
|
|
"input": "user",
|
|
"optional": true
|
|
},
|
|
{
|
|
"name": "L7_PROTO",
|
|
"op": "eq",
|
|
"value_type": "l7_proto",
|
|
"input": "fixed",
|
|
"value": "TLS"
|
|
}
|
|
]
|
|
}
|
|
|